7 Secure USB Drives Reviewed

jcatcw writes "Computerworld has reviewed seven USB drives that use either encryption or a physical keypad to protect stored data, and found big differences in I/O speeds, ease of use and strength of security. In the case of the drive using a key pad, the editors were able to break open the device and access the data, bypassing the PIN security. They also state that there is little difference between 128-bit and 256-bit AES encryption because neither has been broken yet. The drives reviewed were the SanDisk Cruzer, the Lexar JumpDrive, the Kingston DataTraveler, the Imation Pivot Plus, the Corsair Survivor, the Corsair Padlock and the IronKey Secure USB Drive. The editors chose the IronKey as the most secure."

For the...

[Creepy+Crawler]

For the love of /root, use the print link.

We dont want to see a little bit of content over 9 pages!

TrueCrypt

[ceswiedler]

How are any of these better than using TrueCrypt in traveller mode? The only thing I can think of is that TrueCrypt requires administrator rights to use. And I suppose they may be easier to use for people who don't know much about computers or encryption. But I trust TrueCrypt a hell of a lot more than anything which comes preinstalled on these things.

Yeah I glanced these over...

[explosivejared]

... and not a single one of them is secure enough for me. I simply want a USB drive that whenever somebody, not authorized by me, touches it, heats their body to like a million kelvins and melt them. A few hundred thousand won't cut it. Until then, Lexar ain't impressing me with their little math based schemes. Unless it causes total vaporization, it's just not secure.

Another analysis (similiar vein)

[th0mas.sixbit.org]

Another analysis of some of the ICs used in popular secure USB tokens (not usb storage devices) can be found here:

http://www.flylogic.net/blog/

They often de-cap the ICs and reverse engineer from a microscope. Really interesting stuff!

Truecrypt: Linux, OS X, and Windows. Free.

[Futurepower(R)]

For the love of convenience, sanity, and saving money, just use any flash memory drive and TrueCrypt.

"Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux"

Re:Truecrypt: Linux, OS X, and Windows. Free.

[Chyeld]

My friend, I fear you do not see the point. Have we not said that hardware based encryption is far superior to software based encryption? Does this chart tell you nothing?

Indeed, our thumb drives utilize gold connectors to ensure the fidelity and privacy of your porn collection. Other thumb drives use cheap, base metals. These are highly susceptible to corruption and thus are insecure. Don't take the risk and go cheap; after all, do you really want the whole world to see your midget clown photo sets?

Re:A false sense of security is actually worse

[moderatorrater]

Now a user can request a password that never changes, so long as it meets *MY* requirements... That it be so complicated that they have to write it on a post it note and put it on their monitor?

Short summary

[Cheesey]

Corsair Flash Padlock - physical security only: crack it by breaking open the case.

The Corsair Survivor - no security, so TrueCrypt is needed, but setup instructions for TrueCrypt are included.

The Imation Pivot Plus Flash Drive - uses AES-256, but in the insecure ECB mode. Hey, I suppose it's better than ROT13 at least.

The IronKey Secure Flash Drive - "To use the IronKey flash drive, you need to activate an online account." Well, that sounds like a great idea.

The Kingston DataTraveler Secure -- Privacy Edition - "Kingston refused to say what encryption mode the device runs in, citing that it was proprietary information." So that would be ECB again, then. Or maybe something even more pathetic.

The Lexar JumpDrive Secure II Plus - Special proprietary software is required to use this one.

The SanDisk Cruzer Professional - ECB again.

Really short summary: buy a conventional USB stick and do the encryption yourself using free software that you can trust. Because customers cannot tell the difference between a well secured device and some snake oil junk, there is no incentive to make these things work properly.

not as secure as it could be

[v1]

One of our vendors sent us a demo drive, it was a small enclosure for a laptop size drive, and had a firewire interface. Instead of two firewire ports on the back, it had a firewire port and another identical looking firewire port, which was for the key. I assume the key was merely a very small firewire flash drive with the encryption key on the drive.

The vendor assured us it was properly secured, and I got first crack at it. We were quite disappointed.

I found that while each block on the hard drive WAS encrypted (by the firewire-to-ide bridge board), they were each encrypted using the same key, and no salt. This means that every block was encrypted in the same way.

This by itself probably seems harmless, but it reveals information that should not be revealed. Let me propose a scenario:

I engineer myself a position working at a rival company, and get physical access to their R&D lab, unsupervised. I have a 1/2 hr lunch break of time to find the drive containing the comany's secret recipes. I open the cabinet and find 30 of these secured drives. I was intending on taking the drive and copying it, but christ, there's 30 of them. I brought along a portable 1gb drive which would fit maybe 5 of them, but not 30.

So which ones do I copy? The bad news... I can tell which ones to copy.

I can look at the blocks on the disk and immediately spot any drives that have not been formatted, because their first 50 blocks are all going to contain the same random garbage in each block. OK that narrows it down to 8 drives. I can only image 5. So I look further.

I can now tell which drives are formatted FAT32, APS (apple HFS), etc. I can do this because I know what blocks are zeros (because there are a lot of them and they are all the same) and so I can tell which bytes in the other blocks are NOT zeros, and this makes determingin format AND used space trivial. I know the drive I'm looking for is FAT32, and that breaks it down to 3 drives. I could just go with the one drive that clearly has 30 gb used on it, and skip the others that appear very lightly used, but this has given me plenty of time so I happily image the 3 drives to my portable and sneak out in under 20 minutes.

Now of course we have to break the data, but the moral of the story here is, they allowed me way too much information from the supposedly secure drive, and it was enough to make what could have been a fruitless attempt into what may be a very successful attempt.

I brought this issue to the manufacturers, and was brushed off. They did not consider this a problem. riiiiight.

Re:Product development cycle

[bluefoxlucid]

Engineer: That's theoretically infeasable, AES requires a certain number of machine instructions

Hint: 72693 transistor hardware AES implementation at one word of plaintext to one word of ciphertext per cycle runs much faster than 4978652193 transistor Pentium 4 decoding and executing an instruction set. Same with a dust-size ARM. Using a simple chip that does 1 round and has to be run 16 times might just get you 1MB/s at 4MHz. The chip can be simplified down to having a lookup table taking 4096 bytes of ROM to do 3 stages of a round, operating on 32-bit words in 4 stages; this will block the circuit doing that operation for 4 cycles though, so you could implement the circuit 4 times (4 lookup tables?) for 1MB/s at 1MHz. Also the final XOR would be 4 32-bit XORs or (better) just one 128-bit XOR.

With the 4xLookup optimization and the 128-bit XOR in a pipeline, this simple chip would do one AES block per 16 cycles. By duplicating the circuit and pipelining, you would do 2 rounds per clock. Get creative with it.