The easiest way to secure your USB thumb drive is to use hardware based encryption, these secure USB flash drive will cipher every single bit of data stored in them and are trouble free to use for users, there is no learning curve.
However, just because you are using encryption it does not mean you are safe, you will need to make sure that nobody can crack it, choose an USB thumb drive with no backdoor encrypted with a well known attack resistant algorithm like AES (Advanced Encryption Standard) and if you are going to use it in a business environment choose a FIPS (Federal Information Processing Standard) certified thumbdrive.
Benefits of hardware based encryption
- Hardware encryption is faster than software as you are not using computer resources
- Hardware encryption is shielded from malicious code targeting encryption software
- Hardware encryption does not normally require you to install drivers or administration rights
- A malicious hacker will need physical access to the device to crack it
- Hardware based encryption requires very little training to use it
Disadvantages of hardware based encryption
- Your encrypted USB flash drive can be stolen or misplaced and you will lose all the data
- Hardware based encryption might not have been scrutinized as much as open source encryption
- Hardware based encryption does not allow for scalability, i.e. increasing encrypted container size
USB flash drives using hardware encryption
Kanguru Defender Elite: Safe to be used in Government and Health environments, HIPAA, SOX and GLB compliant, it uses hardware based AES 256-bit encryption, operating system independent, FIPS 140-2 certified, its case is tamper and water resistant filled with epoxy.
Kanguru Defender Elite AES encrypted flashdrive
Gemalto SmartGuardian: FIPS-140-2 level 3 certified personal security device, designed to meet the U.S. Government DAR program security requirements, metal casing is water and tamper proof, USB thumb drive solution designed for businesses.
Gemalto SmartGuardian USb flashdrive FIPS certified
Corsair Flash Padlock: It uses customizable 4-10 digit personal identification number to lock and unlock the encrypted USB flash drive, AES 256bit encryption secured, hacking detection locks device for 2 minutes after 5 failed PIN number attempts.
Corsair Flash Padlock hardware based encryption
IronKey: Encryption keys are kept on the chip and never passed to memory, Imation IronKey uses AES 256-bit encryption in CBC mode, security level 3 FIPS 140-2 validated, tamper resistant designed hardened with epoxy compound encasing the chips, available for Mac, Linux and Windows.
Imation IronKey USB hardware encryption
Super Talent SuperCrypt Pro: Hardware based USB flash drive encryption supporting USB3.0, with 64MB Cache, SuperCrypt Pro uses 256bit AES encryption in XTS mode, encryption key is stored in hardware and never passed on the USB or system bus and it has a secure erase feature.
SuperTalent SuperCrypt Pro USB3.0 encrypted drive
Lexar JumpDrive S3000: Enterprise class USB flash drive, FIPS 140-2 Level 3-validated by the National Institute of Standards and Technology and AES 256-bit hardware encryption with resistant waterproof USB metal case.
Lexar JumpDrive S3000 AES 256-bit encryption FIPS
Verbatim Store ‘n’ Go: Retractable USB Connector with no cap to lose, using 256bit-AES hardware encryption, enhanced for Windows 7/Vista ready boost, it meets meet FIPS 140-2 Level I requirements for cryptographic modules.
Verbatim Store-n-Go hardware encrypted USB flashdrive
Kingston DataTraveller Vault: Waterproof ruggedized aluminium case with enterprise grade security using hardware based 256-bit Advanced Encryption Standard (AES) encryption in Cipher Block Chaining (CBC) mode.
KingsTon Datatraveller Vault encrypted USB drive
Patriot Bolt: Consumer oriented USB thumbdrive with built-in with hardware based 256-bit AES encryption & 512-bit RSA engine for user authentication. The drive locks down and reformats after the password is consecutively entered incorrectly 10 times.
Patriot Bolt hardware based encryption flashdrive
Centon DataStick Secure: Consumer focused USB thumbdrive using AES 256bit hardware based encryption, LED access indicator and swivel cap.
Centon DataStick Secure AES encrypted thumbdrive
Aegis Secure Key: Fully encrypted with hardware AES256bit in CBC (Cipher-Block Chained) mode, the password is comprised of 7 to 15 alphanumeric digits that are entered with a keypad, flash drive is platform independent it works on any OS without having to install drivers or needing administrator rights, the enclosure is made of aluminium and sealed with epoxy dust and water resistant. To stop brute force attacks, if an incorrect password is entered a total of 10 consecutive times the encryption keys and data will be automatically destroyed.
Aegis Secure Key USB AES hardware encryption
Chris
The controller on the Kaguru Defender often fails rendering the drive unusable and the stored data unretrievable. Kaguru technical support states that they are aware of the problem and that the controller normally lasts between 2 and 5 years. Mine lasted 9 months.
simon
chris….perhaps many of the manufacturers purposefully fail to fix such problems since it accords very well with their wishes for planned obsolescence. What we really need is someone to do a review of usb sticks that last 5 years… a retrospective comparison of the longevity of these devices… otherwise we all end up having to buy 3 of them.. in case the main one breaks down.
lee
been looking at the Aegis Secure Key http://www.apricorn.com/ device seems they have rebranded it in the UK as http://www.istorage-uk.com or its a clone not sure the devices they sell on there look the same just website is diferant and branding
its the auto delete data part i am interested in (bash the unlock button 10 times and its wiped) as datacryptor supports Keyfiles from a USB device (somthing truecrypt lacks) so you could boot the server up with it and take the device off site/house (even without UPS the power hardly ever goes off normally, maybe once every 2 years)
Bobby
Has anyone invented a device with a dummy file storage? Enter the wrong password, or a specific password and the contents gets wiped and reveals a series of dummy files..
Dave B
Is there software that would accomplish the encryption and wipe the drive that you could install yourself on a normal flash drive?