I have one of those Kingston drives and the reason I purchase it - I want the most secure drive I can purchase for book I am working. Normally I don't care about USB drives extra features - but in this specific case - I did. I don't need much storage - so my drive is cheaper than this one.
The highest performing and most secure drive for the lowest price would be the 256GB Corsair GTX for about $140
Kingston 64GB for $190 seems like a really bad deal to me (just my opinion)
I believe the Kingston may still be using a master key in hardware and your "password" is only verified to access the master key, meaning that your drive can be decrypted by Kingston regardless of your password
An earlier version could be decrypted by simply updating the firmware due to the fact that a the master key was in hardware and could not be changed
This was covered primarily by Myself, then Schneier and others
However, a Corsair GTX will outperform the Kingston and can boot to a Truecrypt Partition using Windows to Go
Truecrypt works with Windows 7, 8.1 and Windows 10 if you have installed to an MBR partition No master key in hardware to worry about either
Did you notice the following comment in the article? > "The user can also enter contact information for easier recovery of a misplaced drive (that other users "MIGHT NOT" be able to unlock, anyway)"
Might Not? How very reassuring! Where can I read that user agreement? I'd love to see the liability disclaimers ---------------------------------------------- the controller and firmware version are the same in both products in this article
"XTS mode is susceptible to data manipulation and tampering, and applications must employ measures to detect modifications of data if manipulation and tampering is a concern"
Bitlocker is a windows one-system-only thing though, not sure that is any good for a portable device you might need to read on Linux or Apple's OS. Also bitlocker is not available on all versions of windows. Also, who the hell would trust MS either to not give data to the authorities nor do their own abuse? They even use their unreliability in ads..
The kingston drive is the only one I know that comes with linux support out-of-the-box. It's command-line only, but it works.
Any proof that these have actual hardware encryption? I see no proof of this, and the Physon chip certainly does not provide it by default. I haven't seen hardware encrypted NAND since... the Vertex 4, tbh.
Oglark: Apart from performance, how is this better than forcing Bitlocker encryption for all connected media? -------------------------------------------------------------------------------------------------------------------------------------
Bitlocker? The one with a 32 digit recovery key associated with each encrypted volume? The one that's closed source?
Well...... That depends Does a Bitlocker drive contain the same hidden GUID that Windows creates during a normal format command with Spyware Platform 10? (I never checked)
If so, the exact computer that created the Bitlocker drive might be identified But then again, the 32 digit recovery key associated with every Bitlocker drive might do the same thing
In either case, you and your computer "might" be identified when using a Bitlocker drive, even if the encrypted volume contains no personally identifiable data of you or your computer
So, I don't see any benefit of using one backdoor encryption scheme over the other
"32 digit recovery key associated with every Bitlocker drive" ??????????? ---------------------------------------------------------------------------------------------------- Sorry, I mispoke! Microsoft calls it a 32 digit KEY IDENTIFIER! (Not a recovery key)
It does not directly recover your data, but may in fact identify the correct key for ..... Pick an Agency, Any Agency!
I have looked at the recovery key identification and there dows not seem to be an obvious comoiter identification. I suppose it could be a simple transform like SN + timestamp. I thought it was so you could identify which volume was encrypted.
Oglark: " I thought it was so you could identify which volume was encrypted. " ------------------------------------------------------------------------------------------------------
....and I thought it was to identify which computer encrypted the volume and to which decryption key is required to decrypt said volume
Lucky for us, we have EXPERTS here who can provide PROOF as to what is actually occuring
You guys do realise that in 99.999999999% of cases encryption is only about providing enough hindrance to the person who finds the USB stick on the bus or train so they go "oh its got a password! I'll just format it then!" So many of you think that encryption is there to prevent the full might of some advanced nation from stealing your oh so important data. It isn't. In most cases it's an ass covering exercise. It's very very unlikely anyone who gets hold of such a device will spend more than 10 seconds trying to hack or access it before wiping it and putting cat videos on it.
I'm glad I work on linux where full-disk encryption is free and easy (luks-crypt) and I don't have to waste space on my devices for some crappy opaque "security" software that most likely has backdoors in it mandated by [agency].
I'm glad I work on linux where full-disk encryption is free and easy (luks-crypt) and I don't have to waste space on my devices for some crappy opaque "security" software that most likely has backdoors in it mandated by [agency].
sfoppc asks...... "How do these drives compare to the Aegis Secure Key 3.0?" ---------------------------------------------------------------------------------- They seem compare very well with the Aegis
All overpriced with untrusted pseudo encryption
Just try getting a usable response as to why you should trust the Aegis encryption and you will see what I mean
I wonder why no one has come to market with a self encrypting drive that is unlocked via thumb print or pin. You plug it in and it shows 1 MB or something, until you use the thumbprint or code to unlock it, at which case it's a normal drive which requires no extra software.
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
19 Comments
Back to Article
HStewart - Friday, August 25, 2017 - link
I have one of those Kingston drives and the reason I purchase it - I want the most secure drive I can purchase for book I am working. Normally I don't care about USB drives extra features - but in this specific case - I did. I don't need much storage - so my drive is cheaper than this one.JanW1 - Friday, August 25, 2017 - link
So - since security is the main feature of these - are they secure?Any idea about actual or potential vulnerabilities? Potential information leaks in the software provided?
Bullwinkle J Moose - Friday, August 25, 2017 - link
The highest performing and most secure drive for the lowest price would be the 256GB Corsair GTX for about $140Kingston 64GB for $190 seems like a really bad deal to me (just my opinion)
I believe the Kingston may still be using a master key in hardware and your "password" is only verified to access the master key, meaning that your drive can be decrypted by Kingston regardless of your password
An earlier version could be decrypted by simply updating the firmware due to the fact that a the master key was in hardware and could not be changed
This was covered primarily by Myself, then Schneier and others
https://www.schneier.com/blog/archives/2010/01/fip...
http://www.pcworld.com/article/185872/usb_drives_h...
However, a Corsair GTX will outperform the Kingston and can boot to a Truecrypt Partition using Windows to Go
Truecrypt works with Windows 7, 8.1 and Windows 10 if you have installed to an MBR partition
No master key in hardware to worry about either
Did you notice the following comment in the article? >
"The user can also enter contact information for easier recovery of a misplaced drive (that other users "MIGHT NOT" be able to unlock, anyway)"
Might Not?
How very reassuring!
Where can I read that user agreement?
I'd love to see the liability disclaimers
----------------------------------------------
the controller and firmware version are the same in both products in this article
for more info on XTS mode, read the Wiki article>
https://en.wikipedia.org/wiki/Disk_encryption_theo...
"XTS mode is susceptible to data manipulation and tampering, and applications must employ measures to detect modifications of data if manipulation and tampering is a concern"
For more info.....
Google is your friend!
Oglark - Saturday, August 26, 2017 - link
Apart from performance, how is this better than forcing Bitlocker encryption for all connected media?Wwhat - Tuesday, September 12, 2017 - link
Bitlocker is a windows one-system-only thing though, not sure that is any good for a portable device you might need to read on Linux or Apple's OS.Also bitlocker is not available on all versions of windows.
Also, who the hell would trust MS either to not give data to the authorities nor do their own abuse? They even use their unreliability in ads..
andychow - Saturday, August 26, 2017 - link
The kingston drive is the only one I know that comes with linux support out-of-the-box. It's command-line only, but it works.Any proof that these have actual hardware encryption? I see no proof of this, and the Physon chip certainly does not provide it by default. I haven't seen hardware encrypted NAND since... the Vertex 4, tbh.
Bullwinkle J Moose - Saturday, August 26, 2017 - link
Oglark: Apart from performance, how is this better than forcing Bitlocker encryption for all connected media?-------------------------------------------------------------------------------------------------------------------------------------
Bitlocker?
The one with a 32 digit recovery key associated with each encrypted volume?
The one that's closed source?
Well......
That depends
Does a Bitlocker drive contain the same hidden GUID that Windows creates during a normal format command with Spyware Platform 10? (I never checked)
If so, the exact computer that created the Bitlocker drive might be identified
But then again, the 32 digit recovery key associated with every Bitlocker drive might do the same thing
In either case, you and your computer "might" be identified when using a Bitlocker drive, even if the encrypted volume contains no personally identifiable data of you or your computer
So, I don't see any benefit of using one backdoor encryption scheme over the other
Lets ask the experts!
Bullwinkle J Moose - Saturday, August 26, 2017 - link
"32 digit recovery key associated with every Bitlocker drive" ???????????----------------------------------------------------------------------------------------------------
Sorry, I mispoke!
Microsoft calls it a 32 digit KEY IDENTIFIER! (Not a recovery key)
It does not directly recover your data, but may in fact identify the correct key for .....
Pick an Agency, Any Agency!
Oglark - Sunday, August 27, 2017 - link
I have looked at the recovery key identification and there dows not seem to be an obvious comoiter identification. I suppose it could be a simple transform like SN + timestamp. I thought it was so you could identify which volume was encrypted.Bullwinkle J Moose - Sunday, August 27, 2017 - link
Oglark: " I thought it was so you could identify which volume was encrypted. "------------------------------------------------------------------------------------------------------
....and I thought it was to identify which computer encrypted the volume and to which decryption key is required to decrypt said volume
Lucky for us, we have EXPERTS here who can provide PROOF as to what is actually occuring
AHEM...........
I say, AHEM......
Hello
HELLO.....
Is this thing on?
jabber - Monday, August 28, 2017 - link
You guys do realise that in 99.999999999% of cases encryption is only about providing enough hindrance to the person who finds the USB stick on the bus or train so they go "oh its got a password! I'll just format it then!" So many of you think that encryption is there to prevent the full might of some advanced nation from stealing your oh so important data. It isn't. In most cases it's an ass covering exercise. It's very very unlikely anyone who gets hold of such a device will spend more than 10 seconds trying to hack or access it before wiping it and putting cat videos on it.BrokenCrayons - Monday, August 28, 2017 - link
I'd purr-sonally prefer the cat videos anyway.linuxgeex - Monday, August 28, 2017 - link
I'm glad I work on linux where full-disk encryption is free and easy (luks-crypt) and I don't have to waste space on my devices for some crappy opaque "security" software that most likely has backdoors in it mandated by [agency].linuxgeex - Monday, August 28, 2017 - link
bloody hell didn't mean to click reply lolBrokenCrayons - Tuesday, August 29, 2017 - link
Don't worry about it. Cat videos tend to overwhelm the mind which leads to mistakes such as these.linuxgeex - Monday, August 28, 2017 - link
I'm glad I work on linux where full-disk encryption is free and easy (luks-crypt) and I don't have to waste space on my devices for some crappy opaque "security" software that most likely has backdoors in it mandated by [agency].sfoppc - Tuesday, August 29, 2017 - link
How do these drives compare to the Aegis Secure Key 3.0?https://www.apricorn.com/aegis-secure-key-3
Bullwinkle J Moose - Tuesday, August 29, 2017 - link
sfoppc asks......"How do these drives compare to the Aegis Secure Key 3.0?"
----------------------------------------------------------------------------------
They seem compare very well with the Aegis
All overpriced with untrusted pseudo encryption
Just try getting a usable response as to why you should trust the Aegis encryption and you will see what I mean
darkfalz - Thursday, September 14, 2017 - link
I wonder why no one has come to market with a self encrypting drive that is unlocked via thumb print or pin. You plug it in and it shows 1 MB or something, until you use the thumbprint or code to unlock it, at which case it's a normal drive which requires no extra software.