To test the SafeStick, we copied across a 2GB file then duplicated it on the drive itself. We also used the open source utility TrueCrypt to create a 256-bit AES encrypted file space on a 16GB PNY Attaché USB Flash drive. We then performed the same copy and duplication operations. Both devices were hooked up directly to a MacBook Air's USB 2.0 port.
We repeated the tests this time using a folder containing 100 10MB files - 1GB in total.
2GB File Transfer
Time in Seconds (s)
Shorter bars are better
In each case, the SafeDisk proved much quicker than the combination of TrueCrypt and low-cost Flash drive. But then the latter is a lot cheaper. You pays your money, as they say.
100x 10MB File Transfer
Time in Seconds (s)
Shorter bars are better
And you do pay a lot of money for the SafeStick. A decent 16GB USB drive will set you back around £35 - or a lot less if you opt for a generic product, though it may be slow and contain poor-quality Flash chips - but we saw the 16GB Safestick advertised by a variety of online retailers for between £130 and £208. That's a hefty markup for a security chip.
Opt for the 32GB version and you're looking at shelling out £250-416, depending on who you buy it from. Shop around. At the other end of the scale, the 1GB SafeStick costs £35-44.
SafeStick also has the benefit of better physical protection, though that's likely to be more of a concern to BlockMaster's big-business customers - how many partners are going to saw into a Flash drive to see if their other half is stashing pr0n on it?
Verdict
The SafeStick has all the right credentials to satisfy folk obsessed with security and file-transfer performance. Data copies quickly, and it's locked down tightly, physically as well as digitally. But you can make your own version using free software for a fraction of the price, and with no appreciable reduction in data security. ®
More USB Storage Reviews...
Clickfree Traveler SSD |
Freecom ToughDrive Sport |
Samsung S1 Mini |
Freecom USBCard |
BlockMaster SafeStick hardware-encrypted USB drive
COMMENTS
CBC v's ECB mode
Mark 65 17th June 2009 02:59
You are of course right in that CBC mode AES128 is stronger than ECB mode AES256, obviously then the AES256 in CBC mode that SafeStick uses is much stronger than the AES128 bit in CBC mode that the product you mention uses ?
SafeStick also has a two factor authentication token, plus the ability to install ANY application onto the device that you wish, be it a hardened web browser, password manager etc etc
Just one more thing
Just one more thing, I like the idea that the Stick will wipe itself after a user defined amount of incorrect password attempts - if a thief put that in a cracking machine they have 20 attempts to get it right or their efforts were in vein.
my 2 cents
@ Pheet - the website says its FIPS 197 so it must have been certified to meet the fully published AES standard?
Whatever the standard, im sure given the horsepower, time and will, anything can be cracked. Surely an easier way to gain a password from a Bank or Government employee if you REALLY want the data is much simpler - should such people want access to your data bad enough, a threat of violence will do it.
Id rather Government departments, Banks, Corporates NOT stick CD's stuffed with data in the post or leave an unencrypted sticks / pda's / mobile phone's on a train for thieves to get my data, account details etc.. Surely enforcing seamless data encryption is a good thing?
I think some comments may be missing the point of this device as I see it - I dont see it as cheap, single user encryption device - of which there are loads to choose from - although not everyone is techie enough to understand what is good, bad, good value, false sense of security etc..
For the techies there are always other options - including the best one - not storing your data on removable devices anyways.
safe stick is useful to us because we can deploy and manage hundred of sticks from a single web console and KNOW they are all encrypted. Integration with backend AD accounts etc. means we can give sticks to employees, with a fixed password policy - and importantly they can be disabled / wiped / reset / de-activated if lost. Also surely stopping malware spread has to be a good thing for everyone?
We also use the stick to provide 2-factor authentication - it saves us a large fortune not having to deploy / replace additional hardware tokens.
@AC 17:27
"Ironkey by the way is only 128 bit AES !
Only goes up to 8GB in Storage"
1. If people are happy to access their bank accounts using only 128 bit then they shouldn't be too bothered about their other data. The enterprise version (NHS applicable) even comes with a two factor RSA token.
2. You should also read this publication regarding the "only 128 bit AES" as AES can be implemented in 5 different modes of operation. They chose the one that would allow them to use the shorter key without lessening the security, so that their CBC mode at 128 bit can be more secure than other's ECB mode at 256 bits when encrypting large blocks of data...
https://learn.ironkey.com/docs/whitepapers/ironkey-data-encryption-wp.pdf
3. It's a USB key, how much storage do you really need in this format? For anything more run a laptop with an encrypted drive/partition/data file or truecrypt portable on a USB hard drive. 8GB should be plenty.
4. It's also worth noting that as these devices destruct to protect data it would need to be securely backed up elsewhere and the large the device is the more of a pain in the arse that becomes. The USB drive with truecrypt file could be backed up on it's own but suffers the brute force issues.
AES on an 8051 without hardware assist?
I doubt that. This Intel microcontroller is donkey's years old and was slow even then. However as the host for some on-chip accelerator hardware that might work well.
People have commented about physical attack. But what is the real horse power requirement to break AES. Of course it's possible. But how long?
If your staff absolutely got to have to have a load of sensitve data on their PC right now I think TrueCrypt and proper password management will get a system in place faster and cheaper. This thing looks easy to walk off with or replace with a dummy.
But designing systems which *don't* need all that data on a laptop or USB drive in the first place would be better.
That takes intelligence and commitment (from management). Items in very short supply in the UK business and government communities.
