datAshur PRO2 Encrypted Flash Drive
Frantically patting down your pockets and wondering where you left the USB with your work saved on isn’t an experience anyone wants. But it could be worse if the data on said flash drive is unsecured and open for a complete stranger to explore.
Encrypted flash drives aim to change this by letting you encrypt data conveniently using a keypad and without fiddling around with software.
The iStorage datAshur PRO2 Secure Encrypted Flash Drive is one of the newer offerings we like which comes packed with features.
Strong AES-XTS Encryption
The drive is equipped with AES-XTS 256-bit full disk hardware encryption, which meets the National Institute of Standards (NIST) FIPS PUB 197 standard. In short, this Advanced Encryption Standard (AES) would be extremely difficult for a thief to break.
For those interested, the AES was developed by cryptographers Joan Daemen and Vincent Rijmen, and has been adopted as the preferred encryption product by the US government due to its strength compared to other algorithms.
The standard uses a symmetric encryption algorithm, meaning that data is both encrypted and decrypted using a single key – generally referred to as a secret or private key. The larger this key value (measured in bits), the harder it becomes for an attacker to break the encryption algorithm and decrypt the data.
The AES-256 variant employs the largest 256-bit key size available for the algorithm, which some researchers have estimated could take billions of years for a supercomputer to successfully complete a “brute force” attack (i.e. attempt every possible key combination).
The XTS acronym stands for the catchily titled ‘XEX Tweakable Block Cipher with Cipher Text Stealing’ protection. All you really need to know is XTS was developed as a stronger alternative to earlier approaches to AES encryption, which could potentially be exploited by ‘side channel’ attacks – where a cryptographic process is broken by the information it leaks.
Easy PIN-enabled encryption process
The datAshur PRO2 automatically encrypts when you pull the drive out of a USB port, so your data will still be secure even if you leave somewhere in a hurry. You can quickly decrypt it by entering your PIN and pressing the key symbol.
A combination of red, green and blue LED indicators let you know whether the device is locked, unlocked or plugged into an active USB port respectively.
No additional software is required to manage the encryption process and the drive works with any operating system.
Multiple user PINs
A key benefit of this flash drive over older products we have reviewed is that it allows two pins to be set – one for an administrator and one for a normal user. In cases where particularly important data is being stored on the drive this provides a useful backup if the user password is forgotten.
Administrator access is also handy for office environment because it allows enforcement of good security practices by specifying a minimum length of PIN (7 – 15 characters) and special characters. Features like this probably helped the datAshur PRO2’s listing in the NATO Information Assurance Product Catalogue (NIAP), which approves products for military procurement.
Another neat feature is option for a self-destruct PIN. No, this doesn’t cause the drive to internally combust and emit a little puff of smoke, but when entered it will erase all user PINs and the encryption key – rendering any data unusable.
Hack Defense Mechanism
In the case of a datAshur PRO2 being lost or stolen, a ‘hacker defense mechanism’ guards against attempts by unauthorised individuals to guess the PIN and gain access.
If an incorrect user PIN is entered 10 times in a row, it will be deleted and an administrator will be needed to reset it. If on the other hand an incorrect administrator PIN is entered 10 times all PINs will be completely deleted – providing some reassurance if a lost flash drive is never found.
Some enterprise networks employ a protective approach known as ‘whitelisting’ – effectively a guest list for the network where only approved devices like USB sticks can be connected.
The datAshur PRO2 also supports whitelisting with minimal hassle using Vendor and Product IDs (VID / PID); unique codes designed to identify a USB to a Windows system. The VIDs / PIDs are identifiable using barcode.
In our experience most people leave encryption as an afterthought when backing up data. Encrypted flash drives provide a safety net for those who like to be prepared for the worst. The datAshur PRO2 packs a bundle of easy to use security features in a small package that makes encryption almost effortless.