A hardware encrypted USB is top shelf security.
These are specialised items you may seldom need or use.
There are two methods used for hardware encryption.
The DataTraveler Vault Privacy 3.0 and IronKey D300 need a computer based OS to run.
The DataTraveler 2000 and the Aegis Secure Key DO NOT.
I prefer, and use, this hardware for that reason.
Some USB drives utilize hardware encryption in which microchips within the USB drive provide automatic and transparent encryption. Some manufacturers offer drives that require a pin code to be entered into a physical keypad on the device before allowing access to the drive. The cost of these USB drives can be significant but is starting to fall due to this type of USB drive gaining popularity.
Hardware systems may offer additional features, such as the ability to automatically overwrite the contents of the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system since the encrypted data can simply be copied from the drive. However, this form of hardware security can result in data loss if activated accidentally by legitimate users and strong encryption algorithms essentially make such functionality redundant.
As the encryption keys used in hardware encryption are typically never stored in the computer’s memory, technically hardware solutions are less subject to “cold boot” attacks than software-based systems. In reality however, “cold boot” attacks pose little (if any) threat, assuming basic, rudimentary, security precautions are taken with software-based systems.
Kingston’s DataTraveler Vault Privacy 3.0 and IronKey D300 both offer out of the box hardware encryption. The Vault Privacy 3.0 uses 256-bit AES hardware encryption in XTS mode to achieve FIPS 197 certification. The IronKey D300 goes a step further and has physical resistance to data thieves with a zinc casing and has an epoxy fill that shows if any physical tampering attempts were made. Upgrades to physical defenses combined with the same 256-bit AES hardware encryption give the D300 its FIPS 140-2 Level 3 certification.
Unfortunately, it is not possible to use the D300 and DataTraveler with every device that a standard flash drive can be used with. You must have a device running Windows, Mac OS, or Linux. Plugging either of the drives into a device running Android, iOS, a proprietary OS, or no operating system will not work because the software on the CDFS partition cannot launch and therefore you cannot access or store any data on the drive.
Kingston DataTraveler 2000 USB 3.1
Kingston’s DataTraveler® 2000 is designed to be secure, with an alphanumeric keypad that locks the drive with a word or number combination, for easy-to-use PIN protection. Its auto-lock feature is activated when the drive is removed from a device, and it deletes the encryption key after 10 failed intrusion attempts. DT2000 features hardware-based, full-disk AES 256-bit data encryption in XTS mode. Encryption is performed on the drive, not on the host computer, and no trace of the PIN is left on the system. DataTraveler 2000 is OS independent and can be used on any device with a USB 2.0 or USB 3.1 Gen 1 (USB 3.0) port. It’s compatible with Windows®, Mac® OS, Linux, Chrome OS, Android (used in nearly half of the shipments of devices in today’s market), thin clients and embedded systems, and the drive requires no software or drivers. It’s FIPS 197 certified, to meet a frequently requested corporate IT requirement, and its durable design protects the drive from everyday elements such as water and dust.
Watch a full test review of the DataTraveler from YouTube below –
Apricorn Aegis Secure Key
With software-free operation, cross-platform compatibility, USB 3.0 and high capacities, Secure Key 3 brings a world of advanced data security to your fingertips. This USB 3 SSD drive incorporates PIN access with real time 256-bit AES XTS hardware encryption providing uncompromising security and ease of use. The Aegis Secure Key’s FIPS 140-2 Level 3 validation covers 11 areas of cryptographic security including physical security, cryptographic key management and design integrity. Using a rechargeable battery, the Aegis Secure Key enables the user to unlock the drive with a 7-16 digit PIN BEFORE connecting to the USB port on the host system. Since the PIN for the drive isn’t entered through the keyboard on a computer, key logger software isn’t able to steal the drives PIN. Secure Key 3 can be configured with independent User and Admin PINs, making it ideal for corporate and government deployment. If the User forgets their PIN, the Admin can then clear the forgotten User PIN and set up a new User Pin. The internal drive components are protected by a super tough epoxy compound. This barrier prevents a potential hacker from accessing the encryption circuitry and launching a variety of potential attacks. Aegis Secure Key further protects the data with a programmable “Brute Force Hack Defense Mechanism” which deletes the encryption key and destroys the data if the incorrect PIN is entered consecutive times. The Aegis Secure Key automatically locks once you unplug the drive from your computer’s USB port or when power to USB port is turned off so it can never accidently be left unlocked. Secure Key 3 has several new innovative features not seen on a drive like this before including read only mode, optional self-destruct PIN, unattended auto lock, and a drive reset feature that clears all PIN’s and destroys the data. Secure Key 3.0 also has a Lock Override Mode for booting an OS or passing through a virtual machine.