More like: Toshiba ReBrands NUMERIC KEYPAD crypto self-bricking USB drive
Toshiba has released a range of USB sticks boasting numeric keypads needed to unlock their encrypted contents. The keypad's there to add an extra layer of security to the drive by requiring a personal identification number (PIN) to be entered before the device will be useful when connected to a PC. Once users unplug their …
I suppose it could have been worse, as they could have used ECB, as a surprising number of "security" products still do.
The keypad is OS-independent, which is nice for Linux users, or Mac users tired of waiting for IronKey to update their unlocker app for the newest version of OS X.
It's nice they used a solid aluminium chassis for the drive. Boo for USB2. One of the great things about the IronKey S200 is that it uses SLC memory, which made it a very speedy drive (unlike the horrendously slow MLC IronKey D200). I wonder where the Toshiba fits, performance-wise.
Look at the http://www.apricorn.com/ site. This Toshiba rebranded one is the OLD version. There is a newer USB3.0 model that is much better. Not sure why no one did so much as a Google Image Search before writing this article but, like the device, it's been rebranded and reprinted by a few blog sites.
There are newer, better options than this. http://www.apricorn.com/
I think I'll stick to embedding powerful electromagnets in my door jamb, Cryptonomicon style...
(What do you mean magnets don't work on flash memory? OK, it probably won't work on regular drives either)
Let me quickly plug my Toshiba jiggery pokery numeric keypad uber secure USB into the only free USB port which is on the rear of my laptop..
Now, let me turn my not so nimble 17" laptop around and press the minute keys with my sausage fingers... so I can unlock the secure USB drive and share this cat video I downloaded...
Turn the laptop back around... pick everything up that fell over on my desk when the audio and HDMI cable played skittles with all the crap on my desk..
Let me rearrange my external USB drive to where it usually sits on my desk now that my laptop has done the "twist"..
There.. how convenient is that?
I would have thought that the advantage here is that the encryption / decryption is to be done on the device meaning that the machine it is attached to is not even aware that it is dealing with anything more complex than a normal usb drive, solves a whole range of problems with operating system compatibility since the operating system does not have to deal with the encryption used on the drive.
I wonder what the possibility of a device w/ the pin-pad that holds no data, but rather a USB port, a battery and encryption hardware.
I'm thinking it could act as a flow-trough port, and en/decrypt the data on the fly, using the pin and the device ID as the encryption key, or as the look-up to the key in a locally held table. Whatever size/type of drive you hook up to the thing, that's your storage; OS independent; could have versions with 1, 2, or 10 PIN options (5 users, each w/ 2 [regular and duress] PINs) to segregate the market.
The biggest benefit is that it doesn't use TrueCrypt...
Even if 7.1a was declared safe, the fact that there was a security flaw tells me that there might be another one hidden in there, waiting to rear its ugly head.
Besides, there's nothing stopping you from doubling up on security and installing TrueCrypt.
Over $100 difference between 4GB and 32GB?
I can understand the base price being higher than a standard USB flash drive, what with the keypad and more complex controller, but $105 for 24GB of flash? Usually the difference between a normal 4GB drive and a 32GB drive is something like £15 maximum.
I suppose there are a few environments where that's OK, but I hope that this feature can be disabled.
Imagine what happens if a baby or child gets hold of it. Or even a cat. Or if a piece of grit gets into one of the buttons.
If the PIN is eight or more digits, there's little practical reason to self-destruct. Chances of successfully entering enough random keys at one per second are too small to matter.
A requirement of FIPS 140-2 certification I believe.
Also, if you tell people to use an 8 digit pin I imagine the majority will use a date with a 4 digit year. If they pick one from the last 100 years that's only 36,525 ish combinations to try so it would be cracked in under a day.