Here are the things you need to know about this flash drive:
- To use it, no software or drivers are required, and it can be used with a myriad of OSes and platforms, including Windows, Mac, Linux, Citrix, Android, Symbian, thin clients and embedded systems
- Data transferred to the device is encrypted in real-time
- The files are protected by a PIN of your choosing, which can be a string of up to 15 numbers. If the device gets lost or stolen, anyone who tries to access the contents will have to guess the PIN within 10 tries, as after that the device automatically zeroes all cryptographic parameters (resets itself), deletes the User and Admin PINs, and the data on the device. A new User PIN must be then defined, which will cause a new encryption key to be generated.
- The drive can have a User PIN and an Administrator PIN. Ordinary users can stick to using just one, but in a corporate environment, administrators setting a PIN of their own can come in handy if employees forget the User PIN.
- The drive locks itself automatically after being unplugged from a device.
- The files on it are encrypted with military grade full-disk AES 256-bit CBC hardware encryption, and crypto-parameters are protected with SHA-256 hashing. Keyloggers can't record the PINs, as they are not entered in the computer keyboard, but in the keyboard of the drive.
- The built-in battery that allows the hardware locking and unlocking is rechargeable. It will automatically charge each time it's connected to a USB port.
My personal experience
The iStorage datAshur Personal is a small drive that easily fits in a pocket or can be attached to a keyring. The casing is plastic, but looks and feels very sturdy. The keyboard produces audible clicks each time a key is pressed, so you are sure that you have, indeed, pressed down hard enough.
The drive's packaging comes with a small cheat sheet that will tell you how to unlock the drive and change the User PIN. I think it's great that in it the company advises that the factory default PIN be changed immediately for security purposes.
It's also good that the PIN cannot be changed to a very predictable number - consecutive or repetitive numbers will not do, and the drive will not accept PINs that look like "1234567", "7654321" or "1111111". PINs partially consisting of consecutive or repetitive numbers will be accepted (for example "1111116").
Once unlocked, the drive needs to be connected to a device within 30 seconds, before it locks itself again. From then on, it is used as any flash drive: drag and drop files in it and from it.
Be prepared for the fact that it takes a considerable time to move big files. For example, it will take some 24 minutes to move a 2.2GB file to the drive, and around 4 to 5 minutes to download the file from it.
The drive initially contains a 28-page-long user manual that explains all the steps you need to take to configure and change the two PINs, how to unlock and lock the drive, enable and disable write protect - read only mode, hot to reset the drive and configure it again.
I must admit that the contents of the manual looked daunting at first glance and, ultimately, I found the FAQ section at the end of it easier to understand. But fortunately, the drive is actually very easy to use.
An admin handing a drive to an employee will have no trouble explaining how to lock and unlock it, and the employee should have no problem learning the unlocking process, as it goes like this: press the key button, enter the PIN, press the key button again, plug in the drive.
Locking the drive is even easier - you just have to unplug it.
Finally, there is one thing that you should keep in mind: if you forget your PIN, the manufacturer cannot retrieve it for you, or the data on the drive, as there are no back doors.
You can try guessing the PIN, but know that after 10 unsuccessful tries, you can kiss the data on the drive goodbye forever.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.