Comments on: Review: Corsair Padlock Thumb Drive — Protecting Your Data Today, Tomorrow, and Every Day In Between.

By: Review: Corsair Padlock Thumb Drive — Protecting Your Data Today, Tomorrow, and Every Day In Between. - Reviews of PDAs

Mon, 17 Mar 2008 00:40:58 +0000

[...] Read the whole article [...]

By: mpmarus

mpmarus — Sun, 16 Mar 2008 18:04:14 +0000

Yep, the price for a 2G is good.

But if you can beat that price locally on a plain vanilla thumb drive or don’t really need to add to your drive collection (blasphemy! ) or want a bit more security, hardware-wise, what’s wrong with this http://computers.pricegrabber.com/other/m/30749538/

My experience is that folks who do one thing well (like make good thumb drives) don’t necessarily have the expertise to do an add-on well (like secure hardware). Much better to buy from 2 separate vendors, each of whom knows their own business.

By: Doug Goldring

Doug Goldring — Sun, 16 Mar 2008 16:41:16 +0000

Arek, All excellent points.

Doogald, I don’t know. Under $20 for a 2GB drive is pretty inexpensive to me.

Doug

By: doogald

doogald — Sun, 16 Mar 2008 16:36:24 +0000

I agree with Arek. I’d say that you are far better off with a less expensive, “normal” thumb and then use Truecrypt to create a whole drive encryption virtual volume. There are Windows, OS X and Linux builds of Truecrypt these days, too, so you should be able to use it on any system that you own.

By: arek

arek — Sun, 16 Mar 2008 13:47:35 +0000

Quote:
—
I would have liked a failsafe mechanism included in the drive. Something which would erase and overwrite the disk if the case were forcibly opened. That would have made this drive completely secure.
—

I completly disagree.

If someone is clever enough to get around the keypad, they would be clever enough to get around the data overwriting system.

The second problem is that the fastest ‘performance’ usb sticks can write data at around 25MB/s. At this speed it would take 40 seconds to overwrite all the data on a 1GB drive. Over 2 minutes for the 4GB size.

The third problem is that inorder for the overwriting system to work, the USB stick would need power from somewhere. Let’s say a supercap, or a small rechargable battery. Both would run out of power eventually and render the system useless (altho it might take a few years for a good battery ) but the hacker no doubt would target the power source, and once its not operational, he can dismantle freely at will.

Finally, should you accidentally drop the drive, the system may activate, and well, you get to your top secret military meeting with an empty drive, instead of the shiny powerpoint presentation you typed up the previous night (whilst charging a month worth of consulting fees).

A better solution would be to encrypt the data on the flash memory using the password you specify. Arguably, an electrical engineer may desolder the ICs and with enough time figure out how to read the encryption key (key = password stored as a SHA256 hash or some such) but there are ways to stop this from happening. Also it raises the expertise needed to hack it from ‘kid with a screwdriver n some wire’ to ‘experienced electrical engineer with access to a lab’ level.. Anyone with enough knowledge and cash to do this has better things todo, and well the NSA could just use waterboarding as a polite way of asking you for the password anyway..