Chapter in this post:
- 1 test: USB sticks with AES encryption on the Mac under El Capitan
- 2 "Integral Crypto": Encrypt USB stick - unfortunately incompatible with OS X 10.10
- 3 Corsair: hardware-encrypted but unfortunately with a security leak
- 4 iStorage diskAshur SSD USB stick with hardware crypto and USB 3.0: Security has its price
- 5 Safe but expensive: 64 GB for 170 EUR
- 6 Conclusion: iStorage IS-FL-DA3 is THE crypto USB stick for encryption
I am often out and about with my MacBook and also have data on USB sticks with me that shouldn't necessarily fall into the hands of third parties. Customer data, personal data and sometimes logins are simply not for strangers. To make the whole thing a little more secure, today I saw how the data can be encrypted. I came across three methods that I would like to briefly introduce to you:
- Encryption by program on Mac / PC: You use a program that App runs on the Mac and encrypts and decrypts data. Disadvantage: You have to edit every file with it and the app also has to be installed on other computers. The method works best if you always use the stick on your own computers. If you get to someone else's Macs or PCs, you would first have to install the program, which of course is hardly feasible in practice. In addition, this article is specifically about encrypted USB sticks and not about programs like TrueCrypt or similar, with which you can encrypt anything.
- USB stick with software encryption: A program is already installed on the USB stick that you can start. There you enter the password and the program then decrypts a second partition on the USB stick, on which the actual data is then located. The advantage: You don't have to install any software on other computers to start the decryption. Disadvantage: You have to start an app, which still (rightly) demands a high level of trust for many people. In many companies this is not allowed and you can then not show or copy the data to customers.
- USB stick with hardware encryption: With this – in my opinion the safest and best – variant, the USB stick has a small keyboard or a number field, which you can use to enter the code for unlocking by hand (really manually!). This has several advantages: On the one hand, you are platform-independent, because after unlocking, the USB stick is a completely "normal" stick for the computer. So it works on Mac with El Capitan and older versions as well as on Windows PC with XP, Vista, Windows 8.1, Windows 10, Linux and Android. On the other hand, unauthorized decryption is much more complex, since you cannot simply edit a file with a brute force program. Here you really have to enter the code by hand - and after 10 attempts it's usually over and the data is deleted.
Test: USB sticks with AES encryption on the Mac under El Capitan
There are some providers who offer USB sticks with encryption in the broadest sense. AES-256bit encryption is standard for all, but not all of them are safe and practical. I would like to introduce you to a few products here and give my opinion on them right away.
Small spoiler: The last product is the best - and from my point of view the only one that is useful for Mac users who are using the current macOS or OS X.
"Integral Crypto": Encrypt USB stick - unfortunately incompatible with OS X 10.10
A USB memory that works with software encryption, in which two partitions become visible on the Mac with the stick, is "Integral" with the "Crypto USB stick". Here's a kind of Mac app on one volume that needs to be launched (with a password input) to decrypt the data on the second volume. So far this worked quite well with OS X Yosemite (10.9), but unfortunately no longer works since OS X El Capitan (10.10). You can do this here or here read up. So the USB sticks from Integral unfortunately fall flat for me - even though they otherwise have good ratings and with a 256 bit AES encryption and thus also one FIPS 197 certification can wait. So bye bye "Integral Crypto USB stick". :(
Corsair: hardware-encrypted but unfortunately with a security leak
The manufacturer "Corsair" offers with the Pad lock 2 a "secure USB stick" that also comes with hardware encryption and advertises 256-bit encryption. Unfortunately, there seems to be a trick to the stick that allows you to access the data even without the correct password. This can be here at Heise.de ...
The fact that even with the older model "Padlock 1" the security "was dropped" because the user was asked for a password, but stupidly saved the data in plain text on the stick, does not inspire confidence in the whole thing. So here too: Bye Bye!
iStorage diskAshur SSD USB stick with hardware crypto and USB 3.0: Security has its price
The last – and best – product I would like to introduce to you is the “iStorage diskAshur SSD” AES 256bit encrypted USB stick – the latest model from iStorage with USB 3.0. Like the Padlock mentioned above, this also has a keyboard on the stick and is recognized by the Mac or PC as a normal USB stick if you have unlocked it manually before inserting it. This gives you a lot of flexibility in terms of compatibility, and the Crypto USB stick from iStorage will not only run on El Capitan (yes, it runs there!) but also on OS X 10.11 (or should I say macOS 10.11). But of course the stick runs not only under OS X but just as well under Windows, Linux and even with Android systems (with the right OTG USB adapterif you want to use a smartphone).
The password can be selected on an alphanumeric keyboard and must use a minimum of 6 to a maximum of 16 characters. A little tip: the longer, the harder it is to crack! Brute force attacks won't get you very far with the iStorage Stick: After 10 unsuccessful attempts, the data on the stick will be deleted. This offers a high level of security if you lose the stick. The encryption is also very good: "256 bit, FIPS 140-2 level 3, CESG CPA Foundation Grade & NLNCSA" - what more do you want. FIPS 140-2 Level 3 even checks if someone wanted to gain physical access to the encryption module - pretty cunning.
Another nice feature is that Assignment of an administrator password. This is useful if you use several such sticks in a company and the admin would like to assign new passwords for new employees. Or if an employee has changed and forgotten their password. There is also one Read-only mode, which prevents accidental overwriting of data and a time lock, which "closes" the stick again after a set time.
And finally, the processing is also top notch: with an aluminum housing, despite the iStorage stick, it is also rough treatment and is also built dust and waterproof, so that you can also let yourself be seen on the Lost Beach or in the Amazon jungle - or even in my pocket, which is just as dangerous for electronic devices. ;)
Attentive readers will now ask what happens when the battery in the USB stick is empty ... are all data then lost? No, Don `t worry! The battery recharges itself in a few minutes when you plug the stick into the computer's USB port. Then you pull the stick out again and you can unlock it using the keyboard. So here too: well thought out!
Safe but expensive: 64 GB for 170 EUR
However, there is one downer: the iStorage stick with USB 3.0 is quite expensive compared to normal USB sticks. If you want to save a bit, you can the old model "IS-FL-DA-256-4" with 4GB for just under 60 EUR to buy. However, you have to expect slow data rates (3,5 MB / s write and 10 MB / s read) and do without the read-only feature.
The new model "IS-FL-DA3-256-8“ with USB 3.0 there is only a minimum of 8 GB (and a maximum of 64 GB) and is for just under 100 EUR on Amazon to have. But you also get data rates of approx. 40 MB / s for writing and approx. 100 MB / s for reading.
So that you can see that I'm not the only one enthusiastic about this thing, here are a few quotes from customers (source: Amazon):
"This new model with USB 3.0 also works great. A backup with a size of 1 GB is also quick and easy. And the new READ-ONLY mode is great because it gives me the assurance that the data will not be accidentally deleted. So the device has my full recommendation!"
“We have several of these 32GB sticks in (rough) daily use. So far there have been no compatibility problems (sticks are recognized as USB sticks everywhere) or other difficulties. The lettering on the cap wears off relatively quickly, but all sticks do their job well.” (Note: the review was for the old USB 2.0 model – the new one is even better!)
"The stick was delivered on time and can be used both under Windows and Mac OS, ie data that has been loaded onto the stick from a Windows computer can be opened and edited on a Mac and vice versa. This is important for everyone who works with different operating systems at home and in the office. When researching to find such a stick, you repeatedly come across offers that do not express that clearly, which has already led to previous bad purchases with me. […] As a USB 3.0 stick, it is very fast, the encryption of even larger files is not noticeable over time."
Conclusion: iStorage IS-FL-DA3 is THE crypto USB stick for encryption
I hope I was able to shed some light on the encrypted USB stick. In principle, only the sticks from iStorage are really recommended. And if you still want to have the luxury class here, you can avoid the model series "IS-FL-DA3“ not around. I got the smallest variant because I don't store large amounts of data, but with capacities of up to 64 GB, films, photos and other media can also be safely stored.
Despite all security, I would not recommend an encrypted USB stick as "primary storage". For example, if someone comes up with the idea of trying out a few password combinations, all data is quickly and irretrievably deleted. For this reason, the crypto USB stick should only be used as a secondary storage device or transport storage device - to be on the safe side! ;-)
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.