Mike Elgan: Why I'm done with portable hard drives
I've owned six portable USB hard drives over the past 10 years, and all six of them have failed unrecoverably. [read more]
March 3, 2008 (Computerworld) USB flash drives are very small, very portable, very convenient -- and very easy to lose. In fact, the question to ask these days isn't how to avoid losing your flash drive, but how to make sure your data is safe when you do. As a result, Computerworld decided it was time to look at seven USB flash drives that are outfitted with security features to keep your data safe.
We did what most IT managers and users would do and asked some of the top vendors for their most secure USB flash drives. All but one of these products use some form of the Advanced Encryption Standard (AES) encryption, either 128-bit or 256-bit (according to experts, there's not much of a difference between 128-bit and 256-bit levels of AES encryption for ordinary purposes, as neither has yet been broken).
There was some variation in the implementation of the encryption on these drives -- some use AES keys derived from a user's password, while others use encryption keys generated by a hardware-based random number generator. (For more information, see our sidebar About Encryption.)
Our three reviewers -- Bill O'Brien, Rich Ericson and Lucas Mearian -- did not test the encryption algorithms themselves (that's a subject for another article), but did test the drives' performance, I/O rates, and CPU utilization. The reviewers also looked at the drives' security features, price, ease of installation, and ease of use.
Each device was tested for speed using Simpli Software's Hd Tach 3.0. Interestingly, the reviewers came up with a wider range of performance numbers than anyone actually expected.
In fact, this turned out to be a very diverse group of drives with features ranging from secure and unsecure data partitioning, to waterproof, stainless-steel cases, to support for passwords of up to 99 characters. In every instance, there are different levels of ingenuity that went into the creation of these handy, very mobile devices, even if the level of protection varies.
This is by no means the definitive list of all the drives available -- only some from the largest vendors and the most highly advertised. There are many types of secure USB drives out there, including those using fingerprint scanning technology (we'll visit those in a later review).
In choosing a secure USB flash drive, you may have to first decide the relative importance of security, price, and speed, and compromise among those three factors. But in the end, we found that one drive stands out above the others.
AES is the successor to the older DES (Data Encryption Standard) and is used by the U.S. government for encrypting secret-level and top-secret-level documents, using the 128-bit and 256-bit strengths respectively.
But it's not enough to offer AES encryption; much depends on how the encryption is deployed. In part, that's because users don't always want to use passwords as long as needed for effective key generation. If a user chooses a password with fewer characters than would make a 128-bit or 256-bit key (one character = 8 bits, so we're talking about passwords of 16 or 32 characters, respectively), the remaining characters often automatically become zeros. That means that the password can more easily be guessed, according to Charles Kolodgy, research director for secure content and threat management products at IDC.
Kolodgy recommends a passphrase versus a password. "The first step is to take care of 90% of the users out there," Kolodgy says. After that, the best solution is to have a random password character generator on the drive.
Some vendors claim there are differences between software-based and hardware-based encryption; according to Kolodgy, that's not hype. In software-based encryption, the keys are placed in the device's memory, so a hacker will know where to look for the keys by their unique format and can target those keys for a brute-force attack, Kolodgy says. In hardware-based encryption, the key never leaves the hardware device, thus you can't access them by simply looking at the device's memory.
But there's only so much due diligence you can do on this front. In the end, there is no way to tell whether a vendor's security is foolproof "apart from a $50,000 or $100,000 engineering effort," says security technologist and author Bruce Schneier in his essay on password security.
As an IT manager, you may even be best off rolling your own. Schneier says he generally purchases inexpensive drives and then encrypts the data on them using PGPDisk encryption software, but you will need to have PGP's Desktop product installed on your computer.
The Corsair Flash Padlock is a horse of a different color from the encrypted drives in this roundup. This device is the same conceptually as the gear that kept your high school locker free from prying eyes -- a combination lock. It's strictly physical security, no encryption.
The Padlock looks like a traditional flash drive with a pull-off cap, except for the numeric keypad down the front. The keypad consists of five numbered buttons, while a sixth has a "key" icon. It's your entry point to accessing the security features of the drive.
As shipped, the Padlock is unlocked and can be used as a standard flash device. If you want to protect your data, you'll need to follow the instructions in the 17-page user manual (it's in six languages).
Setting up the drive involves pressing the key button, entering your selected PIN through the keypad, pressing the key button again, re-entering your PIN, followed by pressing the key button one last time. It's redundant grunt work with a few five-second time limits to make things tricky. Corsair recommends at least four digits, but the drive allows up to a 10-digit PIN.
After you've done that, you have 15 seconds to plug in the drive or it will automatically lock. However, if that happens, you'll just need to re-enter your PIN again to unlock it. If you don't unlock the drive, your computer won't recognize it at all, for anything. There's no need to lock the padlock once you remove it from your PC. It will do that itself after a few seconds.
What happens if you forget your PIN? If you register your PIN at Corsair's site you can retrieve it from there. If you didn't -- well, the Padlock is relatively inexpensive, so you can probably afford to buy another, since the one you have is now useless.
You can also change your PIN or totally unlock the drive if you no longer have a need for its security.
Because the Corsair depends on a hardware lock, I thought I'd try to get to the data without using the combination. Getting at the drive wasn't terribly hard -- the drive case has a single screw on the bottom for battery replacement, which, when removed, allowed us to open the case after a little prying to separate the glue. First I tried removing and replacing the battery. The device did not reset itself during this process.
I found the 1GB model on PriceGrabber for $27-$39.
The key feature of the Corsair Flash Padlock is the lack of any software whatsoever. That means there is no AES encryption, but it also means the Padlock is compatible with Vista, XP, older versions of Windows, Linux, and yes, even Mac OS X. If you don't want or need the cross-platform versatility, or aren't comfortable with a keypad and a drop of glue standing between your data and the outside world, select one of the faster and more secure drives in our roundup. --Bill O'Brien
In a world of push and slide or pop-off flash drive ends, Corsair may have inadvertently developed the perfect security feature for its Survivor GT. The aluminum barrel is capped by two seemingly immutable ends -- immune to pushing, sliding or yanking.
So how does the Survivor GT connect to your PC's USB port? The drive actually screws in and out of a protective barrel.
The setup is fairly easy if you follow along with the Beginner's Tutorial. It will walk you through all of the steps needed to setup a TrueCrypt "container," which is simply a secure area of storage on the flash drive that you can make either visible or invisible to prying eyes. (Just don't select an existing volume or folder name. It doesn't become encrypted; it gets erased if you do.)
Encryption options come next, including your selection of available hash algorithms. If you're not up to speed on those things, the pre-chosen defaults are plenty secure for the average potentially careless owner. The onerous password selection assails you immediately thereafter and, the more closely you follow TrueCrypt's recommendations, the more secure your data will be.
The software has a 93-page electronic user manual, recommends a 20+ character password (to a maximum of 64) that includes non-alpha or numeric characters, and has a paragraph on "Plausible Deniability" that begins, "In case an adversary forces you to reveal your password," and then goes on to describe that TrueCrypt leaves no visible fingerprint on your drive or files to indicate protected data exists, so you can disavow that there is any. It all works in the long run, but in most cases, the user won't be a member of the Special Forces carrying covert ops information (see "Civil liberties groups sue feds to get info on laptop searches by border agents").
The Survivor is available in 4GB through 32GB versions in two models: the plain old Survivor and the GT iteration that Corsair describes as providing "fast data transfer using performance IC-paired memory and controllers." In all honesty, it's relatively fast at 25.1MB/sec. burst and 23.6MB/sec. for average read (according to Hd Tach), but Corsair's older Voyager GT is noticeably faster.
Corsair Survivor's TrueCrypt software makes the drive only compatible with Windows Vista, XP, and 2000.
Pricing for the Corsair Survivor on PriceGrabber ranges from $30 for a 4GB model to $108 for a 16GB model.
While this drive's security features can be difficult to follow at times, is true to its name: Survivor. It's much larger than the other drives, but it's priced very reasonably by comparison and offers capacities well above the other drives tested. --Bill O'Brien
The Pivot Plus Flash Drive is not actually made by Imation; it's manufactured for the company by a firm that Imation won't disclose. But I really like several features about this simple drive.
For one, I like its form factor: It's small but not too small, and it opens on a pivoting arm from a sheath that protects the USB plug, so there's no cap to lose (I always lose my USB stick caps). I also like that everything you download to this drive is automatically encrypted -- period. There's only one partition for storage and it's secure, so human error can't be a factor in exposing data.
Because of the simple physical makeup of this drive, I expected my experience would be describable in a word: easy. Alas, it wasn't.
Immediately after plugging in the Pivot Plus Flash Drive, I was slapped with a rather inscrutable message stating "No Imation Pivot Plus Flash Drive found. Pivot Plus Login Application will now terminate." I called Imation and the company explained that the security feature on the drive requires two drive letters be assigned to the device. The first drive letter is automatically assigned to a read-only, preformatted partition of the drive that has no usable capacity assigned it; the second drive letter is assigned to the flash drive's main read/write partition.
My PC assigned the letter "E" to the security portion of the drive, but then it couldn't assign the next available drive letter ("F") to the device because it was already assigned as my network share. Imation called this a bug in Microsoft Windows XP, saying that it will occur with any drive that uses similar security features.
There are two ways to address this glitch. The work-around involves remapping your network drive to another letter to free up the F drive for the local volume, or assigning a new drive to the USB flash drive. The alternative is to download a patch from Microsoft, a description of which is in this Microsoft knowledge base article.
I tried the patch, which is inconveniently not in any monthly Microsoft updates. You'll have to submit a request to Microsoft Online Customer Services to obtain the hot fix. Mine arrived later that day. Unfortunately, the patch didn't work, so I switched to plan B and went into my PC's Disk Manager File and changed the drive assigned to the flash drive. Onward and upward.
The first thing the drive log-in application asks is for a password and password hint. There is a minimum of seven characters that must include both alpha and numeric characters. Once you've created a password, a separate box allows you to continue the start-up in standard mode or switch to corporate mode. Corporate mode allows users to create an Administrator override password that can be used to access the drive in case they forget their password.
The start-up menu then asks for a password to log onto the Imation Encryption Manager Plus application. Once you do that, you're in, and all but 455KB of space is available to you.
Like most of the other drives tested for this series of articles, Imation's Pivot Plug USB stick uses 256-bit AES, hardware-based encryption in ECB mode. It features a single password-protected partition that does not allow storage of unencrypted content. And, after seven failed password attempts, the flash drive requires reformatting for use, a feature to protect against brute force security attacks. The hardware-based encryption software also leaves no footprint on whatever host computer you're using.
One feature I liked about this drive is a physical write-protection switch on the outside of the case. It works in the same way that the switches on the old floppy disks did -- push them one way, and you can write onto the drive; push them the other, and you can't. As a result, you can change your drive to read-only mode so that the files can't be overwritten accidentally.
It took 5 minutes and 20 seconds to copy a 1GB folder with 303 photos and/or video to the drive. An I/O test using Hd Tach showed a 16.1MB/sec. average read speed and a burst rate of 16.7MB/sec. The random access speed was .9 milliseconds -- pretty middle of the road. All in all, I wasn't impressed with the drive's speed, but on the plus side, the CPU utilization was a frugal 8%.
The Pivot Plus Drive is compatible with Windows ME, 2000, XP, Vista and Apple Mac OS 9.0 and above. The Pivot Flash Drive is also compatible with Windows Vista ReadyBoost technology, which is supposed to allow you to add memory to a system through the flash drive in order to improve performance. Computerworld, however, saw little benefit from its use (see "Vista's ReadyBoost flash drives lack significant boost").
Pricing for the Imation Pivot Plus on PriceGrabber ranged from $41 for a 1GB model to $191 for an 8GB model.
While the Pivot Plus doesn't offer the best security of the drives tested, it's a good drive with better than average security. I'd recommend this drive to the average user because of its handy ergonomic design and relative ease of use. -- Lucas Mearian
IronKey compares its Secure Flash Drive to an iPod, saying it's a hardware, software and online service all rolled into one product. I don't know about the iPod comparison, but from a security standpoint, this flash drive is impressive. The IronKey Cryptochip uses government-approved AES, CBC-mode, 128-bit encryption at the hardware level.
I tested the 4GB model. The drive comes in a sleek, stainless-steel, waterproof case that feels sturdy and quite heavy compared to other USB drives we've tested. The case has been injected with an epoxy compound that blankets the inner workings and keeps them dry and shock-resistant. Security-wise, what we liked right off the bat about this model is that the case would be extremely difficult to pry open without destroying what's inside. There is only a single seam along the drive's tightly-fitted, metal backing.
To use the IronKey flash drive, you need to activate an online account. This is a necessary step to enable certain services -- such as online password backup, device and software updates and to access IronKey's encrypted Web-surfing service, which uses Mozilla's Firefox.
Besides creating an online username and password, you'll be asked to supply answers to three supplemental authentication questions that will verify your identity in case you ever lose your username or password. Failing to answer the questions accurately will lock you out of your account permanently.
After filling out your supplemental authentication questionnaire, IronKey then asks you to choose a photo from a group of antiphishing/antipharming protection images so that every time you log into your online account, the images appear and you can be assured it's IronKey and not a counterfeit site. But you're not done yet. Now you must also create a security phrase consisting of letters and numbers, which will also be used to authenticate your identity when you log into the site.
Finally (and believe us, I was happy to know this was the last step), the company e-mails you an activation code that you must enter in a window to complete your online setup. The company does allow you to change personal security information at any time by accessing account settings. IronKey states that no malware can disable the drive's security features as it employs two-factor authentication, requiring the key in addition to your password to access the content.
After the initial setup, each time you plug in your IronKey drive, a menu will appear offering you the option to back up and encrypt files, manage your passwords and online account, change settings or access a FAQ page. One feature that I like about this menu is an option to leave the USB drive in the port, but also to relock the device so that if you walk away from your computer, no one walking by will have access to the device and the data stored on it.
IronKey automatically backs up your online passwords as you use them and offers secure data backup both locally and remotely, so that if you lose the physical drive, you can buy another drive and download your data via the online backup service.
If someone does happen to gain access to your flash drive and they fail to type in the correct password more than 10 times, IronKey will self-destruct, permanently locking out users and wiping out all the data on the drive. (See white paper and data sheet on the IronKey drive.)
From a speed standpoint, IronKey is well above average for the drives tested. According to the company, its 4GB model is faster than the 1GB. The 4GB model that I tested is supposed to have a 18MB/sec. write and 25MB/sec. read rate. It took me 4 minutes and 15 seconds to back up 251 files in 29 folders that contained mostly photos and a half-dozen videos representing 1GB of data.
Hd Tach tests showed speeds well above IronKey's literature: 31MB/sec. burst speed, an average read rate of 29.6MB/sec., and a 6-millisecond random access rate. The CPU utilization rate was vastly higher than any other drive we tested, at 22%.
A 4GB IronKey Secure Flash Drive lists for $149. Prices on Pricegrabber.com ranged from $71.50 for the 1GB model to $149 for the 4GB drive.
IronKey states that the prices reflect the use of longer-lasting single-level cell (SLC) NAND memory, as opposed to multilevel cell (MLC) memory of other drives we tested. Although MLC memory increases data density by storing 2 bits per memory cell versus one in SLC, it also decreases the life expectancy of the device. SLC memory lasts about 100,000 write cycles and MLC memory lasts about 10,000 writes.
I became quite fond of the IronKey drive. The automated password feature was nice when Web browsing and I found the interface intuitive and easy to use. I'm not fond of IronKey's removable cap, as removable caps in general tend to go missing rather quickly, but otherwise, this is a fast, easy to use, very secure drive. -- Lucas Mearian
Kingston Technology's DataTraveler Secure -- Privacy Edition (DTSP) flash drive can hold up to 8GB securely using 256-bit AES hardware-based encryption. Kingston refused to say what encryption mode the device runs in, citing that it was proprietary information.
This device is chunkier than most tested, but if you like a more substantial feel to a USB flash drive, this may be the one for you. It comes without fancy colors, just a serious-looking, gray-colored casing.
I plugged the USB 2.0 device into my test laptop, and Windows XP recognized and added two drives: the "E" drive contained a preformatted 6MB read-only partition with the security software (DTSP Launcher, along with the DTSP system files) and an "F" drive with no space available.
I had to run the installation program for the security software manually (the user guide says that autolaunching sometimes fails).
In contrast, the Privacy Edition requires all data on the drive be encrypted and a password must be from six to 16 characters long and contain at least one uppercase letter, one lowercase letter, and one digit or special character (though there is no list of what special characters are acceptable). The password will be used to access all the files on the F drive and can be easily changed later if you wish.
The password screen also asks for a "hint" to remind you of the password. I entered the same text as the password itself (Backup1), but the software protested, saying "The hint you entered is too similar to the password." It did not object, however, when I inserted a space before the digit (e.g., Backup 1).
After installation, the F drive appeared in Windows Explorer with the name KINGSTON and with 7.58GB available. An icon is also added to the System Tray for accessing the drive and utilities (described below).
On subsequent boot-ups of my test system, the password prompt window automatically appeared when I inserted the drive into a USB slot. If it doesn't, you can run a program on the read-only partition (our E drive) to launch it manually. I never had to do that.
When you're done using the drive, click the Kingston icon in the System Tray and choose the "Shut Down" option to safely prepare the drive for removal. As with any USB device, you can also simply remove it (we never experienced data loss), though it's not the recommended technique.
If your drive is lost or stolen, you're protected: The person trying to access your files will have to enter your password. After 10 unsuccessful attempts (the default), the drive can no longer be accessed without formatting the drive, which will destroy all your data. (From the System Tray icon, you can also format the drive on demand, though you'll need the password if you're using Windows XP/2000 as a non-administrative user or Windows Vista with any user rights to complete the format.) Note that there is no provision to add a separate password to individual files -- just to the drive partition as a whole.
Copying a 1GB MPEG video file from my hard drive to the DTSecure Privacy took 98 seconds. Playback takes a little longer to begin; when I launched a 1.2GB MPEG file from the hard drive, it started running in Windows Media Player 11 after 45 seconds. When I double-clicked on the same file I'd copied to the DTSecure Privacy drive, playback started after 62 seconds.
The device works with Windows 2000 (SP3 and above), XP (SP1 and above) and Vista. To avoid drive-letter assignment, users without admin rights should have two available drive letters between physical drives and network shares.
The 8GB DataTraveler Secure -- Privacy Edition retails for $327 direct from Kingston. Ie found lower-capacity models on PriceGrabber for anywhere from $60 for a 512MB model to $150 for an 4GB model.
If you need to work with data on the go and want to make sure it's protected, the security software's password prompt is as simple as it gets, so you don't have to jump through hoops to get to your data. For professional or consumer alike, Kingston's DTSecure Privacy is a smart choice. -- Rich Ericson
When it comes to securing data on a flash drive, ease of use can be nearly as important as, say, encryption -- if the security features are too hard to use, you won't bother to use them. As a result, despite offering three different ways to protect your data, the Lexar JumpDrive Secure II Plus gets no stars because of its poor user interface.
The 1GB model I tested actually only comes with 922MB free, because it needs 80MB for its utility software -- not a huge factor when purchasing larger capacity models.
If you want to protect a large group of files, you'll want to create a "vault." Vaults are folders you define on the drive itself. You give the vault a name and specify a password (from eight to 32 characters using any combination of letters, numbers and characters).
As you enter your password, a graphic shows the strength of your password as it moves from red (weak) to green (strong); the longer your password, and the more varied the characters (uppercase, lowercase, numbers), the better.
After establishing your password, you enter a hint (the only restriction we found was that the hint can't be exactly the same as the password itself) and choose a drive letter to assign to your vault. The Secure II software creates a folder on the Lexar drive and assigns that folder the drive letter you selected (we chose "F" since the drive itself was "E").
The drive comes with a meter that fills with 10 black dots, one for each tenth of total space used. The meter is visible even after you remove the drive or power down your system. Vaults, however, throw the meter a curve ball; they immediately register the entire vault as used space, even if you haven't stored a single file in the vault.
There are other problems with vaults. For example, you can't resize them, and when it comes to deleting vaults, the help file tells you to simply delete the vault using a file manager. I suspect that many users will try to delete the drive letter to which they've assigned the vault, which won't work. (You must go to the original drive -- E in my case -- and find the Vaults folder, then find the name of your vault and delete it there.)
To protect data you no longer need, you can shred it. The Shred command from the Dashboard opens a small window in which you can choose to shred in the Recycle Bin or shred your free space or individual files (as long as they're not in a vault). The file shredding utility simply writes over a file after it's been deleted.
Encrypting individual files, the third protection option, is far more tedious. You open the Dashboard, choose File Encryption, click the Encrypt Files tab, either click the Add button to navigate to the file you want to encrypt or drag a file from a list (such as Windows Explorer), click the Encrypt button, enter the password you want to assign, then wait a few seconds for the file to be encrypted. Secure II adds an LRS extension to the file name, and your file manager changes the icon to help you recognize it as an encrypted file. Unencrypting the file the same process in reverse.
If you want double protection, you can individually encrypt a file in a vault.
Unfortunately, Secure II doesn't hitch itself to the operating system. If you want to quickly shred an individual file, for example, you can't simply right-click it from a file list in Windows Explorer or a Windows application and choose a Shred option.
It's also a hassle to decrypt a file from within an application. For instance, if you're working in Word, you can't use the File/Open command, right-click an .LRS file, decrypt it, then open the just-decrypted file and begin editing. Instead, you have to start at the Dashboard, choose the File Encryption option -- you get the idea. After doing this a few times, the process becomes frustratingly tedious.
Playback of the video file took six seconds when launched from my hard drive -- the unencrypted E drive -- and seven seconds when launched from the vault.
The JumpDrive Secure II Plus comes in 512MB, 1GB, 2GB, 4GB and 8GB versions and is compatible with Windows XP and Vista.
Pricing for the Lexar JumpDrive Secure II Plus on PriceGrabber ranged from $15.48 for a 1GB model to $72.06 for an 8GB model.
So-so performance and overly complicated processes don't make me jump for (storage) joy with the Lexar JumpDrive. -- Rich Ericson
SanDisk's Cruzer Professional has what appear to be some highly secure features and a simple-to-use format. As do many products in its class, the Cruzer Professional uses a 256-bit AES, hardware-based encoding. The encryption algorithm uses the Electronic CodeBook (ECB) mode (which security expert Bruce Schneier says is not as secure as the Cipher Block Chaining (CBC) mode). The National Security Agency has approved the 256-bit AES algorithm for top-secret use (CBC or ECB) -- so it's better than an old cigar box sealed with blue masking tape, provided you actually use it.
The Cruzer Professional sports a conventional design -- very professional looking with dark gray colors and a sleek case that feels like it has a bit of a sprayed rubber coating. There's even a pocket clip to remind you that it shouldn't be left unattended on a car seat or desk.
Also, the Enterprise model (see picture) can be deployed to employees across a company and centrally managed through SanDisk's Central Management and Control (CMC) server software. Cruzer Enterprise CMC supports password recovery and renewal through the network, remote termination of lost drives, central backup and restore, as well as central usage tracking and auditing.
The Cruzer Professional's Privacy Zone is explained in a 16-page electronic user manual that walks you through the steps of setting it up. The user interface for that operation is part graphical and part text-driven, and takes only a few minutes at the most. There's no suggestion of a long and complex password, but do keep in mind that the better a password you create (a longer mixture of alphabetic and numeric characters combined with symbols), the more difficult it will be for someone to guess it. It allows up to 21 characters.
Once you're done, unless you enter your password by clicking on the icon found when you open the flash drive, the only indication that your Privacy Zone exists is that the overall capacity of the Cruzer Pro will appear smaller -- by the same amount as the zone you've created. Otherwise, whatever you've tucked into the zone is out of sight, and logging out of the zone closes it. All of this occurs on the flash drive. No trace is left on your computer or any computer you use to initiate access.
While SanDisk touts the Cruzer Professional as having an "ultrafast transfer speed," Hd Tach test results were not quite as enthusiastic. The average read speed was 13.4MB/sec., or roughly half of what some flash drives are capable of. Ad hoc testing with music and video files showed no degradation during playback, though.
The Cruzer Pro is available in 1GB, 2GB and 4GB versions, and is Vista ReadyBoost qualified -- although that would negate its use as a secure vault for your transportable data. ReadyBoost is supposed to allow you to add memory to a system through the flash drive in order to improve performance. Computerworld, however, saw little benefit from its use (see "Vista's ReadyBoost flash drives lack significant boost"). The Cruzer Pro is also compatible with Windows 2000 (SP4), XP, and 2003 Server
The pricing for a Cruzer Professional on PriceGrabber is anywhere from $42 for a 1GB model to $108 for a 4GB model.
While the Cruzer Professional doesn't offer the same level of security as some other flash drives (or its own Enterprise version), it provides at least a reasonable amount of data safety for the business professional. --Bill O'Brien
Although the Corsair Padlock is relatively slow, and certainly not the most secure of the bunch (because its security is based on hardware), its cross-platform capability can make a big difference if you're moving files among Windows, Linux, and Mac computers. We've run into problems with secure flash drives cooperating only among Windows machines, so if we needed cross-platform support, we'd have to lean toward the Padlock (and maybe bring along a second skinny vanilla latte to sip on while the files are being transferred).
The IronKey, while toward the high-end of the price ranges, is built like a fortress and its read/write speeds are superior to the others we tested. By comparison, the Corsair Survivor's performance numbers come close to IronKey's, and, along with the SanDisk Cruzer, it uses the least CPU cycles.
When it comes to practical tests, such as saving files to the drive, the Kingston was 2.5 times as fast as the Lexar -- and that, along with a simpler interface, can often be what truly matters.
Overall, however, the IronKey's numerous security features -- hardware-based encrytion, random password generator, two-factor authentication, secure Web browsing, and self-destruct mechanism -- along with its longer-life, single-level cell NAND memory, put it over the top as the highest quality, most secure drive of the bunch.
| Burst Speed (MB/sec) | Average Read (MB/sec) | CPU Utilization ( 2%) | |
|---|---|---|---|
| Corsair Flash Padlock | 15.9 | 15.4 | 5% |
| Corsair Survivor | 25.1 | 23.6 | 4% |
| Imation Pivot Plus | 16.7 | 16.1 | 8% |
| IronKey Secure | 31.0 | 29.6 | 22% |
| Kingston DataTraveler Secure | 20.2 | 13.2 | 10% |
| Lexar JumpDrive Secure II | 15.9 | 15.5 | 7% |
| SanDisk Cruzer Professional | 24.8 | 13.4 | 4% |
| Capacity tested | Capacities available | Price (MSRP model tested) | Encryption type | |
|---|---|---|---|---|
| Corsair Flash Padlock | 1GB | 1GB,2GB,4GB | $29.99 | None |
| Corsair Survivor GT | 8GB | 4GB,8GB,16GB,32GB | $129.99 | 256-bit AES |
| Imation Pivot Plus | 1GB | 1GB,2GB,4GB,8GB | $69.99 | 256-bit AES |
| IronKey Secure | 4GB | 1GB,2GB,4GB | $149.99 | 128-bit AES |
| Kingston DataTraveler Secure | 8GB | 1GB,2GB,4GB,8GB | $327.00 | 256-bit AES |
| Lexar JumpDrive Secure II | 1GB | 256MB,512MB,1GB, 2GB,4GB |
$29.99 | 256-bit AES |
| SanDisk Cruzer Professional | 1GB | 1GB,2GB,4GB | $54.99 | 256-bit AES |