back to article Toshiba packs NUMERIC KEYPAD onto self-bricking USB drive

Toshiba has released a range of USB sticks boasting numeric keypads needed to unlock their encrypted contents. The keypad's there to add an extra layer of security to the drive by requiring a personal identification number (PIN) to be entered before the device will be useful when connected to a PC. Once users unplug their …

  1. NoOneSpecific
    Holmes

    More like: Toshiba ReBrands NUMERIC KEYPAD crypto self-bricking USB drive

    http://www.apricorn.com/

    1. DropBear

      Re: More like: Toshiba ReBrands NUMERIC KEYPAD crypto self-bricking USB drive

      Exactly. I bought this exact piece of hardware as a gift about two years ago...

  2. Fazal Majid

    CBC mode is not considered best practice any more

    I suppose it could have been worse, as they could have used ECB, as a surprising number of "security" products still do.

    The keypad is OS-independent, which is nice for Linux users, or Mac users tired of waiting for IronKey to update their unlocker app for the newest version of OS X.

    It's nice they used a solid aluminium chassis for the drive. Boo for USB2. One of the great things about the IronKey S200 is that it uses SLC memory, which made it a very speedy drive (unlike the horrendously slow MLC IronKey D200). I wonder where the Toshiba fits, performance-wise.

    1. NoOneSpecific
      Holmes

      Re: CBC mode is not considered best practice any more

      Look at the http://www.apricorn.com/ site. This Toshiba rebranded one is the OLD version. There is a newer USB3.0 model that is much better. Not sure why no one did so much as a Google Image Search before writing this article but, like the device, it's been rebranded and reprinted by a few blog sites.

      There are newer, better options than this. http://www.apricorn.com/

  3. Frumious Bandersnatch

    Thanks, but ...

    I think I'll stick to embedding powerful electromagnets in my door jamb, Cryptonomicon style...

    (What do you mean magnets don't work on flash memory? OK, it probably won't work on regular drives either)

    1. Eddy Ito

      Re: Thanks, but ...

      Frankly electromagnets are a pretty weak substitute for rare earths. There's a reason PM motors/gearboxes are becoming more popular and it has everything to do with equivalent surface currents that you can't achieve by pumping amps through copper.

  4. Anonymous Coward
    Anonymous Coward

    do these have the trojanized embedded chips?

    If so. what's the point?

  5. Anonymous Coward
    Anonymous Coward

    Nothing new here

    Corsair do the padlock.

    However, cautionary note, the corsair padlocks seem to fail at an alarming rate and once failed, you can say goodbye to your data unless, of course, its backed up. On another "as secure" device...

    1. Sir Runcible Spoon

      Re: Nothing new here

      I've been using two of the 8GB Corsair padlock 2 usb's for ages now, never knew there was a high failure rate.

      At least I back mine up to a NAS and GPG encypt it.

  6. Shades
    Big Brother

    "And even at $95, what price freedom?"

    "Freedom" could cost you 5 years in the UK.

  7. JimmyPage Silver badge
    Big Brother

    Plausible deniability ?

    I hope the next product under development allows for *two* unlock codes. One for you, and one for the security services - like a TrueCrypt hidden volume.

    1. Anonymous Coward
      Anonymous Coward

      Re: Plausible deniability ?

      The best bet here would be ANY code entered except the correct one opens up a hidden volume with some pointless user created texts and a few piccs of cats, a house etc. The real data stays hidden and safe.

  8. Elmer Phud

    "And even at $95, what price freedom? "

    I would assume that, due to there being plenty of spare space on the other side to the keyboard, a bit of masking tape with the number written on it.

    after all, the underside of keyboards is where yer supposed to keep log-ins and PINs, isn't it?

  9. Mondo the Magnificent
    Coat

    Right...

    Let me quickly plug my Toshiba jiggery pokery numeric keypad uber secure USB into the only free USB port which is on the rear of my laptop..

    Now, let me turn my not so nimble 17" laptop around and press the minute keys with my sausage fingers... so I can unlock the secure USB drive and share this cat video I downloaded...

    Turn the laptop back around... pick everything up that fell over on my desk when the audio and HDMI cable played skittles with all the crap on my desk..

    Let me rearrange my external USB drive to where it usually sits on my desk now that my laptop has done the "twist"..

    There.. how convenient is that?

    1. Bumpy Cat

      Re: Right...

      Fortunately you enter the pin before inserting the drive into the USB port. It stays unlocked for 30 seconds or so, which should be enough even the most sausagiest of fingers to shove the drive into the port.

    2. TheProf

      Re: Right...

      Want to buy an extension cable and a pencil?

    3. ScarabMonkey

      Re: Right...

      Actually you have to input the code before plugging it in... it has a battery.

    4. Mondo the Magnificent
      FAIL

      Re: Right...

      Caught myself out there... it has a battery! Oh, well.. epic fail..

  10. Andy Non Silver badge
    Meh

    TrueCrypt?

    Am I missing something? What's wrong with just formatting an ordinary USB stick as a TrueCrypt (7.1a) drive? Its free.

    1. DropBear

      Re: TrueCrypt?

      One word: keyloggers.

    2. Jess--

      Re: TrueCrypt?

      I would have thought that the advantage here is that the encryption / decryption is to be done on the device meaning that the machine it is attached to is not even aware that it is dealing with anything more complex than a normal usb drive, solves a whole range of problems with operating system compatibility since the operating system does not have to deal with the encryption used on the drive.

      1. Sir Runcible Spoon

        Re: TrueCrypt?

        These pin-lock USB's are OS agnostic

        1. Swarthy

          Re: TrueCrypt?

          I wonder what the possibility of a device w/ the pin-pad that holds no data, but rather a USB port, a battery and encryption hardware.

          I'm thinking it could act as a flow-trough port, and en/decrypt the data on the fly, using the pin and the device ID as the encryption key, or as the look-up to the key in a locally held table. Whatever size/type of drive you hook up to the thing, that's your storage; OS independent; could have versions with 1, 2, or 10 PIN options (5 users, each w/ 2 [regular and duress] PINs) to segregate the market.

      2. DropBear
        Trollface

        Re: TrueCrypt?

        I'm thinking it could act as a flow-trough port, and en/decrypt the data on the fly

        Congrats, you just reinvented CipherUSB (only with keys...)

    3. Crazy Operations Guy

      Re: TrueCrypt?

      The biggest benefit is that it doesn't use TrueCrypt...

      Even if 7.1a was declared safe, the fact that there was a security flaw tells me that there might be another one hidden in there, waiting to rear its ugly head.

      Besides, there's nothing stopping you from doubling up on security and installing TrueCrypt.

  11. Simon Harris
    WTF?

    What price freedom?

    Over $100 difference between 4GB and 32GB?

    I can understand the base price being higher than a standard USB flash drive, what with the keypad and more complex controller, but $105 for 24GB of flash? Usually the difference between a normal 4GB drive and a 32GB drive is something like £15 maximum.

    1. taxman

      Re: What price freedom?

      And even at $95, what price freedom? What a load of tosh!

      UK DataShur 4Gb FIPS 140-2 Lvl 3 USB £39, their 32Gb version only £99. Same same keypad, number of tries, clearing down of data etc.

      Their SSDs are also worth looking at, built on the same principle.

  12. ScarabMonkey

    iStorage re-brand....

    Don't you mean a re-branded iStorage datashur?

    http://www.istorage-uk.com/datashur.php

  13. Nigel 11

    Ten miskeyings and it's toast ...

    I suppose there are a few environments where that's OK, but I hope that this feature can be disabled.

    Imagine what happens if a baby or child gets hold of it. Or even a cat. Or if a piece of grit gets into one of the buttons.

    If the PIN is eight or more digits, there's little practical reason to self-destruct. Chances of successfully entering enough random keys at one per second are too small to matter.

    1. chris 48

      Re: Ten miskeyings and it's toast ...

      A requirement of FIPS 140-2 certification I believe.

      Also, if you tell people to use an 8 digit pin I imagine the majority will use a date with a 4 digit year. If they pick one from the last 100 years that's only 36,525 ish combinations to try so it would be cracked in under a day.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like