iStorage DatAshur Personal

iStorage have been making secure storage for a while, but mainly business devices. These tend to be made out of metal and have been relatively expensive. Now iStorage have come out with a "personal" version. It's made of plastic (the review unit was blue) and are significantly more cost-effective.

The DatAshur Personal comes in 3 versions 8GB, 16GB and 32GB. Each uses the AES-256 encryption standard to encrypt any data stored on the drive (well USB fob). They're not small at 83mm x 17.4mm x 8.6mm (including the end cap), but there's a 10 digit numeric keypad on the device (and a "lock" hey too). There's also two LEDs at the top of the device and a blue one under the lock key

The devices come with a default user PIN of 11223344 which is a special factory setting as it's not possible to set a normal PIN that has repeating or consecutive numbers. PINs must be between 7 and 15 digits long. Each key also has a standard 'phone' letter scheme so alphanumeric passwords can be emulated (so DATASHUR would be 32827487 - though the writing on the keys is quite small, it's probably easier to do the letter to numeric conversion on a phone).

The device actually can store two PINs, an ADMIN PIN and a USER PIN, by default only the USER PIN is enabled. This is actually a very useful feature for companies as the IT department can configure the ADMIN password (which the end-user has no knowledge of) and then issue it to an employee who sets their own USER PIN. If the employee then leaves, the device can be issued to a new employee with a new USER PIN. Obviously the ADMIN user can also see any data on the drive, which also means a USER shouldn't store any data they don't want their IT department to see on the drive too. An ADMIN user can also put the drive into read-only mode, so data can be read, but the drive can't be written to, useful for distributing company confidential information.

Though PINs can NEVER be retrieved from the DatAshur, an ADMIN user can reset a USER PIN (however not the other way around).

Once a correct PIN has been entered, the device will unlock and must be plugged into a USB port within 30 seconds or it will lock again. Once plugged in, it appears as a normal USB memory device.

That's where the security comes in, if a PIN is entered incorrectly 10 times, then the DatAshur will wipe the encryption keys which renders all data on the drive unreadable. This is also true for the file allocation table (or FAT). When in this mode a new PIN will have to be set-up, the drive connected to a USB port and then reformatted (in whichever mode is suitable for the operating system, could be FAT, FAT32 or NTFS) in order to be usable as a drive again.

The 8GB drive is available for @29.00, the 16GB drive costs £39.00 and the 32GB drives is £59.00 - though considerably more expensive (and a larger form factor) than competing USB drives, it should give the user (or IT department) peace of mind that if the drive is lost, the data is pretty secure (guessing a 15 digit password is likely to take more than 10 attempts). It can also be effective for allocating to users and then the IT department can also check what data the user is taking off-site. Suddenly the price doesn't seem so expensive.

The iStorage datAshur

iStorage manufacture secure storage systems and they've just released the datAshur which is a USB Flash Drive.

It's quite a large drive being 8cm by 2cm by 1cm, including the aluminum jacket which should protect it from most drops or even being driven over.

Pulling the drive out the sleeve reveals why it needs to be that big, there's a 10 digit keypad on it (numbers read 1 2, 3 4, 5 6, 7 8, 9 0, keys 2 through 9 also have a standard phone letters on then i.e. key 2 also has ABC).

In order to use the drive the user must first enter a PIN (between 7 and 15 digits) which unlocks the drive, then it can be inserted into a standard USB2.0 socket (though it will work with USB 1 and 3 devices too) and look like a standard Flash Drive. All data that is stored on the drive is AES 256bit hardware encrypted. If the drive is plugged into a system without being unlocked it wont appear as a valid drive and cant be mounted.

When the drive is ejected, it will then automatically lock again.

Corporate use

The datAshur actually has 2 PINs a user PIN and an admin PIN. If the drive is put into admin mode, then it will clear the user PIN first and expect the next action to be to set a new user PIN and if this isn't done it will go back into sleep mode (the drive cant be accessed as a Flash Drive).

This mode is useful in a business environment so the IT department can select an admin key and if a user forgets their key it can be reset (or if a user leaves, the user PIN can be reset and the data still be made available).

Hacking

If the the wrong PIN is entered 10 times, then the drive will automatically trash the the AES key and generate a new one (which means all data on the drive is also trashed and unreadable). Also both the admin and user PINs will be cleared.

Though big and bulky and not the prettiest of Flash Drives, the datAshur will be invaluable to companies or individuals worrying about carrying sensitive data around and even if the drive is lost, the data is unusable without a correct PIN making it pretty secure.

It comes in 3 sizes

4GB £39
8GB £59
16GB £79

and is available from iStorage