USB Drives are a staple of modern society. However the convenience of those small devices also come with the risk of losing the drive and data, or worse — a thief going through your files.
Fortunately, there’s a solution which allows you to store even the most sensitive files, knowing that the technology securing your files is theoretically more secure than the Advanced Encryption Standard (AES), which is the encryption primarily used by the United States government To combat issues such as the ones mentioned above, many USB drives feature pre-installed security software, or you could download free encryption programs. However many of those programs are rushed to distribution, meaning the programs may be subject to varying levels of breaches, or programs could be hard to use.
In today’s day and age, you need security which you know will stand the test of time, because even with encryption, once a person has a file, it’s only a matter of time before they are able to breach the security (provided they have the determination), be it a matter of days, years, or even decades. Despite the previously mentioned shortcomings, there is hope.
While attending the Web 2.0 Expo at the Javits Center in New York City during November of 2009, I interviewed Mark Small, who is the Chief Technology Officer of Onix International, which is the maker of EncryptStick (encrypt-stick.com), which is an encryption program made for USB drives that uses a 512 bit polymorphic encryption algorithm.
The encryption algorithm stands out from others, such as the US Government AES algorithm, because the encryption keys are twice the size of the highest grade AES implementation, and the algorithm is dynamic meaning rather than having a single code to crack EncryptStick uses a dynamic algorithm.
During my interview with Small, he mentioned that the EncryptStick algorithm is based on code created by a company partner, who after development, was seized by the German government and made a state secret; however the code was later declassified and therefore made available for product development.
For those who are really interested in the technology,the makers of the algorithm are so confident in its security to the point that they allow virtually anyone to inspect the source code, provided they sign a non-disclosure agreement. The details can be found by visiting pmc-ciphers.com and clicking the dollar bill on the right side.
Moving on from the technical to the practical, let’s focus on the features of EncryptStick. Starting off, the program is fairly simple to install. Just purchase a license from the website which costs $39.99 and download the file directly to your USB drive.
After downloading the file, you run the install file. However unlike many other programs, EncryptStick require users to access the internet for a registration code. This is an important feature I’ll get back to shortly. After getting the code, you continue with the installation and then you’ll be free to create “vaults” for your files on both your USB drive and on the computer you are working on. This means that aside from placing files on the drive, you also can create a folder on the computer you are working on which will only appear when your USB drive is connected. Otherwise, the folder will be undetectable.
Now the files/vaults you create on your computer will be hidden, provided Windows is set not to show hidden files. If hidden files are set to be shown, users can see the files; however the names and contents are scrambled so they would be inaccessible without your key. According to Small, the reason for this is so copies of your files can be backed up.
The program also has a password manager built in, which aside from storing your passwords, also provides protection from keyloggers. The protection works in that after entering your passwords into the password manager, when you need to log into a site, you simply select the website from your password list and then select the copy option. Unlike traditional copy/paste which would show the password in plain text, passwords copy/pasted using the secure option only show up to key loggers as ********’s so abc123 would show up as ****** to a keylogger.
Finally, going back to the serial number, EncryptStick has a vault recovery feature, so if you ever lose your USB drive, you simply purchase a new copy of EncryptStick and submit your prior key. From there your new drive will be able to access vaults created on other computers, provided you also remember your prior password. However, you won’t be able to access files on your USB drive, as EncryptStick only keeps track of your encryption keys and not your files.