Corsair Flash Padlock Redux, Lexar, and IronKey
Earlier this month I wrote a review of Corsair’s 2GB Flash Padlock USB stick. The USB drive is unique to my knowledge in that it has push-buttons that create a padlock, so the casual data protection it offers comes with a very fast and convenient way to lock and unlock the drive. In fact, it locks automatically whenever it is removed from your computer.
I still like the thinking behind the Flash Padlock, but there are a couple of issues with it. Thanks to SNB (Scot’s Newsletter Blog) reader Jonathan March for writing with his concerns about it, which prompted me to go back to Corsair for more answers.
What I found is that the evaluation unit Corsair sent me came in shrink-wrapped retail packaging that contained incorrect information. The Flash Padlock comes with a small battery (commonly available in drug stores) that allows the device to lock or unlock when it’s not connected to your computer. The instructions accompanying my review unit gave step-by-step instructions about how to remove and replace the battery. I assumed that they were correct. But it turns out that Corsair has decided that too many people might damage the USB stick when they attempt to replace the battery, so the company has determined that the battery is not user replaceable. Notice, this is all marketing. The device has a case screw that allows you to split the case and access the inner parts. Of course, that compromises the security of the USB drive, since Corsair isn’t using any encryption and someone could just lift out the memory and mount it separately from the padlock.
For the way I want to use this device, for personal storage carrying stuff back and forth from work, this isn’t a big deal. I’d prefer something that disables the memory if the case is split, but for me that’s not a requirement. However, IT managers have already begun evaluating this device on my say-so, and I should have been explicit in saying that I don’t consider this to be secure enough for many widespread enterprise applications.
The battery issue is annoying. If the battery fails, you can still unlock the Flash Padlock while it’s connected to your computer (although, from personal experience, that’s an awkward maneuver). Theoretically, you can send the unit back to have the battery replaced if the unit is still under warranty. There seems to be some confusion about whether Corsair is offering a two- or three-year warranty. A specific Corsair support forum thread (worth reading if you own this device) says two years, but the review materials I have say three years. Corsair estimates that the battery will last three to five years. So maybe this is a moot point. As Jonathan March implied in his message to me, by the time the battery dies, this unit will be obsolete anyway. Still, I don’t like the fact that the life of this product is determined by a battery that, at least theorectically, isn’t replaceable.
Apparently, Corsair is planning to add software encryption to a future version of the Flash Padlock. For my money, though, what’s the point? What I wanted was a no-fuss USB drive that’s easy to lock and unlock.
Make It Lexar Instead?
Since I wrote the Corsair review, I’ve learned that even though Lexar’s JumpDrive product pages only mention Windows XP and Vista support, the products in fact come with both Windows and Mac versions of the Secure II encryption software. (Unfortunately, no direct Linux support though). I purchased the 4GB JumpDrive Lightning for $75, and I’ve been testing it for the past week or so. The encrypted Vault can be created with one OS and accessed by another. And while the Lightning isn’t cheap, it’s well named. This is the fastest USB drive I’ve ever tested. And I’m already finding that to be a bigger advantage than I’d expected.
I’ll offer a full review of the JumpDrive Lightning in the near future.
The Iron Man of USB Drives?
Several readers also wrote to suggest that I check out the IronKey USB drive, which contains a cryptography chip and also claims 20Mbps write times, in the neigborhood of the JumpDrive Lightning. The company claims that its device is tamper-proof, water-proof, and even has a self-destruct feature (after 10 attempted password entries). The only drawbacks that I can see with this device (without having tested it yet) are that it doesn’t support the Mac or Linux yet, and the 4GB unit costs $149 (1GB is $79 and 2GB is $109) direct from its maker.
A 4GB IronKey just arrived and I’ll be putting this thing through its paces and letting you know about it. Enterprise IT managers might want to look this over too.
Post comments or send email if you have input on any of these devices, or want to suggest others that you think the fast and conveniently secure criteria I’ve set up for this evaluation.