I'm not sure if search isn't working properly, or this hasn't been addressed.
I often need to carry data on portable media (laptop or thumb drive). One source of these data has issued a new policy stating that "data stored on portable devices or removable media must be encrypted using one of the following approved encryption standards: Advanced Encryption Algorithm (AES) that uses a 128, 192, or 256-bit key size. " These are relatively large files that usually require me to use SAS or STATA to manipulate them. I've tried to figure out the best to accomplish this on laptops or thumb drives, but it's a bit over my head. Any suggestions for a straightforward way to achieve these objectives?

Sometimes I think I'm a shill for these guys:

https://www.ironkey.com/forenterpris...FR4vagod2yfIVQ

Dead simple, and destroys itself in a very James Bond fashion if attacked.

You can do almost the same thing with open source security and a common thumb drive, but why waste the cycles?

Two options: get a USB thumb drive that has encryption built-in or get any old USB drive and add encryption.

I recently lost my thumb drive and while it was fairly empty, it did have the scanned signature page of our tax return. My next tumb drive will absolutely have encryption (or password access at the very least).

Drives with built-in encryption (hardware based AES or better)
SanDisk Ultra® Cruzer® Titanium™ Plus
Cruzer® Professional
Cruzer® Enterprise (hardware-based AES but the entire partition is forced encrypted)

Kingston has several models (bottom of table) that have hardware-based AES, meet US gov't specs etc. The DataTraveler BlackBox meets data-at-rest agency directives. "It's FIPS 140-2 Level 2 certified and features 256-bit, hardware-based AES encryption, enforced complex password protection and device lockdown after a specified number of invalid attempts, to prevent brute force attacks."

Kanguru has a few models including two with a fingerprint reader. ^

IronKey IMHO is just plain fugly!

For encryption software to add to any old USB drive, I'm going with TrueCrypt which has been mentioned several times on FT. There's a tip about it on TI blog.

Note too that you can create encrypted TC partitions on your laptop for safe storage of the SAS datasets. I have a cousin who does data analysis for DOJ and other LEO agencies plus work on federal grants. He uses an external USB hard drive that his university IT department protected with whole disc encryption. He then either gets his datasets by DVD and copies them (then shreds the DVD) or plugs the drive directly into the host agency's network.

It is indeed fugly, but it beats the other solutions hands-down as far as the HW/SW encryption/security implementation goes.

On the other hand, most of us can get by with TrueCrypt.

I drive a Ford, but for encrypting my data I can afford the best of breed. That's the beauty of technology.

Sandisk and the others are rushing products to market to catch up. . .

Well, it's in hardware. I suppose that's a plus, but that limits the flexibility somewhat. Given the other possible holes in any crypto implementation (notably the host platform itself), I don't know how much incremental security it offers for the average joe. I'm pretty certain (for personal use) that the incremental cost of an ironkey versus buying the same sized "normal" flash drive and using truecrypt on it is better spent on the later-mentioned car payment. YMMV.

On the upside, I suppose offloading the encryption cycles is helpful, although given the speed (and number) of modern CPUs combined with the actual write speed to a USB key kind of negates the advantage somewhat.

Best of breed is a strech. I drive a Lexus, but somehow sleep well at night with various approaches to data security that don't include Ironkey.

Sandisk and the others are rushing products to market to catch up. . .[/QUOTE]

PGP enterprise versions will encrypt all removable media as well as full disk encryption for your laptop and/or PC. I'm testing the Mac version which releases next month. zero issues. PC has been out a while.

As should anyone who understands the various security solutions available. I don't need an IronKey, it just works better than anything else on the market.

I fiddle with technology for a living, but no one is going to pay me to fiddle with TrueCrypt and I have no interest in spending personal time to save the marginal cost between the two technologies.

That is the deciding factor. I have no doubt that software only solutions are perfectly reasonable alternatives. The OP stated that the solutions he looked at were "a bit over his head".

At least one of the other hardware solutions mentioned on this thread can be circumvented by soldering a simple wire to the circuit board

I use a MXI Stealth MXP with a biometric reader.

http://www.mxisecurity.com/?p=produc...lth_mxp_family

Pros: AES 256 Bit encryption in hardware, industrial biometric reader, tamper resistant, driverless, works with Windows, Mac, Linux, etc. Can also be used as an authentication factor/tool.

Con: expensive

A simple software based soluition is good enough for most folks. Depends on how bad you want to keep the data encrypted and the standards/requirements you must comply with...

Truecrypt is what I use. It creates an encrypted virtual HDD. Definitely worth a look.

PGP Desktop and PGP Whole Disk (Mac or PC) have been able to encrypt USB sticks for a long time. You can also add multiple users to the USB key, either passphrase (users each having a unique password) or key-based users, or both. Works flawlessly and transparently.

Robert

i use an encryped hard drive enclosure with a hardware key. the encryption is all done in real time and there's no delay whatsoever. the enclosures are available with various levels of encryption and as high as 192 bit. a number of companies make them:

http://www.enovatech.net/products/manufacturers.htm

also, a friend of mine bought one of those fingerprint usb sticks. it did require a fingerprint to unlock, but much to our surprise, it didn't really matter whose finger. as long as a finger was on the device, it unlocked.

I would second the recommendation for TruCrypt. It is free, runs on PC, Mac, Linux and you can either encrypt the whole drive or just encrypt a file that will serve as a virtual drive when mounted in TruCrypt. It uses industry standard AES encryption.

Personally, I have a 4GB thumbdrive that I keep with me. I have a 3GB TruCrypt personal drive on there and leave 1GB as unencrypted. This allows me to "SneakerNet" files to others when needed on the unencrypted space and still keep my personal files under encryption.

Not sure if the OP only wanted a USB flash drive but I noticed the Maxtor Black Armor 160Gb USB hard drive is on sale at Staples starting tomorrow. I had to look on the spec sheet to see that the full-time whole disk encryption is indeed AES.

It should be noted that AES is a family of cryptographic modules and that attention must be paid to the actual implementation.

Also, does the implementation you choose allow an unlimited number of triies at the password in a brute force attack?

Hi everyone,
I really appreciate these suggestions and the related discussion. My collaborators only specify the encryption method must be AES, as described above. Given the need to protect the laptop, USB, and portable HD I use, I think I'll try trucrypt. Hopefully it's not onerous on processor performance and memory. Should my needs change, I'll move to the 'fugly' ironkey. Compared with some of the very public data thefts, the data I care are relatively low-risk.