|
Everything USB 
Security
It doesn't seem all that long ago when Corsair first unveiled their Padlock USB secure flash drive, a secure drive with a nifty keypad to unlock the storage by PIN code without the need for platform-specific software. Too bad the security was bypassed in less than a year by a group of dutch engineers armed with a simple 10K resistor. Corsair's not one to take such humiliation lightly, however, and has jumped back into the game with the Flash Padlock 2, now backed by 256-bit AES hardware encryption. Better still, the Flash Padlock 2 is now housed in the same rubber casing as the ever-durable Flash Voyager, meaning it's practically begging to withstand much more than its fair share of flagrant abuse. So how did this new contender fare in the hands of a crazed reviewer? Read on to find out...
More Security...
Security Corsair Flash Padlock 2 Secure Flash Drive Review
- Hardware 256-bit AES encryption
- Platform-independent
- Works on all OSes with flash drive support
- Secondary "master PIN" for parents and sysadmins
- Cool-down period after 5 invalid PIN entries
- Durable rubber housing
- Moderate transfer speeds
- Epoxy covers drive components
- Blocks adjacent USB ports
- Only available in 8GB
- Not FIPS 140-2 validated
- No remote management or automated self-destruct sequence
- Subjection to laundry day may require dissection
Initial Thoughts on Padlock
The Padlock 2 takes a big leap forward from its boxy predecessor, combining the funky PIN keypad with the, err... funky styling and durability of the Flash Voyager line of USB flash drives. The rubber housing is largely unchanged from the original Flash Voyagers - it's flexible, water and scratch resistant, bouncy, and especially attracted to lints and oils. The only two exterior changes from the Flash Voyager worth noting are the obvious inclusion of buttons for unlocking the drive, and the substitution of rubber LED indicators for ones made of hard plastic. These indicators are somewhat recessed so they should still be protected from scratches when dropped onto most surfaces, but they'd probably be the first to go if I were to repeat the SUV crush test. Interestingly enough, the keypad buttons are actually formed from the same rubber mold as the drive body, so you presumably needn't worry about liquid seeping in through the cracks there. I'll further examine the drive's water resistance later on in this review.
The Flash Padlock 2 secure flash drive's most notable improvement over the Padlock 1 is its use of 256-bit AES hardware encryption. You see, in early 2008 it was revealed that Corsair's original padlock was susceptible to unauthorized access by anyone who had physical access to the drive and a soldering iron. By connecting a resistor from the battery to one of the contact points on the main circuit board, the drive would instantly present itself as unlocked. Sure, the original Padlock's security might have passed as a deterrent to anyone unskilled in electronics in the same way that the cylinder lock on your front door is a deterrent to anyone unfamiliar with lockpicking and bump keys, but this lax security is simply not up to par if you're protecting anything more than a high school diary. If you need to secure company data, finances, or other sensitive personal information, the bottom line is that you must use strong encryption. As is now common with secure drives, Corsair utilizes hardware-based encryption to boost transfer speeds and reduce the burden on the CPU. Where Corsair differs from the competition is the use of a hardware unlocking mechanism instead of a software utility that runs on the host computer. This immediately solves the issue of the drive being incompatible with Mac, Linux, or any embedded operating systems, while simultaneously allowing the drive to be used in corporate environments that have strict policies regarding use of software on the network. As an added benefit, the drive is now impervious to malicious keylogging attacks. The Padlock's security isn't without flaws, however, as it features no automated self-destruct sequence after multiple incorrect PIN attempts and lacks FIPS 140-2 validation for government and enterprise use. The ability to remotely disable the secure flash drive is also lacking, though this would likely be incompatible with the cross-platform design if it were implemented. That being said, the Padlock 2 is still protected against brute force attacks thanks to a two-minute cool-down period after five invalid attempts, plus the PIN codes are variable from four to ten digits in length. In other words, the infamous 3,129 keypress hack for Ford vehicles with 5-digit combination locks isn't going to work here. Using the Flash Padlock 2 is relatively simple, provided you take five minutes to read through the full documentation online and understand what each of the LED states means and page through how to navigate from function to function. You won't need to worry about remembering to lock the drive either, since that's taken care of the moment you unplug it from the USB port. System administrators and parents that feel the need to set a master PIN in case the primary user forgets their PIN can do so. By using the master PIN, the primary PIN is reset with all the stored data left intact on the drive. But if you happen to forget the primary PIN and didn't set a master PIN, of if the master PIN was also forgotten, all is lost! The Padlock 2 secure flash drive would need to be reset via a special 9-1-1 code that clears the encryption keys, rendering all data unrecoverable and the drive left in an unformatted state. Also, in case you were wondering what happens if the internal battery is fully discharged, the answer is the drive is still operable; you just have to plug the Padlock into a computer first before it can be unlocked. Leaving the flash drive plugged in for an hour should fully recharge the battery.
The Padlock 2 takes a big leap forward from its boxy predecessor, combining the funky PIN keypad with the, err... funky styling and durability of the Flash Voyager line of USB flash drives. The rubber housing is largely unchanged from the original Flash Voyagers - it's flexible, water and scratch resistant, bouncy, and especially attracted to lints and oils. The only two exterior changes from the Flash Voyager worth noting are the obvious inclusion of buttons for unlocking the drive, and the substitution of rubber LED indicators for ones made of hard plastic. These indicators are somewhat recessed so they should still be protected from scratches when dropped onto most surfaces, but they'd probably be the first to go if I were to repeat the SUV crush test. Interestingly enough, the keypad buttons are actually formed from the same rubber mold as the drive body, so you presumably needn't worry about liquid seeping in through the cracks there. I'll further examine the drive's water resistance later on in this review.
The Flash Padlock 2 secure flash drive's most notable improvement over the Padlock 1 is its use of 256-bit AES hardware encryption. You see, in early 2008 it was revealed that Corsair's original padlock was susceptible to unauthorized access by anyone who had physical access to the drive and a soldering iron. By connecting a resistor from the battery to one of the contact points on the main circuit board, the drive would instantly present itself as unlocked. Sure, the original Padlock's security might have passed as a deterrent to anyone unskilled in electronics in the same way that the cylinder lock on your front door is a deterrent to anyone unfamiliar with lockpicking and bump keys, but this lax security is simply not up to par if you're protecting anything more than a high school diary. If you need to secure company data, finances, or other sensitive personal information, the bottom line is that you must use strong encryption. As is now common with secure drives, Corsair utilizes hardware-based encryption to boost transfer speeds and reduce the burden on the CPU. Where Corsair differs from the competition is the use of a hardware unlocking mechanism instead of a software utility that runs on the host computer. This immediately solves the issue of the drive being incompatible with Mac, Linux, or any embedded operating systems, while simultaneously allowing the drive to be used in corporate environments that have strict policies regarding use of software on the network. As an added benefit, the drive is now impervious to malicious keylogging attacks. The Padlock's security isn't without flaws, however, as it features no automated self-destruct sequence after multiple incorrect PIN attempts and lacks FIPS 140-2 validation for government and enterprise use. The ability to remotely disable the secure flash drive is also lacking, though this would likely be incompatible with the cross-platform design if it were implemented. That being said, the Padlock 2 is still protected against brute force attacks thanks to a two-minute cool-down period after five invalid attempts, plus the PIN codes are variable from four to ten digits in length. In other words, the infamous 3,129 keypress hack for Ford vehicles with 5-digit combination locks isn't going to work here. Using the Flash Padlock 2 is relatively simple, provided you take five minutes to read through the full documentation online and understand what each of the LED states means and page through how to navigate from function to function. You won't need to worry about remembering to lock the drive either, since that's taken care of the moment you unplug it from the USB port. System administrators and parents that feel the need to set a master PIN in case the primary user forgets their PIN can do so. By using the master PIN, the primary PIN is reset with all the stored data left intact on the drive. But if you happen to forget the primary PIN and didn't set a master PIN, of if the master PIN was also forgotten, all is lost! The Padlock 2 secure flash drive would need to be reset via a special 9-1-1 code that clears the encryption keys, rendering all data unrecoverable and the drive left in an unformatted state. Also, in case you were wondering what happens if the internal battery is fully discharged, the answer is the drive is still operable; you just have to plug the Padlock into a computer first before it can be unlocked. Leaving the flash drive plugged in for an hour should fully recharge the battery.
ALSO CHECK THESE OUT
MOST POPULAR POSTS