Spyrus Strengthens USB Drive Encryption

The Spyrus PocketVault P-384 is the first commercial release of the company's secure, encrypting USB technology. The crypto is cool but this first release seems a bit thin when it comes to added extras like backup to make sure that secure mobile data stays around.

Spyrus has entered the commercial USB encrypted drive fray girded with an encryption algorithm that is more sophisticated than competing products.

The PocketVault P-384 uses elliptic curve cryptography as put forward by the NSA (National Security Agency) called "Suite B." Suite B algorithms are published for use in protecting classified and unclassified data that must be shared between agencies. Aside from anything else, the PocketVault is certified as a FIPS 140-2 Level 3 USB flash drive.

Spyrus is hanging its hat on the relatively stronger Suite B cryptographic protection that uses a newer AES-XTS 256-bit full disk encryption rather than the more widely used AES-CBC code. Even so, tests of this first-version release at eWEEK Labs showed that while the PocketVault is simple to deploy and deft at keeping data secret, there is sparsity of supporting tools for the mobile data product.

The 8GB PocketVault P-384 is available now and costs $129.55 with volume discounts available.

For example, competitor IronKey also makes an 8GB, FIPS 140-2 Level 3 USB encrypting drive designated the S200. The personal version lists for $199 and comes with private browsing and password management, in addition to a number of physical protection mechanisms. The enterprise version of the S200 adds a suite of provisioning, remote wipe and backup tools. Spyrus makes the Spyrus Enterprise Management Suite but does not provide an online backup tool for the PocketVault.

All of the software needed to run the PocketVault on Windows and Mac systems is included on the USB drive itself along with the user guide. The basic operation of the PocketVault is similar to other secure USB drives. Double clicking the launch icon opens a password screen. On first use I created a rather complex password and provided a hint that could be used in the future to jog my memory. While the hint screen didn't let me use my exact password as the hint, I was disturbed to see that simply changing the case on the letters and substituting the number "1" for an "!" was enough of a change to leave my real password pretty well exposed. Of course, a user who leaves this many hints likely shouldn't be entrusted with sensitive data. However, I expect security tools to make it harder than the PocketVault did for users to do the wrong thing.

Once the PocketVault software was running on my system, a second encrypted, secure drive appeared on my computer explorer. I was able to open this directory, copy files and close out the drive to securely move files between systems. Spyrus did a good job of ensuring that the encrypted drive was disabled when I put my test Lenovo W510 laptop to sleep. For my tests, I allowed the PC to wake up without requiring a password. Even in this case, the PocketVault successfully deactivated the encrypted drive, forcing me to restart the PocketVault and re-enter my password to access my encrypted files.

As with other secure, encrypting USB flash drives, the PocketVault has a number of physical, anti-tamper security devices that automatically lock out access if a forced entry is detected. This includes casing around the drive components. The PocketVault can also use optional antivirus protection from McAfee to block malware entry onto the drive although I would prefer an option to start the encrypted drive in read-only mode to ensure that malware can't be loaded on the drive. Additionally, if the PocketVault detects more than 10 failed password attempts, the device will permanently block itself.