The USB X-Key

Competition is great for innovation, and one area that’s seen a lot of competetive developments is portable and mobile storage devices, especially USB drives. When competing on size, capacity, and price just isn’t working, manufacturers are increasingly tacking on value-added features, like the relatively horrible “U3” software suite.

The thing is, consumers aren’t particularly stupid, and as a selling point, bundling a plain-jane flash drive with some completely non-proprietary, even freeware, software already installed doesn’t really excite anyone. You might as well just download what you want yourself, rather than sacrifice space to stuff you don’t want and will never use.

For a time, biometric, fingerprint-reading flash drives were the Next Big Thing, providing a useful degree of data security through some relatively impressive encryption as well as a host of related features, like SSO capabilities, where your fingerprint could be used in lieu of a password on websites and such, and support for full-fledged PKCS certificate support. They were (and still are) neat, but no two were ever even remotely interoperable, as nobody’s developed anything like a standard for the hardware end of things, and few if any worked on anything other than recent builds of Windows – Mac and Linux users were SOL.

There are exceptions, though. One I’m particularly fond of is the M-Systems X-Key, sold at one time or another under a number of brand names. Intended not for the consumer market, but corporate clients, these drives were designed for the professionally paranoid, or at least extremely security-conscious.

They’re rather more than just flash drives; once setup, when inserted into a PC, they prompt you for a password – which must be, I believe, ten characters and contain both letters and numbers. Getting it wrong more than ten times in a row completely overwrites all data on the drive, requiring re-initialization. (I have a copy of the utility to do this, should anyone need it; drop me a message, or leave a comment with a valid email address, and I’ll send it to you.) Getting it right initializes the drive, which immediately runs an anti-virus check of the system’s memory, and loads a number of privacy and security-enhancing tools, including some kind of system said to defeat keyloggers. Data stored on the drive is encrypted transparently using an on-drive crypto processor with fairly impressive performance.

All in all, they’re pretty neat little devices, perhaps the first (and only?) truly well-done security disk-on-key. They originally cost a pretty penny – $400 or so – but they show up on eBay and various other websites with some regularity for much more agreeable prices – I’ve picked up a few for as little as $20 apiece for the 1GB model. At those prices, they’re a steal, especially compared to most of the other “secure” drives on the market. As regular readers know, one of my pet peeves with USB drives is manufacturers who put keychain or lanyard attachments on the cap of drives, not the body of the drive itself. The X-Key’s attachment loop is on the body, natch, unlike some other recent devices whose manufacturers really should know better, like Edge’s DiskGO Secure, whose attachment point is on the flimsy cover, and which comes apart like a primadonna actress taking criticism from a drill sergeant.

Should you have a need for or an interest in such things, keep an eye out for the X-Key, in any of its variations. It might just be the best USB drive you’ve never heard of…

Published in: Geekiness, General, Security | on June 15th, 2007| 2 Comments »

Both comments and pings are currently closed.

2 Comments

  1. On 6/15/2007 at 6:32 pm Watching Tbhem, Watching Us Said:

    How do you *securely delete*, at the hardware level, not at the overlying software filesystem level, any critical data such as a PGP de-cryption key from such a device ?

  2. On 6/15/2007 at 6:56 pm Nemo Said:

    The same way you would any other device, by overwriting with a random/pseudorandom string, I presume. (The X-Key was developed by M-Systems, the boffins who essentially pioneered the flash drive, and I *believe* – though I freely admit that I’m not qualified to make completely definitive statements here – they intentionally avoided the wear-levelling systems that make most flash memory devices potentially problematic where security is concerned.) In any event, since this device, at least, doesn’t allow unencrypted storage, the risks posed by flash memory are, IMO, at least partially countered.

    If you’re really that paranoid about this kind of thing, my recommendation is – and for quite some time has been – to use an ultra-miniature portable hard drive, like the I/O Magic databank family, or the little Seagate 6GB/8GB drives, which contain miniature conventional hard drives with magnetic media, read-write heads, et cetera (basically somewhat “hardened” microdrives), with something like TrueCrypt. They’re more expensive, and rather more fragile, but wear-levelling simply isn’t a concern.