Kingston DataTraveler 4000 G2 64GB Encrypted USB Drive Reviewajmatson -
Category: Storage / Hard Drives
» Discuss this article (0)
Kingston DataTraveler 4000 G2 64GB Encrypted USB Drive Introduction:
Recently we took a look at a very good encrypted drive from Kingston, the DataTraveler 2000, which offered very good security with ease. One of the issues with the DataTraveler 2000 was it was not FIPS certified, so if you work in a government organization it would not be allowed for use in those environments. While Kingston tried some new things with the DataTraveler 2000 that were nice, the company deviated a bit from the true security that its encrypted drives normally had. Well, now Kingston has updated its line with fast, USB 3.0, truly secure, FIPS-certified flash drives in the form of the DataTraveler 4000 G2 series, which is FIPS 140-2 certified.\
So you may be asking what's the big deal with a drive being FIPS certified. The certification processes test the drive for security using two methods. First, it looks for the data integrity of the device; how secure the data is with encryption should the device be compromised, stolen, or lost. The second part of the rating is the physical security of the drive; can it be opened up, allowing access to the internals physically. The DataTraveler is FIPS 140-2 Level 3 certified, which is the third level of four, certifying that the drive uses cryptographic techniques to secure the data and there is also a physical mechanism that would show evidence of tampering to retrieve the keys in the drive hardware. In addition, Level 3 makes accessing the CSPs (Critical Security Parameters) much harder and can employ methods to zero out the CSP should tampering occur.
Now that is all great you say, but why care about encryption? Well think of it this way: you download your tax return and want to make a backup copy on your flash drive, but you are in a rush to leave the house so you put the drive in your pocket. While out and about, you lose the drive and someone else finds it. Now if you did not have an encrypted drive, they would have all your personal information, social security number, and financial data just like that. Would you leave your car unlocked in the middle of town with your keys in it?
Kingston DataTraveler 4000 G2 64GB Encrypted USB Drive Closer Look:
The Kingston DataTraveler 4000 G2 comes packaged in the standard blister packaging. The packaging is very secure and can only be opened by cutting the drive out of it, which ensures that it is completely secure and not tampered with before you receive it. On the front of the package is the Kingston logo, the size of the drive, the USB 3.0 specification, and the logo for the FIPS 140-2 Level 3 Certification. On the back is a quick features list of the drive, including having hardware based encryption and the compatibility of the drive with specific operating systems. Unlike the DataTraveler 2000, which used a physical keypad to unlock the flash drive, the DataTraveler 4000 G2 uses a software design to decrypt the data. Because of this design, the operating systems required are Windows Vista SP2 through Windows 8.1, Max OS X 10.7+, and Linux Kernel 2.6+. This will not work on Windows 8 and 8.1 RT however, so keep that in mind. Also,
while not certified to work, I had no issues getting it to work in Windows 10 (Editor's Note: The website has actually been updated to reflect Windows 10 support). Included with the DataTraveler 4000 G2 is the insert and nothing else (though nothing else is really needed).
The DataTraveler 4000 G2 comes in a very nice and very well made plastic type housing, which you can tell is thick. Nothing about this drive says flimsy and it feels really solid in the hands. There is an end cap to cover the USB 3.0 port that can snap on to the bottom of the drive while in use. The DT4000 G2 can be used in either a USB 3.0 or USB 2.0 port on Windows, Mac, and Linux depending on the OS version. The housing is IPX8 water resistant up to four feet, but the drive must be dried fully before use to ensure contacts are not wet while plugged in. You can also tell by the design that the FIPS physical security is taken seriously as I feel breaking into this would literally destroy the drive.
The DT4000 G2 uses 256-bit AES encryption in XTS mode. According to NIST specifications, XTS is best described as "an instantiation of Rogaway’s XEX (XOR Encrypt XOR) tweakable block cipher, supplemented with a method called 'ciphertext stealing' to extend the domain of possible input data strings. In particular, XEX can only encrypt sequences of complete blocks, i.e., any data string that is an integer multiple of 128 bits; whereas, for XTS-AES, the data string may also consist of one or more complete blocks followed by a single, non-empty partial NIST Special Publication 800-38E block." The acronym XTS stands for the XEX Tweakable Block Cipher with Ciphertext Stealing. Since the drive is encrypted, in order to use it, you must first unlock it. Even with all of this security, the DT4000 G2 64GB boasts read speeds up to 250MB/s and write speeds up to 85MB/s, which is impressive, to say the least.
Now that we have the DT4000 G2 out of the package, we can take a look at the software that makes this drive secure.