Are these products worth the cost? A multipack of cheap encrypted USB sticks would suffice for password manager backups. Can these boot Tails? What happens when the battery runs out? Does USB 3 justify the extra cost? What capacity should I go for?
Is it just an expensive toy?
If you’re encrypting your backups before putting them in an USB, does it really matter if the USB itself can encrypt data? In the event of a hardware failure, I think it might be more difficult to save your data from this thing compared to a standart USB stick.
Thoughts on the community seem a bit split. Myself i have been a happy user of many of their products both in private and work life. They are very common in the defense, intelligence, and law enforcement industry as some of their products they are certified for usage there.
All I can say is that I believe it to be a very polished and simple option to be absolutely sure that data is kept safe with great configuration options needed in complex secret management. The pro and SD line drives are very sturdy. All drives i used have great preformance.
You could ask yourself if your threat model really needs a solution like this. But I surely believe it to be great and convenient products.
I get that impression as well. Part of the sales pitch is a driveless universal system. But I could buy 10 universally compatible USB sticks for the same price and bundle the decryption software alongside the backup or even an entire bootable OS such as GhostBSD or Tails.
The advantages of these drives I see are mostly:
Mainly saying, no this is not an expensive toy. It has real usecases. It may have been a toy for me in private life though, although knowing these devices is also education for my profession I guess.
Is there a meaningful difference between the pro and SD lines?
My threat model doesn’t but a portable SHTF operating system in my pocket could be useful. It could have data recvery tools installed for example. It is good to hear it works well. I can see the certifications and reviews but it is a lot of money for 16G. Their tooling must be stuck in 2011.
I would have to ask the company haha. I mainly bought one from the SD line back in the day when they did not have another USB-C option yet 
I think it is mostly expensive because it is a niche product and all the cerifications don’t come cheap. It is surely not mass production and building this with great care for very dangerous operations requires no mistakes in for example the tanper protection. I don’t want to defend it too much but i can see this becoming expensive.
Another usecase for the drives btw I used to have before Proton introduced legacy options.
I had such drives at trustees in a safe and i gave the pin codes to other trustees, so only when two people would agree two open it they could get into my account. The legacy setup now of course is more user friendly and secure (because of notifications and cancel option) but there might be such use cases for some.
The is an interesting idea. My mind was running along those lines too. I could give half of the decryption key to family and put the other half in my will. Like the gemstone thing in Disney Alladin.
I was also considering burying one where nobody would look to preserve my most precious assets. The battery could fail and swell up without regular use though. I have been encrypting everything over the past few weeks and want one of my off site backups to form part of my legacy.
When setting up such always be sure there is no single point of failure. So in one party is missing the link should still be possible to make.
So ideally you have multiple sticks and multiple places with the code.
The PRO tier (at least on newer models) supports a self destruct PIN which destroys the drives current encryption key, creates a new one and sets the self destruct PIN to be the new regular pin. Can be useful in situations where the government has the power to compel key disclosure. You can just claim its an empty drive you have not provisioned yet and give the self destruct pin. Apricorn has the same feature on all their models.
While that is indeed a great feature a notable warning is that in some jurisdictions this is seen as destruction of evidence which could put you behind bars.
I would personally not rely on proprietary encryption tools like this for data where this is important. History is rife with hardware encryption that fails under real scrutiny (not mere certification processes), and it tends to be a bad idea to have vulnerabilities literally set in stone.
I can see some use-case for these, where you’re connecting them to a device where you’re unable to run something like VeraCrypt for whatever reason, since it’s transparent to the connected computer. This feels relatively niche to me, and when you can run VeraCrypt then these are clearly not worth the cost 
Well they use AES-XTS 256-bit and honestly knowing a bit about the services that have verfied these implementations for NATO usage, those audits are really strict and throughful.
When it comes to AES I’d be extremely concerned about side-channel attacks in the implementation.
NIST says that in their testing, protection against non-invasive side channel attacks “is considered,” but they do not actually have any quantifiable metrics to test against in this regard, which is not particularly encouraging.
…lol — I don’t know what audit processes other organizations follow.
Since side-channel attacks with various implementations of AES are well known to be a very dangerous possibility I would still say that…
I really wondering what side channel attacks you can imagine in this product. But also do you really think NATO and other users in similar confidentially wouldn’t put this through extreme tests before using something like this?
Also it wasn’t NIST who audited these for NATO.
Yes, absolutely I do (not assume the government is competent) lol
NATO Restricted does not even require a security clearance to view such documents, so it is the absolute lowest form of classification they use.
Some lab did follow NIST guidelines to evaluate this device at FIPS 140-2 Level 3, which is like basically bog-standard stuff.
I unfortunately can’t find any information on what “NLNCSA DEP-V Certified” might entail, since searching that or “Dutch NCCA DEP-V” on DuckDuckGo only seems to find iStorage’s own marketing pages.
Certainly something to consider, I wouldn’t risk it personally, but to be successful in prosecuting this in a jurisdiction with rule of law they would need:
Some secret knowledge of the firmware or exploit which allows them to determine a self-destruct wipe happened and that it took place during a raid or after the drive became subject to a legal seizure or hold. If the people making the firmware did a good job and didn’t implement backdoors this should not be possible.
Compelling evidence of very recent drive use, making it implausible that it should be empty and unformatted. Such evidence might be high quality surveillance of you using the drive or OS logs which show the drive was recently used by your OS to manage or access files.
It’s also worth noting some of their drives are battery powered, meaning you can activate the self-destruct feature from anywhere, no need to rush to a powered USB port.
If you’re personally subject to a highly motivated investigation by a government determined to prosecute you then I wouldn’t be trusting this drive alone.
But for something like a border crossing, where a huge amount of energy is not being directed at you, it’s a good feature in the unlikely event someone finds and compels you to unlock the drive.
Departementaal vertrouwlijk (Dep-V) is a classification of the Dutch gov. I believe just before it becomes a state secret.
NIST maintains FIPS right? So yes i assume their guidelines to be followed.
In all honestly I read these comments from you as bit FUD in this regard. I for one know that real great talent works on these kinds of audits which I believe you are underestimating.
And yeah obviously a body like NATO doesn’t use USB drives for the highest classifications regardless of anything.
If you don’t believe these devices are secure for for example a journalist to keep documents safe. I guess we just disagree. I would think in most cases it even being overkill, although a praftical option.
