Top products from r/encryption

It really depends on your threat model. There is no such thing as complete security. I'm no expert but I have several hardware-encrypted hard drives and flash drives, so I'll try to answer. I use them for similar purposes, so we likely have similar threat models.

First, it's important to recognize the inherent limits of an encrypted device like what you linked. It's only encrypted until you mount it, at which point an attacker with remote access can view the files just like you would. This can be countered by using an air-gapped computer, or one only used for these secure activities.

As for this particular device: The device you linked says it's FIPS 140-2, which means it's only tamper-evident, rather than tamper-resistant, and provides role-based authentication. So, a savvy hacker might be able to manipulate the hardware in some way to access the data (search "Kingston Datatraveler hack/vulnerability"), although you would be able to tell. You might combat this by using Veracrypt/Truecrypt containers inside the device, which is also good practice if you are backing up passwords somehow, as it enables easier password splitting (e.g. remember pin but backup Veracrypt password in pw manager).


A comparable tamper-resistant device (FIPS 140-3) is the Aegis 3z. If you're willing to pay more, the Kingston Ironkey is a literal iron fortress and is probably the hardest hardware to hack. It doesn't have a physical keypad, but autolaunches authentication software. This is vulnerable to keyloggers but arguably more secure against shoulder-surfing. It's also more configurable. The Kingston D300 is very similar (slightly cheaper), with the difference being the security chip (I don't know enough here to comment).A notable alternative is the Aegis Padlock, which is a literal hard-drive with a large keypad and lots of configurations (including false drives and keycodes that wipe the entire device, though other devices I've mentioned have similar features).


While shopping, it is good to note the distinction between FIPS-validated vs. FIPS-compliant, with the latter being little more than a promise, although few encrypted devices are actually verified.

Let me know if you want elaboration on anything. I have every device I mentioned and some knock-offs too. I don't know too much about about the technicals, but it's a field I'm looking to get into so I can try and answer until someone better comes along.

For what it's worth, cryptography is famously hard to get right and I would strongly recommend that you use existing crypto software if you are actually trying to secure your computer.

That said, if you're interested in coding and want to learn more about encryption just for fun, you should check out the Matasano Crypto Challenges. They teach you about the fundamentals of cryptography by having you build a bunch of ciphers and then break them.

If you're looking into doing this more professionally, I've been told that Cryptography Engineering and Applied Cryptography are some good resources, though I haven't read them myself.

If you like books and are interested in modern cryptography, "Serious Cryptography" was excellent. A more introductory text with historical context is "The Code Book".

Their site claims that all units include 100% secure purchasing, 256-bit AES encryption, user-generated PGP keys, unlimited email accounts and "comprehensive" tech support. Here are their prices:

Service/Term|3 Mo.|6 Mo.|12 Mo.
---|---|---|---
PGP service only|$650|$995|$1800
w/Blackberry 9720|$900|$1250|$2050
w/Blackberry 9320|$850|$1200|$2000

Amazon sells new, unlocked Blackberry 9720's and 9320's for $105.49 and $59.88 respectively, so a $200-$255 device charge seems a bit high. Also, the fact that their site doesn't seem complete or fully functional makes me hesitant.

If I were in the market for such a service I'd probably start with GhostPGP and work from there. I'd probably bring my own device either way.

Have you looked into hardware encrypted USB? something that requires a pin on a numpad on the device... Something like [this](Apricorn Aegis Secure Key 30 GB FIPS 140-2 Level 3 Validated 256-bit Encryption USB 3.0 Flash Drive (ASK3-30GB) https://www.amazon.com/dp/B00XWPGKCW/ref=cm_sw_r_cp_apa_i_30zYCb77VVM9E)

The Code Book is exactly what you are looking for. Very fun read, very informative.

Looks like it's a url.
https://www.amazon.com/dp/B0773KW52B/

Yep, the BIOS is password is set on the motherboard software, as you've called it. It's the screen you access by hitting F12 or Del or whatever at bootup, before the OS starts. They vary in their password features, but there should be at least one to set a "system" password. You'll also need to configure it to boot from a USB drive before the internal drives.

Secure USB: http://www.amazon.com/Apricorn-Validated-256-bit-Encrypted-ASK-256-4GB/dp/B00741U31E/

So the idea is that you unlock & insert the USB stick, power on the machine, enter the system password, it boots from the stick, then the bootloader either contains a keyfile or prompts to unlock the hard drives via another password.

Lots of overhead actually, but each layer secures against a different threat.

1. https://www.crypto101.io/
   
2. https://nostarch.com/seriouscrypto
   
3. https://www.coursera.org/learn/crypto
   
4. https://www.amazon.com/Bulletproof-SSL-TLS-Understanding-Applications/dp/1907117040
   
5. https://www.amazon.com/Cryptography-Network-Security-Principles-Practice/dp/9332518777/
   
6. https://toc.cryptobook.us/