Disclaimer: I requested and received an evaluation version of the Apricorn Aegis Padlock. I was sent the 250GB AES-256 version, and I need to return it to the company in 30 days.
This is a pretty sweet hard drive, but there are a few annoyances that I think can be improved upon. I was unable to test a few things just due to the time I could devote to this, the fact that I need to return the drive in working condition, and that I don’t have access to some specialized hardware to test timing attacks.
The drive is FIPS 197 validated – aka, uses AES according to NIST.
You can check out Apricorn’s site for the specs and details, but what you see on the product site is pretty much what you get. The drive draws power from your USB port, so you’ll need a powered port. The drive came with an adapter (1 USB to 2 USB) if one of your USB ports doesn’t provide enough power. I had no issues with power on my MacBook Air, but I did on my office desktop since all USB ports were already taken – easily solved with a powered USB hub.
The drive comes formatted for Windows, but my mac helpfully formatted it for me once I said “yes” to “Use this as a Time Machine drive?” The quick start sheet in the box also provides Mac formatting instructions. The actual manual is already on the drive, and my mac helpfully erased it for me during formatting. However, the “Support” section of the website has the full manual available for download. At first, you really want to have the full manual available (and not on the drive).
The drive has the capability to have an administrator PIN and up to 9 “user” PINs. Knowledge of the admin PIN can wipe the user PINs, but not change them – only users can change their PINs. The different PINs do not allow access to different parts of the drive. All PINs have access to the entire drive. PINs can be anywhere between 6 and 16 digits, the default admin PIN is 123456 and there are no user PINs. There is “drive wipe” protection, but it’s pretty lame, and wouldn’t meet most corporate policies (complaint #1). After 6 invalid PIN attempts, the drive needs to be unplugged before you can try 6 more attempts. Once you’ve gotten to 50 attempts, you have to type in a (hardcoded) PIN to try 50 more times (you still have to unplug every 6 tries). Only after 100 total attempts will the drive “wipe” itself. Given how long the wipe took during this testing, it’s probably only wiping the keys, not the whole drive (but the manual doesn’t say this is the case). While annoying, certainly not insurmountable for someone who’s really determined, but a brute force for a 6 digit PIN (the minimum) is 10^6 – well over 100, so unless the attacker has some prior knowledge, the drive will likely wipe first.
Basic operation is plug in drive, enter a valid PIN (user or admin) and the drive mounts – decrypted. When you’re done, unmount the drive from your OS, and unplug the drive. Until you unplug the drive, the data is still decrypted (complaint #2).
The administrative “interface” works, but it’s pretty complicated – hence my suggestion to keep the manual handy until you’ve got the hang of it. All commands are sent using a keypress combination or sequence. Granted, the primary interface is a keypad with a “cancel” and a lock icon in addition to the 10 digits, and you’re limited a bit. I had some trouble creating user PINs, but it seemed intermittent, so I blame it on user error instead of anything the drive did (or didn’t do).
If you forget your PINs, you’re SOL (which is as it should be – in most cases). You can reset the drive back to factory settings – again, the “wipe” is just a wipe of the keys and partition table based on the time it took. This is great for most uses, but I can see corporate folks leery about this because if a user forgets their PIN (or tries to reset their drive themselves), the company’s just lost a lot of data. The admin PIN is supposed to protect against that and as long as help desk/etc. keep that PIN, they’re safe from all but others resetting the drive.
The keypad is supposed to be wear resistant – but in the two weeks I had the drive, I can’t test that, but it feels sturdy, and the digits seem to be embedded in the rubbery keys.
The casing appears sturdy and no obvious screws (they’re probably under the rubber feet), but since I have to return it in working condition, I didn’t try too hard to break the case. There is no special padding or ruggedness to the case that you wouldn’t see in an unencrypted external drive case. However, the product page claims some protection from drops (I’ve found that most external drives can handle a small drop).
There’s also VTC (Variable Time Circuit) technology, which I’ve never heard of, but apparently helps to thwart timing attacks – again, not something I can test, because I don’t have the equipment (or time).
It’s pretty easy to use, and I used it almost daily for two weeks – mostly for play, since I don’t have a real need for external drives (except Time Machine). The drive is on my wish list, but until I get my house sold, we’re on a spending moratorium at home. It’s really not that expensive relative to unencrypted drives – the AES-256 250GB drive is listed at $109. There’s a 3 year warranty on the drive, which covers the drive and the casing.
The drive’s a bit slower than your typical external drive, but I expected that. An initial Time Machine backup of 198GB took 4.5 hours. I was using the computer while it was backing up, so that could have impacted the performance. For most uses, you won’t notice much of a difference – unless you’re moving a *lot* of data that has to be encrypted on the drive.
There are a few annoyances, but they’re really just annoyances.
1: Having to unplug the drive to lock it. There’s already a cancel button, why not use that for a “lock” button. As long as the drive is receiving power – say, while the computer has the screensaver turned on, the drive remains decrypted. Now, someone can’t easily read the drive if the screen is locked, but if someone doesn’t lock their screen? It’s available. There’s also no “timeout”. I can see why – as long as the OS has the drive mounted, it could be in use. I wonder if it’s possible for the drive to detect that it’s been unmounted and lock itself after a pre-determined time.
2: It’d be nice to have a configurable wipe after X attempts capability – or at least wipe after 10-15 attempts, which would cover most corporate policies.
3: I would love to see a Kensington style laptop lock on the drive case. The data may be protected if someone steals the drive, but it’s annoying. As I can see this drive going along to the library/coffee shop/etc. with the laptop, it’d be nice if there were some physical way to lock the drive either to the table or to the laptop. You should never leave your laptop/data/”stuff” unattended in public places, but a lot of people do it.