Encryption of your data, in any way, is a good thing. Encrypting your data and hiding it from prying eyes by using password or PIN access is an important step to safeguarding your personal information. Encryption is the process of changing or transforming your files according to a set of rules and algorithms into a format that others cannot read. The only way to access those encrypted files is by applying your personally chosen password or PIN to the gateway application so the content can be decrypted. Off-the-shelf encryption solutions for consumers and businesses alike must conform to certain standards in order for them to claim to encrypt your data. At the very least, your chosen data security solution should perform AES-256 bit encryption for it be effective. This is a complex subject – and one best left to the programmers and mathematicians to explain – but, essentially, it’s a series of linked mathematical operations used in a block cipher, operating on a fixed-length group of bits with an unvarying transformation specified by a symmetric key. We did say it was complicated. The encryption can be implemented in software or in hardware.
Many security solutions offer encryption using a software method. While this is easier and cheaper to implement than a hardware solution, it is simply a software program that acts as the cipher, and can be hacked in much the same way that any software application can. Password hacking viruses on your computer will target and perform multiple attacks on your data, trying relentlessly to crack your password until it finds the key that unlocks your data. Making your password a long and complex combination of characters and numbers, as well as upper and lower case letters, will increase the difficulty level of these attempted hacks. The effectiveness of a “brute-force” attack is linked to the skill level of the hacker. Password and PIN gateways will lock-down data and prevent access attempts once the password has been incorrectly guessed a certain number of times. Knowledgeable hackers will locate and reset these software counters and will continue with further attempts to decrypt your data. To truly safeguard your data and personal information against these kinds of attacks, you need hardware encryption.
In a hardware-encrypted USB device, access control counters and all information relating to encryption and decryption of the data are implemented in a crypto module located inside the USB flash drive. The crypto module will shut down the USB device and keep the data safe in the event of unauthorised access attempts. Unlike a software based solution, hackers are unable to run analysis utilities on the USB drive to locate and reset this counter. By shutting down the USB device, a parallel attack can also be thwarted. A parallel attack is where data is copied and shared to many devices to increase the attempts at unlocking data. The USB device doesn’t allow the files to be copied, so they are safe.
To summarise the basic difference between software and hardware encryption, if you can encrypt using software, you can decrypt using software. However, hardware-encrypted devices such as SafeToGo® 302E, SafeToGo® Solo, and ThinC-VAULT offer superior security levels by using a cryptographic core in a location independent of the PC and operating system to encrypt your data.