Many CRU drive enclosure products are available in configurations that offer the ability to secure disk drives from unauthorized reading or access with encryption that meets the US National Institute Standards and Technology (NIST) Advanced Encryption Standard (AES).
Strong, total disk, real time hardware encryption
Data is encrypted in real time, in the enclosure hardware, completely independent of the host computer’s operating system. A physical key (dongle) is used in the enclosure to authorize encryption, decryption, and access. Only those who have the correct key may access the contents of an encrypted drive. (Note that CRU Secure products ship with multiple keys for redundancy. Keep one in a safe place since if all keys are lost, any drives encrypted by the enclosure will be unreadable.)
Benefits of the CRU physical key-based hardware approach to encryption include:
- Independent of operating system type
- Hardware-encrypted in real time
- No passwords
- 100% of the drive is encrypted (including information like file allocation tables)
- More secure than software encryption
- AES 256 is recognized by the government. It’s so strong that there are restrictions to what countries we can sell to.
Easy, Automatic Encryption
Encryption is performed automatically by the real-time encryption engine built into circuitry in CRU Secure drive enclosures. When connected properly and the physical key is in place, your computer sees the drive volume available as a normal full-speed drive. If your drive is lost or stolen, however, you can rest assured that without the proper physical AES encryption key, no one will be able to view its contents, as the drive appears to an operating system as an empty, unformatted drive.
How to use CRU AES encryption keys
- Connect the Secure enclosure to your computer via USB 3.0/2.0, FireWire, or eSATA.
- Insert your AES Encryption Key.
- Power on the enclosure.
- Wait for the green encryption LED to light up on the bezel of the product (look for a key icon labeled AES). The green light confirms the key is accepted.
- You can now remove the AES Encryption Key. It’s not needed again until the power is cycled.
The ability to remove the key after power up helps you keep your physical key safe. The key is smaller than a standard thumb drive and easily fits on a key chain or lanyard.
AES Encryption Keys
Your encrypted product generally ships with 3 identical keys (some other configurations may be available). These three keys exist so you can
- Keep one with you (for your own use)
- Keep a backup on site in a safe location
- Keep a backup off site in a safe location
These keys will be completely unique to you. There are 2128 or 2256 (depending on encryption strength) possible ways to encode a key. If one of your keys is compromised, via theft or loss, you should consider replacing your keyset so that the lost key could never be used by someone else to unlock your data.
|
How big is 2128? 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 |
| This is how many unique encryption keys can exist for 128 bit encryption. |
| How big is 2256? 2256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564, 039,457,584,007,913,129,639,936 |
| This is how many unique encryption keys can exist for 256 bit encryption. |
How safe does this make you against an attacker?
A full-on attack to locate your secret key would require an exhaustive search. “Brute force” cypher-cracking software uses code that would cycle through each key. At each and every possible key, it would perform a check to see if data is readable (this check takes time). Even if a computer can check millions of keys per second, 256 bit encryption would take 3.67×10^60 years to check each key. Far beyond our computational abilities.
But what if someone had a billion computers working on it together, each checking a billion keys per second?
One billion is about three times the US population, so each US citizen would need to pitch in three supercomputers to this project (each computer being thousands of times more powerful than we have today). Even then, it would take these computers 3.67×10^49 years to exhaust the keyspace. If you don’t like scientific notation, that’s 36,720,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years.
To put that awfully big number of years into perspective, consider the universe is thought to be only 13,700,000,000 years old.
Does the US government recognize this strength?
Yes – our implementation of 128 bit encryption is FIPS-197 listed (certification number 60). Our implementation of 256 bit encryption has been validated to FIPS 140-2 (certification number 1471).
For your convenience, we offer replacement pre-programmed key sets, which contain unique encryption keys.