Serious Discussion Data Storage - Software-Encrypted vs Hardware-Encrypted USB Flash Drive vs Cloud Storage

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,024
This topic centers on storing data on software-encrypted vs hardware-encrypted USB flash drive vs cloud storage. External drive storage is chosen over storing on the PC/laptop itself to avoid malware infection or a dead PC/laptop. You can scan the files/folders for malware before storing on the USB flash drive.

And emphasis will be on safe data storage, ease of use and transfer between different platforms like Windows and android. Others like storing/sharing/backup of videos/music/photos is secondary.

To start off, the Software-encrypted USB flash drive vs the Hardware-encrypted USB flash drive will be discussed

Case Scenario

If you are sitting in StarBuck with your phone and want to log in to malwaretips.com, but you have forgotten your password. You can

1) Log in to your cloud, access the file, retrieve the password and log in to malwaretips.com.
2) Use a Password Manager.
3) Take out your software-encrypted flash drive, plug into the phone's USB OTG port, decrypt the file using the app on your phone, retrieve the password and log in to malwaretips.com
4) Insert your hardware-encrypted USB flash drive into the phone's USB OTG port and unlock it, open the Word doc containing the password, retrieve the password and log in to malwaretips.com

In all cases, for security, you still need to remember some kind of password/2FA/PIN/biometrics to log in to the cloud or the app on the phone or the PIN on the hardware-encrypted flash drive

Software-encrypted USB flash drive

- Here, the files/folders/vaults are encrypted/decrypted on the desktop/phone and stored on the USB flash drive. Flash drive is not encrypted for easy access. You can encrypt the drive too if there's a need.

Hardware-encrypted USB flash drive (with physical keypad)

- Here, the drive is encrypted/decrypted on the USB flash drive itself. Files/folders need not be encrypted for easy access. You can also encrypt the files/folders if there's a need.

Commonalities - Software-Encrypted vs Hardware-Encrypted Flash Drive

PROS

1) Everything is in your control. No need to trust others to keep your data safe
2) No need to depend on internet i.e. local use
3) No need to use 2FA, hardware security keys or Password Manager
4) No concern in mobile data usage
5) Can encrypt files/folders/drive
6) No worry of data being collected, no worry of Cloud Act, no worry of 5/9/14-eye countries etc
6) No need to pay subscription for storage
7) Can have another drive as back up
8) If need to use the flash drive on other’s PC/phone then need to install onboard a paid AV like ESET USB DriveSecurity
9) It's OS and platform independent and can work on PC/laptop and phone as long as there's an OS.

CONS

1) Need to carry devices around, which increases the tendency to lose or cause damage to them. Back up drive is needed.
2) Need to pay for drives
3) Difficult to share files/photos/videos because no automatic sharing/syncing/back up
4) A hassle in use

Software-Encrypted USB Flash Drive

PROS

1) Cheaper per GB of USB flash drive + back up drive
2) No worry of dead battery
3) Can choose reliable drive brand

CONS

1) Not tamperproof, no onboard hardware encryption, easily damage flash drive plastic case etc
2) Very limited Windows (PC/laptop)-to-Android (phone) software for encryption/decryption. Can use free VeraCrypt on Windows and free compatible EDS Lite on android phone
3) Need to install software to encrypt/decrypt on Windows and android phone
4) Drive can be formatted even if it’s write-protect/read-only


Hardware-Encrypted USB Flash Drive

PROS

1)
Encryption is on the hardware USB flash drive itself. No software needed
2) Flash drive case is usually metallic and not easily damage, it's tamperproof, waterproof etc
3) Cannot format drive unless unlocked by PIN using its keypad

CONS

1) Need to pay for the more expensive hardware-encrypted flash drives
2) Reliability of drive to fail is a concern as physical drive brand is usually unknown
3) Dead built-in battery and unreliable keypad are concerns in the long run
4) Generally, longer and bulkier than its non-hardware encrypted counterpart
5) Some hardware-encrypted drive might feel hot during use
 
Last edited:

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,024
Cloud Storage

PROS

1) Convenience and accessibility in sharing/syncing/automatic back up of files..........with photos, videos too etc
2) No need to carry any device around
3) Can have zero-knowledge, strong encryption and better-privacy for paid cloud provider
4) More bells and whistles provided for paid cloud provider like have 2FA, sharing, syncing etc
5) Can use as a backup for storing of important data
6) Can work with Password Managers and collaborate with other cloud providers

CONS

1) Need to pay subscription for safer and better-privacy service
2) Risk of cloud provider being hacked
3) Will be a hassle to back out all data from cloud if want to terminate/switch cloud service
4) The TOS and Privacy Policy will restrict the user especially in terms of data collection/sharing
5) User may not have the choice of the wanted cloud provider if it’s based in the 5/9/14-eye countries and have servers there as well
6) The Cloud Act further erodes one’s privacy
7) Only a handful of android apps for the cloud providers have no trackers, namely, Sync.com, Tresorit, Google Drive etc
8) Generally, free cloud provider will not have encryption, zero-knowledge, privacy and extra bells and whistles.
9) Small-time cloud provider can close down anytime without prior notification
10) Internet-dependent. Need good and fast connectivity
11) Mobile use can drain data if not on WiFi
12) Need to trust the cloud provider to maintain the infrastructure and keep it safe
13) If files/photos/videos are stored unencrypted
in cloud then the cloud provider can see them

If there is anything I missed/wrong, please add/correct. Thanks
 
Last edited:

Andrezj

Level 6
Nov 21, 2022
248
Cloud Storage

PROS

1) Convenience and accessibility in sharing/syncing/automatic back up of files..........with photos, videos too etc
2) No need to carry any device around
3) Can have zero-knowledge, strong encryption and better-privacy for paid cloud provider
4) More bells and whistles provided for paid cloud provider like have 2FA, sharing, syncing etc
5) Can use as a backup for storing of important data
6) Can work with Password Managers and collaborate with other cloud providers

CONS

1) Need to pay subscription for safer and better-privacy service
2) Risk of cloud provider being hacked
3) Will be a hassle to back out all data from cloud if want to terminate/switch cloud service
4) The TOS and Privacy Policy will restrict the user especially in terms of data collection/sharing
5) User may not have the choice of the wanted cloud provider if it’s based in the 5/9/14-eye countries and have servers there as well
6) The Cloud Act further erodes one’s privacy
7) Only a handful of android apps for the cloud providers have no trackers, namely, Sync.com, Tresorit, Google Drive etc
8) Generally, free cloud provider will not have encryption, zero-knowledge, privacy and extra bells and whistles
9) Small-time cloud provider can close down anytime without prior notification
10) Internet-dependent. Need good and fast connectivity
11) Mobile use can drain data if not on WiFi
12) Need to trust the cloud provider to maintain the infrastructure and keep it safe
13) If files/photos/videos are stored unencrypted
in cloud then the cloud provider can see them

If there is anything I missed/wrong, please add/correct. Thanks
  • (because of item below) cloud provider does not employ end-to-end-encryption, even paid (e.g. Google, Dropbox)
  • cloud provider retains your decryption keys and can access them at any time - such providers can decrypt your files at-will (e.g. Google, Dropbox) and hackers that get the key literally have the key to your files
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,024
  • (because of item below) cloud provider does not employ end-to-end-encryption, even paid (e.g. Google, Dropbox)
  • cloud provider retains your decryption keys and can access them at any time - such providers can decrypt your files at-will (e.g. Google, Dropbox) and hackers that get the key literally have the key to your files

I doubt they decrypt but more likely checking against the hases before encrypting as explained below. So end-2-end encryption is still there (further below). If you share your own files like Word/Excel/pdf or your own made movies I doubt they can check for hases. I think it's more for copyrighted/pirated content. I believe paid Google Drive and other cloud providers have some sort of writing in their TOS regarding copyrighted/pirated content, unless otherwise stated or not stated. And if you have the intention to do that, my suggestion is you should avoid it.



Quotes from above link

What does it really mean to look at your private files and folders, though? Does it mean that Dropbox looks as the file names and hashes, but not the contents?

In short, there’s nothing stopping Dropbox from outing you as a scumbag copyright infringer — except, of course, the fact that it would very quickly lose the confidence of its users, which would then probably torpedo its entire business model.

Unquote

But Dropbox and Google Drive still surviving means they have not looked into your files despite holding the decryption key otherwise they would, as quote, 'very quickly lose the confidence of its users, which would then probably torpedo its entire business model'. Or they are doing it stealthily without user knowledge.

For this, I give Dropbox a thumb up (y) in fighting copyrighted/pirated content


Thanks
 
Last edited:

JanEmil

New Member
Jan 30, 2023
1
just a huge amount of useful information for beginners and more experienced people alike (I found a couple of points for myself, for sure)
many thanks for the topic
 
Last edited by a moderator:

Thales

Level 15
Verified
Top Poster
Well-known
Nov 26, 2017
708
If you use a storage provider, you accept that they can access anything even if they say they can't. That's why it's important to encrypt any sensitive information, whether it's a picture or file or anything else, before uploading it.
Also, redundant backup solution is the key. External backups and cloud providers.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
That's why it's important to encrypt any sensitive information, whether it's a picture or file or anything else, before uploading it.
Cloud service providers can terminate accounts at any time. If they cease global operations or restrict certain regions, access to the encrypted data will be revoked.

It may appear overkill, but it's recommended to use 2 cloud storage providers and 2 offline storage solutions.
 

Thales

Level 15
Verified
Top Poster
Well-known
Nov 26, 2017
708
Cloud service providers can terminate accounts at any time. If they cease global operations or restrict certain regions, access to the encrypted data will be revoked.

It may appear overkill, but it's recommended to use 2 cloud storage providers and 2 offline storage solutions.
That's why I wrote this...
If you use a storage provider, you accept that they can access anything even if they say they can't. That's why it's important to encrypt any sensitive information, whether it's a picture or file or anything else, before uploading it.
Also, redundant backup solution is the key. External backups and cloud providers.
 
  • Like
Reactions: [correlate]

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,024
Hi All

Sorry, I missed out one very important PRO for Cloud Provider

It is good for working across borders/countries, as carrying encrypted devices may raise suspicion when searched. A secure cloud provider is therefore highly recommended
 
  • Like
Reactions: [correlate]

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,024
Anyone can tell me if you have a RAID 1 system for 2xhdds in an enclosure would each backup has 1 image or 2 identical separate images?

From what the guy at the shop told me just now the 2xhdds in an enclosure will be recognized as 1 drive by the system. So during backup he said only 1 single image is being created.



EDIT

Found the answer after checking with my IT friend


RAID 1 with 2 HDDs vs 2 separate HDDs. PROS vs CONS

In RAID 1 Windows Explorer will recognize the 2x physical HDDs as one drive i.e. only one drive letter. And also one image only. This is the same for RAiD 0

However, it's the backup/restore software that will show 2 drives with separate identical image in each drive since need to set backup to target drives.

PROS

1) Cheaper than same 2 separate HDDs
2) 1 AC power supply needed since the 2x HDDs are housed in the same enclousure
3) Faster speed since mirroring takes place simultaneously

CONS

1) If 1 HDD drive is spoil need to do backup again for the new replacement drive. Cannot copy the backups from the other drive to the new replacement HDD. That means all previous copies of backup will be lost except for the latest copy of backup
2) Greater chance of 2x HDDs in a single enclosure to be exposed to ransomware attack when mounted

For 2x separate HDDs, Windows Explorer will recognize them as 2 separate HDDs

PROS

1) If 1 HDD fails then can copy everything from the 2nd HDD to the new HDD drive i.e. all previous copies of backups are available in the new HDD
2) Less exposure of 2x HDDs separately to ransomware attack

CONS

1) More expensive for 2x separate HDDs than RAID 1 with 2x HDDs of same capacity
2) Need extra cables and 2 separate AC power supplies to power the 2x separate HDDs
3) Slower since need to backup to 2 separate drives
 
Last edited:
  • Like
Reactions: [correlate]

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,024
Ok, found that can rebuild a failed drive in a RAID setup. My confidence increases.

Example is below

 
Last edited:
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top