Pinterest Stumbleupon Whatsapp
Ads by Google

german privacy foundationNew technologies are constantly being created in order to increase security, and many of those technologies eventually go away because of loopholes and other issues that are eventually discovered. No form of security is exempt from this, including any kind of security that involves transfer of communications. Or at least that’s what the status quo currently is.

Is there something out there that may finally be a long-lasting approach to securing your messages and other communications?

About The Crypto Stick

german privacy foundation

Enter the Crypto Stick – a device that looks and acts like a USB flash drive, but plays the role of your digital key. The Cryto Stick is meant to help you do everything you possibly need to make your digital life secure.

One of the main advantages is that it’s a physical device, so it cannot be easily replicated, and for some people it’s even easier to find than a file on a large number of different storage devices. Just plug it into your computer, and you can validate that everything is from you.

Encrypt

german privacy foundation

Ads by Google

One of the primary functions of the Crypto Stick is to encrypt files, emails, text, and more. It can easily be used with a number of popular programs such as TrueCrypt How To Create A Truly Hidden Partition With TrueCrypt 7 How To Create A Truly Hidden Partition With TrueCrypt 7 Read More , Outlook, Thunderbird, and GnuPG.

When you first get your Crypto Stick, you’ll need to set up your stick with a PIN and up to three keys (encrypting, authentication, and signing). The programs that make use of these keys can then access them from the Crypto Stick with ease. The creators of the Crypto Stick, the German Privacy Foundation, pride themselves with the fact that there is no performance impact while encrypting.

Authenticate

As I just mentioned, the Crypto Stick can also be used for authentication. For example, some high-security sites and services may not even use a username and password authentication method, but rather use keys or certificates. These are much safer than usernames and passwords in that they cannot be guessed (including brute force attacks). Again, using the Crypto Stick with your certificate is much safer because you must have physical possession of it as well as the PIN in order to use it.

Secure

Above I touched on the security features of the stick itself. Due to the stick’s PIN and anti-tampering features, your stick will stay safe, even if you lose it. It’ll also be safe from cyber threats such as viruses. Finally, the stick offers support for up to 4096-bit RSA keys, which quite honestly is overkill for most people. But it’s always good to know that you have this if you’d like.

Open Source

Last but not least, the hardware and software that makes up the Crypto Stick is completely open source. This way, in case there are ever any security holes or other issues found, they can be quickly fixed and patches sent out. It also allows the stick to be used on any operating system you can think of, and writing code to implement the use of the stick with new software shouldn’t be an issue for developers.

Conclusion

The German Privacy Foundation Crypto Stick is a very interesting way to encrypt and authenticate yourself that replicates the idea that some high-clearance executives already use with their own RSA keys. However, these Crypto Sticks are open source, much cheaper, and future versions will also double as an actual USB flash drive that contains ordinary data. It’ll be interesting to see how well this will be adopted.

What’s your take on the Crypto Stick? Is it safe, or do you see problems with it? What’s your best security strategy? Let us know in the comments!

Image Credits: gruntzooki, Raven Wiki

  1. Neo Max
    October 11, 2012 at 12:55 pm

    a good alternative

    http://www.yubico.com/yubikey

  2. George
    April 24, 2012 at 3:02 pm

    A good alternative without being so expensive is the IronKey. I have been using it since it came out and still have the same one. Probably the most secure key ever. Too bad Imation bought the product line since Imation has not done anything good in the past 2 decades.

    • Danny Stieben
      April 28, 2012 at 7:59 pm

      I've never heard of IronKey...very interesting!

  3. LD
    April 24, 2012 at 2:43 am

    I love gmail's 2 step authentication with having to know my password, and also having to have my cell phone in order to get in to my account. I wish more places offered this feature. So far I only know of google and lastpass.

    • Mark O'Neill
      April 24, 2012 at 7:25 am

      Me too. 2 step authentication makes me sleep much easier at night, knowing that a potential hacker would need my phone in order to break into my email account.

      Since my phone is an extension of my arm, there's no chance of my phone going astray!!

    • Danny Stieben
      April 28, 2012 at 8:01 pm

      I like the idea too, but there was something about it that made me turn it off...I honestly don't remember anymore what that reason was!

    • no
      December 30, 2014 at 7:51 pm

      If you are using gmail you are just not in security. Did you not know that google analyzes the content of every mail you send and get? Really, nobody uses gmail.

  4. Bob Henson
    April 23, 2012 at 7:21 pm

    Unless I'm missing something, the only advantage it has over using free GnuPG (or the nowadays outrageously expensive PGP) is that it is portable. If your computer is not locally secure it's a good idea to carry your keys around with you rather than leave them on the hard drive . However, there's no need for a special device, you can store GnuPG keyrings on a normal USB stick and use it in the same manner. A good Idea is to put the keyrings on the USB stick in a Truecrypt container with a very secure keyword/phrase to protect them should you lose the stick. I have Portable Thunderbird/Enigmail/GnuPG on a small USB stick with a lot of other portable programs (all inside a TrueCrypt container) which I carry around and can use from any computer, anywhere, without leaving any trace of my presence on the strange computer. It's not a very clever idea on my part, it's an old trick many people have been doing for years.

    • Danny Stieben
      April 28, 2012 at 8:02 pm

      Not only is it portable, but it goes beyond simply storing keys in storage space. The keys that are loaded into it are especially locked to prevent tampering and so forth. So while your method works fine, people could still delete the files. With the Crypto Stick, they can't be (easily) deleted. So the keys will stay on the stick, while they cannot be used without the right PIN.

Leave a Reply

Your email address will not be published. Required fields are marked *