New technologies are constantly being created in order to increase security, and many of those technologies eventually go away because of loopholes and other issues that are eventually discovered. No form of security is exempt from this, including any kind of security that involves transfer of communications. Or at least that’s what the status quo currently is.
Is there something out there that may finally be a long-lasting approach to securing your messages and other communications?
About The Crypto Stick
Enter the Crypto Stick – a device that looks and acts like a USB flash drive, but plays the role of your digital key. The Cryto Stick is meant to help you do everything you possibly need to make your digital life secure.
One of the main advantages is that it’s a physical device, so it cannot be easily replicated, and for some people it’s even easier to find than a file on a large number of different storage devices. Just plug it into your computer, and you can validate that everything is from you.
One of the primary functions of the Crypto Stick is to encrypt files, emails, text, and more. It can easily be used with a number of popular programs such as TrueCrypt, Outlook, Thunderbird, and GnuPG.
When you first get your Crypto Stick, you’ll need to set up your stick with a PIN and up to three keys (encrypting, authentication, and signing). The programs that make use of these keys can then access them from the Crypto Stick with ease. The creators of the Crypto Stick, the German Privacy Foundation, pride themselves with the fact that there is no performance impact while encrypting.
As I just mentioned, the Crypto Stick can also be used for authentication. For example, some high-security sites and services may not even use a username and password authentication method, but rather use keys or certificates. These are much safer than usernames and passwords in that they cannot be guessed (including brute force attacks). Again, using the Crypto Stick with your certificate is much safer because you must have physical possession of it as well as the PIN in order to use it.
Above I touched on the security features of the stick itself. Due to the stick’s PIN and anti-tampering features, your stick will stay safe, even if you lose it. It’ll also be safe from cyber threats such as viruses. Finally, the stick offers support for up to 4096-bit RSA keys, which quite honestly is overkill for most people. But it’s always good to know that you have this if you’d like.
Last but not least, the hardware and software that makes up the Crypto Stick is completely open source. This way, in case there are ever any security holes or other issues found, they can be quickly fixed and patches sent out. It also allows the stick to be used on any operating system you can think of, and writing code to implement the use of the stick with new software shouldn’t be an issue for developers.
The German Privacy Foundation Crypto Stick is a very interesting way to encrypt and authenticate yourself that replicates the idea that some high-clearance executives already use with their own RSA keys. However, these Crypto Sticks are open source, much cheaper, and future versions will also double as an actual USB flash drive that contains ordinary data. It’ll be interesting to see how well this will be adopted.
What’s your take on the Crypto Stick? Is it safe, or do you see problems with it? What’s your best security strategy? Let us know in the comments!