CipherUSB
  1. What is the difference between File Level Encryption (FLE) and Full Disk Encryption (FDE)?

    FLE
    For the File Level Enryption solution, user can encrypt any file existing on any storage media - hard drive, flash drive, flash media, network drive or Cloud storage. User can select what file to encrypt. The encrypted file cannot be opened unless it is first decrypted with a correct tool and password. This is essentially how most of software encryption products work. The advantage with File Level Encryption approach is that you can encrypt file stored in any media. You can also transport the encrypted file via wireless file transfer, over network, email, FTP or HTTPS protocols. The performance for FLE solution varies. For the software product, the performance depends on the processor and the hardware performance of the system. For the CipherUSB FLE, since it has a built-in hardware crypto engine, the performance is depended on the speed of the storage device attached to the CipherUSB FLE dongle and up to maximum of the USB 2.0 speed ( around 35 MB/sec in real application).


    FDE
    For Full Disk Encryption solution, as the name implies, everything on the drive or the media - file, boot sector and partition tables , are encrypted. In this solution, if the password and the tool used for encrypting the storage media are not present with the computer, the storage media appears as blank media. There is no visible file or trace of any data to hack into. Full Disk Encryption is the most secure solution and is no known report of any successful break in for FDE solution.


    To do full disk encryption, the storage media must be partitioned and formatted prior to be used for storing any data. So this means that FDE solution cannot be deployed on hard drives or media with existing data. It is also difficult, if not impossible, to implement FDE using software. System performance also degrades significantly if software is deployed for full disk encryption. There is no noticeable performance degradation on Addonics FDE solution. Data written or read from the encrypted media are done on the fly as if it is a standard non encrypted media, totally transparent to the user.

    All Addonics encryption solutions, both FLE and FDE, are hardware encryption solutions that do not utilize any system resources.


  2. How does Addonice FLE solution differ from the software encryption solution?

    Addonics CipherUSB FLE is a hardware encryption solution. Encryption and decryption are processed by a FIPS certified hardware crypto engine inside the CipherUSB FLE dongle. The CipherUSB utility that comes with the product is for handling mainly the file selection function and to instruct the crypto engine to perform either an encryption or decryption on the selected file or folder. The cipherUSB utility does not have any encryption or decryption function.

    The CipherUSB FLE is far more secure as the password is stored inside the CipherUSB FLE dongle instead of in the system or in the system memory as is the case with software encryption. With Addonics CipherUSB FLE, there is nothing to hack into if the system or the storage media is lost or stolen. You can securely save the encrypted file in the Cloud or electronic transfer the encrypted file to anyone. The recipient can open the file as long as he/she has a CipherUSB FLE with the same password. If you do not want someone to know your password, you can always send the recipient the CipherUSB FLE dongle that has the password already installed.

    Using a hardware crypto engine, the CipherUSB FLE does not require any system resources to process the encryption and decryption as is the case with software encryption. Thus the CipherUSB FLE will encrypt or decrypt a file faster than the software encryption product. The performance different can be very noticeable on a large file or on system with low processing power. For the CipherUSB FLE F1 and F2 model that requires attaching a USB storage, it is best to attach a USB hard drive or SSD so to achieve the maximum performance. CipherUSB FLE solution will perform pretty much the same on any hardware platform. For pure software encryption solution, the performance can be very slow on a low power system and the performance will also be affected by other applications running on the system.

    CBC mode encryption
    Because of the complex algorithm in CBC mode encryption, software encryption using CBC mode will not be practical as it will consume a lot of processing power to process the CBC encryption and decryption. There is no known software in the market that offer CBC mode of encryption. For the CipherUSB FLE solution, there is no noticeable difference in performance between the ECB and CBC model.

  3. What is 2 factors authentication?
    With two factors authentication, besides having the correct CipherUSB dongle installed into the system, you need to enter a password that matches that password stored inside the CipherUSB dongle in order to gain access to the encrypted drive or file. This obviously add further security. if someone get a hold of your CipherUSB dongle, it is useless without the matching password.

    The two factors authentication may not be desirable for certain application. In situation that you want to give the CipherUSB dongle to certain employee or user to access the data, you will also need to give out the password. Once this other person has the CipherUSB password, he/she has full access to the CipherUSB setup menu which allow for changing the password and also other important features. Remember the CipherUSB by itself is a very secure solution. A CipherUSB dongle with a different password cannot access your encrypted drive or file. The 2 factors authentication help only if you lose the CipherUSB dongle and your computer together.

  4. What Operating Systems are supported?
    The CipherUSB FDE is platform independent and work with any system that recognizes the storage device connected to it. It has been tested with Windows, Mac and Linux systems. The software utility used to program the recovery password for the CiperUSB works under Windows and Mac.

    The CipherUSB FLE comes with software utility that works under Windows or Windows and Mac depending on the model. CipherUSB FLE does not have software utility for Linux.

  5. Does CipherUSB work on optical drive?
    The CipherUSB FDE works with hard drives and most USB optical drives, although not all hardware configurations are guaranteed to work. All Addonics USB optical drives have been tested to work under Windows, Mac and Linux systems. Optical discs can be encrypted and although they do not appear blank as hard drives do. Instead optical disc containing encrypted data appears to contain no useful data.
    For CipherUSB FLE solution, files can be first encrypted before burning onto the optical disc. If it is rewritable disc, you can then encrypted it just like any other files stores in hard drive.

  6. Can the password be recovered?
    No. The password cannot be read, duplicated or recovered by software.

  7. Can more than one CipherUSB have the same encryption key?
    Yes. As long as the password is absolutely identical on both CipherUSB dongle, they will both encrypt and decrypt data the same way. This feature can even be used to establish a secure means of transporting data – encrypted with the CipherUSB using an agreed-upon password, encrypted media can be transported securely without moving any CipherUSB keys at all.

    The same idea applies to CipherUSB FLE solution. Encrypted file can be emailed to anyone and the recipient just needs to have a CipherUSB FLE dongle coded with the same password to access the file, You can also store encrypted file in the Cloud or FTP server and access the secured file anywhere so long you have the correctly coded CipherUSB FLE dongle with you.
  8. Can the CipherUSB be used to encrypt existing data on a hard drive?

    Yes if you have the CcipherUSB FLE dongle which is File Level Encryption solution that encrypt any file existing on any drive or storage media. The encrypted file will have an .addonics file extension.

    The CipherUSB FDE is a full disk encryption solution and it can encrypt any USB storage device attached to it. In full disk encryption, the hard drive or the storage media must be initialized by the CipherUSB FDE dongle. So USB storage with existing data must be first back up and transfer back onto the CipherUSB encrypted drive. In full disk encryption, if the drive is attached directly to any system without going through the CipherUSB dongle, the drive will appear as a blank disk, None of the encrypted data is visible. No data recovery software or equipment can retrieve any data from the CipherUSB encrypted drive.

  9. Can a CipherUSB dongle with ECB crypto engine access a CBC encrypted file with the same password?
    No, ECB and CBC uses two different encryption algorithms.