Reddit mentions of Apricorn Aegis Padlock 1 TB USB 3.0 256-bit AES XTS Hardware Encrypted Portable External Hard Drive (A25-3PL256-1000)

Relevant links:

https://wikileaks.org/wiki/File:FBI-pedophile-symbols-page1.jpg


https://www.amazon.com/Apricorn-Hardware-Encrypted-Portable-A25-3PL256-1000/dp/B007JGB0EI/ref=sr_1_1?ie=UTF8&qid=1492264240&sr=8-1&keywords=aegis+external+hard+drive

>I am ok with a software solution but it would be really ideal if I could use the storage without needing to install additional software.

That's going to be difficult. You see stuff like this https://www.amazon.com/dp/B0061DBZ2C/ref=sspa_dk_hqp_detail_aax_0?psc=1 or https://www.amazon.com/Apricorn-Hardware-Encrypted-Portable-A25-3PL256-1000/dp/B007JGB0EI

but do you really want to trust a relatively unknown hardware producer?

Veracrypt seems like the obvious choice if you can waive the software requirement. Just partition your drive and add the veracrypt install utility on the unencrypted partition.

It really depends on your threat model. There is no such thing as complete security. I'm no expert but I have several hardware-encrypted hard drives and flash drives, so I'll try to answer. I use them for similar purposes, so we likely have similar threat models.

First, it's important to recognize the inherent limits of an encrypted device like what you linked. It's only encrypted until you mount it, at which point an attacker with remote access can view the files just like you would. This can be countered by using an air-gapped computer, or one only used for these secure activities.

As for this particular device: The device you linked says it's FIPS 140-2, which means it's only tamper-evident, rather than tamper-resistant, and provides role-based authentication. So, a savvy hacker might be able to manipulate the hardware in some way to access the data (search "Kingston Datatraveler hack/vulnerability"), although you would be able to tell. You might combat this by using Veracrypt/Truecrypt containers inside the device, which is also good practice if you are backing up passwords somehow, as it enables easier password splitting (e.g. remember pin but backup Veracrypt password in pw manager).


A comparable tamper-resistant device (FIPS 140-3) is the Aegis 3z. If you're willing to pay more, the Kingston Ironkey is a literal iron fortress and is probably the hardest hardware to hack. It doesn't have a physical keypad, but autolaunches authentication software. This is vulnerable to keyloggers but arguably more secure against shoulder-surfing. It's also more configurable. The Kingston D300 is very similar (slightly cheaper), with the difference being the security chip (I don't know enough here to comment).A notable alternative is the Aegis Padlock, which is a literal hard-drive with a large keypad and lots of configurations (including false drives and keycodes that wipe the entire device, though other devices I've mentioned have similar features).


While shopping, it is good to note the distinction between FIPS-validated vs. FIPS-compliant, with the latter being little more than a promise, although few encrypted devices are actually verified.

Let me know if you want elaboration on anything. I have every device I mentioned and some knock-offs too. I don't know too much about about the technicals, but it's a field I'm looking to get into so I can try and answer until someone better comes along.