No apologies needed, and you're right - this thread has gone way off topic. But since the only required knowledge was in the first post, I feel that's okay.
I just noticed this about 20 minutes ago, which is oddly (and very accidentally) entirely on-topic
I'm still on the fence about RocIT... I bought 4 of their little 4gb FIPS drives, since they fairly cheap... but I can't help but notice that every-time I stick it in the USB slot, it contacts the mothership on port 443 to (hopefully) check for updates.
That's not very cool.
Part of security is obscurity
, if you have something worth keeping secret, you certainly don't want your ISP, and every law enforcement agency in the country to be be able to tap your net and know that you are just about to log in to that secure drive.
Or even worse, maybe they tap into RocIT's servers, and just get every user's IP address, and come visit you to find out what you're hiding
Other than that, it's quite a nice system. You have the option of making the drive administered remotely (such that you can override/disable lost drive).
Now, the bootable one is a wierd thing. It really is loading Windows XP in a virtual machine. That's certainly not mentioned anywhere in the documentation. It's not necessary a bad thing, ... for instance, it would probably protect you from that nasty firewire memory-read exploit.
BTW, FIPS 140-2 Level 2 isn't all it's cracked up to be. Google "FIPS 140-2 USB cracked" and you'll that
Kingston, SanDisk and Verbatim all sell quite similar USB Flash drives with AES 256-bit hardware encryption that supposedly meet the highest security standards. This is emphasised by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST), which validates the USB drives for use with sensitive government data.
... all got cracked... worse still, it was possible to crack them, because they actually stored an encrypted, unhashed copy of your password! If you know anything about encryption, you know that is just not done.
IronKey is where i'd put my money, although I dislike any system which relies on keyboard authentication, so I hedge my bets by using a DataLocker...
If nothing else, it certainly looks the part.