Review: iStorage DiskAshur 2 SSD provides enhanced security with PIN-protected encryption

in General Discussion edited January 2021
The DiskAshur 2 external SSD boasts high levels of protection with hardware encryption and a keypad to gain entry, but even with the enhanced level of security, the drive is easy to use and offers more than enough performance for the majority of its potential users.

iStorage DiskAshur SSD

The constant flow of news reports covering security issues and privacy problems with online services, as well as the rising risk of criminals getting hold of a user or a company's sensitive data, may lead some people to try and increase the security for their own files. While some may be happy simply encrypting their important files on their Mac, some device vendors are coming up with other ways that offer even more security.

The iStorage DiskAshur 2 is a line of external hard drives and solid state drives that aims to do just that. The USB 3.1 portable storage devices boast a relatively unusual feature, in that they are secured with a PIN code that must be entered into a physical keypad on the enclosure, before data can be read from or written to the drive.

High security

On the front of the casing is a 13-button keypad featuring ten digits, lock and unlock buttons, and a shift key. Users are encouraged to set up a PIN of between 7 and 15 digits in length, which is then used to unlock the drive and allows macOS to mount the partition.

Separate PIN codes can be set up for administrators and users, with the former able to manage a user's PIN and to set up specific policies for PINs, like mandating a user PIN must be a certain length and if the Shift button must be used to add a special character.

The keypad is coated to prevent wear that could reveal a PIN.
The keypad is coated to prevent wear that could reveal a PIN.

The main security feature of the drive is its Enhanced Dual Generating Encryption (EDGE) system, which uses a dedicated secure microprocessor to encrypt and decrypt the data on the drive in hardware, with military-grade AES-XTS 256-bit encryption. The system also encrypts the encryption key, which is stored on the device and only used when a valid PIN is entered.

As the entire encryption system is self-contained, it means there is no need to use companion software or other items in order for it to work. Aside from entering a PIN in after plugging it into a USB port, it operates just like a normal external drive.

Even when plugged in to a Mac, the drive remains effectively invisible in macOS until the PIN is put in. Pressing the lock button on the drive will unmount it in macOS instantly, something that can also be accomplished by physically disconnecting the drive.

If the user turns off the Mac, the drive treats it as a disconnection and locks the drive automatically. There is even an option to lock the drive after a predetermined period of time, preventing it from being unlocked and left accessible on a desktop for long stretches.

While short, the USB cable sits neatly in its purpose-made alcove when not in use.
While short, the USB cable sits neatly in its purpose-made alcove when not in use.

There is protection in place to prevent access from a brute force attack, when others try to access the drive by repeatedly trying different codes. After 15 consecutive incorrect attempts, the drive automatically assumes it is being attacked, and will delete the encryption key, effectively making all data on the drive completely unreadable.

Going one stage further, it is also possible to set up a "Self Destruct" PIN that, when entered, deletes the encryption key automatically. This is handy in situations where a drive owner could be coerced into providing a version of the PIN, or if a known attacker is aware of the PIN, to wipe everything before the drive can be taken away.

In either case, the data is lost, and the drive can be reset to factory defaults and reused.

It is claimed the DiskAshur 2 has a tamper-proof design, where the drive is covered with a layer of epoxy resin that makes it almost impossible to take apart the drive without damaging its components.

Physical and Performance

Aside from the presence of a keypad and indicator lights on the top panel, the DiskAshur 2 seems like a well thought out and conventional external drive. Offered in a variety of four colors, the casing is a soft-touch plastic with a marginally springier outer edge, while the keypad is epoxy-coated to resist from wear, preventing another way for attackers to figure out the passcode. On the base are four small and springy feet, which give enough grip to keep it from sliding around a desk too much.

The carry case provides extra protection for the secure drive.
The carry case provides extra protection for the secure drive.

On one side is the USB Type-A connection, which works with USB 3.1 ports and earlier variants. The cable is relatively short, measuring just five inches in length, making it a bit of a chore to hook up to the host device at times, but it does stow away tidily into a recess in the side when the drive isn't in use.

It is also a lightweight model at 180 grams (6.35 ounces), and measures 124 millimeters by 84 millimeters, and 19 millimeters thick (4.9 inches by 3.3 inches by 0.75 inches). For those wanting to keep the drive as pristine as possible, it is also supplied with a protective carry case with extra padding and a decent zip to keep it closed.

For the 1 terabyte SSD model used for testing, iStorage claims it has read and write speeds of 294MB/s and 319MB/s respectively. In tests using a Mac mini, it exceeded the read speed expectations with 316.7MB/s, while writing data is still respectable at 303.1MB/s.

Blackmagicdesign's Disk Speed Test tool
Blackmagicdesign's Disk Speed Test tool

To be fair, the main focus of the drive is on its security credentials, so performance may not necessarily be on the potential user's ideal features list, but the speeds achieved are certainly nothing to complain about, even for power users.

For casual users, the need to enter a PIN each time they want to access the drive may be a chore, though that does depend on what is stored on the drive and how much they are willing to protect that data. Business users and those who work with potentially sensitive data are certainly the target market for the drive, and are less likely to be put off by the extra security measures.

The base has four very small feet, but they're grippy enough to keep it still.
The base has four very small feet, but they're grippy enough to keep it still.

The iStorage DiskAshur 2 SSD is an ideal device for when security is essential. The amount of effort that has gone into designing it to prevent the data from leaking into the wrong hands certainly has a potential market, and it is probably one of the most user-friendly ways for Mac users to securely use a portable drive with others in a protected and encrypted manner.

Rating: 4 out of 5 stars

There are two different types of DiskAshur 2 drives available, with SSD models ranging from 128 gigabytes to 4 terabytes in capacity, while the hard drive-based versions work are offered in capacities from 500 gigabytes to 5 terabytes.

The SDD models start from $170 for the 128 gigabyte model on Amazon, and goes up to $2,222 for the 4 terabyte variant. The 1 terabyte model reviewed by AppleInsider can be acquired for between $450 and $565, depending on the color.


  • Reply 1 of 4
    SoliSoli Posts: 10,038member
    One quadrillion possibilities is a lot of options for a brute force attack.
  • Reply 2 of 4
    rob53rob53 Posts: 3,263member

    FIPS 140-2 Level 3 validated,, looks like it meets applicable USA security standards.
      • Level 3 – in addition to the tamper-evident physical security mechanisms required at Security Level 2, Level 3 attempts to prevent the intruder from gaining access to critical security parameters (CSPs)
    • Reply 3 of 4
      dougddougd Posts: 292member
      No use for one
    • Reply 4 of 4
      "One, two, three, four, five? That's amazing! I've got the same combination on my luggage!"
    Sign In or Register to comment.