Thumb drives are the most commonly used flash-based storage devices, thanks to their compact form factor and affordability. In our series of direct-attached storage reviews, we have taken a look at number of devices that offer hardware encryption with no performance impact. They have all been SSDs behind a USB - SATA bridge, with the onus of encryption falling on the SSD controller. Compact thumb drives usually use a native controller (i.e, directly translating the flash interface to USB without an intermediate SATA link). There are exceptions such as the Corsair Voyager GTX and the Mushkin Ventura Ultra, but, most people wouldn't consider them compact. Compact thumb drives with hardware encryption are relatively rare, and command a significant price premium. They are valued by SMBs and enterprises due to the strong focus on data security. In today's review, we take a look at the 64GB variants of two products targeting this market - the Kingston DataTraveler Vault Privacy 3.0 and the EDGE diskGO Secure Pro 3.0.

Introduction and Usage Impressions

The Kingston DataTraveler Vault Privacy (referred to as DTVP30 here onwards) and the EDGE diskGO Secure Pro 3.0 (diskGO for the remainder of the piece) are both compact thumb drives. They come with a USB 3.0 male interface. The main selling point is the 256-bit AES hardware encryption in XTS mode on both units. In terms of size, the DTVP30 comes in at approximately 78mm x 22mm x 12mm. The diskGO is slightly smaller (58mm x 22mm x 10mm). The diskGO comes with a retractable USB connector, while the DTVP30 comes with a removable cap on the connector. There exists the possibility of misplacing the cap, but, it does provide more protection against dust compared to the diskGO. The DTVP30 also comes with a small lanyard.

Instead of disassembling the thumb drive to get the internal details, we took a look at the ChipGenius report for the two drives (reproduced below). Both the DTVP30 and the diskGO use the Phison 2313 controller with the 1.03.10 firmware.

Drive Information

Given that the controller and firmware version are the same in both products, it is not surprising that the user interface is also similar. Upon connecting to a system, both products mount a CDFS read-only volume automatically. This permanent volume contains the necessary program to unlock the thumb drive and use it in the computer. The gallery below shows the process with the DTVP30.

Kingston provides support for using the drive under Windows, Mac, and Linux. In addition to the unlocker programs for various platforms, a manual is also included in the CDFS volume. Plugging in a new drive and starting the unlocker program takes the user through a compulsory password setup process. The user can also enter contact information for easier recovery of a misplaced drive (that other users might not be able to unlock, anyway).

The diskGO UI is very similar, except for the fact that only Windows and Mac are supported currently. The entire locking and unlocking processes are essentially the same between the DTVP30 and the diskGO.

​Readers might note that this strategy of mounting a read-only volume to store the programs for securing the contents is similar to that of the Samsung Portable SSD T5. The key here is that both the DTV30 and the diskGO make it mandatory to use encryption., while the feature is optional for SSDs such as the T5 or the WD My Passport SSD.

Testbed Setup and Testing Methodology

Evaluation of DAS units on Windows is done with the testbed outlined in the table below. For devices with USB 3.0 (via an attached Type-A male interface) connections (such as the DTVP30 and the diskGO that we are considering today), we utilize the USB 3.1 Type-C port enabled by the Intel Alpine Ridge controller. It connects to the Z170 PCH via a PCIe 3.0 x4 link. A Type-C male to Type-A female cable is also used to connect the thumb drives to the motherboard's Type-C port.

AnandTech DAS Testbed Configuration
Motherboard GIGABYTE Z170X-UD5 TH ATX
CPU Intel Core i5-6600K
Memory G.Skill Ripjaws 4 F4-2133C15-8GRR
32 GB ( 4x 8GB)
DDR4-2133 @ 15-15-15-35
OS Drive Samsung SM951 MZVPV256 NVMe 256 GB
SATA Devices Corsair Neutron XT SSD 480 GB
Intel SSD 730 Series 480 GB
Add-on Card None
Chassis Cooler Master HAF XB EVO
PSU Cooler Master V750 750 W
OS Windows 10 Pro x64
Thanks to Cooler Master, GIGABYTE, G.Skill and Intel for the build components

The full details of the reasoning behind choosing the above build components can be found here. The list of DAS units used for comparison purposes is provided below.

  • Kingston DataTraveler Vault Privacy 3.0 64GB
  • EDGE diskGO Secure Pro 3.0 64GB
  • Mushkin Atom 64GB
  • SanDisk Extreme 64GB
  • Strontium Nitro Plus Nano 64GB

Synthetic Benchmarks - ATTO and Crystal DiskMark

The DTVP30 64GB version has claimed read and write speeds of 250 and 85 MBps respectively. On the other hand, the diskGO claims only 120 / 60 MBps for the same. These numbers are backed up by the ATTO benchmarks provided below. Unfortunately, these access traces are not very common in real-life scenarios.

Drive Performance Benchmarks - ATTO

CrystalDiskMark, despite being a canned benchmark, provides a better estimate of the performance range with a selected set of numbers. As evident from the screenshot below, the performance can dip to as low as 4.6 MBps for the DTVP30, and 6 MBps for the diskGO when it comes to random 4K accesses. Since the queue depth has negligible impact on the performance (i.e, numbers for 4K and 4KQ32T1 are similar), we can infer that the thumb drives do not support UASP (USB-attached SCSI protocol).

Drive Performance Benchmarks - CrystalDiskMark

Benchmarks - robocopy and PCMark 8 Storage Bench

Our testing methodology for DAS units also takes into consideration the usual use-case for such devices. The most common usage scenario is transfer of large amounts of photos and videos to and from the unit. The minor usage scenario is importing files directly off the DAS into a multimedia editing program such as Adobe Photoshop. These scenarios also cover typical office usage for transferring a large number of electronic documents and the like.

In order to tackle the first use-case, we created three test folders with the following characteristics:

  • Photos: 15.6 GB collection of 4320 photos (RAW as well as JPEGs) in 61 sub-folders
  • Videos: 16.1 GB collection of 244 videos (MP4 as well as MOVs) in 6 sub-folders
  • BR: 10.7 GB Blu-ray folder structure of the IDT Benchmark Blu-ray (the same that we use in our robocopy tests for NAS systems)

Photos Read

In general, the DTVP30 manages to have a healthy lead over the diskGO, but, the margin is usually narrow for write workloads.

For the second use-case, we take advantage of PC Mark 8's storage bench. The storage workload involves games as well as multimedia editing applications. The command line version allows us to cherry-pick storage traces to run on a target drive. We chose the following traces.

  • Adobe Photoshop (Light)
  • Adobe Photoshop (Heavy)
  • Adobe After Effects
  • Adobe Illustrator

Usually, PC Mark 8 reports time to complete the trace, but the detailed log report has the read and write bandwidth figures which we present in our performance graphs. Note that the bandwidth number reported in the results don't involve idle time compression. Results might appear low, but that is part of the workload characteristic. Note that the same testbed is being used for all DAS units. Therefore, comparing the numbers for each trace should be possible across different DAS units.

​In these workloads, we find that the diskGO inches ahead with the writes, but, the DTVP30 still retains an advantage for reads.

Adobe Photoshop Light Read

Performance Consistency

Yet another interesting aspect of these types of units is performance consistency. Aspects that may influence this include thermal throttling and firmware caps on access rates to avoid overheating or other similar scenarios. This aspect is an important one, as the last thing that users want to see when copying over, say, 100 GB of data to the flash drive, is the transfer rate going to USB 2.0 speeds. In order to identify whether the drive under test suffers from this problem, we instrumented our robocopy DAS benchmark suite to record the flash drive's read and write transfer rates while the robocopy process took place in the background. For supported drives, we also recorded the internal temperature of the drive during the process. The graphs below show the speeds observed during our real-world DAS suite processing. The first three sets of writes and reads correspond to the photos suite. A small gap (for the transfer of the videos suite from the primary drive to the RAM drive) is followed by three sets for the next data set. Another small RAM-drive transfer gap is followed by three sets for the Blu-ray folder.

An important point to note here is that each of the first three blue and green areas correspond to 15.6 GB of writes and reads respectively. Throttling, if any, is apparent within the processing of the photos suite itself.

Performance Consistency and Thermal Characteristics

We note that both the DTVP30 and diskGO start to throttle in a similar manner after the same amount of data has been written. Given the same controller and firmware, it is hardly surprising. The throttling is not entirely a show-stopping issue because we find that it gets triggered after more than 50GB of read and write traffic within a short time interval. This is definitely not the intended use-case for the secure USB drives such as the DTVP30 and the diskGO. In any case, both drives manage to recover performance fairly quickly.

Miscellaneous Aspects and Concluding Remarks

The DTVP30 and the diskGO are both bus-powered devices, and it is given that the peak power consumption can't go beyond 5W. It is still relevant to take a fine-grained look at the power consumption profile. Using the Plugable USBC-TKEY, the bus power consumption for both drives was tracked while the CrystalDiskMark workloads were processed. The workloads were set up with an interval time of 30s.

Drive Power Consumption - CrystalDiskMark Workloads

The DTVP30 has a peak power consumption of 2.19W, and idles at around 0.52W. The corresponding numbers for the diskGO are 1.31W and 0.54W.

Support for TRIM is an oft-requested feature in flash drives. It is important to maintain long-term performance consistency. Neither Kingston nor EDGE claim support for TRIM for the drives being reviewed today. CyberShadow's trimcheck is a quick tool to get the status of TRIM support. However, it presents a couple of challenges: it sometimes returns INDETERMINATE after processing, and, in case TRIM comes back as NOT WORKING or not kicked in yet, it is not clear whether the blame lies with the OS / file system or the storage controller / bridge chip or the SSD itself. In order to get a clear idea, our TRIM check routine adopts the following strategy:

  • Format the SSD in NTFS
  • Load the trimcheck program into it and execute
  • Use the PowerShell command Optimize-Volume -DriveLetter Z -ReTrim -Verbose (assuming that the drive connected to the storage bridge is mounted with the drive letter Z)
  • Re-execute trimcheck to determine status report

Conclusions can be made based on the results from the last two steps. As expected, these thumb drives do not support TRIM.

TRIM Support

Features such as TRIM and UASP often require driver support. For the use-cases targeted by the DTVP30 and the diskGO, it is preferable to avoid relying on the OS driver behavior (as users might not have administrator privileges to load them also).

Moving on to the pricing aspect, we find that the 64GB diskGO retails for around $70, while the 64GB DTVP30 comes in at a hefty $190 (approximately). These prices make it significantly expensive on a cents/GB metric compared to thumb drives without encryption capabilities.

Price per GB

Readers might be wondering why the DTVP30 commands almost a 3x price premium over the diskGO at the same capacity while using the same controller and firmware. Obviously, a 2x improvement in read performance (real-world improvements are not that much better) can't be the only reason. A little bit of digging into the nature of the secure thumb drives market reveal that businesses and agencies looking into such products come with a host of requirements such as TAA compliance (i.e, an aspect that decides whether a given product is suitable for U.S. government use) and even FIPS-197 certification.

​The diskGO and DTVP30 are both TAA-compliant. Only the latter has FIPS-197 certification. In our communication with Kingston and EDGE Memory, it emerged that FIPS certification is a very costly endeavor. Avoiding it helps the diskGO target a lower price point. The DTVP30 also employs a dual-channel configuration with MLC flash and comes with wider OS support. The lower performance of the diskGO is due to its single-channel configuration. That said, the diskGO also uses MLC flash (15nm or A19nm). Due to these reasons, the Kingston DataTraveler Vault Privacy 3.0 emerges as a more widely-applicable contender for use-cases that require secure USB drives. Casual users and businesses that don't need FIPS-197 certification / top-class performance will be quite happy with the value proposition of the EDGE diskGO Secure Pro thumb drive.

Comments Locked

19 Comments

View All Comments

  • jabber - Monday, August 28, 2017 - link

    You guys do realise that in 99.999999999% of cases encryption is only about providing enough hindrance to the person who finds the USB stick on the bus or train so they go "oh its got a password! I'll just format it then!" So many of you think that encryption is there to prevent the full might of some advanced nation from stealing your oh so important data. It isn't. In most cases it's an ass covering exercise. It's very very unlikely anyone who gets hold of such a device will spend more than 10 seconds trying to hack or access it before wiping it and putting cat videos on it.
  • BrokenCrayons - Monday, August 28, 2017 - link

    I'd purr-sonally prefer the cat videos anyway.
  • linuxgeex - Monday, August 28, 2017 - link

    I'm glad I work on linux where full-disk encryption is free and easy (luks-crypt) and I don't have to waste space on my devices for some crappy opaque "security" software that most likely has backdoors in it mandated by [agency].
  • linuxgeex - Monday, August 28, 2017 - link

    bloody hell didn't mean to click reply lol
  • BrokenCrayons - Tuesday, August 29, 2017 - link

    Don't worry about it. Cat videos tend to overwhelm the mind which leads to mistakes such as these.
  • linuxgeex - Monday, August 28, 2017 - link

    I'm glad I work on linux where full-disk encryption is free and easy (luks-crypt) and I don't have to waste space on my devices for some crappy opaque "security" software that most likely has backdoors in it mandated by [agency].
  • sfoppc - Tuesday, August 29, 2017 - link

    How do these drives compare to the Aegis Secure Key 3.0?

    https://www.apricorn.com/aegis-secure-key-3
  • Bullwinkle J Moose - Tuesday, August 29, 2017 - link

    sfoppc asks......
    "How do these drives compare to the Aegis Secure Key 3.0?"
    ----------------------------------------------------------------------------------
    They seem compare very well with the Aegis

    All overpriced with untrusted pseudo encryption

    Just try getting a usable response as to why you should trust the Aegis encryption and you will see what I mean
  • darkfalz - Thursday, September 14, 2017 - link

    I wonder why no one has come to market with a self encrypting drive that is unlocked via thumb print or pin. You plug it in and it shows 1 MB or something, until you use the thumbprint or code to unlock it, at which case it's a normal drive which requires no extra software.

Log in

Don't have an account? Sign up now