DiskAshur DT®2 FIPS 140-2 Level 3 certified Hardware Encrypted USB 3.1 DeskTop Hard Drive with ultra-secure onboard PIN Authentication and capacities of up to 14TB.
FIPS 140-2 Level 3 certified ultra-secure, PIN authenticated, USB 3.1 DeskTop hard drive with capacities of up to 14TB and real-time AES 256-bit XTS hardware encryption, software free design and super-fast data transfer speeds. The diskAshur DT2 is also certified to NCSC CPA (Foundation Level), Common Criteria and NLNCSA government accreditations.
- Common Criteria EAL4+ ready on-board secure microprocessor
- Real-time military grade AES 256-bit XTS Full-Disk Hardware Encryption
- FIPS PUB 197 Validated Encryption Algorithm
- PINs and encryption keys are always encrypted while at rest
- FIPS 140-2 Level 3 - Certified (Cert No 3253)
- NCSC CPA (UK) - Certified
- NLNCSA BSPA(NL) - Certified
- NATO Restricted Level - Certified
- All components covered with a layer of super tough epoxy resin
- Brute Force Hack Defence Mechanism
- Tamper Proof
- Immune to BadUSB
- Epoxy coated wear resistant keypad
- No speed degradation - as fast as any non-encrypted USB 3.1 HDD
- Desk Lock Slot
- No software or drivers required - 100% Hardware Encryption
- Read-Only (Write Protect) & Read/Write modes
- PIN authenticated - Supports Admin and User Independent PINs 7-15 digits in length
- Self-Destruct Feature
- Drive Reset Feature for easy redeployment
- Super Speed USB 3.1
- Unattended Auto-Lock feature
- No admin rights needed
- OS & Platform Independent - Works on any device with a USB port
What is diskAshur DT2?
An easy to use ultra-secure, PIN authenticated, USB 3.1 desktop hard drive with capacities of up to 14TB and real-time AES 256-bit XTS hardware encryption, software free design and super-fast data transfer speeds. The diskAshur DT2 is certified to FIPS 140-2 Level 3, NCSC CPA (Foundation Level), Common Criteria and NLNCSA government accreditations. The diskAshur DT2 has an easy-to-use keypad design enabling you to securely access the drive with your own unique 7-15 digit PIN and with software free setup and operation, the diskAshur DT2 is platform/device independent and works across all operating systems including all versions of MS Windows, MacOS, Linux, Android, Chrome, Thin Clients, Zero Clients and embedded systems. In fact, it will work on any device with a USB port! One of the unique and underlying security features of the GDPR compliant diskAshur DT2 is the dedicated hardware-based secure microprocessor (Common Criteria EAL4+ ready), which employs built-in physical protection mechanisms designed to defend against external tamper, bypass attacks and more. Unlike other solutions, the diskAshur DT2 reacts to an automated attack by entering the deadlock frozen state, which renders all such attacks as useless. In plain and simple terms, without the PIN there’s no way in!
EDGETM (Enhanced Dual Generating Encryption) Technology
Offering advanced portable data security via built-in FIPS PUB 197 validated AES 256-bit XTS hardware encryption engine. The data encryption key is randomly generated by a Common Criteria EAL4+ ready Random Number Generator and protected by NCSC, FIPS and Common Criteria validated wrapping algorithms. Uniquely featuring a dedicated on-board Common Criteria EAL4+ ready secure microprocessor to enhance security through true random number generation and built-in cryptography. The security component employs physical protection mechanisms to protect itself from any external tamper, bypass laser attacks and fault injections and incorporates active-shield violation technology. More specifically, the secure microprocessor reacts to all forms of automated hacking attempts by entering the deadlock frozen state where the device can only restart through a ‘Power On’ reset procedure (i.e. power off/power on). The security lock feature protects the device against any unauthorised firmware modifications from the host side (fully protected against BadUSB). The diskAshur DT2 uniquely incorporates a secure microprocessor providing secure algorithms to encrypt both the data and the encryption key, giving you confidence that your data is protected to the highest standards at any given time.
FIPS PUB 197 Validated Encryption Algorithm
Employing AES 256-bit XTS hardware encryption, the iStorage diskAshur DT2 seamlessly encrypts all data on the drive in real-time, keeping your data safe even if the hard drive is removed from its enclosure.
Super-fast USB 3.1
With super-fast USB 3.1 data transfer speeds of 225 MBps (Read) and 223 MBps (Write), you can now access your files faster than ever before. The iStorage diskAshur DT2 is also backwards compatible with USB 2.0 and 1.1 ports.
Brute Force Hack Defence Mechanism
The iStorage diskAshur DT2 is intelligently programmed to protect against all forms of Brute Force attacks. After five consecutive incorrect PIN entries, the drive will freeze, requiring the drive to be powered off and powered back on again in order to get a further five PIN entry attempts. If a further five (10 in total) consecutive incorrect PIN attempts are entered again, the diskAshur DT2 will freeze again. To get a further and final five PIN attempts (15 in total), the “shift” button must be pressed whilst powering the diskAshur DT2 off and then powering back on before entering the iStorage preset PIN. On the fifteenth consecutive incorrect PIN entry, the diskAshur DT2 assumes it is being attacked and will delete the encryption key and lock itself, rendering all data previously stored on the drive as lost forever. At this point, the drive can be reset to factory default settings and redeployed.
Self Destruct Feature
You can pre-program the diskAshur DT2 with your own unique Self Destruct PIN which, once implemented, instantly deletes the encryption key, all PINs, data and then creates a new encryption key.
Drive Reset Feature
The iStorage diskAshur DT2 also employs a useful drive reset feature, which can be implemented with a unique command. This clears all PINs and data, and creates a new randomly generated encryption key, enabling the drive to be reset and redeployed as many times as needed.
Unattended Auto-Lock Feature
Set the unattended diskAshur DT2 to automatically lock after a pre-determined amount of time.
In addition to incorporating a secure microprocessor, encrypting the data and the encryption key, the diskAshur DT2 adds another barrier between your data and a hacker. All the components of the diskAshur DT2 are completely covered by a layer of super tough epoxy resin, which is virtually impossible to remove without causing permanent damage to the components. This barrier prevents a potential hacker from accessing the critical components and launching a variety of futile attacks.
Data at rest protection
All data, PINs, and encryption keys are always encrypted while at rest.
Wear Resistant Epoxy Coated Keypad
Designed with protection in mind, the diskAshur DT2 wear resistant epoxy coated keypad hides key usage to avoid tipping off a potential hacker to commonly used keys.
|Capacity||1TB, 2TB, 3TB, 4TB, 6TB, 8TB, 10TB, 12TB & 14TB*|
|Data Transfer Speed||Up to: Read 225 MBps / Write 223 MBps|
|Power Supply||12V AC Adapter|
|Dimensions(W,D,H)||185.5 mm x 112 mm x 43.5 mm|
|Weight||1238 grams approx. (based on a 8TB drive, other capacities may vary)|
|Approvals||FIPS PUB 197 Validated, FCC, CE, RoHS, WEEE, TAA Compliant|
FIPS 140-2 Level 3 - certified (Cert No 3253)
|Interface||Super Speed USB 3.1 - up to 5Gbps. Backward compatible with USB 3.0/2.0/1.1|
|Operating System Compatibility||MS Windows, macOS, Linux, Chrome, Thin Clients, Zero Clients, Android & Embedded Systems|
|Hardware Data Encryption||Real-Time Military Grade AES 256-bit XTS Full-Disk Hardware Encryption|
|iStorage Part Number||IS-DT2-256-XXXX-C-G (xxxx = Capacity)|
|Box Contents||Drive, Universal Mains Adapter, USB cable & Quick Start Guide|
We strongly recommend that you carefully read this User Manual, shipped with the device or available for download on our website before contacting us for technical support. There are no 'Back Doors' to our products, we cannot retrieve a forgotten PIN or retrieve any data off the drives unless the PIN is known. Below are answers for the most frequently asked questions:
Your diskAshur DT2 undergoes a rapid self-test to verify all security components are working properly each time you plug into a powered USB port. The LEDs will go through 3 test stages, blinking in sequence RED, GREEN and BLUE, followed by two GREEN blinks and then to RED (Standby State) on a successful test. Any test failure will force the diskAshur DT2 to securely reset itself and automatically resume the self-test without affecting the encryption key or any data stored on the drive.
Please follow the 2 simple steps below to unlock the diskAshur DT2 for the first time with the default Admin PIN.
- Connect the diskAshur DT2 to a power outlet, attach USB cable to the drive and to a USB port, and turn the power switch to ON position. The LED will light up solid RED awaiting PIN entry (Standby State).
- Enter the default Admin PIN, ‘11223344’ and press the ‘UNLOCK’ button once to unlock diskAshur DT2.
GREEN and BLUE LEDs will alternately blink several times and finally changing to a solid GREEN LED indicating the drive is unlocked and ready to use.
In addition to the Admin PIN, the diskAshur DT2 can also be configured to create an independent User PIN. To create a new User PIN follow the steps below.
1. In Standby State (solid RED LED), press and hold down both the ‘UNLOCK and number ’1’ buttons and release once the GREEN and BLUE LEDs start blinking together.
2. While the GREEN and BLUE LEDs are blinking, enter your Admin PIN and press the ‘UNLOCK’ button. LED’s will change to a solid BLUE LED indicating the diskAshur DT2 is in ‘Admin Mode’ and awaiting further commands.
3. With the drive in Admin Mode (solid BLUE LED), press and hold down both the ‘UNLOCK’ and number ’3’ buttons and release once LEDs change to a solid BLUE and blinking GREEN.
4. Enter your new 7-15 digit User PIN and press the ‘UNLOCK’ button. The LEDs will change to a rapid GREEN LED blink and back again to a solid BLUE and blinking GREEN LEDs.
5. Re-enter your new 7-15 digit User PIN and press the ‘UNLOCK’ button. GREEN LED rapidly blinks for a few seconds and finally changes to a solid BLUE LED indicating the User PIN has been successfully created.
Unlock with Admin PIN
To access the diskAshur DT2 as Admin, first enter your Admin PIN and then press the ‘UNLOCK’ button. GREEN and BLUE LEDs will alternately blink several times and finally changing to a solid GREEN LED indicating the drive is unlocked and ready to use as Admin.
Unlock with User PIN
To access the diskAshur DT2 as the User, first press the ‘UNLOCK’ button, then enter your User PIN and press the ‘UNLOCK’ button again. GREEN and BLUE LEDs will alternately blink several times and finally changing to a solid GREEN LED indicating the drive is unlocked and ready to use as the User.
The diskAshur DT2 allows for ONE (1) User PIN and ONE (1) Admin PIN.
If a User forgets their PIN, the diskAshur DT2 can be unlocked using the Admin PIN.
Any new Admin or User code that is setup has to be a minimum of 7 digits and be no more than 15 digits long (7-15 digits).
Use your Admin PIN to enter Admin Mode, and then create another User PIN in Admin Mode.
There is no other way to retrieve the Admin PIN except a complete reset of the diskAshur DT2. After a complete reset, all data will be lost and you will need to initialise, allocate and format the diskAshur DT2 manually.
Why did the operating system not recognise the diskAshur DT2 after I enter Admin or User PIN after complete reset of the diskAshur DT2?
You need to initialise, allocate and format the diskAshur DT2 drive manually. For more information, refer to “Initialising and formatting the diskAshur DT2” in the product manual.
No, this is a Windows limitation, you must use the Admin account to initialise and format the diskAshur DT2.
Ensure that you have administrator privileges for your computer. You can use only the administrator account to initialise partition or format the diskAshur DT2 in the User Mode.
As a full disk encryption product, the diskAshur DT2 can never be used without a password.
The diskAshur DT2 uses AES XTS 256-bit algorithm.
You can change it only in the Admin Mode. In the User Mode, the User PIN which has the same digits is created in the Admin Mode cannot be changed or deleted.
No, since the diskAshur DT2 does not require any software to be installed and the encryption/decryption is performed in Hardware on the drive itself, “Admin Rights” are not required.
My diskAshur DT2 drive locks for no reason when connected to my computer whilst I am using it, what is causing this?
The issue you are having is being caused by power saving settings on your computer so please see below and make the appropriate changes to your computer and this will stop the diskAshur DT2 from locking.Microsoft Windows
Doing the following will prevent Windows from switching off the diskAshur DT2, go to `Control Panel` & `Power Options`, the easier option is to disable power saving which means stopping the computer from `Sleeping`.
In addition go into Advanced Settings in Power Option to disable the following:
- Ensure the computer is set to sleep: Never
- Turn off hard disk after: 999999 Minutes
- USB selective suspend setting: Disabled
This will keep any iStorage hard drive connected to the computer continuously on.
Note: For Windows 8.1 users You will need to install a Windows update (KB2919355) as well as follow the steps above. Please go to this link and choose Method 2: http://support.microsoft.com/kb/2919355. Once the download option appears select KB2919355 and then download and install.
Drives keep locking after 5-10 minutes on the Macs. This will be due the Mac’s power saving as there is a setting to switch off hard drives that are idle after a fix period of time see below.
The settings in Energy Saver preferences affect what happens when your Mac is left unattended for a period of time that you specify.
Disable Put the hard disk(s) to sleep when possible to prevent the diskAshur DT2 going to sleep and not locking. You will also need to stop the computer sleeping to prevent the diskAshur DT2 from locking.
The only way to prevent this is by changing the power settings (Windows computers) of the computer so that it only switches of the monitor on hibernation/sleep and keeps power to hard drives and USB. On Apple MAC computers going to the power settings in `System Preferences` and clicking the do not suspend USB will keep the drive alive even if the MAC goes into full hibernation
To make the diskAshur DT2 drive universally compatible with all the most common Operating Systems requires the drive to be formatted using the FAT file system. This is done by using `Disk Management` in Windows, `Disk Utility` on MAC OS/x or MKFS in Linux.
BadUSB is a theoretical exploit that was presented by SR Labs at the Black Hat conference in August of 2014. SR Labs demonstrated a vulnerability in one USB device that allowed malicious code to be programmed into the USB controller through a firmware update process. The attack described is very sophisticated and in the case of iStorage products would require advanced knowledge of our USB controller, a leaked version of our firmware, the programming tool to update our controller, the password used for our programming tool, and an in depth understanding of the device's functionality, etc. According to SR Labs, the failsafe method to eliminate this threat is to simply disable the ability to update the controller's firmware. Many of iStorage devices shipping today, including all of our USB 3.0 security products already have the firmware locked which prevents field updates to the USB controller. As a continuous improvement, iStorage is locking down the firmware on all USB controlles used in iStorage devices to safeguard against this vulnerability. We recommend checking our website periodically for notices regarding BadUSB and Security Updates.
You have triggered the Brute Force Attack mode and will now need to enter special unlock code to allow a further 5 attempts to enter the PIN. If the PIN is still incorrect the drive will activate the Brute Force Mechanism and deleted all PINs (Admin/User), the encryption key and data. A new Admin PIN must be created.
The procedure to gain a further 5 attempts on the diskAshur DT2 is:
1 – Unplug the drive, hold down the “SHIFT” button and replug it into the host, all LEDs – RED, GREEN, BLUE will light up and blink together
2 – With all LEDs blinking, enter “47867243” and press the “UNLOCK” button to get 5 final attempts.