Hardware-Based 
Software-Based 
Brute force attacks (including 
parallel attacks)
Prevented by access control and 
device lockdown 
Prevented by blocking copying of 
data in its encrypted form from the 
device to the host memory.
Difficult to prevent
Cold boot attack
Prevented by not using RAM or 
other common memory space to 
store encryption keys, and by the 
fact that the keys never leave the 
USB flash drive
Can be prevented if secure memory 
is available on the PC
Malicious code
Prevented by using a security 
system independent of the PC and 
its OS
No way to prevent if the PC and its 
OS are infected
Activation
Tied to a single device, security 
activation is automatic as part of the 
device specs
Can be implemented on all types 
of media, security activation is 
dependent on the user
Dependence on OS security
Independent
Dependent
Designed for usability
No drivers required
Driver installation on the host PC 
required, potentially a security risk
Application code integrity
Strong, uses fully contained memory 
space on the USB flash drive
Weak, uses common memory
Performance
Fast, since dedicated hardware is 
used for encryption processes 
Slower, since existing processing 
capacity is used
Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives
White Paper

7
© 2008 SanDisk Corporation
Revision 1.0
SanDisk
®
 Cruzer
®
 Enterprise USB Flash Drives
SanDisk, a leading global brand for USB flash drives, offers an extensive portfolio of security solutions to the enterprise market. 
SanDisk Cruzer Enterprise USB flash drive (Figure 1) and central management and control (CMC) software keep confidential 
data secure both inside and outside the office by the application of both 256-bit AES hardware encryption and strong password 
protection. This combination of security means that SanDisk Cruzer Enterprise:
Offers superior security by using a separate, cryptographic processor core that secures encrypted data in a secured memory 
• 
space on the USB flash drive to protect against brute force, counter, parallel offline, cold boot and malicious code attacks
Implements mandatory access control that automatically encrypts all data written to the drive 
• 
Functions independently of the level of security offered by the operating system
• 
Requires no drivers for installation
• 
Delivers an exceedingly high level of application code integrity by digitally signing and verifying the signature against the 
• 
hardware every time the USB flash drive is inserted into a PC
Achieves very fast transfer speeds of up to 24MB/s Read, 20MB/s Write
• 
Optionally offers a central management and control (CMC) system to administer password recovery and renewal, enable 
• 
remote termination of lost Cruzer Enterprise USB flash drives, centrally back up and restore data, and track USB flash drive 
usage for auditing purposes.
SanDisk is vertically integrated, from flash manufacture to final, secure products, and is a strong leader in technological 
innovation. This technology is deployed globally in millions of enterprise-grade USB flash drives in corporate, financial and 
healthcare environments.
Figure 1: SanDisk Cruzer Enterprise, a secure USB flash drive with up to 8GB 
2
 memory
2
1 megabyte (MB) = 1 million bytes. 1gigabyte (GB) = 1 billion bytes. Some capacity not available for data storage.
Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives
White Paper

SanDisk, the SanDisk logo and Cruzer are trademarks of SanDisk Corporation, registered in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may 
be trademarks of their respective holder(s).
© 2008 SanDisk Corporation. 80-11-01583 Revision 1.0, June 2008
For more information please visit www.sandisk.com/enterprise or e-mail enterprise@sandisk.com.
SanDisk Corporate Headquarters
601 McCarthy Boulevard
Milpitas, California 95035-7932
Corporate Phone: (408) 801-1000
Corporate Fax: (408) 801-8657
www.sandisk.com