It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.
I included a picture of the IronKey Keypad 200 but that’s just because it’s the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.
I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?
It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.86K Posts
- 71.9K Comments
- Modlog
Obligatory XKCD
Stopping low effort attempts to get data it seems good, as an addition too software encryption it seems great. Of course hardware can range from child toys, gimmicks, to serious hardened hardware, so results WILL vary.
They occupy a strange niche full of contradictions.
Entering the code on the device itself should increase security as opposed to entering it on a compromised computer.
But plugging it into a compromised computer means the data is compromised anyway.
Their security is way harder to audit than a software solution like PGP. The actual “encryption” varies from actual decent setups to “entering the code connects the data pins with no actual encryption on the storage chip”
Not having to instal/use software to use them means they are suitable for non-technical users which in turn means more support calls for “I forgot the pin, it wiped itself, can you restore my data”
They are kind of useful to check the “data is transported on encrypted media” box for compliance reasons without having to manage something bigger.
like everyone else has said hardware level encryption doesn’t seem like the most sound option.
Personally i’ve just encrypted sensitive files with picocrypt, only just started looking into better encryption techniques though so there’s probably better alternatives.
Same problems as any firmware based encryption (encrypting SSDs, etc.). Firmware is quickly outdated and the triangle price - speed - security usually neglects the security part.
Yeah i dont see how this would be better then a run of the mill thumb drive (that doesnt scream im worth stealing) and just creating a cryptomator vault on it.
Is that solution portable for any device and os you might plug it into?
Its available on linux mac and windows so id say it’s pretty portable. You could even keep unencrypted installers on the same thumb drive in case internet access is an issue.
Available or built in? Because there are a lot of jobs and use cases where you need to transfer to systems you don’t have full control over.
At that point you should probably use a cloud based solution anyway. Any decently secured system wouldn’t let you plug in a random usb drive anyway.
I had assumed the use case was more for travel not for trying to access sensitive data on systems that you have limited access.
No its not I think, at least Androids restricted af model doesnt allow that.
Same with veracrypt
I view portability to be the main benefit of a hardware solution. I agree that software options will allow for better security, but imo a less secure hardware option is better than nothing if portability is a requirement.
I use them in my job and I find them better than the software only solution and I like them when I have to use them for sensitive file transfers.
Good until you spill a Cuppasoup on it’s chinesium keyboard.
Something else to break down.
I had one of the SanDisk flash drives that had some launcher thing on it and I had a password for some reason on it.
In high school, a classmate tried to guess it, 3 times and I lost everything on it forever, since it stupidly locked forever after 3 tries.
I had software projects from back then that I can never get back… including a web browser. I could have had the next Firefox…
If you’re out there, Liz: I’ll never forgive that.
Liz taught you to make backups of data you value
Was it going to be open source ?
I didn’t know what that was yet… but probably.
Seems like it’s a good starting point.
I wonder if you can encrypt the files prior to storing them on the key, which would then encrypt them a second time with a different method. Would the compromise the data in any meaningful way? Or would it mean that you had to decrypt the key and then decrypt the data a second time?
I believe you would have to decrypt them a second time. For example if you wanted to be real secure you could have the USB device, an encrypted folder that holds important documents and files you want to back up, and inside of that could be a password database that requires a Yubikey or similar device.
I believe what you are talking about is kind of like using a combination of cascading algorithms like AES->Twofish–>Serpent.
I could be wrong though. If I am I hope someone can correct me.
So if that’s correct, then a single company breaking the IronKey isn’t, by itself, that big of a deal unless and until the knowledge bcomes fairly widely available.
I think it’s a factor to consider but it depends on your threat model. A few people have linked an article about a Bitcoin wallet that was on one of these drives that was cracked. I imagine replicating the process would be difficult but with a big enough group going after you who knows?
The extra layers of security always helps though.
I think that if your threat model is the NSA, then them having physical control over the drive–and probably you in a black site–is probably going to be the end of the road for you.
The IronKey has been cracked
Only buy stuff with upgradeable firmware.
Like most things, it’s important to remember what threats you’re trying to protect yourself against.
Are you trying to protect yourself against dropping a USB in a parking lot and someone picking it up? Or are you trying to protect yourself from a nation state?
Just my opinion but I don’t really like the common belief of separating nation and non nation state actors. We’re getting to the point where nation states are making up a large portion of the really damaging attacks, and it’s frequently ones own government or a government they’re in conflict with which means there are very kinetic consequences for failure even if you’re a nobody. It’s not just someone stealing some money anymore.
I don’t trust hardware implementations of encryption in the same way I don’t trust hardware raid arrays.
These are handy if you have to move sensitive information but I’ve experienced more than one event at work where irreplaceable files were lost due to user error on these type of drives.
I couldn’t tell you about the lifespan of these devices either, something tells me the keys won’t last more than a few years if it’s being used regularly.
If your only copy of critical data is on a portable storage device you are doing so many things wrong.
Agreed.
Have to stay within hipaa, sadly that means tech-illiterate c suite dipshits make decisions on hardware.
I’ll store my weird shit on an unsecured hard drive stashed in the woods. Like those that came before me, and those before me.
Store it in your bosses garden.
You meant and those before them right ?
You heard what I said. You heard it just like those before me.