this post was submitted on 19 Feb 2024
1 points (100.0% liked)

Privacy

31993 readers
543 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?


It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 9 months ago
[–] [email protected] 0 points 9 months ago

Stopping low effort attempts to get data it seems good, as an addition too software encryption it seems great. Of course hardware can range from child toys, gimmicks, to serious hardened hardware, so results WILL vary.

[–] [email protected] 0 points 9 months ago

They occupy a strange niche full of contradictions.

Entering the code on the device itself should increase security as opposed to entering it on a compromised computer.

But plugging it into a compromised computer means the data is compromised anyway.

Their security is way harder to audit than a software solution like PGP. The actual "encryption" varies from actual decent setups to "entering the code connects the data pins with no actual encryption on the storage chip"

Not having to instal/use software to use them means they are suitable for non-technical users which in turn means more support calls for "I forgot the pin, it wiped itself, can you restore my data"

They are kind of useful to check the "data is transported on encrypted media" box for compliance reasons without having to manage something bigger.

[–] [email protected] 0 points 9 months ago

like everyone else has said hardware level encryption doesn’t seem like the most sound option.

Personally i’ve just encrypted sensitive files with picocrypt, only just started looking into better encryption techniques though so there’s probably better alternatives.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago)

Same problems as any firmware based encryption (encrypting SSDs, etc.). Firmware is quickly outdated and the triangle price - speed - security usually neglects the security part.

[–] [email protected] 0 points 9 months ago (1 children)

Yeah i dont see how this would be better then a run of the mill thumb drive (that doesnt scream im worth stealing) and just creating a cryptomator vault on it.

[–] [email protected] 0 points 9 months ago (2 children)

Is that solution portable for any device and os you might plug it into?

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago) (1 children)

Its available on linux mac and windows so id say it's pretty portable. You could even keep unencrypted installers on the same thumb drive in case internet access is an issue.

[–] [email protected] 0 points 9 months ago (1 children)

Available or built in? Because there are a lot of jobs and use cases where you need to transfer to systems you don't have full control over.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago)

At that point you should probably use a cloud based solution anyway. Any decently secured system wouldn't let you plug in a random usb drive anyway.

I had assumed the use case was more for travel not for trying to access sensitive data on systems that you have limited access.

[–] [email protected] 0 points 9 months ago (1 children)

No its not I think, at least Androids restricted af model doesnt allow that.

Same with veracrypt

[–] [email protected] 0 points 9 months ago

I view portability to be the main benefit of a hardware solution. I agree that software options will allow for better security, but imo a less secure hardware option is better than nothing if portability is a requirement.

[–] [email protected] 0 points 9 months ago

I use them in my job and I find them better than the software only solution and I like them when I have to use them for sensitive file transfers.

[–] [email protected] 0 points 9 months ago

Good until you spill a Cuppasoup on it's chinesium keyboard.

[–] [email protected] 1 points 9 months ago (2 children)

I had one of the SanDisk flash drives that had some launcher thing on it and I had a password for some reason on it.

In high school, a classmate tried to guess it, 3 times and I lost everything on it forever, since it stupidly locked forever after 3 tries.

I had software projects from back then that I can never get back.. including a web browser. I could have had the next Firefox..

If you're out there, Liz: I'll never forgive that.

[–] [email protected] 0 points 9 months ago

Liz taught you to make backups of data you value

[–] [email protected] 0 points 9 months ago (1 children)

Was it going to be open source ?

[–] [email protected] 0 points 9 months ago

I didn't know what that was yet.. but probably.

[–] [email protected] 0 points 9 months ago (1 children)

Seems like it's a good starting point.

I wonder if you can encrypt the files prior to storing them on the key, which would then encrypt them a second time with a different method. Would the compromise the data in any meaningful way? Or would it mean that you had to decrypt the key and then decrypt the data a second time?

[–] [email protected] 0 points 9 months ago (1 children)

I believe you would have to decrypt them a second time. For example if you wanted to be real secure you could have the USB device, an encrypted folder that holds important documents and files you want to back up, and inside of that could be a password database that requires a Yubikey or similar device.

I believe what you are talking about is kind of like using a combination of cascading algorithms like AES->Twofish–>Serpent.

I could be wrong though. If I am I hope someone can correct me.

[–] [email protected] 0 points 9 months ago (1 children)

So if that's correct, then a single company breaking the IronKey isn't, by itself, that big of a deal unless and until the knowledge bcomes fairly widely available.

[–] [email protected] 0 points 9 months ago

I think it's a factor to consider but it depends on your threat model. A few people have linked an article about a Bitcoin wallet that was on one of these drives that was cracked. I imagine replicating the process would be difficult but with a big enough group going after you who knows?

The extra layers of security always helps though.

[–] [email protected] 0 points 9 months ago (2 children)
[–] [email protected] 0 points 9 months ago

Only buy stuff with upgradeable firmware.

[–] [email protected] 0 points 9 months ago (1 children)

Like most things, it's important to remember what threats you're trying to protect yourself against.

Are you trying to protect yourself against dropping a USB in a parking lot and someone picking it up? Or are you trying to protect yourself from a nation state?

[–] [email protected] 0 points 9 months ago

Just my opinion but I don't really like the common belief of separating nation and non nation state actors. We're getting to the point where nation states are making up a large portion of the really damaging attacks, and it's frequently ones own government or a government they're in conflict with which means there are very kinetic consequences for failure even if you're a nobody. It's not just someone stealing some money anymore.

[–] [email protected] 0 points 9 months ago

I don't trust hardware implementations of encryption in the same way I don't trust hardware raid arrays.

load more comments
view more: next ›