It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.
I included a picture of the IronKey Keypad 200 but that’s just because it’s the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.
I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?
It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.
Hardware signing devices have lots of utility because they keep the key from ever being on the machine (which is more likely to be compomised). Think ledger or trezor for your Bitcoin. Hardware encryption devices are just really expensive and black-box ways to avoid Veracrypt.
If your encryption algorithm is secure, you have no use for automatic lock-out. If it’s not, automatic lockout won’t do much against an attacker with physical access to the device. Unless they are dumb enough to trigger the lockout AND the internal memory wipes itself sufficiently well AND/OR the attacker doesn’t have the resources to reverse engineer the device.
If your encryption algorithm is secure, you have no use for automatic lock-out.
This isn’t true. You need your algorithm and your key to be secure. If the key needs to be remembered or entered often it probably can’t be secure. So brute force protection becomes very important.
If it’s not, automatic lockout won’t do much against an attacker with physical access to the device.
This isn’t true. Yes, with enough time and effort it is possible to extract any data from any device. But in practice physical HSMs do an excellent job at raising the cost of key extraction. I would much rather have an attacker steal my Yubikey than a USB with my GPG key lying on it.
Ironkey has been more careful than some other vendors but the concept still seems dubious to me, if you are tryna to stop serious attackers. You want the decryption key to be completely separated from the storage.
Does this matter if it needs a password? Luks stores the key in storage too
If I understand Luks, the raw key is encrypted using the passphrase, so that is an ok scheme if the passphrase itself is too random to attack by brute force (unlike the 8 digit code that the Ironkey device uses). Look up “diceware” for a reasonable way to generate random phrases. Luks with this approach can be pretty good, though still potentially vulnerable to key loggers and other such attacks. Basically, put careful attention into what you are trying to protect against. High security commercial crypto (e.g. for banking) uses hardware modules in secure data centers, surrounded by 24/7 video surveillance. Check out the book “Security Engineering” by Ross Anderson if this sort of thing interests you. 1st and 2nd editions are on his website, use web search. Parts of the current 3rd edition are there too).
Ironkey has been more careful than some other vendors
In what aspects? This is a topic I don’t know much about
Cryptography and tamper resistance implementation. E.g. search “ironkey fips certification”. Ironkey is a Kingston brand now though, and Kingston has traditionally been crap, so be careful. Anyway if it’s for run of the mill personal files where you just want some extra protection, the device is probably ok if you don’t mind the semi-ridiculous cost. This is interesting though: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/
There are more serious technical approaches to data protection, but fairly quickly the weak spot becomes the humans in the loop, which are harder to handle with pure technology.
I was going to suggest an attack similar to what I’d assume the guys in your link achieved—the actual data on the flash chip can be dumped easily, so if you can figure out the encryption algorithm used, you don’t need a whole lot of computational power to brute force a 15 digit numeric key (a couple of high end GPUs would probably get you there in an hour or so) and decrypt the dumped data.
the actual data on the flash chip can be dumped easily
I’d stop short of saying “easily” since you have to get the epoxy potting off of the chip. But you are right that there doesn’t seem to be any active tamper reactance. The numeric key is apparently 8 digits. Since it’s a 10 digit keypad, at least 2 of the digits are unused, and you might be able to recognize those from the comparative lack of fingerprints and wear on those specific keys. So that narrows down the search range some more.
Removed by mod
These are handy if you have to move sensitive information but I’ve experienced more than one event at work where irreplaceable files were lost due to user error on these type of drives.
I couldn’t tell you about the lifespan of these devices either, something tells me the keys won’t last more than a few years if it’s being used regularly.
If your only copy of critical data is on a portable storage device you are doing so many things wrong.
Agreed.
Have to stay within hiipa, sadly that means tech-illiterate c suite dipshits make decisions on hardware.
I’ll store my weird shit on an unsecured hard drive stashed in the woods. Like those that came before me, and those before me.
You meant and those before them right ?
I have one as a ‘last resort’ option. It’s got backups of BitWarden, Aegis and Standard Notes and is only connected to my machine during backups.
Nice just look at the most worn buttons
It seems like these drives can use up to 15 digit pins and lock out after a set number of attempts. I don’t if that would be a huge issue
Damn. Dude just comes in and ends the entire discussion.
Permutations have entered the chat
It still drastically narrows down the search space and makes social engineering a LOT easier.
Because you tend to have one of two sources for any password that people need to remember.
- Randomly generated with no rhyme or reason. And written down on a sticky note as a result
- Something with meaning to the user
And it is the latter where this becomes an issue. Because let’s say they are a 50 year old and 1, 4, 6, 7, and 9 are heavily worn. Well, they were born in the 70s so let’s verify exactly when. Hmm, May. No 5 means it probably isn’t their birthday. Wait… their partner was born on April 7th, 1976. No luck. Oh, but what if they were clever adn it is actually 197647 instead of 471976? Boom, in.
Related XKCD
It’s a shame more people don’t think of obscure numbers they’ve been forced to remember in the past or see constantly and use those.
-
A number from a song
-
Your middle school locker combination
-
The number of a local pizza place
-
Your library card number
-
The barcode number on something you carry around all the time
If you combined any two of those I imagine it would make for a pretty secure password.
a number from a song
I’ve got it! 8, 6, 7, 5, 3, 0, 9. Bulletproof, thanks op!
That’s why I said to combine it with something else. Jenny’s number might be in a dictionary that is used in a brute force attack but hopefully something like your middle school locker combination isn’t. It’s still 7 extra bits of entropy.
(yeah yeah but that’s not funny so I ignored it :p)
Password Entropy = length * log2(possible_chars). So this would actually add 7*log2(10) => 23 bits of entropy, assuming the attacker knew that this section was numeric, or ~45 bits if they didn’t.
For anyone curious: Current best practice is a minimum of 100 bits, or 16 characters assuming only letters, numbers, and special characters. The recommended minimum bits increases every year with computing power.
Thanks for the correction
No. That xkcd (not loading but I assume it is the password one?) is not relevant. Because you can’t make a meaningful and easy to remember mnemonic out of a numeric password. That is WHY a purely numeric password is bad for anything that needs security. They are great for 2fa but the unique key should still be the other device.
And all of your good codes are similarly easy to social engineer out, are screwed the moment it is compromised once, or are literally reading off a sticky note.
Which gets back to these kinds of devices largely being security theatre. Because there is no good use case for them that wouldn’t also involve encrypting the data/volume after you pin in. At which point… why waste money on something conspicuous with an easy to crack code?
I included it because passwords don’t need to be hard to remember. If they make sense to you and have a bit of thought behind them they can be just as secure.
I am not saying these codes are perfect but if they are the weakest link in your network of security it’s a decent start. Someone could be trying to get your passcode for days but unless they see you checking something like the bar code of a notebook before you have it memorized they could spend months guessing before realizing a segment of your passcode is the number of a pizza place in your hometown. It’s not exactly something that’s going to come up naturally.
I mentioned it in another comment but they also lock you out after a set number of attempts preventing brute force attacks.
I am not saying they aren’t overpriced for what you are getting ($100 for 8GB) and considering the other options that are available but I doubt they are significantly easier to crack than a smartphone
Look up how hard it is for humans to remember long strings of numbers. That is WHY ICQ (and eventually phone numbers) were dropped almost immediately in favor of social media and the ability to exchange numbers just by tapping phones.
And in the time it would take to memorize a bar code (12-ish digits, depending on standard) you likely should be rotating that password anyway. And in the time it would take to memorize it you are also very blatantly reading off a sticky note as you “discretely” look at your notebook every time you want to access your password database in public. And if you aren’t in public? Why go through these extra steps when there are much better ways to secure this that are a lot more obvious if they are tampered with.
I get that a youtuber you like talked about this. Youtubers talk about a lot of stupid products in the interest of making Content. But maybe listen to the people who have experience with this kind of hardware and the kind of security theatre policies that make them “a good idea”.
I think you might be confused.
I’m not saying these devices are good. I started the entire post by asking if people thought they were a novelty. I just don’t think it’s black and white and we got off on a tangent about passwords.
I think often enough people have a few numbers memorized that they can use and a lot of the time they’re going to be too obscure to social engineer. I don’t think you could do some CSI style deduction to narrow down a passcode that’s over ten digits in length. You could probably brute force it and it’s going to take less time than an alpha numeric code though.
-
Just press the rest of the keys after you unlock it. Or use all the keys in the password. Or purposefully scuff them up.
I wouldn’t trust any part of its hardware and software to store anything worth encrypting on it
I see one use-case, If you’re going w/ sth illegal as hell to a place where you might get arrested and searched for just being there i.e a protest, nuking your (illegal) data might save your ass.
As long as the security software it uses is solid I think it’s a decent idea.
What is your use case for this?
- Confidential files in a public setting? Don’t fucking bring confidential files to a public setting. But if you must, a big bulky laptop with (good) FDE is a lot more sequre than a flash drive someone can pickpocket.
- Border crossing? Guess what? You paint a MASSIVE red flag on your back and get to learn that you don’t actually have all that many rights in the time between stepping on foreign soil and being admitted by customs. Congrats, you gave them the wrong code three times and it got wiped. They are going to break your face and put you in a black site.
- Hiding sensitive/highly illegal content in the event of a police investigation: Yeah… if you are at the point where there is a warrant (or black van) out for your arrest than it really doesn’t matter if they can see whatever you were looking at last night.
At my old job we required these for “thumb drives” and all they ever did was make reformatting machines pure hell.
What is your use case for this?
In the ExplainingComputer’s video he was using it to store his passwords. I’m not sure if he was doing it in conjunction with something like an encrypted password database or a plain text file.
Too expensive. Use software encryption instead
Obligatory XKCD
Useful for what? Hiding stuff from family-member or coworkers? Yeah sure. Why not.
Hiding stuff from professionals that really want your data? Probably not very helpful.
Also what about backup? One controller-malfunction and your stuff goes poof. I just assume the data is somehow important or else you wouldn’t care about such a device 😊
Those are some good points. The IronKey Keypad 200 says it has a self recharging battery but I wonder how long it would last sitting out of use as a backup or if plugging it in would always be enough.
Self-recharging? The world needs more of this mysterious technology.
Yeah i am stumped what do they mean by that . Also that statement alone indicates their product is not good as they say.
I think they mean it doesn’t rely on a battery that would need to eventually be replaced. It wouldn’t have a disposable button cell battery for example
The ones that went through FIPS 140-2 Type 3 or above validation are legit. We used Apricorn for CUI data…examples: https://www.archives.gov/cui/registry/category-list
They are interesting. But they are a huge red flag and scream examine me if it’s in your luggage and your crossing a boarder.
I’m somewhat dubious about a hardware system not having long term undiscovered flaws. Be sure to use software based data protection on top of the hardware solution.
But they are a huge red flag and scream examine me if it’s in your luggage and your crossing a boarder.
Good point. I guess you’d need to look into key disclosure laws at that point
Depending one where you are this may may be seen as normal in many airports as this isn’t uncommon in a business setting
