What are your thoughts on USB storage drives that have keypad encryption?

makeasnek , 4 months ago

Hardware signing devices have lots of utility because they keep the key from ever being on the machine (which is more likely to be compomised). Think ledger or trezor for your Bitcoin. Hardware encryption devices are just really expensive and black-box ways to avoid Veracrypt.

If your encryption algorithm is secure, you have no use for automatic lock-out. If it's not, automatic lockout won't do much against an attacker with physical access to the device. Unless they are dumb enough to trigger the lockout AND the internal memory wipes itself sufficiently well AND/OR the attacker doesn't have the resources to reverse engineer the device.

kevincox , 4 months ago

If your encryption algorithm is secure, you have no use for automatic lock-out.

This isn't true. You need your algorithm and your key to be secure. If the key needs to be remembered or entered often it probably can't be secure. So brute force protection becomes very important.

If it’s not, automatic lockout won’t do much against an attacker with physical access to the device.

This isn't true. Yes, with enough time and effort it is possible to extract any data from any device. But in practice physical HSMs do an excellent job at raising the cost of key extraction. I would much rather have an attacker steal my Yubikey than a USB with my GPG key lying on it.

inclementimmigrant , 4 months ago

I use them in my job and I find them better than the software only solution and I like them when I have to use them for sensitive file transfers.

Churbleyimyam , 4 months ago

Good until you spill a Cuppasoup on it's chinesium keyboard.

HowMany , 4 months ago

Something else to break down.

solrize , 4 months ago (edited 4 months ago)

Ironkey has been more careful than some other vendors but the concept still seems dubious to me, if you are trying to stop serious attackers. You want the decryption key to be completely separated from the storage.

CorrodedCranium OP , 4 months ago (edited 4 months ago)

Ironkey has been more careful than some other vendors

In what aspects? I don't know much about these specific devices

solrize , 4 months ago (edited 4 months ago)

Cryptography and tamper resistance implementation. E.g. search "ironkey fips certification". Ironkey is a Kingston brand now though, and Kingston has traditionally been crap, so be careful. Anyway if it's for run of the mill personal files where you just want some extra protection, the device is probably ok if you don't mind the semi-ridiculous cost. This is interesting though: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/

Also a teardown report: https://hardwear.io/netherlands-2021/presentation/teardown-and-feasibility-study-of-IronKey.pdf

There are more serious technical approaches to data protection, but fairly quickly the weak spot becomes the humans in the loop, which are harder to handle with pure technology.

9point6 , 4 months ago

I was going to suggest an attack similar to what I'd assume the guys in your link achieved—the actual data on the flash chip can be dumped easily, so if you can figure out the encryption algorithm used, you don't need a whole lot of computational power to brute force a 15 digit numeric key (a couple of high end GPUs would probably get you there in an hour or so) and decrypt the dumped data.

solrize , 4 months ago

the actual data on the flash chip can be dumped easily

I'd stop short of saying "easily" since you have to get the epoxy potting off of the chip. But you are right that there doesn't seem to be any active tamper reactance. The numeric key is apparently 8 digits. Since it's a 10 digit keypad, at least 2 of the digits are unused, and you might be able to recognize those from the comparative lack of fingerprints and wear on those specific keys. So that narrows down the search range some more.

catloaf , 4 months ago

Or just change the pin once in a while.

Lojcs , 4 months ago

Does this matter if it needs a password? Luks stores the key in storage too

solrize , 4 months ago

If I understand Luks, the raw key is encrypted using the passphrase, so that is an ok scheme if the passphrase itself is too random to attack by brute force (unlike the 8 digit code that the Ironkey device uses). Look up "diceware" for a reasonable way to generate random phrases. Luks with this approach can be pretty good, though still potentially vulnerable to key loggers and other such attacks. Basically, put careful attention into what you are trying to protect against. High security commercial crypto (e.g. for banking) uses hardware modules in secure data centers, surrounded by 24/7 video surveillance. Check out the book "Security Engineering" by Ross Anderson if this sort of thing interests you. 1st and 2nd editions are on his website, use web search. Parts of the current 3rd edition are there too).

NuXCOM_90Percent , 4 months ago

What is your use case for this?

• Confidential files in a public setting? Don't fucking bring confidential files to a public setting. But if you must, a big bulky laptop with (good) FDE is a lot more sequre than a flash drive someone can pickpocket.
• Border crossing? Guess what? You paint a MASSIVE red flag on your back and get to learn that you don't actually have all that many rights in the time between stepping on foreign soil and being admitted by customs. Congrats, you gave them the wrong code three times and it got wiped. They are going to break your face and put you in a black site.
• Hiding sensitive/highly illegal content in the event of a police investigation: Yeah... if you are at the point where there is a warrant (or black van) out for your arrest than it really doesn't matter if they can see whatever you were looking at last night.

At my old job we required these for "thumb drives" and all they ever did was make reformatting machines pure hell.

CorrodedCranium OP , 4 months ago (edited 4 months ago)

What is your use case for this?

In the ExplainingComputer's video he was using it to store his passwords. I'm not sure if he was doing it in conjunction with something like an encrypted password database or a plain text file.

NuXCOM_90Percent , 4 months ago

So it is confidential files in a public setting.

This is a solved problem that doesn't involve a small overly expensive flash drive that requires very blatant operation to unlock when needed.

Count042 , 4 months ago

I don't trust hardware implementations of encryption in the same way I don't trust hardware raid arrays.

NabeGewell , 4 months ago

I wouldn't trust any part of its hardware and software to store anything worth encrypting on it

Gooey0210 , 4 months ago

Looks find to me, depending on your use case, everything would have a use case

Many people mention airport red flags and checks, for me I never had any issues with the airport stuff, except one time in China when I had a full case of wires, really 10kg of wires, and they just asked me me to open and show, np

CosmicApe , 4 months ago

Why did you have a 10kg bag of wires?

BeMoreCareful , 4 months ago

What, do you work at a Chinese airport or something?

possiblylinux127 , 4 months ago

1000001897

CosmicApe , 4 months ago

I'm the one asking questions here!

GBU_28 , 4 months ago

What's your spaghetti policy here

FooBarrington , 4 months ago

You said I'd be conducting the interview when I walked in here. Now, exactly how much pot did you smoke?

delirious_owl , 4 months ago

What do you buy when you're in China. Dude wanted cheap wires. Let him have his cheap wires.

Gooey0210 , 4 months ago

There's nothing else to buy if you're in China!

Only except for cheaper original shoes, where i'm right now it's really hard to find original and cheap puma seude

Gooey0210 , 4 months ago

I like wires! Who doesn't like wires??

I donct have much stuff, but i have a lot of electronics, and at that moment i was very into sdr, so, wires, antennas, adapters, antennas, wires, and also additional hdmis, vgas, ethernet cables, usb, chargers, etc, etc, etc

CosmicApe , 4 months ago

Fair, I do like wires

VonReposti , 4 months ago

Farnsworth, is that you?

Gooey0210 , 4 months ago

Exactly!

montar , 4 months ago

I see one use-case, If you're going w/ sth illegal as hell to a place where you might get arrested and searched for just being there i.e a protest, nuking your (illegal) data might save your ass.

PowerCrazy , 4 months ago

I have a USB drive with a keypad on it, it stores my FIPS Compliant SSH-key for IL-5 government systems. I unlock it to add my key into my ssh-agent, and don't use it for anything else. Though it is an 8gig USB stick, so I could in theory run some kind of security/pen testing flavor of linux plus a VPN Client to connect to said systems.

constantokra , 4 months ago

Is there a specific benefit to that over something like a security key with a keypad, or even just a passphrase?

PowerCrazy , 4 months ago

The government is slow, so using a yubikey isn't authorized, but the datasur pro is, and the private key does have a passphrase.

GolfNovemberUniform , 4 months ago

Too expensive. Use software encryption instead

SheeEttin , 4 months ago

Overkill and overpriced. If you're on Windows, bitlocker is enough. If you're on Linux, LUKS is enough.

I've used Apricorn drives at previous jobs. They're cool and very much fit for purpose, but I'd have a hard time justifying the significant price premium when software is nearly as good, free, and works with any drive.

delirious_owl , 4 months ago

Eh, I wouldn't trust a US company (that can be served an NSL and is obligated to install backdoors) to do your FDE.

For windows, veracrypt is safer than bitlocker

CorrodedCranium OP , 4 months ago

Is possible to veracrypt an entire Windows install?

ares35 , 4 months ago

system disk encryption is possible, yes.

CorrodedCranium OP , 4 months ago

Huh I'll have to try it sometime

delirious_owl , 4 months ago

Yes

possiblylinux127 , 4 months ago

Bitlocker shouldn't be considered secure as it is a Windows only encryption that is a black box for the most part. Additionally your decryption keys are send to Microsoft

CorrodedCranium OP , 4 months ago

That seems to be the consensus. Would be significantly overkill and more of a neat novelty for a local backup of my taxes that's just going to sit on my desk.

Deceptichum , 4 months ago

Couldn't the data be cloned and cracked off device without having to worry about the pin code?

catloaf , 4 months ago

Yes, but it's meant to be difficult to do. Encryption algorithms are designed and chosen to be expensive to crack, so that you'd need NSA-level clusters to find the key in our lifetime.

I don't know if you could attack the encryption controller itself to brute-force the PIN to release the key. I assume in theory it's possible, but unless you're a very desirable target, they probably won't spend the effort, and attack something weaker. Like your cell phone, or your kneecaps.

ryannathans , 4 months ago

If they did it right it'd not store the key, but instead use something like PBKDF2

roguetrick , 4 months ago

It's very hard to actually secure something someone has physical access to and that can be disassembled.

CorrodedCranium OP , 4 months ago (edited 4 months ago)

Yeah. It does add another layer of security but if someone has the resources and motivation to get into an encrypted file or folder I suppose they could probably find a way around the hardware aspect. A bit of a niche use case.

I'm not sure how difficult it would be to get around the hardware aspect though especially with the higher end versions of these drives.

catloaf , 4 months ago

Mere disassembly doesn't get you the date. Even if you read the chip directly, it would still be encrypted.