Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

What are your thoughts on USB storage drives that have keypad encryption?

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?

It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

Jiggle_Physics ,

As long as the security software it uses is solid I think it's a decent idea.

solrize , (edited )

Ironkey has been more careful than some other vendors but the concept still seems dubious to me, if you are trying to stop serious attackers. You want the decryption key to be completely separated from the storage.

CorrodedCranium OP , (edited )
@CorrodedCranium@leminal.space avatar

Ironkey has been more careful than some other vendors

In what aspects? I don't know much about these specific devices

solrize , (edited )

Cryptography and tamper resistance implementation. E.g. search "ironkey fips certification". Ironkey is a Kingston brand now though, and Kingston has traditionally been crap, so be careful. Anyway if it's for run of the mill personal files where you just want some extra protection, the device is probably ok if you don't mind the semi-ridiculous cost. This is interesting though: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/

Also a teardown report: https://hardwear.io/netherlands-2021/presentation/teardown-and-feasibility-study-of-IronKey.pdf

There are more serious technical approaches to data protection, but fairly quickly the weak spot becomes the humans in the loop, which are harder to handle with pure technology.

9point6 ,

I was going to suggest an attack similar to what I'd assume the guys in your link achieved—the actual data on the flash chip can be dumped easily, so if you can figure out the encryption algorithm used, you don't need a whole lot of computational power to brute force a 15 digit numeric key (a couple of high end GPUs would probably get you there in an hour or so) and decrypt the dumped data.

solrize ,

the actual data on the flash chip can be dumped easily

I'd stop short of saying "easily" since you have to get the epoxy potting off of the chip. But you are right that there doesn't seem to be any active tamper reactance. The numeric key is apparently 8 digits. Since it's a 10 digit keypad, at least 2 of the digits are unused, and you might be able to recognize those from the comparative lack of fingerprints and wear on those specific keys. So that narrows down the search range some more.

catloaf ,

Or just change the pin once in a while.

Lojcs ,

Does this matter if it needs a password? Luks stores the key in storage too

solrize ,

If I understand Luks, the raw key is encrypted using the passphrase, so that is an ok scheme if the passphrase itself is too random to attack by brute force (unlike the 8 digit code that the Ironkey device uses). Look up "diceware" for a reasonable way to generate random phrases. Luks with this approach can be pretty good, though still potentially vulnerable to key loggers and other such attacks. Basically, put careful attention into what you are trying to protect against. High security commercial crypto (e.g. for banking) uses hardware modules in secure data centers, surrounded by 24/7 video surveillance. Check out the book "Security Engineering" by Ross Anderson if this sort of thing interests you. 1st and 2nd editions are on his website, use web search. Parts of the current 3rd edition are there too).

Dyskolos ,
@Dyskolos@lemmy.zip avatar

Useful for what?
Hiding stuff from family-member or coworkers? Yeah sure. Why not.

Hiding stuff from professionals that really want your data? Probably not very helpful.

Also what about backup? One controller-malfunction and your stuff goes poof. I just assume the data is somehow important or else you wouldn't care about such a device 😊

CorrodedCranium OP ,
@CorrodedCranium@leminal.space avatar

Those are some good points. The IronKey Keypad 200 says it has a self recharging battery but I wonder how long it would last sitting out of use as a backup or if plugging it in would always be enough.

scott ,
@scott@lem.free.as avatar

Self-recharging? The world needs more of this mysterious technology.

THE_MASTERMIND ,

Yeah i am stumped what do they mean by that . Also that statement alone indicates their product is not good as they say.

CorrodedCranium OP ,
@CorrodedCranium@leminal.space avatar

I think they mean it doesn't rely on a battery that would need to eventually be replaced. It wouldn't have a disposable button cell battery for example

THE_MASTERMIND ,

But that's an odd way to put it

kjake ,

The ones that went through FIPS 140-2 Type 3 or above validation are legit. We used Apricorn for CUI data…examples: https://www.archives.gov/cui/registry/category-list

tiredofsametab ,

First time I've seen something like that, but my initial thought was: wow, that's a lot of parts that can break and things that can go wrong (compared to only encrypting the data itself before storage).

NuXCOM_90Percent ,

What is your use case for this?

  • Confidential files in a public setting? Don't fucking bring confidential files to a public setting. But if you must, a big bulky laptop with (good) FDE is a lot more sequre than a flash drive someone can pickpocket.
  • Border crossing? Guess what? You paint a MASSIVE red flag on your back and get to learn that you don't actually have all that many rights in the time between stepping on foreign soil and being admitted by customs. Congrats, you gave them the wrong code three times and it got wiped. They are going to break your face and put you in a black site.
  • Hiding sensitive/highly illegal content in the event of a police investigation: Yeah... if you are at the point where there is a warrant (or black van) out for your arrest than it really doesn't matter if they can see whatever you were looking at last night.

At my old job we required these for "thumb drives" and all they ever did was make reformatting machines pure hell.

CorrodedCranium OP , (edited )
@CorrodedCranium@leminal.space avatar

What is your use case for this?

In the ExplainingComputer's video he was using it to store his passwords. I'm not sure if he was doing it in conjunction with something like an encrypted password database or a plain text file.

NuXCOM_90Percent ,

So it is confidential files in a public setting.

This is a solved problem that doesn't involve a small overly expensive flash drive that requires very blatant operation to unlock when needed.

PowerCrazy ,

I have a USB drive with a keypad on it, it stores my FIPS Compliant SSH-key for IL-5 government systems. I unlock it to add my key into my ssh-agent, and don't use it for anything else. Though it is an 8gig USB stick, so I could in theory run some kind of security/pen testing flavor of linux plus a VPN Client to connect to said systems.

constantokra ,

Is there a specific benefit to that over something like a security key with a keypad, or even just a passphrase?

PowerCrazy ,

The government is slow, so using a yubikey isn't authorized, but the datasur pro is, and the private key does have a passphrase.

Chefdano3 ,
@Chefdano3@lemm.ee avatar

One thing I can tell you, it's that you can't use them as bootable drives to install an OS from. And if you try to pass the USB connection from an ESXi host to a VM on it, it won't work.

Aside from that, they're really annoying to work with.

NuXCOM_90Percent ,

Didn't use ironkey specifically but you can totally boot from an apricorn. Basically involved plugging it in, rebooting the machine, and VERY rapidly entering the unlock code before the bios finishes starting up and gets to the "so which drives are bootable?" phase.

It was hellish but it was also corporate policy to not use any USB storage devices that did not have a keypad for encryption. And DVDs were strongly controlled by the IT department (who were about as stupid as you would expect to have signed off on a policy like that).

EuphoricSquirrel ,

If you are lucky enough to know the admin key for the apricorn drives you can put them in lock override mode which keeps it unlocked till it completely loses power off the USB bus

Chefdano3 ,
@Chefdano3@lemm.ee avatar

Ah it was easy enough to get the iron key unlocked during post, as those HP servers take forever to boot, problem was the bios couldn't recognize the USB. Whatever firmware is on it that does the security confused the system, and while it saw the drive, it didn't know what it was and wouldn't boot from it. In both uefi mode, and in legacy bios mode

ctr1 ,
@ctr1@fl0w.cc avatar

I have this device and use it to store my keepassxc and onlykey backups, and it's useful to me because I've stopped using passwords (I only need to remember the pins for these devices which can unlock my keepass dbs that have everything else).

It seems secure enough for my use case, especially since the files I store in it are themselves encrypted (the onlykey backup still requires a pin), but I still want them to be difficult to access.

I've had to rely on it before but only because I didn't prepare a backup onlykey ahead of time- ideally it should be one of many recovery methods. But so far it's worked great for me.

roguetrick ,

It's very hard to actually secure something someone has physical access to and that can be disassembled.

CorrodedCranium OP , (edited )
@CorrodedCranium@leminal.space avatar

Yeah. It does add another layer of security but if someone has the resources and motivation to get into an encrypted file or folder I suppose they could probably find a way around the hardware aspect. A bit of a niche use case.

I'm not sure how difficult it would be to get around the hardware aspect though especially with the higher end versions of these drives.

catloaf ,

Mere disassembly doesn't get you the date. Even if you read the chip directly, it would still be encrypted.

Gooey0210 ,

Looks find to me, depending on your use case, everything would have a use case

Many people mention airport red flags and checks, for me I never had any issues with the airport stuff, except one time in China when I had a full case of wires, really 10kg of wires, and they just asked me me to open and show, np

CosmicApe ,
@CosmicApe@kbin.social avatar

Why did you have a 10kg bag of wires?

BeMoreCareful ,

What, do you work at a Chinese airport or something?

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

1000001897

CosmicApe ,
@CosmicApe@kbin.social avatar

I'm the one asking questions here!

GBU_28 ,

What's your spaghetti policy here

FooBarrington ,

You said I'd be conducting the interview when I walked in here. Now, exactly how much pot did you smoke?

delirious_owl ,
@delirious_owl@discuss.online avatar

What do you buy when you're in China. Dude wanted cheap wires. Let him have his cheap wires.

Gooey0210 ,

There's nothing else to buy if you're in China!

Only except for cheaper original shoes, where i'm right now it's really hard to find original and cheap puma seude

Gooey0210 ,

I like wires! Who doesn't like wires??

I donct have much stuff, but i have a lot of electronics, and at that moment i was very into sdr, so, wires, antennas, adapters, antennas, wires, and also additional hdmis, vgas, ethernet cables, usb, chargers, etc, etc, etc

CosmicApe ,
@CosmicApe@kbin.social avatar

Fair, I do like wires

VonReposti ,

Farnsworth, is that you?

Gooey0210 ,

Exactly!

SheeEttin ,

Overkill and overpriced. If you're on Windows, bitlocker is enough. If you're on Linux, LUKS is enough.

I've used Apricorn drives at previous jobs. They're cool and very much fit for purpose, but I'd have a hard time justifying the significant price premium when software is nearly as good, free, and works with any drive.

delirious_owl ,
@delirious_owl@discuss.online avatar

Eh, I wouldn't trust a US company (that can be served an NSL and is obligated to install backdoors) to do your FDE.

For windows, veracrypt is safer than bitlocker

CorrodedCranium OP ,
@CorrodedCranium@leminal.space avatar

Is possible to veracrypt an entire Windows install?

ares35 ,
@ares35@kbin.social avatar

system disk encryption is possible, yes.

CorrodedCranium OP ,
@CorrodedCranium@leminal.space avatar

Huh I'll have to try it sometime

delirious_owl ,
@delirious_owl@discuss.online avatar

Yes

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

Bitlocker shouldn't be considered secure as it is a Windows only encryption that is a black box for the most part. Additionally your decryption keys are send to Microsoft

CorrodedCranium OP ,
@CorrodedCranium@leminal.space avatar

That seems to be the consensus. Would be significantly overkill and more of a neat novelty for a local backup of my taxes that's just going to sit on my desk.

Deceptichum ,
@Deceptichum@kbin.social avatar

Couldn't the data be cloned and cracked off device without having to worry about the pin code?

catloaf ,

Yes, but it's meant to be difficult to do. Encryption algorithms are designed and chosen to be expensive to crack, so that you'd need NSA-level clusters to find the key in our lifetime.

I don't know if you could attack the encryption controller itself to brute-force the PIN to release the key. I assume in theory it's possible, but unless you're a very desirable target, they probably won't spend the effort, and attack something weaker. Like your cell phone, or your kneecaps.

ryannathans ,

If they did it right it'd not store the key, but instead use something like PBKDF2

delirious_owl ,
@delirious_owl@discuss.online avatar

Do encryption in software. History taught us hard lessons about this.

CorrodedCranium OP , (edited )
@CorrodedCranium@leminal.space avatar

Can you think of some notable examples of hardware based encryption failing?

Besides the actual device dying I mean

jwt ,

https://m.youtube.com/watch?v=beMtNM7nwfQ&t=35m

Lojcs ,

There's no password involved in that demo

jwt ,

That wasn't part of the assignment. ;)

kevincox ,
@kevincox@lemmy.ml avatar

The downside with doing encryption in software is that you can't limit attempts. If you are using a high-entropy key this is fine. But getting users to use high-entropy keys has problems. If there is an HSM integrated into the device you can limit the potential guesses before the key is wiped which is critical without high-entropy keys.

A blog I follow recently had a good post about this: https://words.filippo.io/dispatches/secure-elements/

Of course you are still better off with a high-entropy key and software. But if you trade off too much usability in the name of security you will likely find that your users/employees just work around the security.

delirious_owl ,
@delirious_owl@discuss.online avatar

Sure you can. Use a memory hard hashing algo

kevincox ,
@kevincox@lemmy.ml avatar

That mitigates the problem but doesn't solve it. If you want unlocking to be <1s and your adversary has 10k times the RAM and can take a month they can make 26 billion guesses. So unless your password is fairly high entropy it is at risk. Especially if they have more resources or more time. PINs are definitely out of the question, and simple passwords too.

delirious_owl ,
@delirious_owl@discuss.online avatar

Good passwords are important. Always.

leraje ,
@leraje@lemmy.blahaj.zone avatar

I have one as a 'last resort' option. It's got backups of BitWarden, Aegis and Standard Notes and is only connected to my machine during backups.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • random
  • incremental_games
  • meta
  • All magazines
    •