Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

What are your thoughts on USB storage drives that have keypad encryption?

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?

It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

tiredofsametab ,

First time I've seen something like that, but my initial thought was: wow, that's a lot of parts that can break and things that can go wrong (compared to only encrypting the data itself before storage).

kjake ,

The ones that went through FIPS 140-2 Type 3 or above validation are legit. We used Apricorn for CUI data…examples: https://www.archives.gov/cui/registry/category-list

Dyskolos ,
@Dyskolos@lemmy.zip avatar

Useful for what?
Hiding stuff from family-member or coworkers? Yeah sure. Why not.

Hiding stuff from professionals that really want your data? Probably not very helpful.

Also what about backup? One controller-malfunction and your stuff goes poof. I just assume the data is somehow important or else you wouldn't care about such a device 😊

CorrodedCranium OP ,
@CorrodedCranium@leminal.space avatar

Those are some good points. The IronKey Keypad 200 says it has a self recharging battery but I wonder how long it would last sitting out of use as a backup or if plugging it in would always be enough.

scott ,
@scott@lem.free.as avatar

Self-recharging? The world needs more of this mysterious technology.

THE_MASTERMIND ,

Yeah i am stumped what do they mean by that . Also that statement alone indicates their product is not good as they say.

CorrodedCranium OP ,
@CorrodedCranium@leminal.space avatar

I think they mean it doesn't rely on a battery that would need to eventually be replaced. It wouldn't have a disposable button cell battery for example

THE_MASTERMIND ,

But that's an odd way to put it

solrize , (edited )

Ironkey has been more careful than some other vendors but the concept still seems dubious to me, if you are trying to stop serious attackers. You want the decryption key to be completely separated from the storage.

CorrodedCranium OP , (edited )
@CorrodedCranium@leminal.space avatar

Ironkey has been more careful than some other vendors

In what aspects? I don't know much about these specific devices

solrize , (edited )

Cryptography and tamper resistance implementation. E.g. search "ironkey fips certification". Ironkey is a Kingston brand now though, and Kingston has traditionally been crap, so be careful. Anyway if it's for run of the mill personal files where you just want some extra protection, the device is probably ok if you don't mind the semi-ridiculous cost. This is interesting though: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/

Also a teardown report: https://hardwear.io/netherlands-2021/presentation/teardown-and-feasibility-study-of-IronKey.pdf

There are more serious technical approaches to data protection, but fairly quickly the weak spot becomes the humans in the loop, which are harder to handle with pure technology.

9point6 ,

I was going to suggest an attack similar to what I'd assume the guys in your link achieved—the actual data on the flash chip can be dumped easily, so if you can figure out the encryption algorithm used, you don't need a whole lot of computational power to brute force a 15 digit numeric key (a couple of high end GPUs would probably get you there in an hour or so) and decrypt the dumped data.

solrize ,

the actual data on the flash chip can be dumped easily

I'd stop short of saying "easily" since you have to get the epoxy potting off of the chip. But you are right that there doesn't seem to be any active tamper reactance. The numeric key is apparently 8 digits. Since it's a 10 digit keypad, at least 2 of the digits are unused, and you might be able to recognize those from the comparative lack of fingerprints and wear on those specific keys. So that narrows down the search range some more.

catloaf ,

Or just change the pin once in a while.

Lojcs ,

Does this matter if it needs a password? Luks stores the key in storage too

solrize ,

If I understand Luks, the raw key is encrypted using the passphrase, so that is an ok scheme if the passphrase itself is too random to attack by brute force (unlike the 8 digit code that the Ironkey device uses). Look up "diceware" for a reasonable way to generate random phrases. Luks with this approach can be pretty good, though still potentially vulnerable to key loggers and other such attacks. Basically, put careful attention into what you are trying to protect against. High security commercial crypto (e.g. for banking) uses hardware modules in secure data centers, surrounded by 24/7 video surveillance. Check out the book "Security Engineering" by Ross Anderson if this sort of thing interests you. 1st and 2nd editions are on his website, use web search. Parts of the current 3rd edition are there too).

Jiggle_Physics ,

As long as the security software it uses is solid I think it's a decent idea.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • random
  • incremental_games
  • meta
  • All magazines
    •