Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Data Storage Privacy Security Toys

Encrypted USB Key With TOR, Firefox 170

An anonymous reader writes "Gizmodo has a writeup on the new IronKey — a self-destructing, hardware-encrypted and -authenticated USB flash drive with on-board secure Firefox, high-speed TOR network, password manager, and online encrypted backup. Here is the demo page. $79 for a 1GB, $149 for 4GB." Ironkey works on XP and Vista only. Let's hope its self-destruct feature works better than Secustick's.
This discussion has been archived. No new comments can be posted.

Encrypted USB Key With TOR, Firefox

Comments Filter:
  • If it works, spies will love it.

    I bet it gets cracked within 30 days.
    • If it works, spies will love it.

      Actually most of the spies I know take a low tech approach to the job. Far better just to email the stuff to your own hotmail account, than to have it on you in a potentially crackable form.

      "flash-trash" technology notwithstanding

      • Mmmm? (Score:4, Funny)

        by Elemenope ( 905108 ) on Sunday July 29, 2007 @07:29AM (#20031255)
        Most of the spies you know?
        • Re:Mmmm? (Score:5, Funny)

          by infonography ( 566403 ) on Sunday July 29, 2007 @10:34AM (#20032217) Homepage
          Spies? Who said anything about Spies Comrade. Natasha bring some nice tea for Moose and Squirrel here. - Boris Badenov

          /soto voice/ Remember to put truth serum in it this time /

          Yes dollink -Natasha Fatale
        • Re: (Score:3, Funny)

          by kestasjk ( 933987 )
          I meet spies on IRC all the time, it's no big deal. Most of them are huge manga buffs too
          • Re: (Score:3, Funny)

            by PopeRatzo ( 965947 ) *

            I meet spies on IRC all the time, it's no big deal. Most of them are huge manga buffs too
            I know what you mean. All my neighbors are spies. When I take the Ashland Ave bus there are usually 20 or 30 spies on there.

            And the government spied on me through the television until I bought 20 square yards of copper screen to wrap around my sofa. I got the plans from a guy on IRC.

            And voices are telling me Astro Boy is Jesus.
            • Dude, everyone knows the CTA has cameras and mind-control devices installed on all buses and trains. If you want to be free, you must WALK.
    • by gweihir ( 88907 )
      I bet it gets cracked within 30 days.

      If anybody is interested enough to make the attempt. Which may not be the case. A lot of bad security is never broken, because nobody cares enough.
      • A lot of bad security is never broken, because nobody cares enough.

        Oh, that's why there isn't any malware for MacOSX/Linux. I knew there was nothing to that OSS->Security arguments.

  • by Bob Gelumph ( 715872 ) on Sunday July 29, 2007 @06:56AM (#20031111)
    In how many countries is it already illegal to possess one?
    • Re: (Score:3, Informative)

      by sakdoctor ( 1087155 )
      It's legal to possess one here in airstrip one, but I'm going to need some plausibility deniablity with my self destructing key thanks to the RIP act.
  • 10 tries? (Score:5, Funny)

    by MichaelSmith ( 789609 ) on Sunday July 29, 2007 @07:03AM (#20031131) Homepage Journal

    after ten consecutive failed password attempts, the IronKey self-destructs

    For better security, type the wrong password nine times before you take it on the plane.

    • Re: (Score:3, Insightful)

      by Kazymyr ( 190114 )
      Who modded this funny? It's actually very sound advice.
      • Only 10 tries are allowed. Do you want to increase the risk of the destruction of your data because some TSA goon tried to guess a password? I would think they would give up before 10 attempts but might try one or two maybe.

        Artificially reducing the re-try count to 1 seems to increase risk of data loss with negligible increase in security...but I'm no security expert.
        • Artificially reducing the re-try count to 1 seems to increase risk of data loss

          God, we're such geeks. Yes, data loss=bad, but in this case, data loss would be kind of the point. Better not to have the blueprints than let the enemy have them.
          • Re: (Score:3, Insightful)

            by iminplaya ( 723125 )
            Better not to have the blueprints than let the enemy have them.

            Is that code for "keeping your wife out of your porn collection"?
    • You'd better hope you don't hit some turbulence as you're typing your password in. I'd do 7 or 8 wrong passwords just to give myself a little bit of wiggle room.
    • by WED Fan ( 911325 )

      For better security, type the wrong password nine times before you take it on the plane.

      <sarcasm>Is that what most of the spies [slashdot.org] you know do?</sarcasm>

      Honestly, why not just configure it to destruct after 1 failed password? (Note: I know nothing of the product, but if you can't configure this, then it is a waste. 10???????? attempts? Great if you have a non-TLA agency trying to crack it, or the person isn't working with a list of your likely passwords.

      • Re: (Score:3, Informative)

        You know, you are allowed to use something other than your birthday, your pet's name, and your favorite Transformer as passwords... Some of us use random sequences of characters. If you can't remember such a thing, use a pronounceable string of letters (make it plenty long), such as generated by pwgen [sourceforge.net]. It is much easier to remember a string of sounds that is perhaps 4 syllables long than a string of characters which is 12 characters long.
        • you are allowed to use something other than your birthday, your pet's name, and your favorite Transformer as passwords...

          NOOO... who told you? I mean, I hate Megatron... Are favorite Pokemon any more secure?

      • by Sigma 7 ( 266129 )

        Honestly, why not just configure it to destruct after 1 failed password?

        I've experienced a few cases where I mistyped a password that I did know. This resulted in an account lockout (and thus preventing me from doing some of my work properly), as I took around three attempts. Normally, typing in a password is not an issue, but if you are tired, hyperactive or confused, you will encounter this problem.

        Also, if you have an acceptable-strength password (e.g. random alphanumeric of 8 characters), there's no practical difference in security between 1 attempt and 10 attempts. A

    • Get ready for the movie hit of 2007: Sticks on a Plane! xD
  • by koh ( 124962 ) on Sunday July 29, 2007 @07:06AM (#20031147) Journal

    Ironkey works on XP and Vista only.

    Remember, it's only secure as long as you don't plug it in.

    I know, I know. I kid.

    • by StarfishOne ( 756076 ) on Sunday July 29, 2007 @10:15AM (#20032107)
      When I read that it only works under XP and Vista, the first thought that I had was actually that, instead of Ironkey, they should have called it Irony ;P
      • by numbski ( 515011 ) *
        The under XP and Vista thing, I'm curious - is this because it isn't a UMS device (thus no drivers for Linux, BSD, and OSX) or that it IS a umass device, but the software that triggers the hardware stuff is win32, and thus the security features are useless on anything else.

        If the latter, then yes, this *is* a joke. If the former, if the hardware documentation is released to open source groups and drivers written, this might not be so bad...
  • by iamacat ( 583406 ) on Sunday July 29, 2007 @07:10AM (#20031163)
    If you don't trust the host machine, it can log the password, read/alter your data after the valid password is entered and even maliciously destroy your data by simulating 11 wrong authentication attempts. If you do trust the host, there is little point in hardware encryption/authentication. And if your flash drive is physically stolen, it's enough to have plain software file encryption. Sounds like a solution in search of users who misunderstand the problem.
    • by BlueParrot ( 965239 ) on Sunday July 29, 2007 @07:33AM (#20031277)

      If you do trust the host, there is little point in hardware encryption/authentication.
      It is still a good idea to have hardware that supports it. In particular, USB flash drives have a tendancy to store logical changes to data in new physical locations. They do this in order to minimise the number of writes to any one portion of the drive, and thus extend the lifetime of the flash memory. Normally this is a good thing, but for encryption purposes it is a pain since it makes it difficult to change / revoke a key without overwriting the entire drive. Of course, if you suspect a key has been compromised it is just good practise to do so anyway ( or better yet, destroy the drive).
      • by Anonymous Coward on Sunday July 29, 2007 @09:48AM (#20031957)
        It isn't useless because of host security. They need to make a mod that fit my needs. I need it to have a timer on it that after I update the data, it expires after a set time in days. After it expires, it can erase everything. The problem with encrypted data is that it can be decrypted. Destroying the data on the USB drive prevents rubber-hose-attacks and law enforcement could not detain me beyond the auto destruct time I set in days. In other words, destroying data means beating or detaining me to get my passphrase now becomes a useless attack. I don't think it is fair to suggest no one has a use for self-destructing systems; they assure the data can never fall into the wrong hands.

        I, however, am looking for a USB key with the encryption and password entry built into the key itself. I am looking to enter the password or fingerprint on the device. That way, I am not dependent on the host. The drive could allow mounting after the biometric or password are supplied to it, and present a FAT32 volume, which would mount on any OS. I am looking for a portable solution.
        • I, however, am looking for a USB key with the encryption and password entry built into the key itself. I am looking to enter the password or fingerprint on the device. That way, I am not dependent on the host. The drive could allow mounting after the biometric or password are supplied to it, and present a FAT32 volume, which would mount on any OS. I am looking for a portable solution.

          Tell me, what does it matter if the decryption is in the hardware if you send the password through the USB stack ? How will

        • by iamacat ( 583406 )
          Care to explain just what exactly do you do for a living to make it worthwhile for someone to keep beating you up for two weeks to get to your USB drive?
        • by rdl ( 4744 )
          One of the "swipe" fingerprint readers would be great for this. I think I've seen them in USB key form factor, maybe 1cm3, and compatible with USB power.
    • Re: (Score:3, Insightful)

      by TubeSteak ( 669689 )

      If you do trust the host, there is little point in hardware encryption/authentication.
      The point of having onboard hardware encryption is that you don't need to install a decryptor on someone else's box.

      I generally agree with the rest of your points though.
    • by rdl ( 4744 ) <ryan.venona@com> on Sunday July 29, 2007 @07:43AM (#20031323) Homepage
      I agree. The best security is to have your own trusted CPU/display/input (i.e. a laptop or pda). This is getting easier all the time -- a PDA or cellphone is close to sufficient for most non-data-entry tasks.

      Failing that, I'd go with something which uses commodity, standard, and commonly available technology at the lowest level possible. It's PROBABLY the case that a DVI monitor is not bugged; much less likely that a random DVI monitor at a net cafe is itself secure than that the host OS is secure.

      The host OS and applications installed are by far the weakest link. I carry a laptop everywhere, but the next step down from that is a bootable USB flash drive with your choice of secured OS installation on it. It's easy enough to implement disk encryption.

      It is also fairly straightforward to use "write only" public key cryptography (i.e. each time you save your work, encrypt it with a public key, the private key for which is held on trusted hardware at home).

      The only customization I'd do to the USB dongle would be for protecting the keying data -- some way to mount a / partition, but have a data partition which is encrypted with PKC held on the USB device, with only the passphrase being entered into the local PC, rather than an actual key entered via the host PC. This in practice only gives you marginally better security, as if you used a hardware-trojaned PC (or vmware installation...) to boot your USB device, that trojaned machine could just copy the relevant data out of your USB key.

      There are a lot of "procedural" ways to improve security with this USB boot thing. Maybe have multiple partitions, each with different keys, per project or security level. If you're at a machine belonging to client A, and need access to client A files, you can stick your USB in a client A machine, boot, and then only unlock the client A partition on the USB. Or if you just need basic secure computing, but not access to your stored files, you could just unlock the OS partitions, leaving your own data partitions encrypted. Or, just buy multiple USB keys, and stick the least important key into the machine that is needed to accomplish your task.
      • by LuSiDe ( 755770 )
        Insecure lines, potentially bugged monitors and keyboards and such are mitigated by using S/Key or OPIE. *BSD and Linux support these w/SSH.
        • by rdl ( 4744 )
          You can protect your passphrases with one-time passwords, but can't really protect the data :) If you're viewing your secret mission plans or whatever on a bugged monitor, obviously the secret mission plans might be compromised, even if the one time password is no longer valuable.

          It's a little more difficult to keep changing passphrases for bulk encrypted data stored locally, and a lot of the value of a USB drive vs. network storage is offline or limited-bandwidth use. (otherwise, just store all your sens
          • by LuSiDe ( 755770 )
            Good point however, to defeat a keylogger, S/Key & OPIE work great. If you suspect a keylogger you obviously don't trust the whole computer hence the monitor argument is kinda moot. In my opinion, at least.

            I was more thinking about a situation where you actually have to copy the data over to a local storage device without watching the data itself while protecting the source. S/Key and OPIE only do the latter. A bugged monitor or bugged keyboard is not a viable attack against such situation. A bugged USB
    • by Lumpy ( 12016 )
      If he host is running XP or Vista? no I do not trust the host.

      Give me a USb key with incredibly hard to break encryption and a linux live CD. barring someone installing a keylogger INSIDE the machine it's safe. and there are ways to get around that as well, on screen keyboard for example.

      • by gweihir ( 88907 )
        Give me a USb key with incredibly hard to break encryption and a linux live CD. barring someone installing a keylogger INSIDE the machine it's safe. and there are ways to get around that as well, on screen keyboard for example.

        Sounds good, but is bad as well. Frist there are keyboard-based hardware keyloggers. Second, whow do you know you are not booting into a virtual machine? With the PC actually waking from hibernation instead of booting clean? I bet the effort to rig this would be quite reasonable.
    • Sounds like a solution in search of users who misunderstand the problem.

      The number of people that understand security/encryption/related is very small. I don't think I qualify as being knowledgeable. Anyways, it's a big potential market out there, those that don't know any better.
    • ``If you don't trust the host machine...''

      And you shouldn't, because it runs Windows. All Microsoft-bashing and fanboyism aside, Windows just cannot be trusted.
    • Re: (Score:2, Informative)

      You can learn more about why hardware encryption is better than software encryption in our whitepaper: https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf [ironkey.com] Briefly: - it is 5 to 10 times faster than software encryption, which is important if copying large files or running portable applications off the device - the key storage is far more secure. IronKey stores randomly generated AES keys in a tamper-resistant chip which will destroy itself if physically or electrically
      • by iamacat ( 583406 )
        Thanks for the official word. So basically, advantages of IronKey over saving an encrypted dmg on a regular flash drive:

        1. Faster. Now qualify this - did you run benchmark against a SSE3-optimized software implementation running on 2.33Ghz Core 2 Duo? Does the later really performs AES slower than the speed of USB2 or read/write speed of your flash hardware?

        2. Hardware-based self-destruct

        Disadvantages of IronKey:

        1. No way for the user to supply their own algorithm other than AES - say if they distrust US go
  • What caught my eye was the blurb about high speed Tor...

    I thought, OMG! I want, NOW!!
  • by alexandre ( 53 ) * on Sunday July 29, 2007 @08:17AM (#20031471) Journal
    http://feraga.com/node/94 [feraga.com] - why not use this instead on any key...
  • pointless security (Score:3, Insightful)

    by bl8n8r ( 649187 ) on Sunday July 29, 2007 @08:33AM (#20031557)
    While you're decrypting your Sup3rs3kr3t w4r3z on the usb key, any malware* you haven't found yet is potentially logging every keystroke. You need to choose windows, or security; you really can't have both.

    [*] - http://www.emsisoft.com/en/malware/?Adware.Win32.P owered+Keylogger [emsisoft.com]
  • Hmmm (Score:3, Informative)

    by The MAZZTer ( 911996 ) <.moc.liamg. .ta. .tzzagem.> on Sunday July 29, 2007 @08:48AM (#20031649) Homepage
    But for $149 you could get a simple 16gb thumb drive and just use TrueCrypt...
  • by BitZtream ( 692029 ) on Sunday July 29, 2007 @08:56AM (#20031683)
    I've write encryption software for use by normal users on USB devices (shameless plug: http://www.rtsz.com/products/pss/ [rtsz.com] ) and it never ceases to amaze the bullshit that people fall for.

    I try my best to prevent false claims in our advertising, things like 'Your data is completely secure' falls into the false catagory as far as I'm concerned.

    We've had two major companies asking us for secure USB devices to hold sensitive personal information, one of which was medical related, the other of which I dont recall right off the top of my head. Both of these places wanted software you could install on ANY flash drive, would encrypt all the data on it, would prevent the data from ever being copied off to another device, harddrive or whatever, and of course would automatically destroy itself if too many incorrect passwords were given.

    Needless to say we were unable to help them, or even explain to them that what they were asking for is not currently possible. This is probably a failure to communicate on my part, but the real scary part is they went with other companies who claimed they could do it! Just to be clear, this was a software only solution running on any PC with the data on any flash drive.

    Makes me wonder if we should start letting the BS flow in order to boost sales :(
  • This is old news.. (Score:5, Informative)

    by hacker ( 14635 ) <hacker@gnu-designs.com> on Sunday July 29, 2007 @09:08AM (#20031735)

    I did a talk for my local LUG [eclug.net] back in September of 2006 describing exactly how to do this [eclug.net] using TrueCrypt [truecrypt.org] for Linux and Windows

    I described in detail how to install, boot and use the USB key as a bootable Linux distribution, and also how to use the USB key in Windows (or Linux) with TrueCrypt, using some fancy tricks to auto-prompt for the password upon insertion of the key, how to use a slew of PortableApps on the key, and even a launchable menu to find and access them.

    This was almost a full year ago. IronKey, whatever it is, is nothing new.

  • ``high-speed TOR network''

    There is such a thing? I mean in terms of latency?
  • by gweihir ( 88907 ) on Sunday July 29, 2007 @09:51AM (#20031971)
    There is basically one option that works: A secure microcontoller, that keeps the key in internal RAM and does all the encryption and decryption itself. Everything else can be broken by interrupting or disabling the writes. AFAIK you cannot get any secure microcontroller for the price they claim. Certainly you cannot get one that does encryption and decryption with decent speeds.

    According to the website, it does a "flash trash". This is insecure. Flash writing is relatively slow and draws a lot of energy. This allows stopping and preventing writes to flash. Also, unless they use special flash chips, the same hack as with the Secustick will work. Again, for the price I do not see them getting a specially bonded or manufactured Flash chip. Even if they do, desolder the chip and read it directly. You can then clone it for unlimited attack attempts.

    I ecpect this will be relatively easy to break, just as the Secustick, i.e. at best a small step above a conventional stick encrypted, e.g., with TrueCrypt.
    • by rdl ( 4744 )
      It's epoxy potted, which means you need to break out the dremel and some acid to get to the chips, so I wouldn't reliably say I could get the data off a SINGLE instance of this device, at least not without practicing on some spares first.

      There's a big difference in attacking a one-off device vs. recovering something like the decoder keys from a bluray player where ANY single device is sufficient.

      (I wonder if they potted it more for mechanical durability than for security, however)

      Basically, if it's not FIPS
      • by gweihir ( 88907 )
        It's epoxy potted, which means you need to break out the dremel and some acid to get to the chips, so I wouldn't reliably say I could get the data off a SINGLE instance of this device, at least not without practicing on some spares first.

        Takes patience, that is all. And you can get theones to practice on quite cheaply. However the epoxy will possibly prevent published break-ins, since nobody wants to spend the effort.

        Basically, if it's not FIPS 140-2 Level 4, it's crap. No solely bus-powered device will mee
        • by rdl ( 4744 )
          I think I could put enough capacitor power inside a USB shell to zeroize. The problem is having enough power to continuously monitor, AND protect those batteries well enough that they themselves are not a point of failure.

          DS did this with the iButton, and that can fit inside the USB key form factor.

          You might be able to get an ultracapacitor now which would power tamperdetect/destroy circuits for a few days at a time, and recharge when on USB. I'd be fine with a device which needed to be plugged into USB e
      • If it doesn't have an internal battery, a totally reliable means of detecting intrusion, and finally the ability to erase the data memory before an attacker with laser or drill cuts the PCB track from the battery then this is insecure.

        Just destroying the escrow keys is not enough. Doubt they are using really heavy crypto such as the AES-Twofish-Serpent I use fo r my TrueCrypt backups... after all they are using a relatively moderate performance microcontroller for the OTF decryption.

        Like the crypto descript
        • Doubt they are using really heavy crypto such as the AES-Twofish-Serpent I use fo r my TrueCrypt backups... after all they are using a relatively moderate performance microcontroller for the OTF decryption.

          I don't know what they're using, but there's no reason they can't be using AES. AES is a very efficient algorithm, significantly faster in software (or hardware) than DES, and low-performance microcontrollers have been able to perform 3DES in software with acceptable performance for over a decade. Performance was one of the key requirements for AES and, in fact, the cipher selected (Rijndael) was the fastest of the serious competitors.

      • Re: (Score:2, Interesting)

        The key-store in the cryptochip will destruct if tampered with physically or electrically.

        You are right that without a battery we cannot reliably delete the gigabytes of encrypted data if the device is immediately pulled out of a power supply and never re-inserted into another computer. This would only happen with a very determined and knowledgeable attacker. In such case, their recourse is to disassemble the device and try to attack AES encrypted data.

        Because the AES keys are randomly generated, and

        • by gweihir ( 88907 )
          So, do you have a power-source in there? Without one, your claims are bogus, since you cannot reliably detete the key-store in the crypto chip. (And without one, that would be a key stored in Flash.)If you think of attackers "pulling out the key",then you are still thinking of amateurs. Think more of attackers using ultra-fast current sensing equipment and nanosecond switching power-mos power cutout circuits. Still costs less than a few hundred dollard to make. And then you are getting somewere...

          So if you
      • Basically, if it's not FIPS 140-2 Level 4, it's crap.

        I wouldn't go that far. A level 3 device would be more than adequate for most people.

        • by rdl ( 4744 )
          True. Depends on price point, really.

          There's also "designed to meet" vs. "certified". I'd be fine with level 3 cert, designed to meet 4, at least in most areas.
  • by DisorderlyConstruct ( 1002246 ) on Sunday July 29, 2007 @10:53AM (#20032357)
    Instead of this, you can get Fearless Browser [moka5.com] for free and install it on any USB drive. It is far more secure than any Windows version because it runs in a Gentoo-based virtual machine. It comes preconfigured with Tor and OpenDNS anti-phishing, and is updated frequently. I carry it around everywhere I go and use it at friend's houses and public terminals that I don't trust.
    • Re: (Score:3, Insightful)

      by Hatta ( 162192 )
      A keystroke logger in the host OS or hardware could still be catching your passphrase.
      • Re: (Score:2, Informative)

        They have a bare metal version [moka5.com] that boots directly off the stick, so you don't need to worry about a compromised OS. I keep all my passwords stored in the Fearless Browser, encrypted with a main password. A hardware keylogger will only be able to capture my USB stick password, which is useless without my USB stick. It's an easy way to do two-factor authentication.

  • by BlueCoder ( 223005 ) on Sunday July 29, 2007 @12:15PM (#20032889)
    In all reality you wouldn't plug it in, you'd take the thing apart and dissolve the black goo. Then you would proceed with a hardware attack, reading the contents of the flash memory out and then attempt to crack the memory file.

    Only if the attacker doesn't know what the memory stick is will it be able to erase itself.
    • Re: (Score:3, Informative)

      BlueCoder, in essence you are correct. However this narrows the attack surface down considerably. An attacker has to etch away the potting compound to get at the flash chips. Then unmount them. Then they can get at the AES encrypted data, and try to crack AES.

      The AES keys are not accessible, because they are not stored in the flash memory, but rather in our cryptochip which is tamper-resistant. The AES keys are not based on a password (they are generated by a random number generator), thus they are v

  • Ok, but what if... (Score:2, Insightful)

    by 8ball629 ( 963244 )
    What if the computer has a keylogger and it logs the password that unlocks your data? Am I missing something?
    • No, but they are.
  • I wouldn't buy one of these to save my life. Jerks got my email address from our receptionist, added me to their marketing SPAM list, and guess what, their reply address and unsubscribe links are broken. I know where I'd like to stick their ironkey...
  • by IronKey Dave ( 1134607 ) on Sunday July 29, 2007 @07:43PM (#20036739)
    Thanks to everyone for your really interesting comments and questions. We will update our website to make it more clear that we have a FAQ section that answers many of the questions posed here on SlashDot. https://learn.ironkey.com/faqs [ironkey.com] We also have a whitepaper that describes how our hardware encryption works, the threat models, and how it is better than software encryption. https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf [ironkey.com] We released Windows versions first, as the majority of the market is using that OS. We are working on Linux and MacOS versions. Thanks, Dave Jevans @ IronKey

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...