Ironkey Secure USB Drives

[MediumTex]

Anyone have any experience with drives of this type?

Ironkey Drive

It looks neat, especially the Firefox browser and secure password storage feature.

[Storm]

Seems way overpriced.  You can make your own out of any USB drive and the free Truecrypt software.  You can install Chrome or Firefox in there and use it for secure browsing if you want.

http://lifehacker.com/154465/on+the+fly ... lash-drive

[dualstow]

Anyone have any experience with drives of this type?
Ironkey Drive
It looks neat, especially the Firefox browser and secure password storage feature.

I'm more interested in the Apricorn Aegis drives, because they have a physical keypad right on the stick. (Also available at Amazon).
When I posted about them on a different forum, the response was also that I could get Truecrypt for free. I am definitely a fan of Truecrypt, but I am tempted to buy a keypad drive nonetheless.

[craigr]

Anyone have any experience with drives of this type?
Ironkey Drive
It looks neat, especially the Firefox browser and secure password storage feature.

I'm more interested in the Apricorn Aegis drives, because they have a physical keypad right on the stick. (Also available at Amazon).
When I posted about them on a different forum, the response was also that I could get Truecrypt for free. I am definitely a fan of Truecrypt, but I am tempted to buy a keypad drive nonetheless.

That's a cool drive. Thanks for sharing. I usually use Truecrypt on a USB, but it's sometimes a hassle and you have to enter a password which could be a problem on an untrusted machine.

I wonder if there isn't a way to read the encrypted key off this USB stick and brute force it to recover the main key. 7-15 digit PIN would not be hard to bruce force if you got the key off the USB without activating the self-destruct. But nothing is perfect and this seems to make security outside of an attack from an intelligence agency more accessible.

[BearBones]

Cool drives! The only thing that I would suggest is that you get something that you don't mind carrying on your keychain (or some other way to have with you at all times).

I have LaCie iamakey on my keychain (http://www.amazon.com/LaCie-iamakey-Fla ... pd_cp_pc_2) with all my financial info, Quicken, a browser, copy of 1Password, copies of all inportant documents, and video of everything in my home. Love that drive since it is size of large key and very well constructed. But hated the software that came with it, so I erased and put on encrypted disk image (on the mac). Important documents are then further protected in encrypted pdfs or encrypted by 1Password.

Anyone know if advantage of TrueCrypt over what I  have done?

[Pointedstick]

Anyone know if advantage of TrueCrypt over what I  have done?

Cross-platform compatibility. Any Windows machine is going to be terribly confused by those .dmg files.

[dualstow]

I'm more interested in the Apricorn Aegis drives, because they have a physical keypad right on the stick. (Also available at Amazon).
...
I am definitely a fan of Truecrypt, but I am tempted to buy a keypad drive nonetheless.

That's a cool drive. Thanks for sharing. I usually use Truecrypt on a USB, but it's sometimes a hassle and you have to enter a password which could be a problem on an untrusted machine.

I wonder if there isn't a way to read the encrypted key off this USB stick and brute force it to recover the main key. 7-15 digit PIN would not be hard to bruce force if you got the key off the USB without activating the self-destruct. But nothing is perfect and this seems to make security outside of an attack from an intelligence agency more accessible.

Maybe it can be brute forced, but at least it avoids the keylogging danger of most things that require passwords. (Although if one can use an on-screen virtual keyboard with a mouse...)
Anyway, here's some more pros and cons of the Aegis drive from 'Wired':
http://www.wired.com/reviews/2012/07/re ... rd_drives/

[craigr]

I'm more interested in the Apricorn Aegis drives, because they have a physical keypad right on the stick. (Also available at Amazon).
...
I am definitely a fan of Truecrypt, but I am tempted to buy a keypad drive nonetheless.

That's a cool drive. Thanks for sharing. I usually use Truecrypt on a USB, but it's sometimes a hassle and you have to enter a password which could be a problem on an untrusted machine.

I wonder if there isn't a way to read the encrypted key off this USB stick and brute force it to recover the main key. 7-15 digit PIN would not be hard to bruce force if you got the key off the USB without activating the self-destruct. But nothing is perfect and this seems to make security outside of an attack from an intelligence agency more accessible.

Maybe it can be brute forced, but at least it avoids the keylogging danger of most things that require passwords. (Although if one can use an on-screen virtual keyboard with a mouse...)
Anyway, here's some more pros and cons of the Aegis drive from 'Wired':
http://www.wired.com/reviews/2012/07/re ... rd_drives/

The Datalocker drive with two-factor authentication and digital keypad looks very clever. As with all these technologies, it's all going to come down to how the encryption is implemented behind the scenes. I've seen a ton of software encryption schemes completely broken because the developers made a mistake not knowing how the algorithms should be used. But clearly this kind of drive could be very useful especially for portable applications. I encrypt my backup drives, but sometimes when traveling you want something a little extra in case your laptop bag goes missing.

[craigr]

Dear Security Nerds,

I just bought the Apricom Aegis 16GB USB Drive. It integrates a keypad with 256bit AES encryption and a tamper proof package. I've been playing with it tonight and my mini review is this so far:

1) Built in keypad means threat of keylogger on untrusted system is reduced. It takes a PIN code of 7-15 digits.
2) After 10 attempts the drive self-destructs all stored keys and you need to re-initialize. My initial test showed it worked for what it's worth.
3) The device is tamper resistant physically. Meaning it will be obvious if someone tries to breach the embedded hardware chip.
4) The profile is a bit long (about 2 inches?), but it has a built in cover with o-ring to give it water resistance and protects the keypad. The cover fits nicely.
5) Drive performance is USB 2.0 which is OK for just storing data. Copying larger files could take a little while, but for most documents it's more than fast enough.
6) The maximum drive size is 16GB, which is fine for document storage. However the price is high for the storage space provided. But with full hardware encryption, built in PIN pad, and FIPS certification (pending) it is reasonable.
7) The PIN is required to even get the computer to recognize it as a drive. Without the PIN the computer sees no USB device is even attached. So it is doing more than just putting on a big encrypted blob on a USB key. The PIN is actually activating the USB controller logic onboard to run through hardware encryption. This means it would be harder for an attacker to quietly steal an encrypted file to do a brute force attack elsewhere at their leisure.
8 ) It is computer agnostic and can be formatted to any file system (comes as FAT32 which is cross-platform compatible). It works on my Macs fine and I suspect would work fine on Windows/Linux as well with no software you need to load to read the data other than a correct PIN.

Overall I like the drive. It's nice not having to load up another piece of software to decrypt your data (like TrueCrypt). The form factor is fine for putting in your computer bag, but may be a little much for a keychain. However it is convenient. If you were to use this with a TrueCrypt encrypted volume stored on it, I suspect it would be basically impenetrable by just about anyone when not mounted.

Here is a link to it:

Aegis Secure USB Drive

May be overkills, but for backups when on the go I think I'll like it. I could also see this being a neat platform for a secure browser bootable system with Linux. Enter your PIN, boot the system, browse securely. When you pull the USB out it locks again. Pretty slick.

[dualstow]

...
But hated the software that came with it, so I erased and put on encrypted disk image (on the mac).
...
Anyone know if advantage of TrueCrypt over what I  have done?

BearBones, I just wanted to thank you for the comment above. Because of it, I thoroughly explored the Mac's Disk Utility and creating disk images. Very useful!

[hoost]

Dear Security Nerds,

I just bought the Apricom Aegis 16GB USB Drive. It integrates a keypad with 256bit AES encryption and a tamper proof package. I've been playing with it tonight and my mini review is this so far:

1) Built in keypad means threat of keylogger on untrusted system is reduced. It takes a PIN code of 7-15 digits.
2) After 10 attempts the drive self-destructs all stored keys and you need to re-initialize. My initial test showed it worked for what it's worth.
3) The device is tamper resistant physically. Meaning it will be obvious if someone tries to breach the embedded hardware chip.
4) The profile is a bit long (about 2 inches?), but it has a built in cover with o-ring to give it water resistance and protects the keypad. The cover fits nicely.
5) Drive performance is USB 2.0 which is OK for just storing data. Copying larger files could take a little while, but for most documents it's more than fast enough.
6) The maximum drive size is 16GB, which is fine for document storage. However the price is high for the storage space provided. But with full hardware encryption, built in PIN pad, and FIPS certification (pending) it is reasonable.
7) The PIN is required to even get the computer to recognize it as a drive. Without the PIN the computer sees no USB device is even attached. So it is doing more than just putting on a big encrypted blob on a USB key. The PIN is actually activating the USB controller logic onboard to run through hardware encryption. This means it would be harder for an attacker to quietly steal an encrypted file to do a brute force attack elsewhere at their leisure.
8 ) It is computer agnostic and can be formatted to any file system (comes as FAT32 which is cross-platform compatible). It works on my Macs fine and I suspect would work fine on Windows/Linux as well with no software you need to load to read the data other than a correct PIN.

Overall I like the drive. It's nice not having to load up another piece of software to decrypt your data (like TrueCrypt). The form factor is fine for putting in your computer bag, but may be a little much for a keychain. However it is convenient. If you were to use this with a TrueCrypt encrypted volume stored on it, I suspect it would be basically impenetrable by just about anyone when not mounted.

Here is a link to it:

Aegis Secure USB Drive

May be overkills, but for backups when on the go I think I'll like it. I could also see this being a neat platform for a secure browser bootable system with Linux. Enter your PIN, boot the system, browse securely. When you pull the USB out it locks again. Pretty slick.

Craigr,

I have been considering getting one of these.  Any new/additional thoughts after living with it for a while?  Would you still recommend it?  Do you find the 16gb to be adequate?  I see they have a 32gb now, but it's much more expensive. 

I have also considered getting one of the smaller ones and using it for files that are accessed more often, and keeping any other files needed on a bigger drive that has been fully encrypted w/truecrypt.  Any thoughts you or anyone else has will be appreciated.

hoost