Gyroscopic Investing

MediumTex wrote: Anyone have any experience with drives of this type?
Ironkey Drive
It looks neat, especially the Firefox browser and secure password storage feature.

dualstow wrote:

MediumTex wrote: Anyone have any experience with drives of this type?
Ironkey Drive
It looks neat, especially the Firefox browser and secure password storage feature.

I'm more interested in the Apricorn Aegis drives, because they have a physical keypad right on the stick. (Also available at Amazon).
When I posted about them on a different forum, the response was also that I could get Truecrypt for free. I am definitely a fan of Truecrypt, but I am tempted to buy a keypad drive nonetheless.

BearBones wrote: Anyone know if advantage of TrueCrypt over what I  have done?

craigr wrote:

dualstow wrote: I'm more interested in the Apricorn Aegis drives, because they have a physical keypad right on the stick. (Also available at Amazon).
...
I am definitely a fan of Truecrypt, but I am tempted to buy a keypad drive nonetheless.

That's a cool drive. Thanks for sharing. I usually use Truecrypt on a USB, but it's sometimes a hassle and you have to enter a password which could be a problem on an untrusted machine.

I wonder if there isn't a way to read the encrypted key off this USB stick and brute force it to recover the main key. 7-15 digit PIN would not be hard to bruce force if you got the key off the USB without activating the self-destruct. But nothing is perfect and this seems to make security outside of an attack from an intelligence agency more accessible.

dualstow wrote:

craigr wrote:

dualstow wrote: I'm more interested in the Apricorn Aegis drives, because they have a physical keypad right on the stick. (Also available at Amazon).
...
I am definitely a fan of Truecrypt, but I am tempted to buy a keypad drive nonetheless.

That's a cool drive. Thanks for sharing. I usually use Truecrypt on a USB, but it's sometimes a hassle and you have to enter a password which could be a problem on an untrusted machine.

I wonder if there isn't a way to read the encrypted key off this USB stick and brute force it to recover the main key. 7-15 digit PIN would not be hard to bruce force if you got the key off the USB without activating the self-destruct. But nothing is perfect and this seems to make security outside of an attack from an intelligence agency more accessible.

Maybe it can be brute forced, but at least it avoids the keylogging danger of most things that require passwords. (Although if one can use an on-screen virtual keyboard with a mouse...)
Anyway, here's some more pros and cons of the Aegis drive from 'Wired':
http://www.wired.com/reviews/2012/07/re ... rd_drives/

BearBones wrote: ...
But hated the software that came with it, so I erased and put on encrypted disk image (on the mac).
...
Anyone know if advantage of TrueCrypt over what I  have done?

craigr wrote: Dear Security Nerds,

I just bought the Apricom Aegis 16GB USB Drive. It integrates a keypad with 256bit AES encryption and a tamper proof package. I've been playing with it tonight and my mini review is this so far:

1) Built in keypad means threat of keylogger on untrusted system is reduced. It takes a PIN code of 7-15 digits.
2) After 10 attempts the drive self-destructs all stored keys and you need to re-initialize. My initial test showed it worked for what it's worth.
3) The device is tamper resistant physically. Meaning it will be obvious if someone tries to breach the embedded hardware chip.
4) The profile is a bit long (about 2 inches?), but it has a built in cover with o-ring to give it water resistance and protects the keypad. The cover fits nicely.
5) Drive performance is USB 2.0 which is OK for just storing data. Copying larger files could take a little while, but for most documents it's more than fast enough.
6) The maximum drive size is 16GB, which is fine for document storage. However the price is high for the storage space provided. But with full hardware encryption, built in PIN pad, and FIPS certification (pending) it is reasonable.
7) The PIN is required to even get the computer to recognize it as a drive. Without the PIN the computer sees no USB device is even attached. So it is doing more than just putting on a big encrypted blob on a USB key. The PIN is actually activating the USB controller logic onboard to run through hardware encryption. This means it would be harder for an attacker to quietly steal an encrypted file to do a brute force attack elsewhere at their leisure.
8 ) It is computer agnostic and can be formatted to any file system (comes as FAT32 which is cross-platform compatible). It works on my Macs fine and I suspect would work fine on Windows/Linux as well with no software you need to load to read the data other than a correct PIN.

Overall I like the drive. It's nice not having to load up another piece of software to decrypt your data (like TrueCrypt). The form factor is fine for putting in your computer bag, but may be a little much for a keychain. However it is convenient. If you were to use this with a TrueCrypt encrypted volume stored on it, I suspect it would be basically impenetrable by just about anyone when not mounted.

Here is a link to it:

Aegis Secure USB Drive

May be overkills, but for backups when on the go I think I'll like it. I could also see this being a neat platform for a secure browser bootable system with Linux. Enter your PIN, boot the system, browse securely. When you pull the USB out it locks again. Pretty slick.