Encrypted USB Key With TOR, Firefox

An anonymous reader writes "Gizmodo has a writeup on the new IronKey — a self-destructing, hardware-encrypted and -authenticated USB flash drive with on-board secure Firefox, high-speed TOR network, password manager, and online encrypted backup. Here is the demo page. $79 for a 1GB, $149 for 4GB." Ironkey works on XP and Vista only. Let's hope its self-destruct feature works better than Secustick's.

How long until it is illegal to possess one?

[Bob+Gelumph]

In how many countries is it already illegal to possess one?

Everyones the miracle device

[BitZtream]

I've write encryption software for use by normal users on USB devices (shameless plug: http://www.rtsz.com/products/pss/ ) and it never ceases to amaze the bullshit that people fall for.

I try my best to prevent false claims in our advertising, things like 'Your data is completely secure' falls into the false catagory as far as I'm concerned.

We've had two major companies asking us for secure USB devices to hold sensitive personal information, one of which was medical related, the other of which I dont recall right off the top of my head. Both of these places wanted software you could install on ANY flash drive, would encrypt all the data on it, would prevent the data from ever being copied off to another device, harddrive or whatever, and of course would automatically destroy itself if too many incorrect passwords were given.

Needless to say we were unable to help them, or even explain to them that what they were asking for is not currently possible. This is probably a failure to communicate on my part, but the real scary part is they went with other companies who claimed they could do it! Just to be clear, this was a software only solution running on any PC with the data on any flash drive.

Makes me wonder if we should start letting the BS flow in order to boost sales :(

Re:Useless because of host security

It isn't useless because of host security. They need to make a mod that fit my needs. I need it to have a timer on it that after I update the data, it expires after a set time in days. After it expires, it can erase everything. The problem with encrypted data is that it can be decrypted. Destroying the data on the USB drive prevents rubber-hose-attacks and law enforcement could not detain me beyond the auto destruct time I set in days. In other words, destroying data means beating or detaining me to get my passphrase now becomes a useless attack. I don't think it is fair to suggest no one has a use for self-destructing systems; they assure the data can never fall into the wrong hands.

I, however, am looking for a USB key with the encryption and password entry built into the key itself. I am looking to enter the password or fingerprint on the device. That way, I am not dependent on the host. The drive could allow mounting after the biometric or password are supplied to it, and present a FAT32 volume, which would mount on any OS. I am looking for a portable solution.

Re:Typically self-destruct is bogus...

[IronKey+Dave]

The key-store in the cryptochip will destruct if tampered with physically or electrically.

You are right that without a battery we cannot reliably delete the gigabytes of encrypted data if the device is immediately pulled out of a power supply and never re-inserted into another computer. This would only happen with a very determined and knowledgeable attacker. In such case, their recourse is to disassemble the device and try to attack AES encrypted data.

Because the AES keys are randomly generated, and not based on a hash of a password for example, an attacker would have to brute force an AES key, which would be pretty impractical.

Dave @ IronKey