Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted USB Key With TOR, Firefox

Posted by kdawson on from the and-a-pony dept.

An anonymous reader writes "Gizmodo has a writeup on the new IronKey — a self-destructing, hardware-encrypted and -authenticated USB flash drive with on-board secure Firefox, high-speed TOR network, password manager, and online encrypted backup. Here is the demo page. $79 for a 1GB, $149 for 4GB." Ironkey works on XP and Vista only. Let's hope its self-destruct feature works better than Secustick's.

6 of 170 comments (clear)

  1. 10 tries? by MichaelSmith · · Score: 5, Funny

    after ten consecutive failed password attempts, the IronKey self-destructs

    For better security, type the wrong password nine times before you take it on the plane.

    --
    http://michaelsmith.id.au
  2. XP and VISTA only by koh · · Score: 5, Funny

    Ironkey works on XP and Vista only.

    Remember, it's only secure as long as you don't plug it in.

    I know, I know. I kid.

    --
    Karma cannot be described by words alone.
  3. Re:Useless because of host security by rdl · · Score: 5, Informative

    I agree. The best security is to have your own trusted CPU/display/input (i.e. a laptop or pda). This is getting easier all the time -- a PDA or cellphone is close to sufficient for most non-data-entry tasks.

    Failing that, I'd go with something which uses commodity, standard, and commonly available technology at the lowest level possible. It's PROBABLY the case that a DVI monitor is not bugged; much less likely that a random DVI monitor at a net cafe is itself secure than that the host OS is secure.

    The host OS and applications installed are by far the weakest link. I carry a laptop everywhere, but the next step down from that is a bootable USB flash drive with your choice of secured OS installation on it. It's easy enough to implement disk encryption.

    It is also fairly straightforward to use "write only" public key cryptography (i.e. each time you save your work, encrypt it with a public key, the private key for which is held on trusted hardware at home).

    The only customization I'd do to the USB dongle would be for protecting the keying data -- some way to mount a / partition, but have a data partition which is encrypted with PKC held on the USB device, with only the passphrase being entered into the local PC, rather than an actual key entered via the host PC. This in practice only gives you marginally better security, as if you used a hardware-trojaned PC (or vmware installation...) to boot your USB device, that trojaned machine could just copy the relevant data out of your USB key.

    There are a lot of "procedural" ways to improve security with this USB boot thing. Maybe have multiple partitions, each with different keys, per project or security level. If you're at a machine belonging to client A, and need access to client A files, you can stick your USB in a client A machine, boot, and then only unlock the client A partition on the USB. Or if you just need basic secure computing, but not access to your stored files, you could just unlock the OS partitions, leaving your own data partitions encrypted. Or, just buy multiple USB keys, and stick the least important key into the machine that is needed to accomplish your task.

  4. Everyones the miracle device by BitZtream · · Score: 5, Interesting

    I've write encryption software for use by normal users on USB devices (shameless plug: http://www.rtsz.com/products/pss/ ) and it never ceases to amaze the bullshit that people fall for.

    I try my best to prevent false claims in our advertising, things like 'Your data is completely secure' falls into the false catagory as far as I'm concerned.

    We've had two major companies asking us for secure USB devices to hold sensitive personal information, one of which was medical related, the other of which I dont recall right off the top of my head. Both of these places wanted software you could install on ANY flash drive, would encrypt all the data on it, would prevent the data from ever being copied off to another device, harddrive or whatever, and of course would automatically destroy itself if too many incorrect passwords were given.

    Needless to say we were unable to help them, or even explain to them that what they were asking for is not currently possible. This is probably a failure to communicate on my part, but the real scary part is they went with other companies who claimed they could do it! Just to be clear, this was a software only solution running on any PC with the data on any flash drive.

    Makes me wonder if we should start letting the BS flow in order to boost sales :(

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  5. I use Fearless Browser by DisorderlyConstruct · · Score: 5, Informative

    Instead of this, you can get Fearless Browser for free and install it on any USB drive. It is far more secure than any Windows version because it runs in a Gentoo-based virtual machine. It comes preconfigured with Tor and OpenDNS anti-phishing, and is updated frequently. I carry it around everywhere I go and use it at friend's houses and public terminals that I don't trust.

  6. IronKey FAQ and Crypto White Paper by IronKey+Dave · · Score: 5, Informative

    Thanks to everyone for your really interesting comments and questions. We will update our website to make it more clear that we have a FAQ section that answers many of the questions posed here on SlashDot. https://learn.ironkey.com/faqs We also have a whitepaper that describes how our hardware encryption works, the threat models, and how it is better than software encryption. https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf We released Windows versions first, as the majority of the market is using that OS. We are working on Linux and MacOS versions. Thanks, Dave Jevans @ IronKey