We are working on MacOS and Linux support. Sorry, we decided to get Windows XP and Vista out first. We didn't do Win2K for technical reasons around their driver and device support.
Dave @ IronKey
Thanks to everyone for your really interesting comments and questions.
We will update our website to make it more clear that we have a FAQ section that answers many of the questions posed here on SlashDot.
https://learn.ironkey.com/faqs
We also have a whitepaper that describes how our hardware encryption works, the threat models, and how it is better than software encryption.
https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
We released Windows versions first, as the majority of the market is using that OS. We are working on Linux and MacOS versions.
Thanks,
Dave Jevans @ IronKey
If you have malware on your computer, having it keylog your IronKey password is the least of your worries. Even without a keylogger, malware can copy all your files once you unlock and IronKey or any other encrypted media for that matter.
We considered doing our first version with external password entry to avoid keyloggers, but we decided that it was
1. too expensive
2. the majority of people would not understand it
3. requires a battery for best usability
4. makes the device larger
5. at the end of they day, data-copying malware can still get your stuff once you unlock the device.
Dave Jevans. IronKey
Sorry, your "dd" attack will not work on an IronKey. We do not mount the secure volume until the password is correctly entered. In fact, we present as 2 devices to the computer. Your data is stored as a removable media. We don't "insert" the media until the password is entered correctly.
That is one aspect why it's better than a regular USB key.
Our security whitepaper gives a description of how it works, and the benefits of the approach over software implementations.
https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
Oh yeah, we wanted to put some thermite into it, but it wouldn't pass CE safety tests.
Thanks,
Dave Jevans. IronKey
We are running a number of TOR nodes in different countries. We route to these preferentially. Thus you can get much higher bandwidth, lower latency, and more consistent performance.
Dave. IronKey
Bill,
I am truly sorry that you got spammed. We have not sent ANY email advertising at all. We think this must have come from a reseller or from our VAR builder. We're looking into it. Hey, I spent the last 7 years in the anti-spam industry. I'm the last person who want to spam people.
Dave Jevans. IronKey
We have a secure microcontroller on the device. This is where the AES encryption keys are stored. It does in fact protect against physical and electrical attacks, has shielded memory areas for key storage, and will self-destruct if tampered with.
The flash memory is regular high quality high speed SLC NAND flash. All data is AES encrypted to this flash.
When an attacker exceeds the password try count (currently 10 tries), the keystore hardware locks out and the device is dead. We also erase the encrypted flash contents ("flash trash"). This simply adds another layer of security for people who are concerned about cryptanalysis attacks (this is a real concern in certain markets). The benefit of doing this in hardware is that we can erase any bad flash blocks, thus avoiding the wear levelling and flash bad block mapping which affect software erase algorithms.
Dave Jevans. IronKey
You can learn more about why hardware encryption is better than software encryption in our whitepaper:
https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
Briefly:
- it is 5 to 10 times faster than software encryption, which is important if copying large files or running portable applications off the device
- the key storage is far more secure. IronKey stores randomly generated AES keys in a tamper-resistant chip which will destroy itself if physically or electrically tampered with.
- there is no way to prevent brute-force password or key guessing attacks with software encryption. I can eventually crack any TrueCrypt encrypted data. IronKey manages password unlocking in hardware and cannot be brute forced. Also the storage volume is not mounted until the password is correct, unlike TrueCrypt on a regular flash drive (Imagine if I copy your TrueCrypt files onto 100,000 bots, and start cracking in parallel....)
- no drivers and no administrator rights are needed with hardware encryption.
- we can use the same cryptochip secure storage to manage stored passwords, which makes it more secure than software password managers.
To address your issue with malware on the host killing the drive with 11 bad password attempts... we prevent this by requiring the drive to be physically unplugged and re-plugged in after 3 bad password attempts.
If malware is on the computer, it copying your password is the least of your worries. Once you log into the device, it can copy all your files. Nothing you can do about that.
We have designed a keylogger proof IronKey, but this will be coming in a future hardware design.
Dave Jevans. IronKey
The key storage IS tamper resistant. The chip will self-destruct if tampered with physically or electrically. This chip is separate from the flash memory where your data is stored AES encrypted.
You are correct that the flash memory will not destroy itself if tampered with, but all data in there is AES encrypted. It is most important that the AES key be destroyed.
Note that the devices are sealed with epoxy potting compound, which makes it extremely difficult to get the chips off the board without physically destroying them.
To help you in your determination of shiny turdness, try reading our whitepaper on the security model and crypto employed.
https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
Thanks,
Dave Jevans. IronKey
We started with M$ because it's the largest market. We have MacOS working in the lab and are also working on Linux support. We recognize that Linux users are the most security savvy, but that part of the market is miniscule compared to the Windows market (think about financial services, hospitals and government markets).
We've spent over $7M in research and development on the product, and unfortunately we've got to target the larger markets first.
- Dave Jevans. IronKey
Slashdot Mirror
We are working on MacOS and Linux support. Sorry, we decided to get Windows XP and Vista out first. We didn't do Win2K for technical reasons around their driver and device support. Dave @ IronKey
Thanks to everyone for your really interesting comments and questions. We will update our website to make it more clear that we have a FAQ section that answers many of the questions posed here on SlashDot. https://learn.ironkey.com/faqs We also have a whitepaper that describes how our hardware encryption works, the threat models, and how it is better than software encryption. https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
We released Windows versions first, as the majority of the market is using that OS. We are working on Linux and MacOS versions.
Thanks,
Dave Jevans @ IronKey
If you have malware on your computer, having it keylog your IronKey password is the least of your worries. Even without a keylogger, malware can copy all your files once you unlock and IronKey or any other encrypted media for that matter. We considered doing our first version with external password entry to avoid keyloggers, but we decided that it was 1. too expensive 2. the majority of people would not understand it 3. requires a battery for best usability 4. makes the device larger 5. at the end of they day, data-copying malware can still get your stuff once you unlock the device. Dave Jevans. IronKey
Sorry, your "dd" attack will not work on an IronKey. We do not mount the secure volume until the password is correctly entered. In fact, we present as 2 devices to the computer. Your data is stored as a removable media. We don't "insert" the media until the password is entered correctly. That is one aspect why it's better than a regular USB key. Our security whitepaper gives a description of how it works, and the benefits of the approach over software implementations. https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
Oh yeah, we wanted to put some thermite into it, but it wouldn't pass CE safety tests.
Thanks,
Dave Jevans. IronKey
We are running a number of TOR nodes in different countries. We route to these preferentially. Thus you can get much higher bandwidth, lower latency, and more consistent performance. Dave. IronKey
Bill, I am truly sorry that you got spammed. We have not sent ANY email advertising at all. We think this must have come from a reseller or from our VAR builder. We're looking into it. Hey, I spent the last 7 years in the anti-spam industry. I'm the last person who want to spam people. Dave Jevans. IronKey
We have a secure microcontroller on the device. This is where the AES encryption keys are stored. It does in fact protect against physical and electrical attacks, has shielded memory areas for key storage, and will self-destruct if tampered with. The flash memory is regular high quality high speed SLC NAND flash. All data is AES encrypted to this flash. When an attacker exceeds the password try count (currently 10 tries), the keystore hardware locks out and the device is dead. We also erase the encrypted flash contents ("flash trash"). This simply adds another layer of security for people who are concerned about cryptanalysis attacks (this is a real concern in certain markets). The benefit of doing this in hardware is that we can erase any bad flash blocks, thus avoiding the wear levelling and flash bad block mapping which affect software erase algorithms. Dave Jevans. IronKey
You can learn more about why hardware encryption is better than software encryption in our whitepaper: https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
Briefly:
- it is 5 to 10 times faster than software encryption, which is important if copying large files or running portable applications off the device
- the key storage is far more secure. IronKey stores randomly generated AES keys in a tamper-resistant chip which will destroy itself if physically or electrically tampered with.
- there is no way to prevent brute-force password or key guessing attacks with software encryption. I can eventually crack any TrueCrypt encrypted data. IronKey manages password unlocking in hardware and cannot be brute forced. Also the storage volume is not mounted until the password is correct, unlike TrueCrypt on a regular flash drive (Imagine if I copy your TrueCrypt files onto 100,000 bots, and start cracking in parallel....)
- no drivers and no administrator rights are needed with hardware encryption.
- we can use the same cryptochip secure storage to manage stored passwords, which makes it more secure than software password managers.
To address your issue with malware on the host killing the drive with 11 bad password attempts... we prevent this by requiring the drive to be physically unplugged and re-plugged in after 3 bad password attempts.
If malware is on the computer, it copying your password is the least of your worries. Once you log into the device, it can copy all your files. Nothing you can do about that.
We have designed a keylogger proof IronKey, but this will be coming in a future hardware design.
Dave Jevans. IronKey
The key storage IS tamper resistant. The chip will self-destruct if tampered with physically or electrically. This chip is separate from the flash memory where your data is stored AES encrypted. You are correct that the flash memory will not destroy itself if tampered with, but all data in there is AES encrypted. It is most important that the AES key be destroyed. Note that the devices are sealed with epoxy potting compound, which makes it extremely difficult to get the chips off the board without physically destroying them. To help you in your determination of shiny turdness, try reading our whitepaper on the security model and crypto employed. https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf
Thanks,
Dave Jevans. IronKey
We started with M$ because it's the largest market. We have MacOS working in the lab and are also working on Linux support. We recognize that Linux users are the most security savvy, but that part of the market is miniscule compared to the Windows market (think about financial services, hospitals and government markets). We've spent over $7M in research and development on the product, and unfortunately we've got to target the larger markets first. - Dave Jevans. IronKey