It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that’s just because it’s the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?


It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

  • CorrodedOP
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    edit-2
    10 months ago

    Ironkey has been more careful than some other vendors

    In what aspects? I don’t know much about these specific devices

    • solrize@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      edit-2
      10 months ago

      Cryptography and tamper resistance implementation. E.g. search “ironkey fips certification”. Ironkey is a Kingston brand now though, and Kingston has traditionally been crap, so be careful. Anyway if it’s for run of the mill personal files where you just want some extra protection, the device is probably ok if you don’t mind the semi-ridiculous cost. This is interesting though: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/

      Also a teardown report: https://hardwear.io/netherlands-2021/presentation/teardown-and-feasibility-study-of-IronKey.pdf

      There are more serious technical approaches to data protection, but fairly quickly the weak spot becomes the humans in the loop, which are harder to handle with pure technology.

      • 9point6@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        10 months ago

        I was going to suggest an attack similar to what I’d assume the guys in your link achieved—the actual data on the flash chip can be dumped easily, so if you can figure out the encryption algorithm used, you don’t need a whole lot of computational power to brute force a 15 digit numeric key (a couple of high end GPUs would probably get you there in an hour or so) and decrypt the dumped data.

        • solrize@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          10 months ago

          the actual data on the flash chip can be dumped easily

          I’d stop short of saying “easily” since you have to get the epoxy potting off of the chip. But you are right that there doesn’t seem to be any active tamper reactance. The numeric key is apparently 8 digits. Since it’s a 10 digit keypad, at least 2 of the digits are unused, and you might be able to recognize those from the comparative lack of fingerprints and wear on those specific keys. So that narrows down the search range some more.