You are here

For those who are paranoid about security

7 posts / 0 new
Last post
arqbrulo
arqbrulo's picture
Offline
Last seen: 4 years 4 months ago
Joined: 2006-08-10 16:38
For those who are paranoid about security

While downloading John's latest creation from sourceforge, I saw an ad for the Ironkey. So if you guy are a bit paranoid about your security then go ahead and buy one or two, after all, it's only $80.00 for a 1gb.

Bahamut
Bahamut's picture
Offline
Last seen: 12 years 6 months ago
Joined: 2006-04-07 08:44
From the discussion on the

From the discussion on the Yahoo group PGP-Basics:

Robert J Hansen wrote:
Some thoughts:
1. Their whitepaper isn't a whitepaper. A whitepaper is supposed to be
marketing aimed at engineering types--it's a marketing document, but
it's supposed to have technical details. Theirs really doesn't. Most
of what I'm saying here is speculation.
2. They use AES128 in CBC mode, which is a little old fashioned. Most
designs nowadays use other mechanisms, such as Gaulois counter mode.
Their use of CBC mode leads me to wonder who did their design.
3. They claim to use a True Random Number Generator (their caps, not
mine). However, they don't say how it works, other than it's compliant
to FIPS 140-2. They also don't say which level of FIPS 140-2 they're
targeting: meeting FIPS 140-2/1 is ridiculously easy, while meeting FIPS
140-2/4 is a herculean effort. If they met 140-2/4, they'd be
trumpeting it from the rooftops. This leads me to suspect they're only
meeting FIPS 140-2/1.
4. If the user is being asked for a passphrase, why do they need an
on-board RNG? This seems like misdesign. Their whitepaper doesn't
explain their design choice in enough detail for me to talk more about it.
5. "Software implementations ... are vulnerable to brute force password
guessing or key guessing attacks. An attacker can plug the USB flash
drive into a computer and have a program guess hundreds of passwords or
keys a second." True, I guess. That's why software systems involve
things like hashing a passphrase 10,000 times in order to convert a
passphrase into a key; that makes brute-forcing infeasible. (OpenPGP
does this, for instance.) If they implemented this, they'd certainly
talk about it. They don't talk about it, so I suspect they
don't--instead putting their faith in tamper-resistant hardware. If I'm
right, then this is misdesign.
6. "Driver installation risks." They don't even mention the problem of
USB being a peer protocol. Basically, there's way too much processing
power on the USB link for any USB token to really be as dumb as you want
for security purposes.

... Ah, in their references section they cite Schneier's _Applied
Cryptography_. That, by itself, should be enough to show they're not
serious. _Applied Cryptography_ is not a serious reference work. It
works great as a quick introduction to crypto, touching on most of the
major issues; but even in 1996 it had its failings, and time has not
been kind to it.
They're also citing Wikipedia as an authoritative source. This should
send up big red flags. I like Wikipedia and I use it as an initial
source of knowledge often enough--but there's no way I would consider
Wikipedia to be an authoritative reference worthy of a cite.

My vote: stay away from this.

http://tech.groups.yahoo.com/group/PGP-Basics/message/32062
I posted the message because that link requires membership to the group.

Vintage!

Covert.Concept
Offline
Last seen: 13 years 6 months ago
Joined: 2007-07-25 14:39
$80 for a 1GB USB drive

$80 for a 1GB USB drive (even with security features which bahamut pointed out was flawed) is an absolutely ridiculous price. I choked on my coffee when I read that.

For £8 from Curry's, you can buy (practically the same) 1GB USB drive with no security. If you're paranoid about security to the point that you're buying expensive gizmos just in case someone steals your drive, you're either mad enough to put personal information on the drive or so absent minded that you could easily lose it, or at a far extent, you could have been my cell buddy at the mental institute... Take a vicadin and chill...
_____________________________________________
Is there any way to take that with me? No? Give me 10 minutes... Maybe an hour...

Is there any way to take that with me? No? Give me 10 minutes... Maybe an hour...

dave_of_iron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-08-24 03:55
$149 for 4GB

Well, you're comparing apples to porsches.

Your best value is certainly the 4GB IronKey, not the 1GB Ironkey.

Here's what you are getting for the extra money:

- hardware encryption, no software or drivers to install
- works in non-Admin mode Windows XP and Vista
- super-fast SLC flash (instead of cheapo MLC)
- 30 MBPS read, 18 MBPS write (compared to 7 and 6 for cheapo drives)
- lasts 100,000 write cycles versus 5,000 for MLC drives (important when running applications like Portable FireFox from a drive)
- waterproof
- tamper-resistant
- hardware-encrypted password manager and password backup
- encrypted surfing service for portable firefox.

So yes, it costs more than el-cheapo plastic MLC drive. But you're getting a whole other level of product. The user feedback on the forums.ironkey.com site is pretty much that the device is actually a really good deal and not overly priced.

Thanks,
Dave @ IronKey

dave_of_iron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-08-24 03:55
IronKey Secure Flash Drive Comments

Robert,

Thanks for your insightful comments. I work at IronKey and I'm responsible for some of the things that you are writing about.

1. Sorry that you don't like our whitepaper on the encryption overview. I did my best. I've got people complaining that it is too technical, so I guess you can't please all the people...

2. AES CBC is the correct mode for using AES for large data encryption. Our encryption was designed with the help of Dr. Dan Boneh at Stanford University. As a Professor of Computer Science at Stanford University, Dr. Boneh leads the applied cryptography group. Dr. Boneh contributed to the security and performance of the RSA cryptosystem, developed new privacy mechanisms, and contributed to the study of cryptographic watermarking. He is the author of over 60 technical publications, Dr. Boneh holds a Ph.D. from Princeton University and has received numerous awards, including the Packard Award, the Alfred P. Sloan Award, the Terman Award and several NSF grants.
http://crypto.stanford.edu/~dabo/pubs.html

Compare other "hardware encrypted" flash drives - they uses AES EBC which is not secure for large data encryption. Also note that implementing proper CBC mode AES in NAND flash is extremely difficult, because you've got to find somewhere to store the IV....

3. TRNG is hardware-based and is FIPS140-2. I agree that FIPS 140-2 is reasonably achievable, but it doesn't take away from the fact that the RNG is in hardware and has undergone verification - compare that to other systems or software implementations.

4. If you know FIPS you will understand that a password-based encryption key is considered plaintext. You cannot pass FIPS if you hash a password and use that as a key to encrypt data or other keys. We use the TRNG to generate a random AES data encryption key. Then we use your password to give you access to the data and to decrypt your AES key.

5. Software implementations are totally open to password guessing or key guessing attacks. If the key is based on a password, it does not matter how many times you hash to generate the key.. I can still run an old fashioned password cracking tool to crack the encryption. I can rent a 100,000 computer botnet for not much money these days, so I could realistically have 100,000 computers cracking your password for a few hundred dollars. Chances are I will guess your password in short order. With hardware-based brute force prevention this attack is impossible. After 10 tries, the keys and data are deleted. Keep in mind, that we use strong AES keys encrypted with a hash of your password as well. No mis-design here.

6. I'm not sure what you are getting at here. If I plug a software-encrypted USB flash drive (eg. Truecrypt) into a PC that does not have administrator rights, I cannot decrypt the data. With an IronKey, because all crypto is in hardware, no drivers or software are installed. Not only is it far more portable, and works better in enterprise environements, the crypto cannot be disabled. With a driver-based software system, if the drivers are not installed or are misconfigured, it could be possible to write unencrypted data to a regular flash drive. That's a problem not only in usability, but in security, especialy for uneducated users.

7. thought the references to Scheier and the wikipedia entries on AES encryption were helpful for most users who are not crypto experts. Sorry you disagree. Please provide some other helpful links and we can add them to the paper.

Dave

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 7 years 7 months ago
Joined: 2006-11-18 10:26
I think you should join the

I think you should join the Yahoo group Robert belongs to and post that info there. He'll never see it unless Bahamut copy/pastes it over there.

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

Scotto27
Offline
Last seen: 16 years 6 months ago
Joined: 2007-12-07 19:45
Just bought an IronKey

Dave-

I just bought an IronKey 4G but haven't logged in to start or register it (I'm installing a new drive and fresh install of XP Pro on my PC).

Considering that the IronKey uses Mozilla, does IronKey suggest any compatible antivirus/security apps to run with it?

I'm also curious about PortableApps (or U3, Ceedo; etc...) compatibility; I'm considering the use of these OS shells to test BitDefender (or other real-time antivirus apps).

Any assistance that you (or the gracious forum goers) can lend would be appreciated!

Thanks,
Scotto27

Log in or register to post comments