this post was submitted on 19 Feb 2024
204 points (97.2% liked)

Privacy

31876 readers
1 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
204
What are your thoughts on USB storage drives that have keypad encryption? (leminal.space)
submitted 1 year ago* (last edited 1 year ago) by CorrodedCranium@leminal.space to c/privacy@lemmy.ml
106 comments fedilink hide all child comments
 

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?

It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

top 50 comments
sorted by: hot top controversial new old
[–] ryannathans@aussie.zone 100 points 1 year ago (4 children)

Nice just look at the most worn buttons

[–] WarmSoda@lemm.ee 41 points 1 year ago

Damn. Dude just comes in and ends the entire discussion.

[–] CorrodedCranium@leminal.space 25 points 1 year ago* (last edited 1 year ago)

It seems like these drives can use up to 15 digit pins and lock out after a set number of attempts. I don't know if that would be a huge issue

[–] ninpnin@sopuli.xyz 13 points 1 year ago* (last edited 1 year ago) (1 children)

Permutations have entered the chat

[–] NuXCOM_90Percent@lemmy.zip 12 points 1 year ago* (last edited 1 year ago) (1 children)

It still drastically narrows down the search space and makes social engineering a LOT easier.

Because you tend to have one of two sources for any password that people need to remember.

  1. Randomly generated with no rhyme or reason. And written down on a sticky note as a result
  2. Something with meaning to the user

And it is the latter where this becomes an issue. Because let's say they are a 50 year old and 1, 4, 6, 7, and 9 are heavily worn. Well, they were born in the 70s so let's verify exactly when. Hmm, May. No 5 means it probably isn't their birthday. Wait... their partner was born on April 7th, 1976. No luck. Oh, but what if they were clever and it is actually 197647 instead of 471976? Boom, in.

[–] CorrodedCranium@leminal.space 8 points 1 year ago* (last edited 1 year ago) (5 children)

Related XKCD

It's a shame more people don't think of obscure numbers they've been forced to remember in the past or see constantly and use those.

  • A number from a song

  • Your middle school locker combination

  • The number of a local pizza place

  • Your library card number

  • The barcode number on something you carry around all the time

If you combined any two of those I imagine it would make for a pretty secure password.

[–] wreckedcarzz@lemmy.world 4 points 1 year ago (4 children)

a number from a song

I've got it! 8, 6, 7, 5, 3, 0, 9. Bulletproof, thanks op!

load more comments (4 replies)
load more comments (4 replies)
[–] fidodo@lemmy.world 4 points 1 year ago

Just press the rest of the keys after you unlock it. Or use all the keys in the password. Or purposefully scuff them up.

[–] solrize@lemmy.world 49 points 1 year ago* (last edited 1 year ago) (3 children)

Ironkey has been more careful than some other vendors but the concept still seems dubious to me, if you are trying to stop serious attackers. You want the decryption key to be completely separated from the storage.

[–] CorrodedCranium@leminal.space 10 points 1 year ago* (last edited 1 year ago) (1 children)

Ironkey has been more careful than some other vendors

In what aspects? I don't know much about these specific devices

[–] solrize@lemmy.world 11 points 1 year ago* (last edited 1 year ago) (1 children)

Cryptography and tamper resistance implementation. E.g. search "ironkey fips certification". Ironkey is a Kingston brand now though, and Kingston has traditionally been crap, so be careful. Anyway if it's for run of the mill personal files where you just want some extra protection, the device is probably ok if you don't mind the semi-ridiculous cost. This is interesting though: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/

Also a teardown report: https://hardwear.io/netherlands-2021/presentation/teardown-and-feasibility-study-of-IronKey.pdf

There are more serious technical approaches to data protection, but fairly quickly the weak spot becomes the humans in the loop, which are harder to handle with pure technology.

[–] 9point6@lemmy.world 4 points 1 year ago (1 children)

I was going to suggest an attack similar to what I'd assume the guys in your link achieved—the actual data on the flash chip can be dumped easily, so if you can figure out the encryption algorithm used, you don't need a whole lot of computational power to brute force a 15 digit numeric key (a couple of high end GPUs would probably get you there in an hour or so) and decrypt the dumped data.

[–] solrize@lemmy.world 5 points 1 year ago (1 children)

the actual data on the flash chip can be dumped easily

I'd stop short of saying "easily" since you have to get the epoxy potting off of the chip. But you are right that there doesn't seem to be any active tamper reactance. The numeric key is apparently 8 digits. Since it's a 10 digit keypad, at least 2 of the digits are unused, and you might be able to recognize those from the comparative lack of fingerprints and wear on those specific keys. So that narrows down the search range some more.

load more comments (1 replies)
load more comments (2 replies)
[–] delirious_owl@discuss.online 39 points 1 year ago (5 children)

Do encryption in software. History taught us hard lessons about this.

[–] CorrodedCranium@leminal.space 12 points 1 year ago* (last edited 1 year ago) (1 children)

Can you think of some notable examples of hardware based encryption failing?

Besides the actual device dying I mean

[–] jwt@programming.dev 8 points 1 year ago* (last edited 1 year ago) (3 children)
[–] PipedLinkBot@feddit.rocks 7 points 1 year ago

Here is an alternative Piped link(s):

https://m.piped.video/watch?v=beMtNM7nwfQ

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

load more comments (2 replies)
load more comments (4 replies)
[–] makeasnek@lemmy.ml 25 points 1 year ago* (last edited 1 year ago) (1 children)

Hardware signing devices have lots of utility because they keep the key from ever being on the machine (which is more likely to be compomised). Think ledger or trezor for your Bitcoin. Hardware encryption devices are just really expensive and black-box ways to avoid Veracrypt.

If your encryption algorithm is secure, you have no use for automatic lock-out. If it's not, automatic lockout won't do much against an attacker with physical access to the device. Unless they are dumb enough to trigger the lockout AND the internal memory wipes itself sufficiently well AND/OR the attacker doesn't have the resources to reverse engineer the device.

[–] kevincox@lemmy.ml 3 points 1 year ago

If your encryption algorithm is secure, you have no use for automatic lock-out.

This isn't true. You need your algorithm and your key to be secure. If the key needs to be remembered or entered often it probably can't be secure. So brute force protection becomes very important.

If it’s not, automatic lockout won’t do much against an attacker with physical access to the device.

This isn't true. Yes, with enough time and effort it is possible to extract any data from any device. But in practice physical HSMs do an excellent job at raising the cost of key extraction. I would much rather have an attacker steal my Yubikey than a USB with my GPG key lying on it.

[–] hanke@feddit.nu 23 points 1 year ago (2 children)

The IronKey has been cracked

[–] Toribor@corndog.social 17 points 1 year ago

Like most things, it's important to remember what threats you're trying to protect yourself against.

Are you trying to protect yourself against dropping a USB in a parking lot and someone picking it up? Or are you trying to protect yourself from a nation state?

load more comments (1 replies)
[–] Imprint9816@lemmy.dbzer0.com 19 points 1 year ago (1 children)

Yeah i dont see how this would be better then a run of the mill thumb drive (that doesnt scream im worth stealing) and just creating a cryptomator vault on it.

[–] fidodo@lemmy.world 5 points 1 year ago (5 children)

Is that solution portable for any device and os you might plug it into?

load more comments (5 replies)
[–] AnnaFrankfurter@lemmy.ml 18 points 1 year ago

Obligatory XKCD

[–] YeetPics@mander.xyz 17 points 1 year ago* (last edited 1 year ago) (1 children)

These are handy if you have to move sensitive information but I've experienced more than one event at work where irreplaceable files were lost due to user error on these type of drives.

I couldn't tell you about the lifespan of these devices either, something tells me the keys won't last more than a few years if it's being used regularly.

[–] kevincox@lemmy.ml 4 points 1 year ago (1 children)

If your only copy of critical data is on a portable storage device you are doing so many things wrong.

load more comments (1 replies)
[–] alphafalcon@feddit.de 17 points 1 year ago

They occupy a strange niche full of contradictions.

Entering the code on the device itself should increase security as opposed to entering it on a compromised computer.

But plugging it into a compromised computer means the data is compromised anyway.

Their security is way harder to audit than a software solution like PGP. The actual "encryption" varies from actual decent setups to "entering the code connects the data pins with no actual encryption on the storage chip"

Not having to instal/use software to use them means they are suitable for non-technical users which in turn means more support calls for "I forgot the pin, it wiped itself, can you restore my data"

They are kind of useful to check the "data is transported on encrypted media" box for compliance reasons without having to manage something bigger.

[–] NabeGewell@lemmy.world 15 points 1 year ago

I wouldn't trust any part of its hardware and software to store anything worth encrypting on it

[–] kjake 13 points 1 year ago

The ones that went through FIPS 140-2 Type 3 or above validation are legit. We used Apricorn for CUI data…examples: https://www.archives.gov/cui/registry/category-list

[–] Dyskolos@lemmy.zip 12 points 1 year ago (5 children)

Useful for what? Hiding stuff from family-member or coworkers? Yeah sure. Why not.

Hiding stuff from professionals that really want your data? Probably not very helpful.

Also what about backup? One controller-malfunction and your stuff goes poof. I just assume the data is somehow important or else you wouldn't care about such a device 😊

load more comments (5 replies)
[–] Count042@lemmy.ml 11 points 1 year ago

I don't trust hardware implementations of encryption in the same way I don't trust hardware raid arrays.

[–] GolfNovemberUniform@lemmy.ml 10 points 1 year ago

Too expensive. Use software encryption instead

[–] MonkderZweite@feddit.ch 8 points 1 year ago* (last edited 1 year ago)

Same problems as any firmware based encryption (encrypting SSDs, etc.). Firmware is quickly outdated and the triangle price - speed - security usually neglects the security part.

[–] morgin@lemm.ee 8 points 1 year ago

like everyone else has said hardware level encryption doesn’t seem like the most sound option.

Personally i’ve just encrypted sensitive files with picocrypt, only just started looking into better encryption techniques though so there’s probably better alternatives.

[–] Churbleyimyam@lemm.ee 8 points 1 year ago

Good until you spill a Cuppasoup on it's chinesium keyboard.

[–] jet@hackertalks.com 7 points 1 year ago* (last edited 1 year ago) (2 children)

They are interesting. But they are a huge red flag and scream examine me if it's in your luggage and your crossing a boarder.

I'm somewhat dubious about a hardware system not having long term undiscovered flaws. Be sure to use software based data protection on top of the hardware solution.

load more comments (2 replies)
[–] tiredofsametab@kbin.run 7 points 1 year ago

First time I've seen something like that, but my initial thought was: wow, that's a lot of parts that can break and things that can go wrong (compared to only encrypting the data itself before storage).

[–] Jiggle_Physics@lemmy.world 6 points 1 year ago

As long as the security software it uses is solid I think it's a decent idea.

[–] SheeEttin@programming.dev 5 points 1 year ago (3 children)

Overkill and overpriced. If you're on Windows, bitlocker is enough. If you're on Linux, LUKS is enough.

I've used Apricorn drives at previous jobs. They're cool and very much fit for purpose, but I'd have a hard time justifying the significant price premium when software is nearly as good, free, and works with any drive.

[–] possiblylinux127@lemmy.zip 17 points 1 year ago

Bitlocker shouldn't be considered secure as it is a Windows only encryption that is a black box for the most part. Additionally your decryption keys are send to Microsoft

[–] delirious_owl@discuss.online 7 points 1 year ago (4 children)

Eh, I wouldn't trust a US company (that can be served an NSL and is obligated to install backdoors) to do your FDE.

For windows, veracrypt is safer than bitlocker

load more comments (4 replies)
load more comments (1 replies)
[–] NuXCOM_90Percent@lemmy.zip 5 points 1 year ago* (last edited 1 year ago) (2 children)

What is your use case for this?

  • Confidential files in a public setting? Don't fucking bring confidential files to a public setting. But if you must, a big bulky laptop with (good) FDE is a lot more sequre than a flash drive someone can pickpocket.
  • Border crossing? Guess what? You paint a MASSIVE red flag on your back and get to learn that you don't actually have all that many rights in the time between stepping on foreign soil and being admitted by customs. Congrats, you gave them the wrong code three times and it got wiped. They are going to break your face and put you in a black site.
  • Hiding sensitive/highly illegal content in the event of a police investigation: Yeah... if you are at the point where there is a warrant (or black van) out for your arrest than it really doesn't matter if they can see whatever you were looking at last night.

At my old job we required these for "thumb drives" and all they ever did was make reformatting machines pure hell.

load more comments (2 replies)
[–] leraje@lemmy.blahaj.zone 4 points 1 year ago

I have one as a 'last resort' option. It's got backups of BitWarden, Aegis and Standard Notes and is only connected to my machine during backups.

[–] HelixDab2@lemm.ee 3 points 1 year ago (4 children)

Seems like it's a good starting point.

I wonder if you can encrypt the files prior to storing them on the key, which would then encrypt them a second time with a different method. Would the compromise the data in any meaningful way? Or would it mean that you had to decrypt the key and then decrypt the data a second time?

load more comments (4 replies)
load more comments
view more: next ›