Iron Key Hackable?

Tagged: 

Viewing 24 reply threads
  • Author
    Posts
    • #3416
      Thegmandrive
      Participant

      I was curios to  see if anyone has successfully hacked a Iron-Key. I’m ordering one, for “fun”. Just want to know if my 140 dollar investment was worth it  ;D

    • #22396
      jason
      Participant

      I’ve not heard of anyone hacking one. To the best of my knowledge they’re solid. You should do a writeup on it when you get it.

    • #22397
      Thegmandrive
      Participant

      I will  ;D. Ill be getting it in the next few days.

    • #22398
      timmedin
      Participant

      I’ve got one and I really like it.

      Its metal casing is *very* sturdy, I have put it through the washing machine, dropped it, stepped on it, and left it in the snow (stupid shoveling) with no issues. The cap is rubberized and doesn’t snap in place, and I thought it wouldn’t be long before the cap went missing but I haven’t lost it yet. I have my keys on the same key ring and those beat the snot out of it and it still keeps on ticking.

      The password manager is excellent for web page passwords and bookmarks but doesn’t have a lot of features. Not a lot of choices for password generation (one size fits all). Also, if you want to manage non-web credentials then the IronKey’s password manager is barely useable. I installed KeePass Portable and easily added its icon to the IronKey’s control panel.

      The IronKey also comes with a browser which is handy for those not-so-trustworthy computers that have a hosed browser with 15 crapware toolbars.

      All in all, I highly recommend it. The only ding is I want more advanced features on the password manager, but it would probably confuse the masses.

    • #22399
      dalepearson
      Participant

      I have had one since the release, its an excellent bit of kit.
      Only started using it again receantly, and it had lots of updates for the firmware, which reminds me I still need to find out what they did.

      Deffo excellent product that I wouldnt hesitate to give others the thumbs up on.

      I also have not heard any reports of these getting hacked, and long may it continue.

    • #22400
      jason
      Participant

      I have one of the competing products from Kingston. Other that not blowing up if you tamper with it, it seems to have largely the same set of functionality.

    • #22401
      dalepearson
      Participant

      I think alot of them in the same market are good, and will do the job. However the Iron Key is soooo James Bond 🙂

      I must get myself a Bio-Metric USB Stick at some point to.

    • #22402
      jason
      Participant

      I hadn’t really looked into it before, but it looks like everyone and their brother has one out these days

      http://www.amazon.com/s/ref=nb_ss_e?url=search-alias%3Delectronics&field-keywords=biometric+usb&x=0&y=0

    • #22403
      Thegmandrive
      Participant

      So I received my iron key and found it to be pretty amazing. It has a secure version of FireFox, that I think tunnels to a server in Canada to keep you “browsing” pretty private. It’s seems like it would be pretty un-hackable. I did a little research on the net, and found that it the general consensus.

      I only have one complaint/annoyance the secure Firefox and the slick interface, is only for Windows (ick I hate Windows). They have an app for Mac osx, and Linux, but it only unlocks the Iron Key nothing else.

      Now I just gotta figure out what I would like to put on it that I want to keep so secure from everyone  ;D.

    • #22404
      jason
      Participant

      I would think that you could rig up something similar for other OSs based on something similar to portable firefox. Or just try running it under an emulator like wine.

    • #22405
      Thegmandrive
      Participant

      @jason wrote:

      I would think that you could rig up something similar for other OSs based on something similar to portable firefox. Or just try running it under an emulator like wine.

      I’m trying to figure that out.. I know there is a portible version of firefox for the usb drive, not 100% sure how to set that up. I checked the Windows version of the secure firefox to see if I could get the server setting, but that was a no go.

      I tried cross over mac from codewevers, which I’m pretty sure uses wine as a base.

      Any suggestions on how I could get firefox portible to tunnel? 

    • #22406
      jason
      Participant
    • #22407
      Thegmandrive
      Participant

      Thank you very much

      BTW awesome blog.

    • #22408
      securityguru
      Participant

      @dalepearson wrote:

      I think alot of them in the same market are good, and will do the job. However the Iron Key is soooo James Bond 🙂

      I must get myself a Bio-Metric USB Stick at some point to.

      I’d suggest looking at MXI’s Stealth MXP (http://www.mxisecurity.com)  they have an AES 256bit CBC encryption versus Ironkey’s 128 bit.

      Erick Jasch of monitor magazine said in an article in Dec 07 “”If James Bond needed a USB flash drive, he’d get a Stealth MXP.”

      Try not to get too fooled by Ironkey’s marketing hype, they aren’t necessarily ‘the strongest encrypted flash drive’ on the market…

    • #22409
      eth3real
      Participant

      I’m not sure many people are going around cracking 128 bit AES encryption, so that MXP thing might be a bit overkill if it costs more than the competition.

    • #22410
      dalepearson
      Participant

      @securityguru wrote:

      Try not to get too fooled by Ironkey’s marketing hype, they aren’t necessarily ‘the strongest encrypted flash drive’ on the market…

      Like I said there are many options, although the IronKey is CESG CAPS approved, so is good for here in the UK Government use. Dont get me wrong I am not saying the Government do everything right, but it does undergo some scrutiny.

    • #22411
      UNIX
      Participant

      I had the opportunity to play around with an ironkey device and really liked it. Mabye not something the average person needs but it is still nice to have one in your box.
      Especially I like to have such devices in a company instead of the personal flash drives from the employees.

      Try not to get too fooled by Ironkey’s marketing hype, they aren’t necessarily ‘the strongest encrypted flash drive’ on the market…

      I guess it is nothing bad when a company says that their products are the best. It would be not so good to say that products from their competitors are better. 😉

    • #22412
      jason
      Participant

      @securityguru wrote:

      Try not to get too fooled by Ironkey’s marketing hype, they aren’t necessarily ‘the strongest encrypted flash drive’ on the market…

      They actually say “the world’s most secure flash drive”. I suppose if you include the additional security measures that they have implemented, in addition to the method of encryption, this could be the case. If we’re going to give a product the beat down for marketing hyperbole, then MXI should be included for saying things like “the ultimate safeguard for your most critical assets”

    • #22413
      securityguru
      Participant

      @eth3real wrote:

      I’m not sure many people are going around cracking 128 bit AES encryption, so that MXP thing might be a bit overkill if it costs more than the competition.

      A lot of the government requires 256 bit.

      I have also heard that if personal information is lost on a 128bit drive it must be declared as lost after a given period – can anyone substantiate this?

    • #22414
      securityguru
      Participant

      @dalepearson wrote:

      @securityguru wrote:

      Try not to get too fooled by Ironkey’s marketing hype, they aren’t necessarily ‘the strongest encrypted flash drive’ on the market…

      Like I said there are many options, although the IronKey is CESG CAPS approved, so is good for here in the UK Government use. Dont get me wrong I am not saying the Government do everything right, but it does undergo some scrutiny.

      Are you sure IronKey is CESG CAPS? I dont see it anywhere on their site.. http://www.cesg.gov.uk/find_a/caps/index.cfm

      (I did notice the Memory Experts International drive however)

    • #22415
      securityguru
      Participant

      @jason wrote:

      @securityguru wrote:

      Try not to get too fooled by Ironkey’s marketing hype, they aren’t necessarily ‘the strongest encrypted flash drive’ on the market…

      They actually say “the world’s most secure flash drive”. I suppose if you include the additional security measures that they have implemented, in addition to the method of encryption, this could be the case. If we’re going to give a product the beat down for marketing hyperbole, then MXI should be included for saying things like “the ultimate safeguard for your most critical assets”

      What additional security measures?  Surely it is the hardware encryption algorithm that is the determining factor.

      What’s wrong to be saying that? They aren’t claiming they are the most secure.  And surely 256bit AES is exponentially better than 128bit AES.

    • #22416
      jason
      Participant

      Ironkey has a whole list o’ features here:

      https://www.ironkey.com/technology

      Including (sparse) details on their various security measures.

      I don’t use, endorse, or rub my junk on either of them. My point is, that if you’re going to bag on one company for saying “the world’s most secure flash drive” which translates to “we’re the best”, then you should also apply that to another company saying “the ultimate safeguard for your most critical assets” which also translates to “we’re the best”. Now if you want to compare apples to apples, such as the strength of their AES implementation, that’s another story, but lets leave the marketing messages out of it.

    • #22417
      securityguru
      Participant

      @jason wrote:

      Ironkey has a whole list o’ features here:

      https://www.ironkey.com/technology

      Including (sparse) details on their various security measures.

      I don’t use, endorse, or rub my junk on either of them. My point is, that if you’re going to bag on one company for saying “the world’s most secure flash drive” which translates to “we’re the best”, then you should also apply that to another company saying “the ultimate safeguard for your most critical assets” which also translates to “we’re the best”. Now if you want to compare apples to apples, such as the strength of their AES implementation, that’s another story, but lets leave the marketing messages out of it.

      Agreed, and that was the point I was trying to stress for any hardware manufacturer.. especially when it comes to security.

    • #178573
      warteca
      Participant

      @Thegmandrive

      I’ve done two times first with a knowing password to understanding and checking (it’s last about one year and some formats, I have help of some friends)

      Second time knowing more about a friend used a password I didn’t know previously and we can manage in about 3 weeks . Anyway we don’t tested if previous or posterior models are similar.

      Conclusions: It’s not easy and you can consider sure for 99.9 % of users. Information needs being really valuable to try it and it’s a very ‘art’ process for physical protections do I don’t think could be valuable.

      I hope could be useful and if anyone more had do it I hope feedback

    • #179725
      joeanderson
      Participant

      I’ve not heard of anyone hacking one. But I’m planning to buy one soon. 🙂

      Greeting from all of us at Columbus Drywall Pros

Viewing 24 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?