.

IronKey a joke ! Lets put it to the test!

<<

cyeudoxus

User avatar

Newbie
Newbie

Posts: 14

Joined: Mon Nov 12, 2007 12:38 pm

Post Thu Apr 17, 2008 7:52 pm

IronKey a joke ! Lets put it to the test!

Does anyone have one or would like to buy one so we can put it to the test. Flashy video on the site, good advertising https://www.ironkey.com/
:o

Take a look let me know what you think... I do like the part where the AES, cyrpochip w/self destruct to kill the keys ;D For $149.00 for the 4GB I better be able to run it over with a bull dozer and have still be working!

-cy
“Our character is what we do when we think no one is looking.” -ayn
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Apr 19, 2008 1:52 pm

Re: IronKey a joke ! Lets put it to the test!

If it really does everything it claims, I would say it looks nice. Maybe I might get one and play with it.
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Fri Apr 25, 2008 7:08 am

Re: IronKey a joke ! Lets put it to the test!

I've got a free sample of the Ironkey, it is quite nice.
Nice tactile feel, solid metal case. The chap I spoke to made some bold claims about it working after being submerged for 24 hours, once dried off but as the internals are epoxy coated, no big suprise.
Apparently, youtube has a video of one being run over by a bobcat and working afterwards.
It is supported under XP, Vista and MacOS, so saddos like me that stick to Linux and Win2k are out of luck. I have tested in on the wife's laptop and it does what it says on the tin.
There is, apparently, a management verison coming out. This should give to sysadmin the opportunity to set the number of times a password can be attempted before the key is fried. I asked if frying could be avoided completely but the salesman didn't seem to know.
I also visited Sandisk with the same requirements. The sandisk stick seems to be reasonably good, too.
While it is in no way ruggedised like the ironkey it has the benefit (?) of not frying itself. Again, there are two versions, the managed and the unamanaged. Both can be set to block access after 'n' attempts, the managed one will be subsequently recoverable, the unmanaged one will need to be reformatted but is not bricked.
The Sandisk is supported under Win2k, XP and Vista.

The Ironkey and the Sandisk both claim FIPS 140-2. Unfortunately, neither are going through the process of CAPS approval (UK Govt.) For the Sandisk, there is a different version for the FIPS which has an epoxy coating over the crypto chip to prevent analysis attacks.

Both are big (physically) compared to their unencrypted counterparts, about the size of a standard disposable lighter.

The only other difference is that the Ironkey is 128 bit AES and the Sandisk is 256 bit AES.

One thing that bothers me about both devices is that you are stuck with using the key material that the crypto chip holds. I would like to see a device that allows the crypto manager to reprogram the key with a key that they have generated. The reason for this is twofold. If, as with the Ironkey, the key is fried, the data can still be retrieved. Second, and this is the paranoid in me, if the crypto is added by the manufacturer, would they not keep a record of the key, therefore enabling them to retrieve data should the key find it's way back to them?

[Edited for poor typing]
Last edited by Bogwitch on Fri Apr 25, 2008 7:10 am, edited 1 time in total.
CISSP, C|EH, C|HFI
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Apr 25, 2008 9:25 am

Re: IronKey a joke ! Lets put it to the test!

Bogwitch,

nice write up and comparison. I agree that user generated crypto keys would be nice, but it is likely just the paranoia that the manufacturer would be interested in checking all returned devices. However, if the key found it's way into mainstream then thats another story.

I'm not sure I like the idea 'bricking' the device after 'x' failed attempts, seen too many users looking themselves out of wind0ze, might keep that feature for techies only.

I'd be slightly wary of any manufacturer claiming a standard that it is not going to try and achieve officially. This could be a huge selling factor in the UK after the recent 'lost' CD screw-ups.....
<<

zedcuk

Newbie
Newbie

Posts: 1

Joined: Tue Apr 29, 2008 2:33 am

Post Tue Apr 29, 2008 2:41 am

Re: IronKey a joke ! Lets put it to the test!

Anyone checked out MXI Security's devices?  Stealth MXP (Biometric) and passport (non biometric) they seem to offer everything the other two do (AES256 built from the ground up like Ironkey, FIPS for over a year, management software, data destruction option) yet im not seeing them being mentioned anywhere were people are looking at secure USB devices.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Apr 29, 2008 3:08 am

Re: IronKey a joke ! Lets put it to the test!

Zedcuk,

welcome and thanks for the pointer. I hadn't come across them before, just checked the site and they look promising, guess I've found something to do on my lunch break :)
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Tue Apr 29, 2008 4:54 pm

Re: IronKey a joke ! Lets put it to the test!

Zedcuk,

Have you had a chance to play with one of these? If so, what did you think?

Quick update for the Sandisk, disappointing, the password requirement is 3 of the four character sets, length 6-16 characters. If we assume a charater set consisting of 76 characters, this gives us an entropy of 6.25 bits. 6.25*16 gives us 100 bits. Pretty much makes the 256 bit encryption redundant, doesn't it!
CISSP, C|EH, C|HFI
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sat Jun 21, 2008 9:17 pm

Re: IronKey a joke ! Lets put it to the test!

I see these sorts of devices crop up from time to time, often swiftly followed by a showstopper of a vulnerability. It often seems like you would be better off with a generic USB drive and TrueCrypt.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Sun Jun 22, 2008 2:46 pm

Re: IronKey a joke ! Lets put it to the test!

I also got a sample IronKey a few months ago when we were doing some different reviews on secure media solutions.

Personally I think its a good device, I like the way it can store its own secure programs, and also provide a method for surfing in a secure manner with what they call the "Secure Sessions Service".

The most important bit, they look swish too  ;D
Seriously though, as said, it does what it says on the tin, great for personal and enterprise usage. Like most things in the IT and Security marketplace, everyone is doing everything. So if your accident prown, and often fall over in puddles, the IronKey is the one for you.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Thu Jun 26, 2008 10:22 pm

Re: IronKey a joke ! Lets put it to the test!

Looks like they've now added support for Linux as well

https://forum.ironkey.com/showthread.php?t=976
<<

Dave_IronKey

Newbie
Newbie

Posts: 2

Joined: Fri Jun 27, 2008 10:49 am

Post Fri Jun 27, 2008 12:17 pm

Re: IronKey a joke ! Lets put it to the test!

Thanks everyone for a good discussion.

The IronKey Enterprise edition has also recently been released. It allows enterprise administrators to recover locked devices, to customize the password strength and self-destruct policies, to manage devices centrally, and to configure which software applications are available on the devices.

One difference between the IronKey AES encryption and that of others like SanDisk is that IronKey uses the correct mode of AES for large block encryption - cipher-block chaining (CBC).  SanDisk uses Electronic Code Book (ECB) which is not designed for blocks of data larger than about 32 bytes.  Here is a wikipedia entry that discusses the algorithmic differences and has some cool images to show the encryption differences.

http://en.wikipedia.org/wiki/Block_ciph ... _operation
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Fri Jun 27, 2008 1:40 pm

Re: IronKey a joke ! Lets put it to the test!

Welcome Dave! Can you explain to us how the "self destruct" feature works? I've been somewhat curious about that, as my asbestos-pocketed pants collection is rather limited.
<<

LSOChris

Post Sat Jun 28, 2008 2:48 pm

Re: IronKey a joke ! Lets put it to the test!

Dave_IronKey wrote:
One difference between the IronKey AES encryption and that of others like SanDisk is that IronKey uses the correct mode of AES for large block encryption - cipher-block chaining (CBC).  SanDisk uses Electronic Code Book (ECB) which is not designed for blocks of data larger than about 32 bytes.  Here is a wikipedia entry that discusses the algorithmic differences and has some cool images to show the encryption differences.

http://en.wikipedia.org/wiki/Block_ciph ... _operation



Do you have any numbers on the length of time and tools to actually crack that data via the different types of block cipher operations?  Does anything actually exists to brute force decrypt anything encrypted on an ironkey or something similar?

If one takes 50 years and the other takes 100 years is there really much of a difference?  I understand that computing power grows...blah blah blah.

For the average user how "lasting" is any data that would actually be stuck on a thumb, I guess that should drive anyones choices for encryption, not just USB sticks.
<<

billy786

Newbie
Newbie

Posts: 5

Joined: Tue Jun 17, 2008 8:14 pm

Post Sat Jun 28, 2008 4:25 pm

Re: IronKey a joke ! Lets put it to the test!

It looks like a decent piece of kit but forking out $150 for it is abit too much ;)

;D
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Jun 30, 2008 10:25 pm

Re: IronKey a joke ! Lets put it to the test!

I'm tempted to get one. Then again if I got one, I'd REALLY want to take it apart and see what was in it.
Next

Return to Hardware

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software