so this might be the holy grail of privacy and security

Well if Wilders starts banning spooks I am in trouble

On a serious note for a minute, can you elaborate on the issue with Netwitness? I've personally never handled their products in an enterprise environment though it comes off as nothing more a commercial IDS/ event managment system with auditing/logging features thrown into some catchy marketing terms. Unless I missed something? There are manya systems produced by companies like Netwitness used in large private networking environments. You need these tools to do your job correctly if you are a network admin or need to identify an attack vector or acquire evidence an attack has occurred.

 

Sandisk is also involved in the IronKey btw ..
http://www.haaretz.com/print-editio...tech-industry-a-branch-of-the-mossad-1.255520

I'm not saying this is his brother or cousin, because I don't know it for a fact, yet, but ...
http://www.haaretz.com/print-edition/news/tales-of-harari-in-italy-1.284317

Highly related, originally from FOX NEWS, of all places :
http://www.veoh.com/watch/v552406rYaXEFgw?h1=Banned Fox News Video: 9/11 The Israeli Connection

 

good or bad?

 

we've been using ironkeys for years... funny this thread was just posted now

they run their own private tor servers but whoooo knowssss what they do w the logs, for storage tho probably fine to use. they are actually used in govt as well.

the drive itself is constructed very well, encased in a block of aluminium embedded w epoxy w a rubber grommet around the male end. the cap is stainless w a rubber grommet around it to keep water out of the connector. ironically i drop these things the least bc they're heavier than regular usb drives

 

Except with hardware encryption. There is no way to image or clone a drive with hardware encryption at FIPS 140-2 Levels 3 and 4 (and it be useful in any way). Beginning at Level 3, the physical security of the cryptoprocessor, encased within the drive itself, is protected from any kind of physical tampering, including a cold-boot attack (all processing is done on the chip and nothing is ever cached to the computer memory). The self-destruct feature with this kind of device really does, in a BIG way - serve a useful purpose. The drive will self-erase after X number attempts and also self-erase at attempts to tamper with the device in physical form. Software encryption? You said it right, it's a gimmick as the target drive can always be cloned and as many attempts as necessary can be made in an attack on the drive encrypted only with software. Keep in mind, I mean "only" keeping with the above context.

 

I personally own and have used ironkey's. I trust them and here's why:

1) I have worked in the private sector with agencies and they use them in the field. If they were backdoor'd why would they use them?

2) They have been known to have been used by the US military.


3) It's FIPS 140-2 Level 3 certified. This means any attempt to open it or tamper with it will activate the self-destruct destroying all data and rendering it useless. The cryptochip is also shielded to prevent reading even by an electron-microscope.

4) Companies can requests to view sources and perform audits (so I've read not sure if this one is valid)

5)Steve Gibson of security Now and GRC personally recommends them.

Now I know point one is just my word and no one needs to believe it. But if you are concerned at all you can always buy one and encrypt it's volume (after mounting it with it's password) with truecrypt. This means you get good hardware encryption and IF it turns out there is a backdoor or flaw in it you can always fall back on TC encrypted drive.

This is how I do it. I use the IK normally with a password, mount it and it's encrypted volume is encrypted with TrueCrypt with AES-Serpent-Two fish. Inside that most files are encrypted with GPG and I have a keepass database. There are 3 levels of encryption and I REALLY doubt any one of them can be broken.

So even if you don't trust the IK against say the CIA, you could buy one and use it with TC and then you do have the hardware protection against sophisticated attackers. it would guarantee the device was destroyed after 10 attempts fail if it got stolen.

 

you have a point

 

Steve Gibson, LOL...

 

He's very smart and knows the ins and outs of cryptography. No Bruce schneier. But reputable none-the-less.

 

You've come up with something like...eh...Spinrite?
Yes?->Kudos! No?->LOL!
Just janking your chain Dasfox, what's wrong with Steve Gibson?

 

Spinrite ..
You mean the program that can 're-magnetize' a HDD ??
ROFL

x942 wrote :

Yes, because they are FIPS-approved and said agencies need to comply with federal guidelines .
However, some of the so-called 'secure' drives that where 'hacked' where ALSO FIPS-approved . Did that guarantee anything ?

Besides, why wouldn't the US military use something made by a Sandisk spin-off ? Sandisk is a HUGE military contractor !
On the other side : If anybody has the know-how and the resources to create a device that actually IS secure..
So, again it all boils down to : Who do you trust and what do you place that trust in ?

 

It doesn't really matter, not even the NSA has access to the energy required to perform a bruteforce-attack on a AES key .. Even IF the US-taxpayer would foot the bill .. It would take longer than the ACTUAL age of the Universe to exhaust just HALF of the key-space.
Destruction of the data after less than 10 attempts only makes sense if you don't really trust the encryption . The problem with these flash-drives is :
Do they use a user-generated key for the actual encryption or not ?
Most of them don't, the password you enter has NOTHING to do with the key used for encryption, it's simply a ATA-password that unlocks access to the storage-area . And the cool 007-self-destruct gimmick is also part of the ATA Security .
How do I know this : Because I have experience with flash-controllers and the production-tools used to configure them . I even know what box to tick to make sure the encryption-key is flashed to the controller !

 

well i guess this is a joke then , thanks bro

 

PGP is FIPS certified too and it's NOT used by any organization I have worked with ever.

Here's the thing all of those drives that have been broken were broken within weeks of being released. They never lasted as long as the IK. If there was a gaping whole like those other drives had than it would have been found by now. I have run tests against it and so have many others.

As far as the military goes, they would NOT use something they felt wasn't secure. If there was any doubt it wouldn't be used. We are talking about some of the most paranoid people out there. If there are issues they don't know about them.

 

x,

There sure have been some faux pa's with military security though: Manning's CD Writer on a 'class' workstation, unencrypted Predator feeds, the UAV virus, etc... Lowest bidder...

PD

 

As I said though it's not the only reason I trust it. However I also encrypt it with TrueCrypt. The likely hood of both containing flaws is pretty slim.

 

Missed that. It doesn't 're-magnetize' the HDD at all. My understanding is it mathematically moves blocks around to attempt to repair SOME bad blocks. I have used it with success but it doesn't always work ( I would say 60/40 in favour of working). I think of it as an over glorified defrag