IronKey.The world's Most Secure flash Drive.

Seen this Flash Drive and figured I will post It for whom may be interested.http://www.ironkey.com

 

The following quote is from their site:

"To prevent unauthorized people or crimeware (malicious software such as viruses and Trojans) from gaining access to your encrypted drive, the IronKey prevents password guessing attacks (e.g. brute-force or dictionary attacks). After 10 incorrect password attempts (and ample warnings), the IronKey locks out all further password attempts. It initiates a patent-pending self-destruct sequence that securely and permanently erases your encryption keys and data. You can use IronKey's Secure Backup software to restore your backed-up data to a new IronKey."

It explains that an attack could be safely defeated but would be expensive if the 10 attempts (from trojans on your own PC) lead to a self-destruct when, obviously, you're still in physical possession of the device.

Where's the backup then, on their server(s)? Yes, I know, a separate backup could be done to the "home PC data storage devices, which may also be encrypted.

So the trojan fails, your data is safe, but you have to buy a new device which may take a "day or three", and during that time you can't access your data.

I'm totally lost when talking about the following, but the same benefit/danger scenario applies:

"This IronKey Cryptochip is hardened against physical attacks such as power attacks and bus sniffing. It is physically impossible to tamper with its protected data or reset the password counter. If the Cryptochip detects a physical attack from a hacker, it will destroy the encryption keys, making the stored encrypted files inaccessible."
Need a new device then?

Device prices per Each range from 1GB-$79USD to 8GB-$299USD.
The 1GB would be sufficient for most data storage needs while still providing the very attractive password and anonymity features.

But, what's the annual cost to continue with the password and anonymity features? The prices are the same initially for both the Basic (no Internet Security features) and Personal (with the features) so there's no clue there. It would be good to know in advance rather than discovering later on that it's higher than you think reasonable.

And, how does the built-in Firefox browser get updated? Is it secure?

Rather short warranty period, other flash devices have up to 10 years warranty:
"All IronKeys carry a 90 Day Limited Warranty against defects in materials and workmanship."

Not withstanding the concerns expressed above, this sounds amazing (too amazing? ).

Jim C

 

It looks to be a Well made Device key word looks.It seems to offer a good security,But as you said the price from the basic to the personal is the same.Why would some by the basic then when you get for the money with personal.A bit confusion on the same points you made.It also seems more targeted for goverment officals of top secret files more then the Home user though.For $299.00 for the 8mb it should be 14 kt solid gold.

 

Your research just proves that both you and the authors missed my points above.
Neither article questioned the lack of pricing for the annual Internet Protection nor did they stress the caution that the device may be forced to self-destruct requiring purchase of a new device nor the maintenance of the "built-in" Firefox.

The manufacturer should provide a means to recover from the "destruction" if you can prove that you are the owner without having to purchase a new device. I don't mean when there's outright theft or loss, i.e. when you no longer have possession, I mean when you lock down the device and leave your PC logged in (as opposed to using a password protected screen saver) and some fool decides to try to access your device, possibly just for fun, then it can be "lost" in a different way (not stolen, just useless).
To again quote the marketing fluff:
"If someone does happen to gain access to your flash drive and they fail to type in the correct password more than 10 times, IronKey will self-destruct, permanently locking out users and wiping out all the data on the drive".
That's a definite loss.

Faster transfers, longer life aren't really that important. Most will buy USB 3.0 devices soon.
Yes, the rest of the features look very good.

 

Hey I appreciate the additional info it did shed more light.I am really thinking about it my self. I have been looking around at some but I like that it is waterproof not that I plan on river raft in the rapid waters and the constrution is or seems excellent.

 

At $299US for a 8GB, I'm not that desperate

 

Can you say the same thing about the computer in your sig?
Sorry, i couldn't resist i just wish i had that computer .

 

And also to JRViejo, I appreciate your explanation, I took the original post the wrong way, so........

I guess the best approach is to go to the manufacturer, which I did just now. I sent them the following (very succinct compared to my previous posts verbosity):
"1) Cost to renew annual Internet protection? I couldn't find it.
2) Suggest you provide a means to reactivate after self-destruct if owner is in possession of device. example: my young grandchildren may innocently try to unlock the device yet I still possess it and don't want to buy a new one.
See discussion in thread http://www.wilderssecurity.com/showthread.php?t=227110"

I should get a response within 2 days (their claim), and I'll share it with you folks. Who knows, they may even post here themselves.

Jim C

 

Hey great lets see how they respond,I have not thought of doing that good thinking JW and thanks for your efforts.

 

Thanks Dave.
I actually may buy the 1GB. It's big enough for my truly private financial data which I do take with me when I travel and if the stick was physically lost then the IronKey self-destruct is perfect.
The Internet protection is a bit of icing on the cake if not too expensive.
I currently carry two Corsair Survivors which use TrueCrypt security so my data's reasonably safe if I suddenly went swimming with them in my pocket or was run over by a 'big truck'. I might drown or resemble a flat cartoon character, but my son could recover the data . On the other hand, they are more vulnerable than the I-Key.
So, will I buy one? It depends on their answers.
Jim C

 

In response to the numerous people who say 'My kid accidentally got hold of the key and caused it to self destruct' / 'left it in the computer and some joker ..etc', The first, F I R S T, thing anyone will tell you about security of anything is 'Once you've lost the physical security of the device, the battle is almost over.' This is especially true with PCs. The best security in the world on a computer becomes moot the moment an attacker actually has his hands on the computer itself. (Face it, even a root password can be reset on a Linux box if you have access to the hardware, unless the drive is encrypted.)

If security is important enough to you that you are willing to drop $80 for a 1GB USB Key, you are not going to simply 'leave it in the machine' or leave it somewhere that your grand kids are going to. If you do, two things, you are not as serious about security as you think you are, and if you lose all the data on the drive its YOUR OWN FAULT. Take frigging responsibility for yourself. If you leave your USB key somewhere and someone causes it to self destruct because YOU were sloppy, why is it the responsibility of IronKeys Makers to have a 'Fix' for it?? its NOT.

Sorry... I'm just tired of "Security Conscious" people asking for back doors 'just in case they do something stupid' that's 'not their fault.'

(PS. That's also what backups are for to have copies of 'lost' data itself.)

 

I see your point here. However, you have to account for the fact that everyone makes mistakes. Since USB flash drives are small, it is really easy for them to get lost.

 

Nothing like a good flame on a cold winter's day to keep us all warm and cozy, thanks Kooky
JW
PS You missed my points totaly!

 

So's your housekey, but if you lose it you don't demand the locksmith come and open your front door now do you? Or say that the locksmith is responsible for providing you a new key to your door? No you have duplicates made (Backup your data elsewhere) and know that if you lose all your keys then you need to pay to have a new lock put in. (Or just buy the lock if your the handy-man type.)

JW - We both posted around the same time so let me respond to you. Yes, it is damn cold and a flame is great, but I was not really intending to flame you. I'm just complaining about the fact that no one wants to accept responsibility for their own actions. I went back and re-read your first post of the thread,

You go on to talk about how all the self destructs require a 'new purchase' of a fresh drive and it comes off sounding as if you are complaining about that fact. From a security and common sense standpoint, the odds are significantly in favor that you will have to purchase a new drive anyways. Why? Because most 'attackers' are going to steal your usb key, so you will never see it again anyways. QED you'll need to buy a new device. So perhaps you can explain why one of your biggest complaints is the fact that you have to buy a new key in many situations? Odds are your key is likely to be stolen as opposed to destroyed while still in your possession.

With regards the line I quoted, if your data is properly backed up locally on your drive, why would you have to wait five minutes to have access to it?

 

The analogy is that I wouldn't want to have to buy a new house. Of course I'd politely ask a lock smith to help me, and I'd pay him a reasonable fee, I certainly wouldn't *demand* his help or expect it to be free. And, I wouldn't keep another house with duplicates of everything . (I do have multiple backups of my financial data though, being the sensible thing for this type of thing). You're fighting a battle which you can't really win, that's so sad. Take two aspirins but, please, I ask you politely, don't call me tomorrow morning.

 

If lost or stolen, the self destruct is perfect and I'd buy a new drive. No disagreement there, that's two of the many situations. A third situation, based on the marketing description provided by IronKey, is that there could be a trojan on an improperly protected machine, not mine surely, which would attempt to gain access. The description didn't explain clearly enough how this might work so I took the worst case scenario which was that the trojan could make 10 attempts so quickly that I couldn't stop it and the drive self destructs. In that scenario, I'm away from home and my PC backup. The backup provided by IronKey requires a new device for recovery from their servers. If I'm on a two week trip and this happens during the first few days the fastest recovery would be to buy a new drive, recover my backup from the IronKey server, etc. Or, as I suggested/requested, they provide a secure 'backdoor' to allow me to resurect my key. Notice in my post above that I carry 2 drives, each cost close to $100CAD, so I'm not really unconscious to basic security and back ups, paranoid maybe. Personally I'd still carry them, and if a trojan 'got my IronKey' I'll be happier than if it was able to steal data from my Crucials, although they are encrypted, etc. I'd find a different PC, pop in a Crucial and recover as best I could. (and hope it didn't have a trojan) The fourth situation is that someone tries to gain access, similar to the trojan, when I'd left the drive in a PC in a 'locked' state. That won't happen to me, I won't leave it plugged in (unless I forget, which is possible). Ergo, if my math is correct, we now realize that 'many = 4, or more?'.
I understand that the IronKey provides an extra level of security, which has value, but I'd still like a back door.
--------------------
I received a reply from IronKey yesterday. The annual cost for the Internet Protection is $24USD which is very reasonable. The device pricing is a bit unclear but the Personal at $79 includes the I.P. suggesting that the device cost is only $55, however the Basic is also priced at $79.
They confirmed that self detruct is permanent at present, but my request would be passed on to their product management group for consideration. Does that mean that they might offer an 'insurance policy' of some sort? Only time will tell.

 

yes thanks JW.

 

I got another answer from IronKey tech support, two answers actually.
1) Apparently my concern about potential attacks from a trojan is answered by the following:
[The device has to be unlocked (to have access to the encryption keys that decrypt the data). After 3 incorrect password entries (by the Trojan), the device must be physically removed and then reinserted. A prompt appears informing the user that the device needs to be unplugged and why.]
So, that's safe enough then.
2. [Any add-ons that are compatible with the Fire Fox web browser can also be added to the IronKey's on board Fire Fox.]
And that's good too. They did point out that there's still a problem with FF 3.0 and that users should continue to use (and maintain) FF 2.xxxx until IK can resolve it.
Still sensible, and they do provide instructions on how to revert FF backwards if a user upgrades to FF 3.0xx inadvertently. So that's a good and responsible thing for them to do.
In summary, if you lose physical control, the device protects you by self destructing. If you keep physical control, sneaky trojans can't get past the security but the device doesn't self destruct. You get extra Internet protection for a reasonable $25USD/year and the Firefox on a stick which is part of the Internet protection means that you can use it on any PC, not just your own.
They deserve a .
Jim C.

 

Nice

 

very Nice even Nicer if fox 3 gets on.