computer forensics

Discussion in 'privacy technology' started by FileShredder, Nov 15, 2012.

Thread Status:
Not open for further replies.
  1. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Does anyone here work with computers in computer forensics?

    I just bought an ironkey usb drive and from its claims, it seems that it foils any attempts to gain unauthorized access, including a compound that destroys the data if attempts are made to physically access it. While I have no intention of annoying 3 letter agencies to the point they would devote any resources to me, I still would like to know if its as good as it says. "If it sounds to good to be true..." As my dad used to say.

    Do any tech guys come across Ironkeys, and if you do are they dealt with any differently than a regular usb that's been filled with a truecrypt container. I'm guessing you can bypass the 10 password tries by imaging the drive or something, but I use a complex enough password that I'm not bothered about bruteforcing.
     
  2. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Don't know if you can image the encrypted data but it wouldn't do an attacker any good anyway.
    My understanding is that the master encryption keys that unlock the main drive are what is decrypted by the password. After the max PW tries are exceeded, the Ironkey destroys these keys. With the Ironkey, there is no way to read out the encrypted key data. Once this encrypted key data is destroyed, the link between the password and the main data is lost. You would have to brute force the master keys.

    This is a big advantage of hardware based encryption. You can use a lower security password because only a few guesses are allowed. If you have a 4 digit number, for example, and you configure for max of 3 tries before self destruct, your attacker only has a 0.03% chance of gaining access if trying random numbers.
     
  3. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Could you dumb it down for me a bit, I'm only self-taught in computing. Short of a revolutionary new concept in computing, does ten tries really mean ten tries? I was always under the impression that if someone could clone an encrypted system, they would have virtually unlimited attempts, as they could make more copies and move onto a new one when they hit the limit.
     
  4. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Sorry, not trying to blow you away with techno babble.
    Technically, you are correct but the reality is that after 10 tries, the data is, for all intents and purposes, garbage.
    After the 10th try fails, the Ironkey fries some circuitry on the chip that holds the master keys to the main encrypted drive. After that happens, you are left with trying to guess the master keys. Ironkey uses 256 AES so the master keys are at least 256 bits. This would be 256 totally random bits. It would take longer than the age of the universe to brute force guess the master keys.
    A person could attempt to take the Ironkey apart and access the chip that holds the encrypted keys but, as you said, they have implemented countermeasures that fry the master keys if you try to crack it open. Maybe the NSA has developed some techniques for gaining access to the chip that holds the keys but I would expect that they only have limited success. If they were to get the encrypted keys, they could try brute forcing the password. If you use a strong password, they would have spent many thousands of dollars to get to that point but would still be stuck brute force guessing your password.
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Chiraldude is right, there is a big difference between software and hardware encryption and 'self-destruct' mechanisms. It actually works with hardware encryption because you cannot image the drive and end up with a decrypted drive. With software encryption, the drive is imaged and they can make infinite number of attempts. Hardware encryption also busts all attempts to physically separate the chip from the encrypted data - even minor attempts will destroy the data forever.
     
  6. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    It came in the post today. I did a spyware scan on my windows machine before plugging it in and making a 20 character password I've never used anywhere else. I skipped the part about activating it online, because the Ironkey servers are located in the US. Physically, it feels a lot better than some of the cheap plastic drives I have.

    On tails there is no option to one-click "lock drive" it says to dismount then unplug the device, so I did "safely remove drive" and then unplugged it. I like ironkeys interface on Windows better, apart from the fact that it's Windows.

    I did a bit of reading overnight into it, and I'm now convinced that my money was well invested, after initially thinking "Should I have paid this much" a few minutes after checkout.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Iron Key is great IF you trust the mfg company. I have high regard for them but the fact is, its really about as closed source as it can get. Their whole security reputation rests upon being what they claim.

    Although very remote, there is the smallest chance that a "45 digit" secret key opens all Iron Keys. Don't freak out, I just mean that a hardware based closed source solution does in fact have such a possibility.
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    It wasn't done with a lot of noise, but IronKey quietly sold their encrypted drive business to Imation about a year ago. The 'old' IronKey is no more. In fact, the rest of the company announced less than a month ago they have changed their name to Marble Cloud Security.

    In my opinion, the best bang for the buck with quality encrypted USB flash drives and even hardware encrypted SSD's are manufactured by Integral.
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    +1


    345
     
  10. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    HI
    This might help, even if online password resetting is not always an interesting idea
    https://support.ironkey.com/article/700
    https://my.ironkey.com/resetpassword

    It is true that Ironkey provide products among the most reliable in the market.
    Vulnerabilty that affect software design of some NIST FIPS certified popular usb keys has not affected Ironkey solutions
    With the help of Ollydbg, no need bruteforce attack
    https://www.syss.de/fileadmin/resso...e/SySS_Cracks_Yet_Another_USB_Flash_Drive.pdf
    As Ironkey isolates the encryption scheme on the hardware device, this mitigate most host/pc based attacks, even cold boot attacks.

    https://support.ironkey.com/article/526

    I suggest the read of these few articles, especially when the products are used in critical IT departments
    http://spritesmods.com/?art=secustick&page=1
    But as Ironkeys seems to have been used by US military, especially in the Afghan war, there is no doubt that this product is studied in some Chinese military labs.
    The race to be the most secure usb key is not finished and not limited to Ironkey.
    Amomg others interesting secure devices (iris biometric authentication etc), an old school one and challenge for lockpicking fans with Cryptkey
    http://www.kickstarter.com/projects/crypteks/crypteks-usbtm-encrypted-and-lockable-usb-solution

    Rgds
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm curious as to how the "IronKey" brand will work now that it's rolling out again under its new owners. Imation makes some decent products, but they don't have the reputation that the IronKey people had and they've gone on to other things. A lot of the above that you posted was specs and info about the "old" IronKey --- which no longer exists.
     
  12. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    ive been in debate months ago about this myself , seriously why even bother when you can get perfect encryption with truecrypt , no need for hardware level encryption as long as your passphrase has a high enough entropy, costs you exactly 0 bucks + dont forget if you reach a border or take a flight or such there can be instances of officers asking for your encryption pass or its a no go remember theyve changed the laws to accustom encryption going around nowadays , not to mention tc offers hidden partitions in encrypted partitions , id say thats more than sufficient enough of a reason not to waste money
     
    Last edited: Dec 2, 2012
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I use and like Truecrypt, but I also know the vulnerabilities of software encryption. There's no question that true hardware encryption is far more secure due to its tamper-proof abilities to thwart a physical attack. Look at the government contractors in the US offering encryption, they don't even bother with software encryption any longer at most departments within the federal government.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    only physical attack youd have to be afraid about would be a coldboot attack on the ram , and if you use jbweld it shouldnt be a problem ;) , hardware keyloggers will log you be it hardware or software encryption unless your entering your os passphrases in a program like neos safekeys etc

    p.s: i wouldnt be counting on what the government does since most of what they do is to lead people into the wrong sense of security aka potential backdoors , only way if id use hardware encryption at all would be by previously encrypting it with tc , thats IF , wich wont happen , as said remember if lets say you was under suspicion of carrying data of interest , and they require you to give them the encryption keys you MUST by law , so then without you using tc and its hidden volume ability youll be in deep crap since potential data would be out in the open then , btw 2 factor authentication isnt all its cracked up to be since if someone gets ahold of that key theyll already have one part to start the bruteforce


    and in the end a 5 dollar wrench does alot of talking too if you know what i mean , depending on how important your private data is to you , as i always say preventive measures is where its all at , waiting till crap hits the fan is the wrong idea same goes for so called "innocent" and hard working civilians as we all are and have nothing to hide lol , by our own point of view wich is FALSE ,laws can be changed and bent to will and are so all the time , ;)
     
    Last edited: Dec 2, 2012
  15. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I'd say its based on sensitivity level and the different scenarios you are trying to protect against. You will not see confidential FOUO information being run in top of the line hardware based encryption systems. Most government agencies do not directly deal with or handle S/TS information. There is still a need for and environments where software encryption is preferred over its hardware based cousin.
     
  16. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    thank you ;)
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I understand what you're saying, but the biggest physical threat I am talking about is the ability for an attacker to go after your container, volume, system at will, it can be imaged and they have infinite attempts to hack away. That cannot happen with hardware encryption.

    The federal government, at least in the United States, certainly doesn't actually deploy systems at the highest level just to "throw off" people. If they wanted to do anything like that they would create an open-source software solution with a very limited license, make it as good or better than competing commercial software, do it all anonymously as a "foundation," give it away for free, maintain it regularly and do so for eight years until it is widely accepted and in use by untold users around the world. Oh wait....

    Don't get me wrong, I really do like and use Truecrypt. I love it. But, I also know that all of the above (and more) is enough for the crypto community to accept that there are legitimate reasons for what's called "reasonable paranoia." And, I also know that there really is no serious dispute as to whether hardware encryption is more secure than software. It really all depends on your threat model and for 99% of the people Truecrypt is great. I'll say it again, I USE IT!

    `
     
  18. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I was critiquing on the government remark, lockbox is still correct with the advantages hardware has over software encryption. It does have disadvantages, but that is more so in terms of cost and scalability.

    While the government isn't all rainbows and unicorns, the information it provides to the IT industry is sound. The many publications released by NIST/NSA and security implementations guides (STIG) released by DISA into the public domain are valid and considered good industry practice. It doesnt make sense to misinform the public as the government would only hurt itself in the end.
     
  19. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    This is a good post. Though you disagree with me on what the government may or may not use, I think what you had to say about the general information from them is sound. Really, we may not even disagree. I was speaking of use at the highest levels of the federal government. They use NSA Suite A with hardware encryption. It's debatable that it's in the best interest for them to actually use their own algorithms, all we know is that's what they do. I'm not going to question the NSA who hires the best and brightest from MIT, Stanford, CalTech, etc. The best cryptographers/cryptanalysts in the world work at the NSA.
     
  20. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    ok makes sense , perhaps im just abit too paranoid ;), so if you can afford it get an extra layer ontop aka hardware encryption from integral etc, with it there is no drive imaging possible , unless ! that is they require you to give up the pass once again , then what, then they image your drive in the end and get to the infinite bruteforce attempts , wich puts us to the same thing again a 5 dollar wrench most likely will be more cost effective than them wasting time on you ;), but we use tc anyway in order to keep our private data safe as should everyone concerned about theyre data, if you trully wanna keep your data safe then make it invisible aka hidden volume not even in aeons will they be able to bruteforce that given a high entropy passphrase and plausible deniability
     
    Last edited: Dec 2, 2012
  21. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Well yes, if we are talking about the "brighter colors" of information classification then yes I'd agree with your original point. As there would be a greater need to protect the medium it resides on.


    Well you know what they say; double the encryption, double the strength. I personally prefer 2048(ROT13) as my cipher of choice. However in all seriousness for personal use a FDE drive at the hardware level or software level will offer excellent protection.
     
  22. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    Its really a question of trust. With software cryptography there is a higher chance that the source code could be vetted by the right people, in comparison to a hardware solution. In order to assess the competence of hardware encryption, it would be cost prohibitive process, in order to reverse engineer the mechanisms used. Thats to say nothing of the scarcity of expertise needed to carry out such a feat. This is also a process encumbered with patent protections and legal issues. Competence and trust in crypto is strongly dependent on peer review of the ciphers and implementations used. It is in your interest to pick something that has the most eyes on it. Period. Dealing with a company entails the risk that they may have been bribed or coreced into adding a few surprises into the pudding, which you will never know about if they have been served a NSL.

    So in conclusion, its more likely that the hardware self-encrypting drive has been badly diesgned and/or backdoored than the probablility of a solid software solution fallling apart against a resourceful attack with infinite re-imaging.

    Now while I don't doubt the abilties of certain government bodies, some of the things they do jsut goes against common sense and intuition. The obvious example is their use of certain intercept software that was made in another country.
     
  23. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    this +1 , exactly what i was saying, good to know im not the only one paranoid enough around here ;)
     
Loading...
Thread Status:
Not open for further replies.