this post was submitted on 19 Feb 2024
227 points (97.5% liked)

Privacy

31868 readers
240 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?


It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 8 months ago* (last edited 8 months ago) (2 children)

They are interesting. But they are a huge red flag and scream examine me if it's in your luggage and your crossing a boarder.

I'm somewhat dubious about a hardware system not having long term undiscovered flaws. Be sure to use software based data protection on top of the hardware solution.

[–] [email protected] 3 points 8 months ago

Depending one where you are this may may be seen as normal in many airports as this isn't uncommon in a business setting

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

But they are a huge red flag and scream examine me if it’s in your luggage and your crossing a boarder.

Good point. I guess you'd need to look into key disclosure laws at that point if they were in your threat model

[–] [email protected] 5 points 8 months ago* (last edited 8 months ago) (2 children)

What is your use case for this?

  • Confidential files in a public setting? Don't fucking bring confidential files to a public setting. But if you must, a big bulky laptop with (good) FDE is a lot more sequre than a flash drive someone can pickpocket.
  • Border crossing? Guess what? You paint a MASSIVE red flag on your back and get to learn that you don't actually have all that many rights in the time between stepping on foreign soil and being admitted by customs. Congrats, you gave them the wrong code three times and it got wiped. They are going to break your face and put you in a black site.
  • Hiding sensitive/highly illegal content in the event of a police investigation: Yeah... if you are at the point where there is a warrant (or black van) out for your arrest than it really doesn't matter if they can see whatever you were looking at last night.

At my old job we required these for "thumb drives" and all they ever did was make reformatting machines pure hell.

load more comments (2 replies)
[–] [email protected] 4 points 8 months ago

I have one as a 'last resort' option. It's got backups of BitWarden, Aegis and Standard Notes and is only connected to my machine during backups.

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (2 children)

I have a USB drive with a keypad on it, it stores my FIPS Compliant SSH-key for IL-5 government systems. I unlock it to add my key into my ssh-agent, and don't use it for anything else. Though it is an 8gig USB stick, so I could in theory run some kind of security/pen testing flavor of linux plus a VPN Client to connect to said systems.

load more comments (2 replies)
[–] [email protected] 3 points 8 months ago (2 children)

I'll store my weird shit on an unsecured hard drive stashed in the woods. Like those that came before me, and those before me.

[–] [email protected] 2 points 8 months ago (1 children)

You meant and those before them right ?

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 3 points 8 months ago (1 children)

Seems like it's a good starting point.

I wonder if you can encrypt the files prior to storing them on the key, which would then encrypt them a second time with a different method. Would the compromise the data in any meaningful way? Or would it mean that you had to decrypt the key and then decrypt the data a second time?

[–] [email protected] 2 points 8 months ago (3 children)

I believe you would have to decrypt them a second time. For example if you wanted to be real secure you could have the USB device, an encrypted folder that holds important documents and files you want to back up, and inside of that could be a password database that requires a Yubikey or similar device.

I believe what you are talking about is kind of like using a combination of cascading algorithms like AES->Twofish–>Serpent.

I could be wrong though. If I am I hope someone can correct me.

load more comments (3 replies)
[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

Couldn't the data be cloned and cracked off device without having to worry about the pin code?

[–] [email protected] 3 points 8 months ago

I have this device and use it to store my keepassxc and onlykey backups, and it's useful to me because I've stopped using passwords (I only need to remember the pins for these devices which can unlock my keepass dbs that have everything else).

It seems secure enough for my use case, especially since the files I store in it are themselves encrypted (the onlykey backup still requires a pin), but I still want them to be difficult to access.

I've had to rely on it before but only because I didn't prepare a backup onlykey ahead of time- ideally it should be one of many recovery methods. But so far it's worked great for me.

[–] [email protected] 2 points 8 months ago

I use them in my job and I find them better than the software only solution and I like them when I have to use them for sensitive file transfers.

[–] [email protected] 2 points 8 months ago

I see one use-case, If you're going w/ sth illegal as hell to a place where you might get arrested and searched for just being there i.e a protest, nuking your (illegal) data might save your ass.

load more comments
view more: ‹ prev next ›