Comments on: The Ultimate Camouflage for the Digital World

By: RgrDgr

RgrDgr — Sat, 20 Mar 2010 03:10:07 +0000

Will this effectively circumvent the great firewall of China? I’m going over there for business and while I’m concerned that they might try and monitor my internet activity, I’m also concerned with what they may do if they find someone using this device to protect their anonymity.

By: MIKE25

MIKE25 — Thu, 11 Mar 2010 17:31:39 +0000

Brian,
Thanks for the input, it’s good to see some agencies are starting to take their online security up a notch.
-Mike

By: MIKE25

MIKE25 — Thu, 11 Mar 2010 17:27:50 +0000

Citizen Armory,
Thanks for the comments and critique, it’s obvious that there is a pretty wide range of user abilities when it comes to any of these tools. I would place myself pretty much in the middle of the pack with regard to tech tools and think the plug-and-play aspect of the IronKey gives those of us less tech savvy an easy way to manage our security for a relatively small investment.
-Mike

By: Citizen Armory

Citizen Armory — Thu, 11 Mar 2010 17:00:00 +0000

Chris, you have all valid points, but I’d like to clarify some things.
1) Perfectly true. TrueCrypt is a compromise that runs all in software and does indeed require admin rights to mount the drive. IronKey does require software, however, to unlock it, and so you are limited to machines you can execute your own applications on.
2) It was my mistake about using the public Tor network. The codebase they use for their anonymous network is a fork of the Tor project, but uses private servers: http://en.wikipedia.org/wiki/IronKey#Bundled_software Unfortunately, this requires IronKey never have down time, and that their network is never compromised (either lawfully or not) thus exposing all the IronKey user identities. It’s faster from what I hear, but the trade off is now you have to trust the company and the laws they’re regulated under.
3) A home-built secure USB drive does not have any authentication beyond the what-you-know mode. This means it cannot be remotely shut down, but by using a secure password I believe it can be effectively useless to someone who steals/finds it. The onboard self-destruct for IronKey is pretty slick though.

It’s a very cool product, and I think great for companies/governments, but for the individual I think a home-built solution is perfectly fine.

By: Brian

Brian — Thu, 11 Mar 2010 13:38:22 +0000

We use the IronKey within our department and it has filled the void of having portable and secure storage. We have deployed about 25 keys to date and they have been well received among our officers. Administration of our IronKeys has been fairly easy with little to no issues to date. When officers did receive their keys we put them through a brief 30 min inservice to explain its features and proper usage. A little training goes a long way!

Each of our keys was laser engraved (about $2.00 a key from a local guy) with a unique name that does not identify its owner by name. We used common names of trees, but you could use anything. The idea being that if one of the keys were to get lost or stolen the officer could identify his key, but the general public would not know its owner specifically. The contact information that is on file within the IronKey is that of the department, not the officers. The ability to remotely lock a key in the event that it is lost or stolen is nice.

The one issue that we have encountered is related to the key’s thickness. All of our officers have Tough Books mounted in their vehicles. Some of the mounts and how they are manipulated in the car limits where the key or how many USB items can be plugged in. If the USB slots are stacked vertically then it is very difficult to get more than one USB Key plugged in if the IronKey is plugged in as well. Some officers have resorted to using a small male/female cable that is of a standard thickness to extend the USB port so that stacked ports can be fully utilized.

On a personal note, I would like to see software support extended into the Mac world. I use both and love both, but the IronKey is designed primarily for a PC world, which is where most of the market share is located. The drive works with Mac, but only as secure storage. This is not a knock on the drive, but rather a personal wish. The IronKey does work within a virtual environment (VMWare, have not tested with Parallels) so a secure connection is not far if I am using the Mac.

By: Chris

Chris — Thu, 11 Mar 2010 01:42:41 +0000

You cannot make your own.
1) IronKey runs hardware encryption and does not require a device driver, so works for non-admins. It is also FIPS140-2 L3 physically secure with a hard limit on password attempts.

2) IronKey does not use the Tor network.

3) The onboard Identity Manager is in a private part of the silicon and not the filesystem. It can only be accessed via the onboard app. Thus the database cannot be copied and attacked.

By: julio delahuerta

julio delahuerta — Wed, 10 Mar 2010 21:27:22 +0000

Welcome MIKE25!

Great article, thanks for the info:-)

By: gilligan0211

gilligan0211 — Wed, 10 Mar 2010 21:24:22 +0000

I was going to say that :)

By: Citizen Armory

Citizen Armory — Wed, 10 Mar 2010 18:12:51 +0000

While the IronKey is cool because of it’s on-board encryption, it’s relatively simple to create your own on any standard USB drive.
1) The first step is to create an encrypted file container on the drive using TrueCrypt. Throw the Linux, Windows and Mac portable versions of TrueCrypt on it unencrypted. Then use the program to create a 2gb “file container”. This is actually a big block of encrypted space that, using TrueCrypt, you use exactly like a standard hard drive. Even better, it supports bigger than 256 keys, and can triple AES encrypt, or use Blowfish and Serpent in addition (slower, but theoretically more secure).
It’s not as hard as it sounds, just install TrueCrypt, create a file container, and play with it.

2) Get the Tor bundle. http://www.torproject.org/torbrowser/index.html.en
Using the same anonymizing network that IronKey does, it’s a portable version of Firefox that surfs anonymously. Keep it in your TrueCrypt file container, and anything you do in it will be safe and sound.

3) Get KeePass portable http://portableapps.com/apps/utilities/keepass_portable
This is a program that encrypts all your passwords using AES into a single, searchable file. In itself it’s encrypted, but you might as well keep it in the encrypted file container.

Those three steps above do 99% of the same things for free, and even better, you can customize the level of encryption you want. Just keep in mind it’s only as strong as your password, so use a good one. Since TrueCrypt supports unlimited password lengths, try memorizing a sentence with numbers and special characters for your password; just avoid well known mottos.

Good luck everyone, and stay safe out there.