A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Ironkey High Security Flash Drive: Use and Review (Hacking Illustrated Series InfoSec Tutorial Videos)

Ironkey High Security Flash Drive: Use and Review

The Ironkey is a high security thumb drive designed to provide strong AES encryption, tamper resistance and other security services. I'd seen the Ironkey advertised quite a bit, and even read about its crypto systems and ruggedness, but was left wondering about how it works in operation. Since the hardcore tech side has been covered elsewhere, I'll concentrate on the Ironkey's usability and features. Some of the topics covered will include: How is the drive mounted without admin privileges in Windows? How is it mounted in Linux? How does the "Self Destruct" feature work? What is Secure Sessions? How is the Ironkey better than just using Truecrypt? I made this video to answer those sorts of questions for myself and others. If you want more details on the crypto involved, see the links section at the end of this video. The model I will be working with is the 1GB Ironkey Personal. I'll show its use and give my opinions on the device.

.

If the embedded video below does not show RIGHT click here to save the file to your hard drive.

Slightly after I posted my video, Marc Luo from Ironkey sent me the following email. It may clarify some of my points in the video:

Hi Adrian,

I enjoyed your video. You definitely spent a lot of time playing around with the product.

Couple of points:

For linux you're for the most part correct. Depending on the distribution, it may require root access in order to mount the cd-rom. Some distributions like ubuntu mounts the drive automatically for a user who does not have root. A partial way around this is to copy the unlocker program onto the linux machine. If a user can execute the unlocker program, then they do not need to mount the cd-rom or have root access.

We are currently in process of changing the backup to hide the file names. Not the first time we've heard this. J

The keys that encrypt the IronKey never leave the crypto chip. When the backup is done, new keys are generated and the backup is generated and encrypted. In order to retrieve the backup an IronKey needs to start the process (whether it's the original or a different one). In order to decrypt the backup the password for the original IronKey is needed.

As for cost, part of it is the dual SLC flash that is used. It's much more expensive than MLC. SLC is by far higher quality. In addition the crypto chip and quality of the drive itself is second to none. IronKey is cost competitive or cheaper than drives that are classified in the same category.

Size is partially due to the dual SLC. IronKey wants the drive to be of a certain size so that it looks and feels like a substantial product that is difficult to lose.

I believe in the pros should be the hardware encryption, which we believe is far superior to software encryption (ie. Truecrypt). Also the added features like the password manager and backup. There will be more applications to come in the future that will be free updates.

Not really sure what you mean by non open source crypto. We use AES CBC that has been certified FIPs level 2. We've had outside auditors look at the source code to make sure it meets the highest standards.

The IronKey is on the expensive side if you're just looking for a usb mass storage drive. It all depends on where your priorities are. If you are security conscious, and looking for applications to protect your presence on the web and protect sensitive data in a portable manner, then I believe the IronKey is a small cost.

Thank you for your thorough video of the how-to's of the IronKey. You did an outstanding job.

Let me know if you have any questions, and we're always looking for suggestions on how to make the product better.

Thanks,

Marc

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast