|
|
|
|
12-16-2007, 03:27 PM
|
#1 |
Ironkey
I need a peer-review of the product called "Ironkey", if anyone has
anythning to say about it. LC |
|
|
|
12-17-2007, 06:14 AM
|
#2 |
|
Posts: n/a
|
Re: Ironkey
LC <> writes:
> I need a peer-review of the product called "Ironkey", if anyone has > anythning to say about it. It seems to show up a lot in banner ads of security related web sites. -- Todd H. http://www.toddh.net/ Todd H. |
|
|
|
12-17-2007, 02:06 PM
|
#3 |
|
Posts: n/a
|
Re: Ironkey
Yes, thanks. I didn't want to seem like a spammer, but the link to the
product is ironkey.com I'm not a security expert, so I need to have those who are pick this product apart, or give the pros and cons so I can decide if it's what I want to buy. Thanks to those who help. (Todd H.) wrote in news:: > > It seems to show up a lot in banner ads of security related web > sites. > > LC |
|
|
|
12-17-2007, 03:15 PM
|
#4 |
|
Posts: n/a
|
Re: Ironkey
LC <> writes:
> Yes, thanks. I didn't want to seem like a spammer, but the link to the > product is ironkey.com I'm not a security expert, so I need to have those > who are pick this product apart, or give the pros and cons so I can decide > if it's what I want to buy. Thanks to those who help. At the end of the day, it's a usb key. It'll be no more secure than any ole usb key used with a strong encryption program (such as PGP or GPG). Whether it's in an easier to use form becomes the question. But before that can be considered, describe your needs for a usb key. Are you having to use one among several different operating systems? What I'm curious about them... is the hardware encryption implemented in such a way to make it work cross-platform. If so, it'd be something I'd consider. -- Todd H. http://www.toddh.net/ Todd H. |
|
|
|
12-17-2007, 04:02 PM
|
#5 |
|
Posts: n/a
|
Re: Ironkey
(Todd H.) writes: > At the end of the day, it's a usb key. It'll be no more secure than > any ole usb key used with a strong encryption program (such as PGP or > GPG). Whether it's in an easier to use form becomes the question. > > But before that can be considered, describe your needs for a usb key. > Are you having to use one among several different operating systems? > > What I'm curious about them... is the hardware encryption implemented > in such a way to make it work cross-platform. If so, it'd be > something I'd consider. part of the issue these days is how to deal with compromised PCs (some numbers are possibly one out of five) ... like trying to eliminate any possibility things like a password would ever be typed at a keyboard .... and picked up by a logger. keeping the file encrypting containing all the passwords helps in the case of stolen laptop ... but that appears to be a radically smaller number than the total number of compromised PCs. encrypted password file doesn't help with loggers that work when the password is actually being used ... and therefor decrypted .... it would be nice to have a single solution that addresses both problems (especially the significantly larger problem). this has somewhat given rise to the visual keyboards operated by mouse clicks. some discussion in this thread: http://www.garlic.com/~lynn/2007u.html#76 however, almost immediately after the appearance of such approach, the crooks had loggers that could capture screens and mouse operations. there was then some iterations attempting to obscure the screens .... which is ongoing (loosing) battle. There has been some recent comments that not being able to keep in with the crooks regarding obscuring the screen ... is the doom of secure online sessions. however, the crooks had never promised that they would only limit what a compromised PC might do to just logging ... long winded discussion here http://www.garlic.com/~lynn/2007u.html#76 with some other ways a compromised PC might react. Part of the issue is knowing whether or not any human interaction was actually involved in specific operations (or being simulated by some virus/trojan in a compromised PC). This was studied in the 90s in conjunction with formulating the EU finread terminal standard as countermeasure to numerous possible things that a compromised PC might do. http://www.garlic.com/~lynn/subintegrity.html#finread another such approach is the device referenced in this posting http://www.garlic.com/~lynn/2007v.html#2 which basically air-gaps the device from the PC and operates with challenge/response, the challenge value is read off the screen, typed into the device which produces the response ... which is then typed at the keyboard. there is still the issue of secure session-oriented operations running in a possibly compromised PC ... as opposed to changing to challenge/response for transaction-oriented operations. for other topic drift ... misc. posts mentioning 40+ yr old technology attempting to address problems with PCs becoming infected and compromised. http://www.garlic.com/~lynn/2007e.html#20 Securing financial transactions a high priority for 2007 http://www.garlic.com/~lynn/2007q.html#64 Virtual Browsers: Disposable Security http://www.garlic.com/~lynn/2007r.html#47 Translation of IBM Basic Assembler to C? Anne & Lynn Wheeler |
|
|
|
12-17-2007, 07:28 PM
|
#6 |
|
Posts: n/a
|
Re: Ironkey
On Sun, 16 Dec 2007 15:27:35 GMT, LC <>
wrote: >I need a peer-review of the product called "Ironkey", if anyone has >anythning to say about it. First of all, I do NOT know the "Ironkey" in particular. But before relying on such stuff you should check out this article by Bruce Schneier. It mentions a broken product called Secustick which once claimed to have similar features. http://www.wired.com/politics/securi...tymatters_0419 Before wasting your money I would strongly suggest you try out if it actually does what it claims to do - like self-destruction and such.... Straight Talk |
|
|
