Ironkey

Discussion in 'Computer Security' started by LC, Dec 16, 2007.

  1. LC

    LC Guest

    I need a peer-review of the product called "Ironkey", if anyone has
    anythning to say about it.
    LC, Dec 16, 2007
    #1
    1. Advertising

  2. LC

    Todd H. Guest

    LC <> writes:

    > I need a peer-review of the product called "Ironkey", if anyone has
    > anythning to say about it.


    It seems to show up a lot in banner ads of security related web
    sites.


    --
    Todd H.
    http://www.toddh.net/
    Todd H., Dec 17, 2007
    #2
    1. Advertising

  3. LC

    LC Guest

    Yes, thanks. I didn't want to seem like a spammer, but the link to the
    product is ironkey.com I'm not a security expert, so I need to have those
    who are pick this product apart, or give the pros and cons so I can decide
    if it's what I want to buy. Thanks to those who help.

    (Todd H.) wrote in news::

    >
    > It seems to show up a lot in banner ads of security related web
    > sites.
    >
    >
    LC, Dec 17, 2007
    #3
  4. LC

    Todd H. Guest

    LC <> writes:

    > Yes, thanks. I didn't want to seem like a spammer, but the link to the
    > product is ironkey.com I'm not a security expert, so I need to have those
    > who are pick this product apart, or give the pros and cons so I can decide
    > if it's what I want to buy. Thanks to those who help.


    At the end of the day, it's a usb key. It'll be no more secure than
    any ole usb key used with a strong encryption program (such as PGP or
    GPG). Whether it's in an easier to use form becomes the question.

    But before that can be considered, describe your needs for a usb key.
    Are you having to use one among several different operating systems?

    What I'm curious about them... is the hardware encryption implemented
    in such a way to make it work cross-platform. If so, it'd be
    something I'd consider.

    --
    Todd H.
    http://www.toddh.net/
    Todd H., Dec 17, 2007
    #4
  5. (Todd H.) writes:
    > At the end of the day, it's a usb key. It'll be no more secure than
    > any ole usb key used with a strong encryption program (such as PGP or
    > GPG). Whether it's in an easier to use form becomes the question.
    >
    > But before that can be considered, describe your needs for a usb key.
    > Are you having to use one among several different operating systems?
    >
    > What I'm curious about them... is the hardware encryption implemented
    > in such a way to make it work cross-platform. If so, it'd be
    > something I'd consider.


    part of the issue these days is how to deal with compromised PCs (some
    numbers are possibly one out of five) ... like trying to eliminate any
    possibility things like a password would ever be typed at a keyboard
    .... and picked up by a logger. keeping the file encrypting containing
    all the passwords helps in the case of stolen laptop ... but that
    appears to be a radically smaller number than the total number of
    compromised PCs. encrypted password file doesn't help with loggers that
    work when the password is actually being used ... and therefor decrypted
    .... it would be nice to have a single solution that addresses both
    problems (especially the significantly larger problem).

    this has somewhat given rise to the visual keyboards operated by mouse
    clicks. some discussion in this thread:
    http://www.garlic.com/~lynn/2007u.html#76

    however, almost immediately after the appearance of such approach, the
    crooks had loggers that could capture screens and mouse operations.
    there was then some iterations attempting to obscure the screens
    .... which is ongoing (loosing) battle. There has been some recent
    comments that not being able to keep in with the crooks regarding
    obscuring the screen ... is the doom of secure online sessions.

    however, the crooks had never promised that they would only
    limit what a compromised PC might do to just logging ... long
    winded discussion here
    http://www.garlic.com/~lynn/2007u.html#76

    with some other ways a compromised PC might react.

    Part of the issue is knowing whether or not any human interaction was
    actually involved in specific operations (or being simulated by some
    virus/trojan in a compromised PC). This was studied in the 90s in
    conjunction with formulating the EU finread terminal standard as
    countermeasure to numerous possible things that a compromised PC might
    do.
    http://www.garlic.com/~lynn/subintegrity.html#finread

    another such approach is the device referenced in
    this posting
    http://www.garlic.com/~lynn/2007v.html#2

    which basically air-gaps the device from the PC and operates with
    challenge/response, the challenge value is read off the screen, typed
    into the device which produces the response ... which is then typed at
    the keyboard.

    there is still the issue of secure session-oriented operations running
    in a possibly compromised PC ... as opposed to changing to
    challenge/response for transaction-oriented operations.

    for other topic drift ... misc. posts mentioning 40+ yr old technology
    attempting to address problems with PCs becoming infected and
    compromised.
    http://www.garlic.com/~lynn/2007e.html#20 Securing financial transactions a high priority for 2007
    http://www.garlic.com/~lynn/2007q.html#64 Virtual Browsers: Disposable Security
    http://www.garlic.com/~lynn/2007r.html#47 Translation of IBM Basic Assembler to C?
    Anne & Lynn Wheeler, Dec 17, 2007
    #5
  6. On Sun, 16 Dec 2007 15:27:35 GMT, LC <>
    wrote:

    >I need a peer-review of the product called "Ironkey", if anyone has
    >anythning to say about it.


    First of all, I do NOT know the "Ironkey" in particular. But before
    relying on such stuff you should check out this article by Bruce
    Schneier. It mentions a broken product called Secustick which once
    claimed to have similar features.
    http://www.wired.com/politics/security/commentary/securitymatters/2007/04/securitymatters_0419

    Before wasting your money I would strongly suggest you try out if it
    actually does what it claims to do - like self-destruction and
    such....
    Straight Talk, Dec 17, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page