this post was submitted on 19 Feb 2024
224 points (97.5% liked)

Privacy

32120 readers
662 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
224
What are your thoughts on USB storage drives that have keypad encryption? (leminal.space)
submitted 9 months ago* (last edited 9 months ago) by CorrodedCranium@leminal.space to c/privacy@lemmy.ml
105 comments fedilink hide all child comments
 

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?

It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] HelixDab2@lemm.ee 3 points 9 months ago (1 children)

Seems like it's a good starting point.

I wonder if you can encrypt the files prior to storing them on the key, which would then encrypt them a second time with a different method. Would the compromise the data in any meaningful way? Or would it mean that you had to decrypt the key and then decrypt the data a second time?

[–] CorrodedCranium@leminal.space 2 points 9 months ago (1 children)

I believe you would have to decrypt them a second time. For example if you wanted to be real secure you could have the USB device, an encrypted folder that holds important documents and files you want to back up, and inside of that could be a password database that requires a Yubikey or similar device.

I believe what you are talking about is kind of like using a combination of cascading algorithms like AES->Twofish–>Serpent.

I could be wrong though. If I am I hope someone can correct me.

[–] HelixDab2@lemm.ee 1 points 9 months ago (1 children)

So if that's correct, then a single company breaking the IronKey isn't, by itself, that big of a deal unless and until the knowledge bcomes fairly widely available.

[–] CorrodedCranium@leminal.space 2 points 9 months ago (1 children)

I think it's a factor to consider but it depends on your threat model. A few people have linked an article about a Bitcoin wallet that was on one of these drives that was cracked. I imagine replicating the process would be difficult but with a big enough group going after you who knows?

The extra layers of security always helps though.

[–] HelixDab2@lemm.ee 1 points 9 months ago

I think that if your threat model is the NSA, then them having physical control over the drive--and probably you in a black site--is probably going to be the end of the road for you.

[–] PowerCrazy@lemmy.ml 3 points 9 months ago* (last edited 9 months ago) (1 children)

I have a USB drive with a keypad on it, it stores my FIPS Compliant SSH-key for IL-5 government systems. I unlock it to add my key into my ssh-agent, and don't use it for anything else. Though it is an 8gig USB stick, so I could in theory run some kind of security/pen testing flavor of linux plus a VPN Client to connect to said systems.

[–] constantokra@lemmy.one 1 points 9 months ago (1 children)

Is there a specific benefit to that over something like a security key with a keypad, or even just a passphrase?

[–] PowerCrazy@lemmy.ml 1 points 9 months ago* (last edited 9 months ago)

The government is slow, so using a yubikey isn't authorized, but the datasur pro is, and the private key does have a passphrase.

[–] ctr1@fl0w.cc 3 points 9 months ago

I have this device and use it to store my keepassxc and onlykey backups, and it's useful to me because I've stopped using passwords (I only need to remember the pins for these devices which can unlock my keepass dbs that have everything else).

It seems secure enough for my use case, especially since the files I store in it are themselves encrypted (the onlykey backup still requires a pin), but I still want them to be difficult to access.

I've had to rely on it before but only because I didn't prepare a backup onlykey ahead of time- ideally it should be one of many recovery methods. But so far it's worked great for me.

[–] INHALE_VEGETABLES@aussie.zone 3 points 9 months ago (2 children)

I'll store my weird shit on an unsecured hard drive stashed in the woods. Like those that came before me, and those before me.

[–] THE_MASTERMIND@feddit.ch 2 points 9 months ago (1 children)

You meant and those before them right ?

[–] INHALE_VEGETABLES@aussie.zone 1 points 9 months ago

You heard what I said. You heard it just like those before me.

[–] Churbleyimyam@lemm.ee 1 points 9 months ago

Store it in your bosses garden.

[–] inclementimmigrant@lemmy.world 2 points 9 months ago

I use them in my job and I find them better than the software only solution and I like them when I have to use them for sensitive file transfers.

[–] montar@lemmy.ml 1 points 9 months ago

I see one use-case, If you're going w/ sth illegal as hell to a place where you might get arrested and searched for just being there i.e a protest, nuking your (illegal) data might save your ass.

[–] HowMany@lemmy.ml 1 points 9 months ago

Something else to break down.

load more comments
view more: ‹ prev next ›