New Toy: IronKey USB Drive

Ironkey

I have been in the market for a new USB drive for a while, so when I stumbled across an ad for the IronKey devices I was intrigued.  These guys have on-board crypto chips that store your files AES encrypted so that they can only be recovered after entering a password.  They also have some other tamper proofing features and are supposed to “self destruct” if there are too many invalid password attempts or if someone tries to physically mess with the device.  They have the words “military grade” stamped all over their website which has traditionally been a red flag for me when evaluating products with cryptography, but I looked around on the Internet a bit and read over some comments on the IronKey I saw on Bruce Schneier’s blog (scroll down) and the group appears to at least have the background to know what they’re doing.

So I picked one up.  It was kind of a hassle for me to initialize because of the way my laptop is configured but I managed to work around that.  Now that it is configured it seems to work fine on whatever Windows computer I have put it in.  It is a little more work because you have to enter your password before getting access to your files, but that is a small price to pay for “data at rest” security.  So far so good…

I’m still trying to decide how much I want to play around probing the security of the device.  If it really does turn itself off then I suppose (a) hooray the security works and (b) I would have to go buy another one.  For now I will probably keep that to a minimum and hope that I am at least a little better off than folks using normal, unencrypted USB keys.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

2 Responses to “New Toy: IronKey USB Drive”

  1. kingthorin

    Does the encryption software require Administrator access under windows; for install? for use?

  2. Dan Cornell

    I do not believe that admin rights are required but I didn’t specifically verify that. The bulk of the initialization is done on the device itself as it gets initial crypto keys generated – I’m not sure that there is any software that needs to be installed on the actual workstation.

Leave a Reply

Your email address will not be published. Required fields are marked *