I just had a weird thought - how do people who are concerned about security at such an extreme level account for the case where they are hit by the proverbial truck?

Does someone else have a copy of the key? How secure is it? Hidden under a stone in the fence by the big tree? In a safe deposit box? None of these are any more secure than the 256-bit key is.

I guess a trusted friend could keep an encrypted copy of the key on his/her computer - but how is it protected?

Strange game. The only winning strategy is to not play.

I like to have my private data secured, but not sure self-destruct storage is the way to go. I use the simple but controversial (in corporate world) Microsoft Private Folder 1.0. Works OK.

Bigger Concerns
 

If perchance happens ...... then they really don't care do they. They would be dead or in so much pain that they won't give a hoot. (Now their boss, wanting to access the final copy of their presentation, THEY WILL CARE .....)

Snicker,
SC

If the key is broken on the first try then it was a pretty stupid key and of course the self destruct mechanism on the USB key would also fail as 1 try is definitely less than 10 tries.

AES and its ilk have been extensively analysed by the best cryptographers in the world. Nobody (assuming they really want your data) is going to attempt to break your encryption by brute force; they will extract your password from you by fair means or fowl and in those circumstances your 10 attempt limit is irrelevant.

Do I hear booze and hookers in my future

they want be robbin me if I duck fast enough...

The device is marketed as allowing you to use untrusted machines, but it seems to me that it has significant limitations on them:

(1) You still have to enter your IronKey password in the clear. Allows for keyloggers to get your password, with which they have full access to your data.

(2) Once the device is plugged in and decrypted, the machine will have full access to your data - it can just make a copy of it.

(3) [for all machines] Is the backup to IronKey's computers optional or mandatory? How is the data secured in transit? Is it just HTTPS?

(4) [regarding the device] Has anyone independent verified the security of the device? Is the code open source?

10 attempts, 10 fingers. Ohhh I can think of ways to get the password.

You need the IronKey and the password to get access to the data on the drive. If a typical keylogger gets the password, it will have no idea what to do with it. Stored passwords are also a special case.

The password data remains encrypted. It is not possible to obtain the passwords by simply copying the files on the device. The passwords are not stored in the filesystem.

The password manager enters passwords directly into web pages, bypassing keystroke loggers.

As far as I can tell, if you store an unencrypted document on the IronKey, plug it into a compromised machine, and unlock the drive, malware could indeed copy the file somewhere else.

In any event, owning an IronKey does not absolve the user from practicing safe computing. It just makes it easier.

It is optional. I don't know the transport mechanism, but it is SSL and only encrypted data is sent, so the transport probably doesn't matter.

Personally, I'm annoyed that the only way to backup passwords is to use the "quick backup" option which -does- use the Ironkey server. They are fixing that, but still. :mad:

The device is being evaluated by DISA(?) I need to log in to check. The code has just been made open source.

https://learn.ironkey.com/faqs/

I'm quite pleased with mine. It has already logged quite a few miles with me. I can't see traveling without it.

Reminds me of a modern day Da Vinci cylinder.

Not if it both captures your keystrokes and copies the data off the device.

So you can't just make a copy to your computer? That seems like a major negative. When is that going to be fixed?

Have you tried the included Tor application? How well does that work?

It doesn't need to do both. A standalone keylogger is useless because the device the password uses is still (hopefully) on your person.

If is a data copying malware thing, then you have already unlocked the device by entering the password yourself.

Edit to say, the IronKey password is not part of the decryption process, so if you mean you could copy the encrypted data off the device, then use the keylogged password to read it later, that would not work. The password is only used to verify that you can access the real decryption key which is stored off the filesystem.

Yeah. I -really- don't like it. You can back everything up to your local drive, except for the passwords. However, in for a penny, in for a pound.

There is supposed to be a new software release this month and that is on the enhancement list. We don't yet know what will actually be addressed in the next release.

Pretty transparently. It slows things down a smidge, but not bad. I do not usually enable it since I see no need to obfuscate my location at the moment.

Since the major search engines base some of their results on your location, Tor can generate some interesting results.

I'm heavily leaning towards one of these, but I was a bit miffed when I found out that they chose to go with AES 128 instead of 256.

AES 128 is only certified by the NSA for SECRET, whereas I consider my FlyerTalk password to be TOP SECRET. :( (Of course, since FT doesn't provide a secure login, this may be moot.)

While brute forcing AES 256 would require more energy than is available in the universe, brute forcing AES 128 would not. :(

I use a secure solid metal cryptex to hold copies of all of my and Mr Falconea's important passwords.

It sits on the mantlepiece. If it goes missing I will change all the passwords. If I travel it goes into my bank's vault.

It's a pretty nifty device. It can of course be cut open, but this would be kind of noticeable since I physically see it every day. It can't be easily opened without the password for it - the combination has many false notches to prevent any attempt to just feel where the notches are.

Audrey

Duplicate, sorry!

that's cool. could be usefull to put copies of all your passport, DL, visa's, cc's, etc on it and take it when traveling.