Posts Tagged ‘usb’

IronKey: A Seriously Secure USB Drive

April 27, 2008

I use TrueCrypt to encrypt anything sensitive on my USB drive and I sleep extremely well at night, knowing that no-one in their right mind would try to break its 256-bit AES encryption. While I know that it’s theoretically possible to do so, it doesn’t really matter, because nothing I have is worth dedicating a server farm to brute force it. Some people do have data that important on their USB drives, and that’s why there’s IronKey.

TrueCrypt’s greatest weakness is that it is susceptible to offline attacks. That is to say, if someone gets hold of a TrueCrypt volume, they are able to try a variety of techniques to guess the password, with computer power being their only limitation. TrueCrypt places no limit on how many times you can attempt a password. IronKey, on the other hand, limits you to ten consecutive incorrect attempts. After that, it destroys all the encryption keys and data. For good.

IronKey was developed as a piece of security hardware and, as such, has a bunch of features which make it, to my knowledge, the most hacker-proof data storage device on the market. Not only does it limit the number of incorrect passwords before self-destruct, it also ensures that even the encrypted data cannot be removed from the device, which means it is not susceptible to offline attacks.

First off, you can’t see any data without first authenticating with the device. Second, if you try to physically tamper with the device, the epoxy filling in the device will cause the data and encryption chips to break. Last of all, the device is electron-shielded, so you can’t scan it to elicit data. It’s sturdy metal-cased and epoxy-filled construction keeps your data safe from unintentional physical damage too.

All this, along with hardware-based AES encryption, makes for a very secure device. If you have data that’s worth paying US$79 (for the 1GB version) to protect, take a look. If you’re like me, TrueCrypt is still a phenomenally secure solution.

TrueCrypt 5.1

March 14, 2008

A few days ago, the TrueCrypt guys released version 5.1 of their stunningly secure and free, data encryption utility. The release of TrueCrypt 5.0 added support for system partition encryption, ie. encrypting every byte on your OS partition, so you have to enter a password before Windows/OSX/Linux boots. 5.1 added hibernation support for this sort of encryption.

Whole disk encryption isn’t a do-or-die for everyone, so here’s my two cents on using TrueCrypt.

USB Sticks: They’re just asking to be lost. If they are, any old sideshow could read through your resume, work documents, love letters and whatever else you keep on it. TrueCrypt has a ‘Traveller Disk’ tool which lets you encrypt some or all of your USB stick. Making a small (mine’s 100MB) encrypted file (an encrypted file which you mount as a drive letter) container will give you enough space to lock up your important files, while leaving your videos and mp3s alone. TrueCrypt throws a portable version of the software on your USB so you always have it on hand.

External Hard Drives: From a security point of view, these are similar to USB Sticks. They’re small, light and easily stolen/lost. However, you’re likely to store a lot more data on them and the data’s likely to be more important. It’s best to encrypt the whole disk. A couple of caveats though. Unlike system partition encryption, you can’t just click “decrypt disk” to get rid of the encryption. You have to copy the data off the disk, reformat, then copy it back on. Another issue is that if you use your disk on other people’s systems, you’ll have to install TrueCrypt first. If either will cause problems, figure out what needs to be secured and create an encrypted file container.

Laptops: There are a lot of news articles about laptop theft. Because they are so tempting to thieves, it’s probably best to encrypt your whole disk. You could just create an encrypted file container or encrypt your data partition (if you have one), but it’s better to do the whole lot, just in case you have some financial papers or embarrassing photos stored somewhere you’ve forgotten about.

Desktops: The risk of these being lost/stolen is significantly less than laptops or USB sticks, but it still happens. Encrypting your whole disk doesn’t hurt. In fact, according to tests by Steve Gibson, it actually makes your drive run faster in some situations. That said, even though TrueCrypt is phenomenally reliable, encrypting your drive could make it more difficult to recover data from if there is a problem. It’s probably better to create an encrypted file container and mount that. If you have a separate HDD or partition for your data (which is recommended, less system files fragmention), you can encrypt the whole thing and have TrueCrypt auto-mount and prompt for a password when you boot up your OS.

Then again, if you don’t store anything private on your computer, don’t bother. But chances are you have at least a few files which are worth the small inconvenience of using TrueCrypt. I highly recommend giving it a try.