this post was submitted on 19 Feb 2024

220 points (97.8% liked)

Privacy

31385 readers

680 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

220

What are your thoughts on USB storage drives that have keypad encryption? (leminal.space)

submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]

119 comments fedilink hide all child comments

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?

It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 7 months ago

I have one as a 'last resort' option. It's got backups of BitWarden, Aegis and Standard Notes and is only connected to my machine during backups.

[–] [email protected] 3 points 7 months ago

I have this device and use it to store my keepassxc and onlykey backups, and it's useful to me because I've stopped using passwords (I only need to remember the pins for these devices which can unlock my keepass dbs that have everything else).

It seems secure enough for my use case, especially since the files I store in it are themselves encrypted (the onlykey backup still requires a pin), but I still want them to be difficult to access.

I've had to rely on it before but only because I didn't prepare a backup onlykey ahead of time- ideally it should be one of many recovery methods. But so far it's worked great for me.

[–] [email protected] 3 points 7 months ago (1 children)

Seems like it's a good starting point.

I wonder if you can encrypt the files prior to storing them on the key, which would then encrypt them a second time with a different method. Would the compromise the data in any meaningful way? Or would it mean that you had to decrypt the key and then decrypt the data a second time?

[–] [email protected] 2 points 7 months ago (3 children)

I believe you would have to decrypt them a second time. For example if you wanted to be real secure you could have the USB device, an encrypted folder that holds important documents and files you want to back up, and inside of that could be a password database that requires a Yubikey or similar device.

I believe what you are talking about is kind of like using a combination of cascading algorithms like AES->Twofish–>Serpent.

I could be wrong though. If I am I hope someone can correct me.

load more comments (3 replies)

[–] inclementimmigrant 2 points 7 months ago

I use them in my job and I find them better than the software only solution and I like them when I have to use them for sensitive file transfers.

[–] [email protected] 2 points 7 months ago

I see one use-case, If you're going w/ sth illegal as hell to a place where you might get arrested and searched for just being there i.e a protest, nuking your (illegal) data might save your ass.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

Couldn't the data be cloned and cracked off device without having to worry about the pin code?

[–] [email protected] 5 points 7 months ago (1 children)

Yes, but it's meant to be difficult to do. Encryption algorithms are designed and chosen to be expensive to crack, so that you'd need NSA-level clusters to find the key in our lifetime.

I don't know if you could attack the encryption controller itself to brute-force the PIN to release the key. I assume in theory it's possible, but unless you're a very desirable target, they probably won't spend the effort, and attack something weaker. Like your cell phone, or your kneecaps.

[–] [email protected] 1 points 7 months ago

If they did it right it'd not store the key, but instead use something like PBKDF2

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

I have a USB drive with a keypad on it, it stores my FIPS Compliant SSH-key for IL-5 government systems. I unlock it to add my key into my ssh-agent, and don't use it for anything else. Though it is an 8gig USB stick, so I could in theory run some kind of security/pen testing flavor of linux plus a VPN Client to connect to said systems.

[–] [email protected] 1 points 7 months ago (1 children)

Is there a specific benefit to that over something like a security key with a keypad, or even just a passphrase?

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

The government is slow, so using a yubikey isn't authorized, but the datasur pro is, and the private key does have a passphrase.

load more comments