1. The Topic of the Month for October is "Make this the Perfect Bugout Location". Please join the discussion in the TOTM forum.

IronKey secure thumb drive

Discussion in 'Technical' started by stg58, Feb 12, 2015.

  1. stg58

    stg58 Monkey+++ Site Supporter+ Founding Member

    After a strong and long debate on paying 20 times the price of an insure USB drive for a secure drive I dropped the hammer on a IronKey 8 GB drive which is over twice the space I need for important personal data..
    Working with software solutions really did not do the job for me most were Windows based and clugey. The 256-bit AES hardware encryption seems to be the way to go with securing important mobile data.
    I will still use unsecured drives for non-critical data but for personal data they will be on an IronKey.
    Take your personal information with you everywhere, safely and securely HARDWARE ENCRYPTION ENSURES DATA STAYS SAFE, ALWAYS Protect your critical data with the IronKey Cryptochip that keeps encryption management on the device and enforces an authorized password to unlock data and applications on the encrypted flash drive. The IronKey Personal drives are FIPS 140-2 Level 3 validated with AES 256-bit hardware encryption, the strongest available to protect your sensitive data while meeting regulatory requirements. SAFEGUARD YOUR INTELLECTUAL PROPERTY WITH PROTECTION THAT NEVER SLEEPS Self-defending IronKey Personal drives provide active protections against the spread of worms, malware and other malicious code. The device will permanently self-destruct after 10 consecutive incorrect password attempts, and a ruggedized, waterproof metal chassis resists physical break-ins and is tamper evident. MANAGE AND PROTECT YOUR ONLINE PASSWORDS Manage all your passwords directly from the drive, and protect them using the same hardware encryption engine that guards your other data. The IronKey Identity Manager locally manages all of your online passwords with secure, one-click direct access and protection against keystroke-logging spyware and other online threats. JUST PLUG IN AND GOSECURE, PRIVATE WEB SURFINGA secure, portable version of Mozilla Firefox is pre-loaded on your drive, letting you surf without worry and protecting your passwords whenever you go online. All your data, cookies, and Web history are maintained locally on the drive. PHYSICALLY HARDENED Rely on a rugged metal casing built to protect against physical damage and internal components that are sealed to defend against tampering. It's even passed and exceeded military waterproof testing requirements. BUILT TO LAST Imation uses only the highest quality components, delivering 10 to 20 times the average memory lifespan of a traditional flash drive.

    The internal components are sealed to protect against tampering. Additionally, the IronKey Basic exceeds military waterproof standards (MIL-STD 810F).
  2. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Yup. I have used an Ironkey for about 6 or 7 years now, maybe longer, can't remember. In fact, the one I have isn't capable of being updated anymore and it was back when 4GB was the largest you could get. Works for me!

    stg58, Tully Mars and Marck like this.
  3. Jeff Brackett

    Jeff Brackett Monkey+ Site Supporter

    Used them at work for some testing of secure virtual PCs. We were able set them to boot to a VPN so that allowed our "C-level" execs to take the drive with them instead of an actual laptop. They acted like it was the greatest thing since sliced bread. :)
    stg58 and BTPost like this.
  4. stg58

    stg58 Monkey+++ Site Supporter+ Founding Member

    That one has some miles on it, makes me feel better about paying for one hopefully the current versions hold up as well.
    Marck and Brokor like this.
  5. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Please don't take this the wrong way but what lead you to the Ironkey ($139 or $219 depending on the version but 8GB either way) instead of the Aegis Secure Key ($95 for 8GB)? If you're using hardware encryption, the last thing I want to do is require the use of either my physical or even a virtual keyboard to put in the password.

    The Aegis (or iStorage Datashur...same thing) actually has an onboard keypad and as such is 100% compatible with ANY OS (yes, including by Samsung Galaxy S4) since you put the passcode in directly on the device before you plug it in.

    Aegis Secure Key

    I will admit, it's a little slower but I'm not concerned about speed, I'm concerned about security.

    One other thing I found when doing this research was the number of times it can be reset with a new private key. The Aegis is unlimited, the Ironkey has a fixed number of private keys that can be used per device.

    Just thought I'd ask as I LOVE my 32GB iStorage (got it through CustomUSB/PortableApps).

    BTW, Apricorn (Aegis) has come out with USB 3 that is in the process of FIPS testing/certification and goes up to 240GB. Really kinda pricey though at $369 but daum...240GB USB Thumb Drive with hardware security...just don't have the coin.
    Last edited by a moderator: Feb 14, 2015
    Brokor likes this.
  6. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    @DarkLight the Ironkey is DoD grade secure, and will self destruct, it's absolutely tamper proof.

    Granted, I have an old Ironkey. I do not have "Windows to go" or the portable OS Ironkey, nor would I want one. I use Liberte Linux for this purpose, on a separate, bootable USB device. The only purpose I use an Ironkey is to securely store data.
    Last edited: Feb 14, 2015
    Georgia_Boy likes this.
  7. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    The Apricorn device has the same certification as the Ironkey. It is also tamper proof and will "sell destruct" if disassembly is attempted. It destroys the private key after 10 invalid attempts in a row. All of this leads to the same level of protection that an Ironkey has but with an external keyboard and 1/2 to 1/3 the cost.

    I don't run windows to go or anything like that either. What I do have is a number of applications that require no installation that are pre-packaged and ready to run if I wanted to. The main reason I went that route was that the Custom USB folks actually had the 32gb in stock and it was less than $5 for the premium of getting the portable apps framework installed.

    Admittedly, when you bought your Ironkey, I don't know if Apricorn was in business but now that they are around I think it just makes sense to know what all the options are. I think that since they (Ironkey) are the "old man on the block" that people see them as the best which is certainly not a given and I'm not going to pay a premium for a name. 2-3x more for the same functionality, certifications, protections and security? Nope, not gonna do it.

    ***Edited because the original was done on my phone and it can't spell for beans!***
    Last edited: Feb 15, 2015
    Georgia_Boy, Yard Dart and BTPost like this.
  8. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    LOL! And YES, I never heard of Apricorn at the time I bought it, in fact this is the first time, so...that's that.

    IF what you are saying is true, then it's decent. Why would I argue? Ironkey doesn't destroy "the key", upon hacking or forced entry, it actually destroys all the data on the drive.

    Ironkey Self destruct: If a user fails to properly enter the authentication password 10 times, the Ironkey will write over the data on the drive. This is an internal hardware event that cannot be stopped via software. However, if the data has been backed up using the Ironkey application, the data and key can be recovered once a correct password is entered. (Stored on Ironkey server, bad idea -and it is optional)

    And I couldn't give a rats patootey about "external keyboards", I never use them anyway. I am not Tom Cruise going after the bad guys or James Bond trying not to get killed with the Queen's secret recipe for baked truffle dumplings. I just like knowing my data is physically secure. I probably trust this Apricorn company as much as I now trust Ironkey after it was bought out by Imation. They are probably DARPA projects anyway.


    • Waterproof: MIL-STD-810F
    • Operating shock: 16G rms
    • Hardware: USB 2.0 high speed
    • Operating system encryption compatibility: Windows 2000 SP4, Windows XP SP2+, Vista, Windows7, Macintosh OS X 10.4+, Linux 2.6+
    • Hardware encryption:
      • Data: AES Cipher-Block Chained mode
      • Encryption keys: 128 Hardware DRNG
      • PKI: 2048-bit RSA
      • Hashing: 256-bit SHA
      • FIPS validations: 140-2 Level 2, 186-2, 197
    • Section 508 compliant

    I will look into this Apricorn drive more, man. Nothing wrong with some competition! The new Ironkey stats are probably a bit different...
    Last edited: Feb 15, 2015
  9. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Yup, it appears as though the Apricorn drive is superior...

    What was not disclosed is the most important factor I discovered, for me anyway.

    Aegis Secure Key

    I knew that, okay:
    Utilizes Military Grade 256-bit AES CBC Hardware Encryption
    All data on the Aegis Secure Key is encrypted in real-time with the built in 256-bit AES CBC (Cipher-Block Chained) hardware encryption.

    This is cool, but only an added PERK as far as I am concerned, but nice to have:
    Onboard Alphanumeric Keypad – Prevents Hardware and Software Key Logging
    Using a rechargeable battery, the Aegis Secure Key enables the user to unlock the drive with a 7-15 digit PIN before connecting to the USB port on your computer, tablet or mobile device. The embedded keypad prevents hardware and software key logging attempts to capture your password entered via the host system.

    This is an added bonus I like very much:
    Software Free Design – With no admin rights to contend with the Aegis Secure Key is a breeze to implement
    The Aegis Secure Key is ready to go right out of the box. It does not require any software or drivers to be installed and is compatible with PCs, MACs, Linux and embedded systems. The Aegis Secure Key uses drag and drop encryption, is plug and play ready and can be used with any off the shelf backup software

    Meh, not important to me:
    Independent User and Admin PINs
    The Aegis Secure Key can be configured with independent User and Admin PINs, making it ideal for corporate and government deployment. If the User forgets their PIN, the drive can be unlocked using the Admin PIN which will then clear the old User PIN and allow the User to set a new PIN.

    Drive Reset Feature
    The Aegis Secure Key also includes a drive reset feature which clears both User and Admin PINs, destroys the data, creates a new randomly generated encryption key and allows the drive to be reused. The Aegis Secure Key is capable of generating an infinite number of randomly generated encryption keys, allowing the user to reset the drive as and when required.

    Yes, ideal and very useful they have this as well:
    Dust and Water Resistant Durable Aluminum Housing - IP57 Certified
    Protecting data often goes well beyond encryption. Tough enough to go anywhere the Aegis Secure Key resilient design makes it perfect for travel. The Secure Key's rugged, extruded aluminum, crush resistant casing is tamper evident and protects it against physical damage.

    The Aegis Secure Key is also certified for Water and Dust Resistance with the IP57 certification. The Ingress Protection (IP) rating is an international standard that tests electrical products against two main environmental factors, liquids and dust. The testing is done independently by a 3rd party and involves two separate tests. In order to receive the certification, the Aegis Secure Key was subjected to a dust chamber for 8 hours and submerged in a water tank at 1 meter for 30 minutes, after which the Secure Key was tested for functionality, and inspected for water and dust in its electronics.

    Just like the Ironkey, a must:
    Sealed from Physical Attacks by Tough Epoxy Coating
    The internal drive components completely protected by a super tough epoxy compound, which is virtually impossible to remove without causing permanent damage to the electronics. This barrier prevents a potential hacker from accessing the encryption circuitry and launching a variety of potential attacks.

    This is what I was after:
    Brute Force Self Destruct Feature
    As the Aegis Secure Key is unlocked using its own keypad and not via a keyboard, it is not vulnerable to software/hardware based key-loggers or brute force attacks. In addition the Aegis Secure Key further protects your data with a “Brute Force Hack Defense Mechanism”, which deletes the encryption key and destroys all stored data if the incorrect PIN is entered a total of 10 consecutive times.

    Again, good to have, just like Ironkey:
    Auto Lock feature
    The Aegis Secure Key automatically locked once you unplug the drive from your computer's USB port or power to the USB port is turned off.

    I was concerned about this:
    Wear Resistant Key Pad
    Designed with protection in mind, the entire Aegis Secure Drive family incorporates ‘wear resistant’ keypads to hide key usage and avoid tipping off a potential hacker to the commonly used keys.

    If you’re looking for a tough, affordable solution for protecting your data, the Aegis Secure Key is the solution that you have been looking for.

    BOTTOM LINE: If I had to choose again, I would buy the Apricorn drive. It's less expensive...and as far as I can see...better!
  10. Yard Dart

    Yard Dart Vigilant Monkey..... Moderator Site Supporter++

    Good information.....thanks!!!!
  11. stg58

    stg58 Monkey+++ Site Supporter+ Founding Member

    I had not heard of the Apricorn product.

    I will be interested in feedback on it.
    Last edited: Feb 16, 2015
  12. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Thanks for going into more detail Brokor, I was doing all of that from my phone and didn't have the patience to do it justice.

    @stg58 - I have never used any of their other products (memory or drive replacements) but the Aegis Secure Key was released in December 2011 and almost all of the negative reviews I've read about it fell into 1) user error/misunderstanding, 2) user impatience with slower than USB2 speed or 3) user error (yes, I know it's in there twice). There are a couple of failed devices but I know that I saw about the same failure rate from Ironkey when I looked into it originally. I certainly didn't and don't mean to turn this into a religious argument, just wanted to make sure you/everyone was aware of the alternatives.

    I actually have an iStorage/datashur device that looks identical to the Apricorn device. The iStorage datashur usb was launched by iStorage in November of 2011 (a month before Apricorn) and I have a sneaking suspicion that they are the actual manufacturers of the Apricorn device. iStorage has also gone a little further in making some "personal" devices in colors (which are available both on their site and on the CustomUSB website). Not linking because I'm not trying to sell, just letting you know what's out there.

    Personally, I haven't experienced any issues with the device that weren't user related. My original password utilized two letters on the same key and I had to be a little slower and deliberate when putting it in because it would sometimes take it as a single press otherwise. Other than that issue, I haven't had a single problem with it.
    kellory and Brokor like this.
  13. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    I only have ONE concern with the Aegis, and that is the rechargeable battery inside. If left unused for a lengthy period, what happens if the battery dies or goes bad? I really don't think this is a problem, just a concern for me until I can read up more. I would still place it above the Ironkey, regardless.
  14. stg58

    stg58 Monkey+++ Site Supporter+ Founding Member

    Two concerns for me the battery as @Bokor mentioned and the buttons being damaged.
  15. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    With regards to the battery, even if it goes completely dead you can still use it by plugging it in to give it some power and then unlocking it on "external" power. As for the buttons, I can't defend that. If they died...yeah, that would suck. I personally do like having them though (and this isn't the only device that uses a "built-in" keyboard). I don't know that I'm paranoid but I do like the fact that I can unlock it without risk of a keylogger getting the passcode. As many levels of protection as I can get, as it were.
  16. stg58

    stg58 Monkey+++ Site Supporter+ Founding Member

    Ordered a 16 GB Aegis Secure Key.
    I will have important information secured and backed up on two different devices and two platforms.
    Last edited: Mar 12, 2015
    Brokor, DarkLight and BTPost like this.
  17. stg58

    stg58 Monkey+++ Site Supporter+ Founding Member

    Further feedback after a few days of use.
    One of my concerns was the keys being damaged which was reduced when I opened the sealed security package and saw the case which covers the keys when not in use, major bonus. I envisioned the drive in a bag with the keys exposed.
    I really like the Aegis Secure Key based on the fact that it can be used without software on the the computer. I have used it on Ubuntu, Fedora, Mac and Windoze with the same results once you unlock the Aegis Secure Key and plug it in it shows up like a normal USB drive and once ejected it locks and when reinserted without unlocking it it does not show up at all.

    Based on these results and ease of use I would buy the Aegis Secure Key over the IronKey if I was to buy another secure drive.

    Marck likes this.
  18. hank2222

    hank2222 Monkey++

    Thanks for the info
  19. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    would it make sense to have 2 that do exactly the same thing in case one does fail? or is that even possible?o_O
    BTPost likes this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary