Carry Sensitive Data on an IronKey


Although I have what seems like a mountain of thumb/flash drives lying around, I've never had one as cool as the one my friend Mary just gave me. It's called the IronKey. While it looks like an ordinary thumb drive in a cool aluminum casing, it's actually a lot more.


For the Security Conscious

As computer users we're taught not to leave a list of our passwords next to our computer right? Some will take it a step further and put that list on their computers in a text filed called something less obvious like "Johnson Rod Repair Manual". However, sensitive data should really be encrypted! While there is no shortage of encryption apps for Mac and PC's, I don't run across hardware solutions as often. Sure, most portable drives will offer something, but in that case it's usually very platform specific and requires the software to actually be "installed" to use it. The IronKey takes a simpler more straight forward approach.


Set it up


When you first plug in the USB thumb drive, you can launch the app for your platform right off the device itself. They have the documentation there as well. Give it a name and your secure password (please remember it!). You can also enable the Device Reset feature at this point so that if your device is lost/stolen and someone keys in the wrong password too many times it will automatically and securely erase or destroy the device. 



At this point your IronKey is ready to use


Just key in your password and it will unlock and mount the drive


If you enter the wrong password twice, you'll be warned


You can either configure the device to erase all content after the password has been incorrectly entered so many times and it will still be usable minus your data or you can have it not only erase your data but also destroy the drive so that it can't ever be used again. Wow!


What would I use this for?

I asked this question and at first couldn't really think of too much that I carry around that needs this level of security and then it dawned upon me that this would be great for a backup of my 1Password file in Encrypted HTML format. This way I could have all my passwords and logins with with If I need them on a different computer AND add one more level of security. I'll probably also use it to story backup copies of client presentations. 


A word about Security from IronKey – only read this part if you're a security geek šŸ™‚ Otherwise you can skip down to The Bottom Line

We are endeavoring to be very open about the security architecture and technology that we use in designing and building the IronKey devices and online services. There is no hocus-pocus or handwaving here. We use established cryptographic algorithms, we develop threat models, and we perform security analyses (internal and third party) of our systems all the way through design, development and deployment.

IronKey Device Security
Data Encryption Keys
» AES keys generated by onboard Random Number Generator
» AES keys generated by user at initialization time and encrypted
» AES keys never leave the hardware and are not stored in NAND flash

Self-Destruct Data Protection
» Secure volume does not mount until password is verified in hardware
» Password try-counter implemented in tamper-resistant hardware
» Once password try-count is exceeded, all data is erased by hardware

Additional Security Features
» USB command channel encryption to protect device communications
» Firmware and software securely updateable over the Internet
» Updates verified by digital signatures in hardware

Physically Secure
» Solid, rugged case
» Encryption keys stored in the tamper-resistant IronKey Cryptochip
» All chips are protected by epoxy-based potting compound
» Exceeds military waterproof standards (MIL-STD-810F)

Device Password Protection
The device password is hashed using salted SHA-256 before being transmitted to the IronKey Secure Flash Drive over a secure and unique
USB channel. It is stored in an extremely inaccessible location in the protected hardware. The hashed password is validated in hardware (there is no “getPassword” function that can retrieve the hashed password), and only after the password is validated is the AES encryption key unlocked. The password try-counter is also implemented in hardware to prevent memory rewind attacks. Typing your password incorrectly too many times initiates a patent-pending “flash-trash” self-destruct sequence, which is run in hardware rather than using software, ensuring the ultimate protection for your data.


The Bottom Line

If you need or want to carry around files that are secured and accessible on just about any computer with a USB port, this is a great portable option. By it being Mac and PC compatible, it's also a no brainer. The fact that it has a "Self Destruct" feature is icing on the cake. 

It comes in the follow configurations:





4 Replies to “Carry Sensitive Data on an IronKey”

  1. I’m going to buy one of these, but I wouldn’t want to enable that self-destruct feature. If I lose the key, no one is going to hack one of these things or physically manipulate it, anyway, so self-destruct probably wouldn’t need to be activated, IMO. But if someone who got a hold of your key decided to be ornery (whomever that might be), they could just input a wrong password according to the entry limit and erase all your data. Then what would you do?

    Based on that, here are a few questions:

    1) Does Ironkey offer a prior backup of your info in the event of data destruction so not all is lost?
    2) If you got a hold of the key again, after the data was destroyed, would the key be usable or would it indeed just be bricked, forcing you to go out and spend another $200 or so to replace it?

    I’ll have to ask the company, and if there is some flexibility there, then it might be worth it to enable that feature for another added layer of security.

    Aside from that, it’s looks like a fantastic product.

  2. Just a note: Ironkey offers the S200 and the D200 models in Basic, Personal, and Enterprise models.

    Most consumers may want the Personal model for some of the extra features it offers beyond the Basic model.

    Also, the S200 and D200 are identical, except for three things:

    1) The S200 is silver; the D200 is black.
    2) The S200 has a slightly faster read speed and a much faster write speed than the D200.
    3) Beyond what you mentioned, Terry, the S200 is available in a 16GB version, while the D200 offers both a 16GB and even a 32GB version.

    Upon closer look, it seems that the Personal and Enterprise models offer a local encrypted data backup option. It also seems that reusing the device after data destruction would require the Enterprise version. Not sure if I’m correct on those two things, but it seems that might be the case.

  3. By far one of the coolest USBs EVER! Would make an interesting way to provide a client’s pictures on, instead of a DVD.

Comments are closed.