[unisog] IronKey (IK) encrypted USB keys

Russell Fulton r.fulton at auckland.ac.nz
Sat Dec 22 20:44:48 GMT 2007 

First off, apologies, this is going to sound like an advertisement for  
IK...

We have recently had a play with a few 'secure' usb sticks from  
various suppliers.  By and large they only support windows and provide  
simple encryption of the contents of the drive.

One stood out from the pack and that was IronKey.  The IronKey comes  
with a bunch of useful stuff on a readonly partition on the drive,  
including Firefox, Tor and a password manager.  The idea is that IK is  
more than just an encrypted USB key it is actually a trusted platform  
that you can use to access the Internet in potentially hostile  
environments while on the road.  What you do is visit the sites you  
need credentials for from a safe environment before you leave and  
allow the password manager to store your credentials for each site on  
the key, then when you are in  some dubious cyber cafe you can browse  
to the site using the copy of firefox on the key and the password  
manager plugin will automatically post the credentials for you with  
out having to type them thus avoiding keystroke loggers.  No, this  
isn't foolproof but it does mitigate some of most common risks.

I was also surprised to find that there was a mac folder on the key --  
which contained a single executable (the windows folder contained  
about 20 files) which when executed on a mac mounted the key and  
prompted for the password.  I have since found out that the most  
recent versions have linux support too.  At the moment Mac and Linux  
support is "Alpha" and in particular you can initialise the device  
only on a windows system and the password manager etc only works on  
windows.  That should change soon and IK are promising full support  
for Mac and Linux.

If this was not enough the local NZ agent just told me that they have  
received a new key (which they are passing to a 'major bank') that has  
a built in RSA token.   Since we use RSA to secure access to much of  
our infrastructure this is attractive -- I for one would welcome one  
less bulky object on my key ring.  We plan to require RSA  
authentication for our VPN sometime next year and so this ties in  
nicely particularly if we can get the VPN client on to the key.

This product looks like one worth following, we will wait until Mac  
and Linux are fully supported and the RSA tokens available (hopefully  
in a few months) and then try and get a bulk deal.

Russell

More information about the unisog mailing list