It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that’s just because it’s the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?


It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

  • makeasnek
    link
    fedilink
    English
    arrow-up
    29
    ·
    edit-2
    10 months ago

    Hardware signing devices have lots of utility because they keep the key from ever being on the machine (which is more likely to be compomised). Think ledger or trezor for your Bitcoin. Hardware encryption devices are just really expensive and black-box ways to avoid Veracrypt.

    If your encryption algorithm is secure, you have no use for automatic lock-out. If it’s not, automatic lockout won’t do much against an attacker with physical access to the device. Unless they are dumb enough to trigger the lockout AND the internal memory wipes itself sufficiently well AND/OR the attacker doesn’t have the resources to reverse engineer the device.

    • kevincox
      link
      fedilink
      arrow-up
      3
      ·
      10 months ago

      If your encryption algorithm is secure, you have no use for automatic lock-out.

      This isn’t true. You need your algorithm and your key to be secure. If the key needs to be remembered or entered often it probably can’t be secure. So brute force protection becomes very important.

      If it’s not, automatic lockout won’t do much against an attacker with physical access to the device.

      This isn’t true. Yes, with enough time and effort it is possible to extract any data from any device. But in practice physical HSMs do an excellent job at raising the cost of key extraction. I would much rather have an attacker steal my Yubikey than a USB with my GPG key lying on it.