1

For a pendrive like Kingston IronKey, how can the pendrive block multiple password guessing attempts?

Couldn't the person just disassemble the pendrive, make 1:1 copies and try again and again to access the data?

I'm thinking on a scenario like Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes, where the bounty of 200 million would be worth a significant investment of resources and where the owner could approach the manufacturer openly, since there's no foul play involved. It might be a safe assumption that the owner partially remembers the password.

Of course, Kingston could reject any cooperation just to show off how safe they are.

Quora Feans
  • 1,891
  • 1
  • 12
  • 20

1 Answers1

5

No, the pendrive (IronKey) in this story cannot be disassemble and here's why...

The original IronKey was FIPS-140-1 compliant and the current ones are FIPS-140-2 or FIPS-140-3 compliant. These keys are tamper-resistant, because of the design of their metal cases. The encryption key is also stored in a tamper-resistant cryptochip module, which has a self-destruct function in case of physical attacks.

Here are some basic details from vendor documentation:

Device Password Protection: The device password is hashed using salted SHA-256 before being transmitted to the IronKey Secure Flash Drive over a secure and unique USB channel. It is stored in an extremely inaccessible location in the protected hardware. The hashed password is validated in hardware (there is no “getPassword” function that can retrieve the hashed password), and only after the password is validated is the AES encryption key unlocked. The password try-counter is also implemented in hardware to prevent memory rewind attacks. Typing your password incorrectly too many times initiates a patent-pending “flash-trash” self-destruct sequence, which is run in hardware rather than using software, ensuring the ultimate protection for your data.

Here are some more details on the IronKey self-destruct function

Self-Destruct Data Protection:

  • Secure volume does not mount until password is verified in hardware
  • Password try-counter implemented in tamper-resistant hardware
  • Once password try-count is exceeded, all data is erased by hardware

Physically Secure

  • Solid, rugged case
  • Encryption keys stored in the tamper-resistant IronKey Cryptochip
  • All chips are protected by epoxy-based potting compound
  • Exceeds military waterproof standards (MIL-STD-810F)

Additional Security Features: USB command channel encryption to protect device communications

Life is complex
  • 816
  • 3
  • 7
  • If I recall correctly, the inside of the case is packed full of epoxy, such that trying to get at the electronics will damage them. – gowenfawr Jan 15 '21 at 15:39
  • @gowenfawr I believe that you're correct. I found a video on YouTube that seems to show that the key is indeed packed with epoxy. – Life is complex Jan 15 '21 at 15:53
  • The IronKey manual also says that the USB is not mountable until it is unlocked, making it not possible to copy the encrypted contents. – schroeder Jan 15 '21 at 18:22
  • 2
    Secure pendrives like the IronKey might also use a metal mesh that is embedded in the epoxy and would get destroyed when someone wants to tamper with it. This gets detected by the cryptochip and it invokes the self-destruct (clearing the key material used to decrypt the flash memory). The user pin just wraps the encryption key in the secure chip and when it does not match, the key does not unwrap. Maybe this is done by checking a password hash of the user pin. The retries most likely are handled by secure monotonic counters and can't be bypassed. – Reiner Rottmann Jan 15 '21 at 18:43