It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that’s just because it’s the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?


It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

  • Corroded@leminal.spaceOP
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    9 months ago

    Related XKCD

    It’s a shame more people don’t think of obscure numbers they’ve been forced to remember in the past or see constantly and use those.

    • A number from a song

    • Your middle school locker combination

    • The number of a local pizza place

    • Your library card number

    • The barcode number on something you carry around all the time

    If you combined any two of those I imagine it would make for a pretty secure password.

      • Corroded@leminal.spaceOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        That’s why I said to combine it with something else. Jenny’s number might be in a dictionary that is used in a brute force attack but hopefully something like your middle school locker combination isn’t. It’s still 7 extra bits of entropy.

        • Preflight_Tomato@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          9 months ago

          Password Entropy = length * log2(possible_chars). So this would actually add 7*log2(10) => 23 bits of entropy, assuming the attacker knew that this section was numeric, or ~45 bits if they didn’t.

          For anyone curious: Current best practice is a minimum of 100 bits, or 16 characters assuming only letters, numbers, and special characters. The recommended minimum bits increases every year with computing power.

    • NuXCOM_90Percent@lemmy.zip
      link
      fedilink
      arrow-up
      3
      ·
      9 months ago

      No. That xkcd (not loading but I assume it is the password one?) is not relevant. Because you can’t make a meaningful and easy to remember mnemonic out of a numeric password. That is WHY a purely numeric password is bad for anything that needs security. They are great for 2fa but the unique key should still be the other device.

      And all of your good codes are similarly easy to social engineer out, are screwed the moment it is compromised once, or are literally reading off a sticky note.

      Which gets back to these kinds of devices largely being security theatre. Because there is no good use case for them that wouldn’t also involve encrypting the data/volume after you pin in. At which point… why waste money on something conspicuous with an easy to crack code?

      • Corroded@leminal.spaceOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        9 months ago

        I included it because passwords don’t need to be hard to remember. If they make sense to you and have a bit of thought behind them they can be just as secure.

        I am not saying these codes are perfect but if they are the weakest link in your network of security it’s a decent start. Someone could be trying to get your passcode for days but unless they see you checking something like the bar code of a notebook before you have it memorized they could spend months guessing before realizing a segment of your passcode is the number of a pizza place in your hometown. It’s not exactly something that’s going to come up naturally.

        I mentioned it in another comment but they also lock you out after a set number of attempts preventing brute force attacks.

        I am not saying they aren’t overpriced for what you are getting ($100 for 8GB) and considering the other options that are available but I doubt they are significantly easier to crack than a smartphone

        • NuXCOM_90Percent@lemmy.zip
          link
          fedilink
          arrow-up
          1
          ·
          9 months ago

          Look up how hard it is for humans to remember long strings of numbers. That is WHY ICQ (and eventually phone numbers) were dropped almost immediately in favor of social media and the ability to exchange numbers just by tapping phones.

          And in the time it would take to memorize a bar code (12-ish digits, depending on standard) you likely should be rotating that password anyway. And in the time it would take to memorize it you are also very blatantly reading off a sticky note as you “discretely” look at your notebook every time you want to access your password database in public. And if you aren’t in public? Why go through these extra steps when there are much better ways to secure this that are a lot more obvious if they are tampered with.

          I get that a youtuber you like talked about this. Youtubers talk about a lot of stupid products in the interest of making Content. But maybe listen to the people who have experience with this kind of hardware and the kind of security theatre policies that make them “a good idea”.

          • Corroded@leminal.spaceOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            9 months ago

            I get that a youtuber you like talked about this. Youtubers talk about a lot of stupid products in the interest of making Content. But maybe listen to the people who have experience with this kind of hardware and the kind of security theatre policies that make them “a good idea”.

            I think you might be confused. I’m not saying these devices are good. I started the post by asking if people thought they were a novelty. I just don’t think it’s as black and white as you are making it out to be and we got off on a tangent about passwords.

            I think often enough people have a few numbers memorized that they can use and a lot of the time they’re going to be too obscure to social engineer. I don’t think you could do some CSI Miami style deduction to easily find out a passcode that’s over ten digits in length.

            I will admit you could probably brute force it and it’s going to take less time than an alpha numeric password.