Another Snake Oil Candidate

Damien Miller djm at
Wed Sep 12 18:44:53 EDT 2007

On Tue, 11 Sep 2007, Aram Perez wrote:

> The IronKey appears to provide decent security while it is NOT plugged into a
> PC. But as soon as you plug it in and you have to enter a password to unlock
> it, the security level quickly drops. This would be the case even if they
> supported Mac OS or *nix.
> As I stated in my response to Jerry Leichter, in my opinion, their marketing
> department is selling snake oil.

It protects against the common threat model of lost/stolen USB keys. Why is
this snake oil? Your criticism seems akin to calling a physical lock insecure
because it doesn't protect you from burglars once you have unlocked it.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list