"Best" encryption for a USB?

Discussion in 'privacy technology' started by brettST, Feb 11, 2012.

Thread Status:
Not open for further replies.
  1. brettST

    brettST Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    5
    Location:
    USA
    I want to encrypt a USB I carry on my key chain. It has some "sensitive" data, like financial info and website passwords.
    I need to be able to decrypt and use it on "any" computer. I have it in case my home computer crashes or I have to use it while traveling or in an emergency.
    What are some good (preferably free) options I could use?
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I am curious why such sensitive information would need to be stored on a portable usb and carried around? Seems like a big risk. My main concern is when you ask for this to work on any computer. Most free encrypting programs will require admin rights to work correctly to decrypt your information. I would suggest you purchase a usb drive that comes with hardware level encryption. That would allow you to decrypt on public machines as well, though I highly advise against it as you do not know what type of logging is done on public machines or if they haven't been compromised.

    Assuming you do not want to do that the below steps will set you up with an encrypted USB however you will be limited to only access the information on machines that have the encryption software and admin rights.

    Before we begin encryption we are going to sanitize your USB to the best of our ability, I would advise you to perform this step to help secure your data though you can skip below to the encryption bit if you would like.

    To begin with sanitizing your USB stick, first move all data from the USB onto your main personal computer. After that it is time to zero out your drive.
    If you are good with Linux a simple DD command will work. Additionally if you have your preferred program already installed you may also use that at this time. If not please go here and download their diskwipe utility.
    Unzip and run Diskwipe. With the usb drive mounted to the computer, select its drive letter, select number of passes to 1, and select blank disk. Depending on the size of your USB it should only take a few minutes. Once that is done reformat the USB drive in windows/linux/mac to your preferred file system and we have a nice clean usb to begin encrypting.

    Time to start the encryption part. Please download this handy open source program Truecrypt. Truecrypt will allow you two different encryption options with your USB stick. You can use what are encrypted file containers, which allow you to save all your sensitive documents inside an encrypted container file on your USB drive. The second option being to encrypt the entire drive. The difference is the first option will still allow you to use the usb stick without having to mount it through truecrypt, the second you will need to use truecrypt to access your usb. I don't want to bore you to death by making a wall of text, please watch and follow this video tutorial here on how to perform these steps. Though I'd be more than happy to answer any of your questions.

    After your usb drive has been encrypted you can move your data back onto the USB and be assured it is now secure. :)
     
    Last edited: Feb 11, 2012
  3. brettST

    brettST Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    5
    Location:
    USA
    Thanks, that was a very helpful answer. As far as the type of info, it would be insurance information, contacts, some web logins.
    Things you may need to have if you evacuate for a natural disaster. It would be easier and safer to have the docs and info scanned and placed on a USB, then encrypted, than it would be to carry a large file folder with the same info.

    that is the main reason it would need to be decrypted on another computer, I may need to access it at a relatives house or hotel one day if I can't get back home, of if my home computer is damaged. I thought about some type of "cloud" storage, but, you have to trust their security.
     
  4. peto46

    peto46 Registered Member

    Joined:
    Feb 6, 2012
    Posts:
    3
    In my understanding, hardware encrypted USB disks like Kingston Data Traveler Locker+ can be used in any computer, and you can combine it with having all your data additionaly encrypted on the truecrypt-ed container, making it virtually impossible to decrypt.

    I think the point of vulnerability is when you use the disk on "any" computer...how do you ensure, that some virus is not running on that computer, secretly reading your data after you decrypt the drive?

    At least for the website passwords and plain text files, I would recommend firefox extension called Lasspass, where your data are protected with password, plus (on foreign computer) with grid you have to print on paper.

    peto
     
  5. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    You can't use portable Truecrypt on any computer you like because it needs administrator rights which you are not likely to have anywhere besides your home computer, I had that problem with the library computer, it doesn't work unless the drivers have been installed.

    I would go for the Ironkey or some kind of similar hardware encrypted thumbdrive.
     
  6. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    Here is a good example of why confidential or 'secret' data should NEVER be exposed to a system that you
    (or your employer, in 'corporate cases')
    don't 'Own' (ie have Admin-rights over) .
    https://www.schneier.com/blog/archives/2006/08/usbdumper_1.html

    Yes, it will also dump the contents of your unlocked Iron-key !
    And you would never know it happened .. Until your credit-cards don't work .

    In my experience, most pre7-windows-systems can be 'auto-infected'
    with this neat little data-thief just by inserting a 'U3'-capable flash-drive
    for 15-20 seconds .
    Have a look here for more info and proof-of-concept .
    http://wiki.hak5.org/index.php?title=USB_Switchblade
    BEWARE :
    DO NOT play with this thing on other peoples systems !
    It would be unethical and if you get caught, you may easily go to prison, like you should !!

    And don't root yourself either !

    PS :
    I have also found that on a surprisingly high percentage of windows-systems you CAN actually use
    TrueCrypts 'portable mode' .. Because the user never bothered to create a user-account !!
    They still use the admin-account that windows auto-logged them into after installation !!!
     
    Last edited: Feb 13, 2012
  7. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    In lieu of the fact this data needn't be frequently accessed, I would suggest zipping all files in an encrypted folder (axcrypt for one). Then store it in the cloud or IMAP email.
    (This way you don't have to worry about losing the thumb drive).
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    Removed Off Topic Post.
     
  9. brettST

    brettST Registered Member

    Joined:
    Feb 11, 2012
    Posts:
    5
    Location:
    USA
    Enigm, I was suspicious that such software existed. Thanks for the responses. It seems, given my needs, that an encrypted zip file saved to a cloud server may actually be the best choice at his point in time.
    You would have, to a degree, the encryption from the storage provider, and the encryption of the file. Plus, there would be no hardware to carry or lose.
    You will still have the issue of the computer you accessed it from. I will have to cross that bridge when I get there. Ideally, I will use a laptop I own, or a "friendly" computer.
    Thanks for the truecrypt tutorial it will come in handy for other needs
     
  10. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    I keep an encrypted file containing passwords and the like on my domain host's static website in a "private" folder. Easily accessible via ftp client (or via web browser).
    Note: If using Axcrypt (or similar), you may want to encrypt as a self-extracting .exe file so that file can be decrypted on any machine that does not have Axcrypt installed.
     
Loading...
Thread Status:
Not open for further replies.