Need USB Encryption with a Few Requirements

Discussion in 'privacy technology' started by Brandonn2010, Feb 17, 2016.

  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    So I'm going to carry around a USB drive on my keychain with a backup of my documents, etc. as well as PortableApps and my KeePass database. I need to encrypt it in case I lose it, but can't find a good encryptor. I am asking here as I'm sure one of you knows one that:

    1. Supports Windows 10
    2. Doesn't require a separate program installed on other computers to use, ie. I can plug it into any computer and access the USB drive.
    3. Is free
     
  2. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,278
    I use BitLocker, no problems.

    I have used this on Windows 8.1/10 Pro to create the encrypted drive, the same and 7 Home Premium to decrypt/encrypt it in normal use.
     
    Last edited: Feb 17, 2016
  3. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I only have Windows 10 Home so I don't think I have Bitlocker.
     
  4. ssbtech

    ssbtech Registered Member

    Joined:
    Aug 19, 2013
    Posts:
    57
    Location:
    Canada
    I think Corsair (among others) has an encrypted USB drive that has a number pad built into the drive so you can plug it into any computer and unlock it. Would that work for you?
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Meets all 3 of your requirements.

    You can easily use TrueCrypt or VeraCrypt in portable mode. Very small portable folder (a few meg) installed on usb and then it will work seamlessly on any Windows computer (where you are logged in as an admin user). Safe, Easy, EXTREMELY SECURE.

    VeraCrypt or TrueCrypt do NOT have to be installed on the computer since they run directly from the portable folder on the usb. An extremely small exe is installed (happens automatically in the background) the first time its used this way by the admin user account. After that you don't even need to be an Admin user since the exe is already there. I have done this thousands of times over the years.

    All the documents/files you want to secure would be contained in a file based volume on the usb. That file based volume can be copied just like any other file so backups are just plain simple. With the volume closed/dis-mounted its secure during copy to another media.
     
    Last edited: Feb 18, 2016
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    @Palancar - I would hesitate to say "EXTREMELY SECURE" when you are running on "any Windows computer" - unless you have control over that environment, you are vulnerable to KSL and other malware as you run your portable apps. My preference would be to have a combined usb stick with a bootable Linux distro plus a fat32 partition for the containers or other databases. That would support KeePass, but not be W10 obviously. At least when you boot off the usb stick, you have a known OS under your control.

    The fat32 files could still be read by any trusted windows machines under your control, then you have a better solution for when you're out and about.
     
  7. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I decided to go with VeraCrypt for now.
     
  8. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,278
    Two different things, an encrypted USB (BitLocker) and an unencrypyted USB with an encrypted container and some other files in it (VeraCrypt).
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Robin A, your comment was no brainer in a good way. The OP does not have access to BitLocker and beyond that he wants a stick to insert in ANY computer. He doesn't want foreign computers to require installed software to mount his USB volume. With those restrictions device level encryption models (which are way more secure I acknowledge) are out of his reach and miss the requirements he set forth.

    Everything you said is easy to concur with, but we are back to the OP's listed requirements. I fully understand what you and I would do and why we would do it. If the OP carries that USB stick to numerous foreign computers its almost certain that many of them won't have the bios configured as bootable for USB. I doubt the owners of those machines are going to want their bios manipulated by a visitor as described in this thread.

    Regarding EXTREME SECURITY I made the comment based upon needs described accordingly: his fears ALL seemed to be regarding the loss/theft of the usb stick. A VeraCrypt volume hardened by PIM and created with a high entropy password is very secure. I do agree with you about Windows but the security aspect of which I refer is the physical stick in his pocket with NO access to the machine that is using it.

    We are in agreement with the ongoing Windows vs Linux configuration!
     
  10. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Thanks guys. Yes basically it's just to protect my personal docs in case I lose the USB. No sensitive work stuff requiring massive security. I just wouldn't want someone to get my USB if I lose it and get my personal info.

    I had considered an encrypted USB like the Corsair USB drive, but I already had purchased a Kingston Data Traveler because it was cheap and fits very nicely on my keychain. The decision to put personal info on it was after I bought it, I was originally just going to keep Portable Apps on it.
     
  11. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    I used it in the past when I was using Win, but if I well remember you must be admin even to launch the portable Truecrypt to open then the container.
    If this is still the case, then it not possible to use it on any machine.
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    I know I mentioned that in post #5 above.
     
  13. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
  14. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
Loading...