Thumb drive encryption?

[OUSAK]

I want to use a thumb drive (aka flash drive, usb key or stick) for work, to copy client files to take back to the office.


Since the files I will be carrying contain confidential data, I want the data protected from unauthorised access.


My requirements:

- password to access the data once I plug in the thumb drive to a USB port.
I think I would prefer that only if password is correct, then the data partition gets mounted. (This way it stops unauthorized copying of the data, even in it's encrypted form).

If password is required prior to mounting, and there is no easy way someone could access the data, then that may be good enough, meaning encryption may not be required.


- on the fly encryption and decryption, for a seamless and user-friendly experience. Once I enter that one-off password, I want to be able manage data, to and from the thumb drive, just like I would normally. The drive should automatically encrypt/decrypt the data.

- Since some files may be large, I want the encryption/decryption to be fast and seamless.

- This will probably have to be a software based solution, so I can install on any thumb drive.

- Freeware or not, I will consider anything if it meets my requirements.


Anyone know of anything to recommend? Thanks in advanced!





A work around solution using common software is to us password-protected archives, such as RAR or ZIP files using winRar etc... Using zip may be a safer bet, as not everyone has winRar installed.

I'm aware that zip/rar passwords can be brute forced, so I will need to utilise strong passwords.

[hellnoire]

TrueCrypt or 7-Zip are the first things that come to my mind when I'm thinking encryption. 7-Zip has a portable version that you could slap on your flash drive with your zipped files, and you could always .7z them, making it even less likely people could open it without your unzipper. Of course, as you said, it can be brute forced, but that's the thing: if you make the password long and complex enough, it could take them years.

[OUSAK]

Good stuff. TrueCrypt should do it. Worked it out at last. A little complicated though (too many clicks).


Found a flaw in TrueCrypt. Once mounted, and you delete a file, it moves it to the Recycle bin. The file in the recycle bin is not decrypted.


I will continue to evaluate it, as it has different usage methods.


7-Zip sounds like a good free alternative to WinZip or Windows built-in zip capabilities.


Thanks

While looking for portable version of 7-Zip, I stumbled across this awesome site:

http://portableapps.com/


Sweeeeet

[hellnoire]

That's what I meant. You don't even need the Portable Apps Launcher to use the portable 7-Zip.

I wasn't aware of the flaw in TrueCrypt, for that, I'm sorry.

[OUSAK]

Found this other tool called "Folder Lock 6".

I find this to be more user-friendly than TrueCrypt. Works in a similar fashion.

Anyone have an opinion on this one?

[hellnoire]

I find it to be a pain in the butt, since you need at least two copies of it, one at your work PC and the other on the client's PC. It's not as secure as TrueCrypt either, since it doesn't give you 'plausible deniability'. But that's my two cents.

[OUSAK]

That's not the case. With the full version of Folder Lock, it installs a portable-autorun version of "Folder Lock" on the USB key, which allows you to open your files on other computers.


So basically you use the full installation version on your licensed computer to create the encrypted images (lockers), and the copy of Folder Lock on your usb key is just for unlocking the lockers (without the ability to create lockers).


The interface is a bit tacky, but I do find the interface of Truecrypt as confusing (too many buttons and options, very technical).

Found another good one, with nice interface: Dekart Private Disk.
However it is a bit pricey, compared to the free TrueCrypt.

Uses the virtual disk mounting method.





I think the best solution is a hard-ware encryption solution. Similar perhaps to the new "Iron Key" usb keys with on the fly encryption.





I've identified 2 methods for encrypting folders/files on a USB key:
(1) Virtual disk (mounting, with password protection)
(2) Folder/file locking (with password protection)

And there is a 3rd option, which is similar to option 2, which is password protected zip files...


Most of the software I've tried work in a similar fashion to this method:

- Create folder, edit files within there...
- Once done, Zip the folder using a passsword.
- To resume editing, unzip the folder using password, and then delete zip,
- Once done, Zip the folder using a password, which will create a new updated zip file..
and so on...


Which works great, as these applications, such as "Folder Lock" work in a similar fashion, but provide you with a friendlier interface, which does all those steps in the background.

My concern however is the following: what happens when dealling with a large encrypted file?? Does it take longer to lock / unlock ?
I have a feeling that it will take longer, as it needs re-encrypt all files etc each time, as most such software delete the decrypted folder, and recreate an encrypted 'locker' file (similar to an encrypted password-protected zip file).


This of course is not the case with the virtual disk method, which works faster and more optimal.



Your thoughts?

[Polkadot]

You might look into PKZIP. It is very powerful encryption/compression and it is FREE if you go here:
http://www.pkware.com/software-data-security/free
Otherwise you can BUY the same version that Dept. of Defense, CIA, State Dept, etal use.

[hellnoire]

PKZip and 7-Zip are able to do about the same security, Polkadot, but 7-zip is portable, hence why I suggested it.

[OUSAK]

Just been evaluating several of these products.

TrueCrypt does everything I need and it is free.
However the interface tends to freeze up sometimes, which is annoying.


One of the features I wanted was for it to prompt me for a password once I inserted the USB key, and that would auto-mount the virtual volume container using TrueCrypt (which is installed portably on the USB key). The travel-mode option of TrueCrypt creates an AutoRun which has all the commands required to mount the specified container.

HOWEVER this wont work on my machine because I have auto-runs disabled, in case of viruses. That means I have to mount the container manually each time, which is ok I guess.

Also I've started using "Panda USB Vaccine" on my USB keys, which disables the autorun file from ever being overwritten or updated (unless you reformat).
This means I cannot create an AutoRun for TrueCrypt's travel mode (auto-mounting).



Another issue I noticed is that when not mounted, I can delete the Truecrypt container file.

When using the shareware "Folder Lock", which works in a similar fashion, the Locker file cannot be deleted unless you do it from the "Folder Lock" interface. Which is somewhat a good thing, as it stops someone else, including yourself, from deleting the file intentionally or by mistake.



TrueCrypt is more powerful, but the interface is not user friendly.

Folder-Lock is shareware ($40USD), works great, but has a gay interface.
Not something I would run in front of clients, as they would laugh.

Both apps are great none-the-less... But TrueCrypt wins because it's free and more powerful.

----------------

Using TrueCrypt, with disabled Auto-Runs, I was able to overcome this by creating 2 batch script files, 1 with command to mount my truecrypt container, and another to dismount it.

This way I can mount and dismount with a single* click.

The mounting script specifies which letter to map to, so I use that same letter to dismount.

* However, I need to specify the full path, including drive letter, of the folder on the usb key containing the TrueCrypt container. (Which kinda kills the idea of single click, if it only works when usb key gets mapped to the same letter as hard-coded in the batch script).


*dizzy* No wonder no one uses encryption on their usb keys... I think the hard-ware solution with built-in (on-board) encryption will make life easier....