The Needed USB Flash Drive Hider & Encryption

by Jimbo, those requests are present so many times here.

One more alternative to TC is FreeOTFE, behave simlar way, also has an reader/explorer coming with it in the case you have no admin rights.

The problem can not be solved on software side alone. Either folder is encrypted and has to be decrypted before use, well this is simple , but not ergonomic and not what people want.

Other method would be to use software residing in the actual controller of the stick. This is done many times, one can simply buy one of those $$$$ Sticks with that feature buit in. (Ironkey for example)
But also here sometimes this can be used only with admin rights. I have one stick, which needs admin rights to enter the password to the sticks controller for example, making it useless then.
And such soloutions are fixed to the particular stick and of no use on other stick with different controller.

Recently, I followed some threds in the real thunderbird forum, technical solutions for at least encryption of the profile were the theme. But so far nobody could create something which would work on all cases. Well yes, small files can be simple decrypted when opened, but what if someone has 10Gb of mails in it?
The on the fly encryption is limited (windows) so again, attempts for that will cause trouble in one or other way.

I read more than once what you say here: "It cannot be done without administrator access. Period. In any way whatsoever."

However, the Rohos mini drive app claims to create an encrypted volume on a file (not an encrypted partition) that then you can mount without admin rights.
http://www.rohos.com/products/rohos-mini-drive/

What is the catch with this approach?
What do I miss compared to the apps that require admin rights?

That's not true. FreeOTFE allows you to use a virtual disk if you have administrator rights, but still allows you to work if you don't via FreeOTFE Explorer.

Going through your list:

• Encrypts data...
• It has full support for command line parameters as well...
• It supports hotkey dismounts as well...
• Hidden volumes? Yup has that too...

  But administrator rights? Doesn't need them!

  ...And best of all - it works with portableapps.com! It's amazing the number of applications which do - but it's such a good idea and allows me to carry both my software and files around with me!

Well, while we are on the topic of encryption without any effect on the host system, or any risk of the host system infecting your drive, or the host system logging your access...

It *ABSOLUTELY CAN BE DONE*

If you have sensitive data to take care of, then it is rediculous to try and rely on a hodge-podge DIY software hack and an insecure $30 thumb drive.

Enter IronKey. https://www.ironkey.com/

Basically everything the OP described and more can be done on the IronKey. I won't allude to it being cheap, not at $300 for a 16GB, but if you have *mobile* data to secure, its the only option. If you are just trying to hide pics of your ex from your girlfriend or phone numbers from your roommate or something, then I wouldn't say its worth it, but then again, that's not for me to know or decide.

As for the hidden volumes, I haven't played with truecrypt enough to really play with the volume encryption, but you cannot see any file (even filenames) on the IronKey until it is unlocked. It shows up like an empty CD-ROM drive would (not the device type but in behavior) in that until it is unlocked, windows will prompt you to "insert a disk into the drive". IronKey also features full compatibility with Mac and Linux. Also, it has an application launcher that is better than the Portable Apps launcher, you don't have to have an exact directory structure to add the app to the launcher. Now, I still use the launcher on my other drives and use the portable apps from here on my IronKey, they all interoperate very well with each other.

I'm not quite sure what are you talking about here:

But if you have some text, some images, whatever, apparently you can stash them in a JPEG or in some JPEGs, and the picture will still show up.

You either mentioning a simple copy trick here (read the LifeHacker article here), or methods involving steganography, which is a much more complex process to hide sensitive data.

The first one - the copy trick - may help in cases where you aren't dealing with professionals. Steganography methods are much harder to break, but not impossible - if you have some really sensitive data, you may want think about developing your very own methods, because the well-known steganography attacks working mostly with the already well-known hiding methods.

Somewhere I downloaded one day a 'software' which told me it will hide folders and only unhide them when password is entered. Hmm, fine I thought, the functionality will be here only if I pay the 21.50 usd or so. OK, I took the risk, paid by credit card and what did I found? The so called software was simple script setting hidden attribute ..... So this just for experience.

As far as steganogrpahy concerned, I have somewhere such nice GUI programs even in 16bit windows versions, will have to search at home where they are. One definitely was simply called HIDE, one HIDEUNHIDE and one was called SNOW. The snow was funny, it was hiding things inside simple text files. Today there are software like stego, dealing with almost all files and combinations of it, hiding picts in other picts. Even on my old Psion5mx, I have software hiding files inside sound files or jpg. It takes sometimes 20 minutes there, but it works.
But one thing has to be mentioned. Due to the fact how the jpg compression is build, it is simple to insert a file to it, but it is not something considered secure today. This is no more steganography in its original meaning which would be that you can hide the file in it and others can not even recognise that there was something in it. Qualified software will immediately recognise that this jpg is no more jpg in its original form, the compression calculation is disturbed by some means and the points of disturbance are apparently easy to be found by any forensic software today. The same applies apparently to MP3.
More secure , I was told, will be in this matter hiding files in things like WAV, since here mostly no fancy and predefined compression takes place, so one bit more or less on each sample is very difficult to recognize. Same will be probably with simple uncompressed bitmap picture.

A couple of months ago I came across this nifty program. I put the file in the root of my thumb drive, created a simple batch file and used bat-to-exe and put that file into a sub folder under PortableApps called "Rohos" to initiate the program. Works like a charm. I even put Thunderbird Portable in the virtual drive and did the same thing about creating a batch file turned into an exe in the normal Thunderbird folder under PortableApps. The only issue I think I would have is if the drive letter I have assigned for the Rohos virtual drive is already taken, then my batch file would not work for Thunderbird.

you can build a controller chip on your own, then creating the right firmware for it and finish.
(the whole fun of U3 is that it works with dedicated sandisk chipsets only)

And otherwise: its not big deal to create a stick with one additional fake drive and a iso-cd partion on it. There tools around doing that. And yes you can see then an additional cd drive and a disk drive in windows.
But this is about where the story ends. You will not come very much further here.

For the rest , you need firmware for the controller in your stick to do the whole job, otherwise you end up with pure software solution running on your PC and not on inside the stick, so this is where you find truecrypt and similar.

I have a Sandisk with U3. OK - it's not industrial strength - but it suits me fine - and no administrator rights needed. What would be truly lovely would be a Portable App type app which did more or less the same thing, with no fuss, on any USB pen drive. For instance, I can plug in my Sandisk, and ignore the U3 part of it after I have logged in, and just use the other partition to install my PortableApps apps. No 'normal' person can get into my drive to access any of these (especially my emails on Portable Thunderbird, or my Portable Firefox with its saved logins/passwords) without my U3 password. So, can we please, please have a PortableApp which does the same thing. I, for one, would not object to 'contributing' (ie paying) for this... Please, pretty please?

It only works on specific drives with specific controllers, and these are relatively rare outside of Sandisk now that U3 is no longer supported by other vendors.