You are here

Flash Drive Security

27 posts / 0 new
Last post
wcameron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-03-18 13:10
Flash Drive Security

Please don't yell at me - I did search before posting this.

I've read the posts and it seems that all encryption software requires admin priviledges so I just wanted to find out what others are doing for creating a minimum level of security. If we can't encrypt - then what can we do? Please don't list only free solutions. I don't care if I have to pay for something if it will work.

I have several questions:

1. How do I keep my passwords safe if anyone can use my FireFox? Should I simply tell it NOT to save passwords and use a third party manager like RoboForm2Go to save the passwords?

2. Is there another option that works for people for securing document files? Is a password enough?

I just wanted to get some discussion going as it seems that we're stuck with an insecure drive that if lost could compromise privacy and security. There must be a better way. I just don't have admin priviledges in the places that I will use my drive.

Thank you for your help on this.

John T. Haller
John T. Haller's picture
Offline
Last seen: 8 hours 9 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Combo

Something like KeePass Portable or RoboForm will keep your passwords secure. Even within Firefox Portable 2, your stuff is encrypted. As for documents, OpenOffice.org encrypts them when you password protect them.

Sometimes, the impossible can become possible, if you're awesome!

mak
Offline
Last seen: 15 years 8 months ago
Joined: 2005-12-23 09:09
Better Yet

If you already use KeePass and want to encrypt documents, simply create attach them to an entry. You could even create individual entries for each document. The downside is the the documents will need to be saved to disk each time you want to open/edit them. This works well for documents that you need, but seldom edit.

vbap
Offline
Last seen: 8 years 6 months ago
Joined: 2006-08-28 02:28
Firefox

If you choose to save your passwords in firefox, then you should also protect with a Master Password (Tools - options - security - Use a Master Password). That way, no-one who uses your firefox portable will have access to your passwords (unless they know your master password). This is what I do, and it's one of the main attractions to firefox for me (to have this functionality built-in).

wcameron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-03-18 13:10
I have set the master password

thanks. based on your advice I did set the master password and I'm experimenting with Roboform2Go. I may use that as well.

wcameron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-03-18 13:10
Thanks- This is a Start

I'm wondering. Could I somehow copy or save files to a zipped folder that would have a master password? This way I wouldn't need to password protect individual files. What might be the best Zip utility to do this?

John T. Haller
John T. Haller's picture
Offline
Last seen: 8 hours 9 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
You can indeed

And you can do it right within 7-zip Portable.

Sometimes, the impossible can become possible, if you're awesome!

wcameron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-03-18 13:10
How do I get 7-zip to actually compress a file or folder

I can't seem to get 7-zip to do anything. It's file manager does not even have a command to compress or zip - let along encrypt or password protect. I must be insane but can you point me in the right direction?

Tim Clark
Tim Clark's picture
Offline
Last seen: 14 years 6 months ago
Joined: 2006-06-18 13:55
You are not insane

Just so you don't feel too stupid, I call myself a geek and personally don't find 7-zip to be very intuitive at all [e.g. open inside, open outside ???]

Tim
Geek w/o portfolio

Things have got to get better, they can't get worse, or can they?

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 1 year 4 months ago
Joined: 2006-11-18 10:26
This is how you do it

Navigate in 7-Zip's "file manager" (as you call it) to the file(s)/folder(s) you want to compress and highlight it/them then click on the "Add" button with the big, green plus sign on it which will bring up a dialog for options. You're "Adding" that file/folder to the compressed file.

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

emuostrich
Offline
Last seen: 18 years 4 months ago
Joined: 2006-11-25 18:50
How safe is it?

I know the encryption is the same as anything else, but doesn't the fact that you have to delete the files after extracting / decrypting them pose some sort of potential security loophole?

Thanks,

Adam

Thanks,

Adam

DaveWest
Offline
Last seen: 17 years 8 months ago
Joined: 2006-12-11 23:16
Depends if you have a good

Depends if you have a good hex editor or not, and know how to use it.

[e.g. open inside, open outside ???]

Open within 7zip using a plugin, open outside 7zip using another program. Same as saying read it using 7zip viewer, or read it using notepad.

You're only as safe as time, type of passwords you use, and keys.

----------------------:)

Did you know that the entire operating system use to fit on a 5 1/4" floppy disk!

emuostrich
Offline
Last seen: 18 years 4 months ago
Joined: 2006-11-25 18:50
Oke

Gotcha

Thanks,

Adam

Thanks,

Adam

wcameron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-03-18 13:10
What is a good workflow for security?

what do you recommend for a workflow? Should I unencrypt the file to another directory, work on it and then copy it back to the encrypted directory?

Also, I set the zip files and directories up with passwords, but suddenly it is not requesting them. Is there a way to reset them easily?

Is there a way to automatically delete unzipped originals when they files are zipped?

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 1 year 4 months ago
Joined: 2006-11-18 10:26
Should I unencrypt the file

Should I unencrypt the file to another directory, work on it and then copy it back to the encrypted directory?

Doing that would be bad as an unencrypted copy of the file would be left over unless you used one the the "file shredding" programs out there to overwrite the storage medium the file(s) occupy.

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

DaveWest
Offline
Last seen: 17 years 8 months ago
Joined: 2006-12-11 23:16
I don't do allot of

I don't do allot of encrypting, some, but for other reasons. I find using something other then MS works, such as OpenOffice is enough of protection. For their is some 200 programs out there to recover forgotten passwords on every MS product you could think of. I haven't found one for OpenOffice, but that doesn't mean that 'Cain & Abel' wouldn't work ether.

I've tested OpenOffice with passwords and it's not bad. I couldn't read it or see into it.

As for zips, Winrar performs the best for password protection. 7zip is nice to have for a portable zipper, but runs about even with Winzip for password protection... about zip.

One thing to think about, with all that encrypting/unencrypted file access, how long you think the drive will last!

If you password lock your files, do it right. Nothing less then 9 characters, with upper, lower case, numbers and non-alpha characters.
This would take less then 30 min. 'dogwar', this maybe a day 'Dog1War', this months 'Wa0^D9org'. Harden passwords over 8 characters work the best, of course, now you need a password keeper.

----------------------:)

Did you know that the entire operating system use to fit on a 5 1/4" floppy disk!

wcameron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-03-18 13:10
What about security through obscurity?

OK, I'll try password protecting key files (a pain though as I don't need that on my main system) but I'm still looking for better solutions. If I can't encrypt other than with passwords are there any security programs that obscure data - hide directories and files without a password. This would at least provide a modicum of security for all but the most determined users.

DaveWest
Offline
Last seen: 17 years 8 months ago
Joined: 2006-12-11 23:16
Due to the limitations of

Due to the limitations of FAT partitions your only option is software. There is allot of programs out there that clam to lock, hide and password protect file systems, just have to try one.

----------------------:)

Did you know that the entire operating system use to fit on a 5 1/4" floppy disk!

RMB Fixed
Offline
Last seen: 15 years 9 months ago
Joined: 2006-10-24 10:30
[quote] 7-Zip supports

[quote]
7-Zip supports encryption with AES-256 algorithm.
This algorithm uses cipher key with length of 256 bits.
To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm.
A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.
http://www.7-zip.org/7z.html
[/quote]
Just use keepass (or some other FOSS password-manager)
to generate a strong random pw (and remember it).
good luck bruteforcing that !

charlec
Offline
Last seen: 18 years 1 month ago
Joined: 2007-02-23 15:50
I use SecurFlash from

I use SecurFlash from http://www.encryptx.com/. It isn't free - but only about £7. Well worth a look in my opinion!

wcameron
Offline
Last seen: 16 years 9 months ago
Joined: 2007-03-18 13:10
This may be what I need

This may be what I'm looking for but here's the $24,000 question - do I need administrative rights on the computers I put my flash into? It seems there are many encryption programs, but most will not work in an internet cafe where you have limited rights.

tonywatkins
Offline
Last seen: 18 years 6 months ago
Joined: 2007-04-20 11:45
What about Truecrypt

I've been investigating the same issue. I'm leaning towards Truecrypt - www.truecrypt.org. It's open source (pre-installed on Corsair's Flash Voyagers) and powerful.

The problem of needing administration rights remains for the person on this thread who is concerned about that. The Truecrypt FAQ (www.truecrypt.org/faq.php) suggests using BartPE - www.nu2.nu/pebuilder/ to get around this issue.

Deuce
Offline
Last seen: 15 years 4 weeks ago
Developer
Joined: 2005-12-24 16:32
I like Bartpe....

But using that would mean having to boot into the cd or usb every time you want to use the encrypted volume, not very user friendly in my book. I would just want it to run from my native windows, so it does not really help now does it?

***********************************
Deuce {The Core}{Dev Blog}
Portable Software: Just the beginning.

Deuce
Portable Software: Just the beginning.

Ed_P
Offline
Last seen: 7 years 1 week ago
Joined: 2007-02-19 09:09
Ways around

There are ways around booting your Windows pc and using BartPE. On the USB stick run QEMU and have it configured to boot BartPE which can then access your encrypted data volume. [g]

Ed

Ed

Deuce
Offline
Last seen: 15 years 4 weeks ago
Developer
Joined: 2005-12-24 16:32
QEMU...

is ok. A little slow and buggy for me though.

***********************************
Deuce {The Core}{Dev Blog}
Portable Software: Just the beginning.

Deuce
Portable Software: Just the beginning.

jmburton2001
Offline
Last seen: 7 years 3 months ago
Joined: 2007-04-23 13:45
TrueCrypt

I've been looking at TrueCrypt pretty hard for the past few days myself. I'm satisfied with KeePass and the portable versions of Firefox and Thunderbird as far as protecting my information. It's the documents that have sensitive information I'm concerned with. I have enough PDF, doc, xml, ini, etc files that password protecting them all is just not feasible.

I've done some testing and have found that TrueCrypt can create an encrypted repository on the flash drive. The admin privileges come in because after you create this repository you MUST mount it. At that point a drive letter is assigned and you can work freely with the files contained in the repository. When you're done you simply dismount the repository. All files contained within it stay encrypted. The repository is as easy to work with as a file. You can copy, move or delete it.

The above is a watered down version of what really happens, so please don't flame me for not being technically accurate. From the novice perspective this is (for me) exactly what I'm looking for, a secure location on my flash drive to place sensitive information. Now if there was just some easy way around being able to mount the repository on a guest account!

mashalpha
Offline
Last seen: 18 years 4 months ago
Joined: 2007-04-16 15:02
databank

I use databank portable i have over 50 gigs in dif folders in it all encrypted and i dont need admin rights and no one can see the folders.

Log in or register to post comments