Hello, Just joined so this is probably a question that has already been asked a million times so please forgive my ignorance to ask again.
If I loose my USB drive I want to keep my info safe. Is it possible when someone tries to open the "portable apps" menu they will be presented with a user name password dialog that prevents them from going any further, thereby making the stick useless? Preferably the dialog is presented before any window showing files etc comes up.
TIA Darc
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
Currently it is not possible, and as far as I know, there is no way to completely lock somebody out of the stick without a hardware level implementation of the security.
In the future, please use the search feature in the top right corner of this website, in most cases the question has already been asked, and it's usually a faster way to find an answer.
The developer formerly known as ZGitRDun8705
There are a few different things that you can do.
1) buy a USB drive with built in hardware locking. These are more expensive, often limited in size, and sometimes not actually encrypted, and quite easy to hack around the "protection".
2) Use an on-the-fly encryption system that creates an encrypted volume on the drive that it them mounts as another drive letter, once you give it the password. Examples of this are TrueCrypt, Rohos (which is payware), and a few others. These offer excellent protection, BUT you need to have admin access to be able to use them on a PC. (some come with a non-admin app that you can use to get at individual files, but it is a lot less convenient).
3) Use file-base encryption. This doesn't need admin access, so is available everywhere that you go. Apps such as Toucan on this site are excellent examples of this system. Basically, before you can access a file (or files) you enter your password to decrypt them. Then, once you're finished, you re-encrypt them again before unplugging the drive. The big drawback to this one is that you need to constantly manually encrypt and decrypt them, which is extra write cycles to the drive, takes time, and if you forget, then the files are stored in plaintext and available should you lose the key.
4) buy a length of chain, and tie the drive to something that is physically attached to you, such as a belt loop
Most drives these days have a lanyard attachment point, and this pretty much guards against any accidental loss of the drive.
Personally, I go for option 2, and my 8GB Sandisk Cruzer has a 4GB truecrypt container and 4GB of unencrypted space. I keep my private stuff on one drive, such as ThunderBird, GNUCash, Miranda, and my general stuff on the other, such as antivirus, antispyware, and somewhere over 50 apps at the moment and counting.
It means that if I do lose the drive, nothing important to me is lost, but even without admin access, I can use almost all of the apps I have.
GeekMenu (you can find it in search) even automates the mounting of the TC volume for me and picks up the correct set of apps.
I also go for option 2 but have most of the drive as a TrueCrypt container with all my apps inside as they run faster from there.
I found this text on the 'net:
"This is most likely because Windows' handling of pendrive filesystems is braindead. I still don't understand why, but when Windows writes a directory entry to a pendrive, it rewrites the entire directory table. So writing files is sloooow.
But if you use TrueCrypt, you never touch the directory structure of the pendrive - it all happens inside one file, which then has its own filesystem. The encrypted filesystem doesn't have the entire directory table rewritten on each write, so it's much faster, even though the data is encrypted on the fly."
I must however note that using a large truecrypt container probably needs to rewrite the whole container on change? Also about mounting, does a larger container use more space?
So is there an advantage using a smaller TrueCrypt container per app?
I made myself a generic launcher that, when started mounts a container and starts the contained app. When the app is closed it unmounts the container again automatically.
ExecWait the mounting
Execwait the contained app
Exec the unmounting
(The disadvantage of using NSIS for that is it uses 5MB of RAM during executing. (While the file itself is still below 70KB)
And the next free drive letter is found automatically so you can have more encrypted apps started each using its own container and dynamic drive letter.
It also checks for admin rights and has the possibility to optionally start an unencrypted alternative. (I haven't figured out a way to detect is truecrypt is installed when the user has is not admin, or if the user - not admin- has the required rights to start truecrypt anyway.
It's quite amazing how much faster a truecrypted flash-drive is .
I've got truecrypt and a few other programs like "Liberta Autostart", nircommand,
and some random files,icons and stuff on the CD-ROM of a modified
sandisk mini-cruzer U3. The entire "normal" flash-device is formatted to
ext3 and then "truecrypted" using FAT32 as filesystem. This way Windows doesn't mess with the writable part of the drive until it has been mounted with true-crypt, avoiding the "Do you want to format"-trap or "wasting" a drive-letter if you have formatted the device to a windows-supported filesystem before encrypting .
@Logan-portable : No, if by "on change" you mean when you write a file to the encrypted container, truecrypt doesn't need to re-write the entire container.
No, a large truecrypt container doesn't "use more space", it IS space
A mounted true-crypt container functions like a "normal" disk from the OS's pow .
However there can still be advantages to using several smaller containers:
1 : you can have "layered" security and you are not putting all the eggs
in the same basket .
2 : It is harder to make successful crypto-analysis of small amounts of encrypted data than on large amounts (say 100MB vs 100GB) but this is quite theoretical,
if you use a strong password/key-file truecrypt is plenty safe .