You are here

Password protecting the portable apps platform?

13 posts / 0 new
Last post
CopernicanShift
Offline
Last seen: 13 years 4 months ago
Joined: 2009-12-27 21:49
Password protecting the portable apps platform?

I want to password protect either the usb drive or the portable apps platform.
Can anyone share their ideas or solutions anyone has implemented.
I did a few searches and haven't come up with much.

Thanks.

Benedikt93
Offline
Last seen: 9 years 7 months ago
Joined: 2009-12-17 14:46
TrueCrypt

You can use trueCrypt to either encrypt the whole drive or to create a encryptet container:

Developement test at this site

or use the normal installer from here and selct "Extract" while installation.

See the help at the truecrypt page, there is a tutorial.

"Der Klügere gibt nach, deshalb regieren Dumme die Welt."

CopernicanShift
Offline
Last seen: 13 years 4 months ago
Joined: 2009-12-27 21:49
RE: TrueCrypt

TrueCrypt seems to be where everyone is pointing to solve the dilemma of protecting data, Guess it it is time to just buckle down and get it done.
Hey thank you for your response. @benadikt93

Hasle
Offline
Last seen: 11 months 3 weeks ago
Joined: 2007-11-02 07:20
Truecrypt

This has definitively been discussed before - i think it boiled down to this:
Truecrypt is excellent - but you cannot use it on a computer where you do not have administrative rights.
If you need that, you can resort to hardware encryption.

ottosykora
Offline
Last seen: 1 week 1 day ago
Joined: 2007-10-11 17:48
so mayn time asked

>Guess it it is time to just buckle down and get it done.

Otto Sykora
Basel, Switzerland

mjtracker
Offline
Last seen: 14 years 6 months ago
Joined: 2010-01-25 10:08
FreeOTFE works a lot better

FreeOTFE and FreeOTFE Explorer (http://www.FreeOTFE.org/) are a better solution as you don't need administrator rights to decrypt your data.

They even have a portablapps.com version!

RMB Fixed
Offline
Last seen: 14 years 6 months ago
Joined: 2006-10-24 10:30
Please ...

Will people please stop suggesting TC to people who just
want password-protection ?
It is totally off-topic, IT ISN'T WHAT THEY ARE ASKING FOR .
They are not requesting military-grade encryption or the like,
they just want a "simple" password-protection so their kids or other cyber-punks
can't just start their mail-client and read the mail etc etc .

Nearly ALL flash-drive controllers support passwords
because they support the ATA-security functions
http://en.wikipedia.org/wiki/Parallel_ATA#HDD_Passwords_and_Security ,
unfortunately it's often hard to find the software needed to set it up
on most drives. If implemented correctly it is very effective as the controller simply blocks access to the NAND until correct password is entered .
So, the contents can not be accessed with a hex-editor or other sector-tools .

I have a small collection of tools for setting and entering the password on
4 of the most used controllers, unfortunately these are proprietary products
so I am probably not allowed to distribute them .
If your flashdrive has a USBest-controller (UT163/UT165 and maybe even higher)
the tool is called " UFDutility.exe " a google search will lead you to at least the manual Smile
This tool can also create a CD-ROM "partition" btw ..
Note that despite the manual talking about "partitioning" what really happens is that the controller creates multiple LUNs and these will appear in disk-management as separate devices .

So, the key to password-protecting your UFD is the controller make and model .
A good tool to determine this (and extract many other useful informations) is
"Chipgenious" available here (flashboot.ru via google-translate) :
http://translate.google.com/translate?hl=en&sl=ru&tl=en&u=http://flashbo...

Wouldn't it be nice if the 8 or 9 major chip-producers could agree
on how to communicate the pw to the controller and share the solution with portable apps.com?

portableapps_member
Offline
Last seen: 10 years 4 months ago
Joined: 2009-10-28 13:12
I agree, stop suggesting

I agree, stop suggesting truecrypt, It's a crappy software... There I said it.

I recommend using BitLocker with a FAT32 formatted system so that BitLocker can be read on Windows Vista and Windows XP. The only problem with BitLocker is you won't be able to write to the USB Drive when you're in Windows Vista or Windows XP, it will only allow you to read the files on your USB Drive. In a way, it's a good thing... this way your drive doesn't get infected by a virus that spreads around via USB drives.

Another option is to use USB Flash Security##. There's a free version also called USB Flash Security without the ##. It'll password protect your drive. It'll prompt for a password when inserting your drive. After you enter the correct password, you'll gain access to your drive and you'll be able to read and write to your drive. It works on Windows 7, Vista, and XP.

Edit: Before someone gripes about USB Flash Security##, there's a flaw in it but to average user, its more than enough to keep the prying eye at bay. I recommend BitLocker over it.

And thanks RMB, I've been looking for that UFDutility.exe and wasnt sure what it was called.

Dagenham
Dagenham's picture
Offline
Last seen: 1 year 6 months ago
Joined: 2007-03-23 06:19
Crappy?!

I agree, stop suggesting truecrypt, It's a crappy software... There I said it.

Uhm... you can't be serious. Do you have any facts to confirm your opinion?

Jimbo
Offline
Last seen: 4 years 5 months ago
Joined: 2007-12-17 05:43
Let's get this straight

You're recommending a piece of software that is closed source, commercial, only available with the Vista and Windows 7, and even then only in an enterprise or ultimate version of them, is totally not portable in any way, was designed for encrypting the local disk, not portable media, and that in most of its modes uses the TPM module on the motherboard for key storage, meaning that you couldn't unlock your data on any other machine, that doesn't have great key-backup tools in a non-active directory environment, and doesn't support any sort of rescue or recovery situation with a 3rd party boot and mount of a drive.

And you call TrueCrypt crappy Smile

portableapps_member
Offline
Last seen: 10 years 4 months ago
Joined: 2009-10-28 13:12
- It's called BitLocker2Go,

- It's called BitLocker2Go, yes it's portable.
- It's not designed just for the local disk even though its primary target is for the local disk.
- You can unlock your data, but only have read access
- You don't need TPM module in order to activate it. There's a way to bypass that, but it's a small factor to worry about. Computers are cheap nowadays, in a few years... people will be using computers with TPM modules.
- In "general" it's the same as TrueCrypt in every shape or form except you don't need to partition an extra area just to be able to have it running, the whole mount and unmounting idea is rather annoying
- Doesn't provide rescue recovery situation? It's a password protection software, remember your password! It also lets you create a recovery key file which you can use incase you do forget your password.

So.... Pretty much what you just said is all bogus isn't it? Except the fact that it's a commercial software... But hey, you're probably running a pirated copy yourself get over it....

Okay, so TC sucks because it's so overhyped when there are better alternative out there [we're still talking about protecting ouyr flash/portable devices right?]. It does it's job as an encryption software, but when it comes to portability, and usability... it's either not suited for it or it's annoying to use it. So again, yes TrueCrypt sucks, I will anger all of the TC fans but you know what?... I'll say it again, and again, and again.

Jimbo
Offline
Last seen: 4 years 5 months ago
Joined: 2007-12-17 05:43
The To Go version is READ ONLY

it is not an equivalent to Truecrypt or FreeOTFE, but rather to being a read only version of TCExplorer or FreeOTFE Explorer. So no, it isn't portable, and cannot be run in a useful (i.e. writable) way except on a PC running enterprise or ultimate vista or 7.

Bitlocker, the core application, was ni fact designed for securing the PC's internal drives, the removable disk support is very much added later. This is why the core system is almost totally TPM centric (you missed the point there, it doesn't mean that you need to have a TPM in the machine, it means that the keys are stored insde the TPM on the motherboard, which means that you can only ever access the drive from there. Yes, you can switch it to a non-TPM mode, but it certainly isn't the default or preferred way it operates.

In general, it is not the same as TrueCrypt since you can't work with your data in a portable manner since it is read only unless you're on a PC with Vista or 7 Enterprise or better.

Fair enough, many of the points I was making were against Bitlocker in an internal disk protection situation, but then, since it doesn't have a viable portable system, I don't think that it is too unfair.

So, actually, most of what I said wasn't bogus, it was just about Bitlocker, not Bitlocker To Go, since the To Go portion is a bit of a joke. Oh, and for anyone considering it, you can't open files from To Go, you can only copy them onto the local disk and read them from there, so make sure you have a good eraser tool with you as well.

As for mounting / dismounting, I completely agree, the default way TrueCrypt operates is indeed sucky. (I never said that I was a fan). That's why I use a commercial application (that I actually paid for *gasp*) called USB Safely Remove, that detects when I insert my flash drive at home or office and automounts the TC volume. Similarly, when I hit the hotkey to safe-eject the drive, it dismounts the TC volume first. When I'm working elsewhere, if I need the encrypted data, I have a couple of batch scripts on the drive (and in autorun.inf as commands) that will mount or dismount it, with nothing more than a couple of clicks and a prompted password entry.

Darkbee
Darkbee's picture
Offline
Last seen: 4 years 2 months ago
Joined: 2008-04-14 09:41
What is wrong with TrueCrypt et al

To the best of my knowledge that only reliable way to password protect an entire drive would be to have some hardware based solution (as has been mentioned). End of story.

Since that isn't always practical then there are a couple of other solutions:

  1. Secure each application individually with a password. For example Firefox and Thunderbird support "master passwords", as do other applications. For those that don't have it, you're out of luck, better go find another portable alternative that does.
  2. Use encryption software that can encrypt entire volumes or folders. Sure, it's overkill, but so is driving Ferrari in a built up area, yet people still do it even though it has no practical value. Using TrueCrypt or some other encryption software has practical value. Just because something is above and beyond the needs of somebody doesn't make it an invalid option, especially since there aren't too many other solutions. That is the reason people suggest it because the sad fact of the matter is, there is no easy answer to the question of how to password protect (portable) drives.

I would also like to add that most "basic users" use the computer to check email/Facebook/Twitter and other Internet activies. They aren't using a fraction of the computer's and/or operating system's capabilities, so I guess they should abandon those as well, since they're overkill.

Log in or register to post comments