What would you guys recommend for a USB Lock/encryption software? I was going to use TrueCrypt until I heard that I need admin rights to decrypt.... out of anything I'd prefer a TrueCrypt that doesn't require admin rights.
But all I need is something so that no one can access my USB drive. Free, please, and able to work on a computer without any admin or whatever rights.
You are here
USB Lock/Encryption
April 18, 2007 - 7:42pm
#1
USB Lock/Encryption
That is the question - I haven't heard of anything that can do that currently.
You can make a password protected zip of your files, then open that, but it's not exactly secure - probably good enough though for most things.
Well, most newer zip programs (WinZip, PowerArchiver...) can use AES encryption. You must be thinking of legacy Zip 2.0 encryption, which is easily breakable.
-
maggie n. The fattest thing known to man, a gigantic woman whose name is rendered invariably in lowercase. Eats everything that isn't nailed down and even some things that are.
You can encrypt with PUSS/Toucan, but locking is out of its ballpark. Also, encrypting in PUSS/Toucan is unreliable, as when I do it it locks up when I do too many files. But anyway, if you were looking for something to encrypt a few files (or more :wink:), then PUSS/Toucan is good for this.
Kevin Porter
"What can you say about a society that says that God is dead and Elvis is alive?"
--Irv Kupcinet
-Please search before posting
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." - Rick Cook
think it does, it just looks like it is.
Yours
Steve Lamerton
My Blog
Oh, well, thanks.
Kevin
"I know God will not give me anything I can't handle. I just wish that He didn't trust me so much."
--Mother Teresa (1910 - 1997)
-Please search before posting
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." - Rick Cook
Depends on what it is you want to achieve .
Do you just want to prevent "normal" people from accessing your
sensitive data in case you loose the flash-drive ? or is it sensitive data that MUST be protected at all times ? if the last is the case then you should not make the data available to an untrusted host.if the admin doesn't trust you enough to
either grant you admin-rights OR install the truecrypt driver under the admin-account himself then why should you trust the host ? there are programs out there that copy the entire contents of a USB-drive to the host on insertion .
The problem with the zip-approach is that there's a big risk of your data being written to the host in non-encrypted state during extraction. most zip-programs by default use a temp-dir on the system-drive and once your data has been written there it's a trivial task to recover it, even after the temp-file has been "deleted". So if you decide on this approach you must make double-plus sure that the extraction is done to your hardware. In 7-zip you can specify the temp-DIR location. this may however decrease the life-span of your flashdrive .
If you just need some basic security in case you should loose the drive
you could try something like lockiteasy : http://www.cososys.com/lockiteasy.html
This will create a second "private" password-protected partition on almost
all flash-drives that support multi-LUN . it isn't encrypted so people who know what they are doing will most likely be able to access the data if they have your drive. another drawback is that normally you will only be able to access one partition at any time.
also requires Admin rights.
From their support FAQ:
"Why do I need to have administrative rights to run Lock it Easy?
In order to use Lock it Easy you need to have administrative rights/privileges on your Windows 2000 or Windows XP computer. Windows restricts you the use if you don’t have these privileges.
Last updated: 24-10-2006
Author: Mihai"
Ghost68
That doesn't even answer the question.
"Why do I need a key?"
"The door requires a key to be opened. The lock will prevent you from opening the door."
Vintage!
I have found Remora Usb Disk Guard to be a decent encryption program that doesn't require admin rights. It is a basic file/folder encryption. So far I have had no problems with it & have encrypted folders with several hundred text files.
Unless I'm doing something really wrong, or just don't understand what's going on, I can use TrueCrypt on a computer without admin rights........on mine. I made a test account and tried it. I have a 2 gig USB Flash drive and I have a 1.90 encrypted container file with Portable Apps and all my apps in it. I have the truecrypt.exe on the flash drive so I'm able to mount the encrypted file. I figured that if I lost my USB flash drive and someone tried to open my encrypted container file then they'd have to know my password(which noone in a million years would EVER figure out...16 mixed letters and numbers w/ upper and lower case). If I'm not understanding something then let me know. Can someone still crack my encrypted file?
I thought if I ever lost my USB flash drive then someone would have to reformat it and I'd just loose my drive and data, but no one would be able to access my files.
*EDIT* I AM doing something wrong...lol. I decided to uninstall TrueCrypt from the system and then log in without admin rights and it said I needed the drivers, so I copied the drivers to the USB Flash Drive and then it still said I had to have admin rights to load the drivers. Why is this? This sucks!!
Your not doing anything wrong. Because TrueCrypt mounts the encrypted volume as a drive it has to install a driver to do it. Since it has to install a drive, admin rights are needed.
Until someone figures out how to mount a volume as a folder instead of a drive, drivers will have to be installed.
-----------------------------------------------------------------------------------------------
For those who have fought for it, freedom has a flavor the protected will never know.
"Because they stand on a wall and say, 'Nothing is going to hurt you tonight. Not on my watch.'" (A Few Good Men)
Coincidence is God's way of remaining anonymous.(Albert Einstein)
But why do you encrypt all your apps? If you just did your data files it would be faster and less wear on your drive
Faster, yes. Less wear, no. Program files are static. Reading does no harm to flash media; writing is what wears it down.
-
maggie n. The fattest thing known to man. A gigantic woman whose name is rendered invariably in lowercase; eats everything that isn't nailed down and even some things that are.
Program files are only static if they aren't in the encrpted drive? If they are in the encrypted drive won't they be written back to the USB device when the de-crpyted volume is re-encrypted.
Umm... well, if that's how the encryption program works. I'd think a smart program would encrypt/decrypt on demand, though. Especially since decrypting the whole drive into a temp directory is a security risk (the unencrypted files can be recovered from the HD, even if deleted).
-
maggie n. The fattest thing known to man. A gigantic woman whose name is rendered invariably in lowercase; eats everything that isn't nailed down and even some things that are.
I had naively assumed the de-cryption was done to RAM, so no security risk, and again naively assumed that all files de-crypted on-demand would be written back when re-encrypted, hence my thinking it's best to only put data files in the encrypted volume.
I would really like to know how they work. I use Cryptainer PE/Mobile and haven't percevered with trying to find out. Off to their web site now...
Even if the files are decrypted to RAM, there would be no need to reencrypt them and write them back if they weren't modified. That'd just be dumb and would slow things down more than necessary.
-
maggie n. The fattest thing known to man. A gigantic woman whose name is rendered invariably in lowercase; eats everything that isn't nailed down and even some things that are.
Thanks Bruce for talking me through this. It had worried me for a while but is obvious when you really think about it. I wonder how they would monitor for changes to know they need to re-encrypt?
Probably just stores the modified date and time in memory along with the file. This way if a file is modified, the time and date changes, and the software knows the file has to be rewritten.
-
maggie n. The fattest thing known to man. A gigantic woman whose name is rendered invariably in lowercase; eats everything that isn't nailed down and even some things that are.
Well that sucks....
This looks promising:
http://www.download.com/Paragon-Encrypted-Disk-SE/3000-2092_4-10375064.h...
Well?
unfortunately
It says License: Free
There's a Buy Now button there. Clicking it leads to a page that says it's $29.95
I also went to the Paragon site. Same story there.
http://www.paragon-software.com/backup_and_security.htm
And if you download it from download.com? It also says no limitations... meh.
http://www.freeotfe.org/
I know doesn't require Admin rights:
http://www.richskills.com/products/7/freeversion.asp
FreeOTFE is nice and has one advantage over TC (not needing a prior installation) and one disadvantage (only supporting CBC-mode).
From the documentation:
Note: Administrator rights are required in order to start and stop portable mode. You can still use FreeOTFE on a computer which you do not have Administrator rights on, but will need to ask an Administrator to install it for you first; see the installation section for further details,
Yes, you need admin rights like with TC - but on the other hand you will not need to install FreeOTFE (once) when you do have admin rights. In other words: the drivers of FreeOTFE are truely portable. FreeOTFE is therefore a little bit closer to a truely portable app than TC is...
but I don't think you need to install TC if you're using Traveler mode and you have admin rights. As long as you're an admin starting TC will automatically install the needed drivers. The only reason TC needs to be installed by an admin is to get the drivers installed so non-admins can use TC. If true, then it's really no different than OTFE.
IIRC, TC needs admin rights to mount a virtual drive, however, if TC is running, it may mount the drives it is setup to run automatically with admin rights (perhaps as a service?).
Vintage!
What is CBC mode?
Please have a look here:
http://www.truecrypt.org/docs/
More info under Technical details - Modes of operation
I am in the same "Quest" for a portable security thing... but what I want is a folder locker-launcher... I mean, I'm looking for an App (like lockngo) that locks the folder but, when unlocking, be able to automatically launch an app...
That way I can... autorun.inf -> lost.exe -> folder locker-launcher -> PStart/PAM/ASuite/Apps Launcher...
Does anybody knows of an App that can do that?
Or can anybody do it? can this option be added to Lost.exe? Can this option be added to PStart/PAM/ASuite/Apps Launcher ???
------------------
I don't have a signature
Should I have a signature?
If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report
You'd need to encrypt all the individual files in a given folder. Then securely delete all the originals... which can't be done on a USB flash drive due to wear leveling.
Sometimes, the impossible can become possible, if you're awesome!
John, can you explain further why secure deletion is impossible on a USB flash drive? I don't know what wear leveling is -- but if e.g. PGP Desktop uses multiple overwrite with random data, why isn't the data gone?
http://en.wikipedia.org/wiki/Wear_levelling
Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!
Thanks, I've read the article but its implications aren't clear to me. Bit wiping utilities are supposed to write over a file with multiple passes so they can't be retrieved. Why wouldn't that work on a wear-leveled drive? Some of the better utilities also erase the NTFS internal data structure for the target file....
The way secure delete utilities work is by multiple write/rewrite cycles on the same logical/physical location on the hard drive. The reason this doesn't work on flash drives is that, due to the wear-leveling, the physical position changes for the same logical position. It does this so each physical position on the flash memory has about the same number of write cycles.
For example, let's say you have 2 drives, one is flash, the other is a physical hard drive. both are 4mb capacity, and you store one 1mb of data on each. If you use the Gutmann algorithm, you'll end up writing over the logical position of that 1mb file 35 times. In your hard drive, those 35 writes will all go onto the same sector, which is where your original data goes. In your flash drive, those 35 writes will get spread out over the entire 4mb of the drive, to even out the wear. With 1/4 of the drive, and 35 writes, your area should still be re-written 8 or 9 times, which is good enough for the DoD spec, but if you are trying to securely delete a 1mb file on 256mb drive, you may not even touch that original file, and the same goes for an even larger drive size.
Shouldn't free space wiping still work on a flash drive? I think most (including Eraser??) do this by filling up all the free space with file(s). Even with wear-leveling, a full drive is a full drive.
I think that is right, but zeroing all the free space on the drive would not do a lot for its longevity, let alone if one used the kind of multiple random overwrite specified for magnetic disk drives to be securely deleted.
For most applications, blanking the file (say, with the space character, or random data) then saving it, and only then deleting it, will provide "enough" security; an undelete program would restore only the most recent version of the file, the one with the bogus data. The real data might be there in unallocated sectors, but it would take more work to find the sectors and reassemble them than our data is worth, plus the aggregate effect is to be storing random data all over the drive, further overwriting older data.
On the other hand, if we are engaging in truly critical or life-threatening work, something more secure is definitely needed. The best answer I've seen is encrypted pseudo-filesystems like TrueCrypt, but to use them as a filesystem requires that the driver be installed by an admin, which we've seen can be problemmatic. (There is a TrueCrypt Explorer, but I think it takes us back to the same problem, the file must be copied from the encrypted container to the unencrypted file system to be used, and then we have to figure out how to securely delete it...)
As you say, filling the unallocated space with random characters would also work, while reducing the lifespan of the drive and taking so long that people might not want to do it regularly.
See http://www.microsoft.com/technet/sysinternals/Security/SDelete.mspx
MC
I've done some research, and the results are both more and less troublesome than I had expected.
It turns out that there is a good chance any block of storage on the drive might get swapped out with blocks that are in reserve ... flash drives have blocks in reserve that can be put into service if another block fails, or if performance or other factors might benefit. The blocks that are most likely to be treated this way are directories, but that's not a hard and fast rule.
If you zero out every single block in the file system, there is no guarantee that you have cleared out any of those spare blocks that might hold data. On the other hand, in order to get at those blocks to see what they contain, you have to do some serious and potentially destructive work on the flash memory chips.
The actual filesystem itself behaves in a normal way; if you zero out the free space, it is zeroed out. It is also possible, though I haven't found incontrovertible evidence, that the data stored on the flash drive is more binary than on a hard drive (i.e. that it is either on or off, and doesn't reveal its previous state), so it might not be necessary to overwrite files multiple times in order to remove residual magnetic fields the way you might with a traditional hard drive.
If you restrict yourself to the actual filesystem (which is all most of us would be able to do), it is possible to see where a program has saved its file by writing a brand new version, then deleting the older one. This is the behavior I would maintain is most likely to be something that would put data at risk, beyond having everything in plain text and "losing" the flash drive into the hands of your adversary.
What I conclude is this: if you use something that only stores its data encrypted, whether in output files or temporary files, you should be fine. If you can get a virtual drive like TrueCrypt to work, and have the application store everything there, from temporary files to finished documents, you should be fine. Forensic techniques that analyze all of the storage areas on the flash drive will find only encrypted data, even on the sections that have been swapped into "reserve".
If you use software that makes temporary files then deletes them without blanking them first, those files are recoverable with easily available software (though only the most recent version). If you use encryption software that "encrypts in place", overwriting the file, the plain text file itself would likely be obscured by the encrypted version.
Data files that have been deleted, once the directory entry is overwritten, may not be recoverable with "undelete" software, but the contents may still be available on the file system. An inspection of the filesystem with a filesystem dump program would reveal such content that had not been overwritten. It might be a chore to put it all together and/or prove its integrity once you did it, but some confidential or damaging information might be revealed. If the free space on the drive were zeroed, that source of confidential information would be gone.
That said, there is no way to prove that the flash drive itself hasn't swapped out one or more sectors of data before it was encrypted or blanked, and that data might be recoverable by forensic tools. But we knew that.
So if you want to keep "normal" people away from your data, use regular encryption, and clear the free space.
If you have information that you just do not want to fall into other hands, use something that you are confident never stores even a temporary file on disk without it being encrypted ... and uses some techniques to avoid keyloggers and screen readers and so forth. (Cryptnote is a free program that meets many of those criteria, but I haven't been able to figure out if it is free enough to be usable in the PA suite.) An encrypted virtual drive like TrueCrypt can make other programs "safer", if you can use it on a machine where an Administrator has used it once (to set up the file system driver), and if you can be sure that the program isn't writing odd things to other places on the system, and if you are sure an adversary hasn't installed a keylogger or other surveillance.
Another option, suggested on the TrueCrypt site, is to use one of the LiveCD distributions, if the machine you are using allows booting from a CD or your USB drive (which might be a problem, if they have locked down the computer enough so the TrueCrypt drive can't be used by regular users -- I wouldn't want an adversary to boot my machine with a LiveCD whether or not I had some confidential information there). It would provide you with an environment over which you have a fair amount of control, and let you mount and use a TrueCrypt filesystem as Administrator. It would not protect you from hardware attacks, such as a hardware keylogger, if one was hidden on the machine.
At any rate, the question each of us should ask is how much risk can we accept. If encrypting individual files and wiping free space is likely to remove enough confidential data, there might not be a problem. If your life or freedom might be compromised if someone with a forensic laboratory analyzed your drive, don't put that data on your drive.
MC
this software are very very good...
usefull .....
i thanks ......
Portable Usb Drive Teams........