Jump to content

USB Encryption


WM_Hunter

Recommended Posts

I appologize if this is in the wrong section.

I am looking for a way to password protect a USB thumbdrive. I do not have access to an admin acccount, or I would use TrueCrypt (even in mobile mode it requires admin, if not in travel TC must be installled on network by admin).

There is a dual password feature in TrueCrypt, where if forced you can reveal only what you want them to see with the one password, while keeping your incriminating information on the other password. TrueCrypt also fills in all unused space so that no one can prove if you are using two or not.

What I would like:

DECENT encryption. This is most for general privacy and not as much for protection from the FBICIA = )

Features like the ones mentioned above in TrueCrypt would be nice.

Free would be nice but not necessary. Torrents always work = )

Thanks for your help

Link to comment
Share on other sites

Hmm, ive never taken the time to check this out, mainly because i have Admin on every computer i use except school laptops, which i hardly ever use.

Sorry i cant help you out with this one, but if i come across anything that may help you ill be sure to let you know.

Link to comment
Share on other sites

You could buy a usb that already has a password feature http://www.thesourcecc.com/estore/Category...num=2&cpid=

Most of those have passwords.

All the manufacturer password protection solutions I've encountered also need administrator priviledges. Although perhaps a biometric flash drive could work? I've never owned one so I can't say.

I'm not sure of the circumstances of your situation with regards to administrator privileges, but if you can get an Admin to install TrueCrypt on the computers your using then I believe it can easily be setup to allow normal users to run it and mount volumes.

EDIT: Never mind I re-read and saw you've already considered the TrueCrypt being installed by an admin option.

Link to comment
Share on other sites

I'm shocked at all of you... and you call you selfs haklings here's what you do.. if you can burn a CD go find a nice small Live CD the smallest one at http://www.slax.org should work for this.. and reboot into slax and poof you're now an admin... use truecrypt it's the best

if you can't burn a cd http://www.ubuntu.com have them send you a cd you can use it as a live CD and poof your admin again... use truecrypt it's l33t

Link to comment
Share on other sites

I'm shocked at all of you... and you call you selfs haklings here's what you do.. if you can burn a CD go find a nice small Live CD the smallest one at http://www.slax.org should work for this.. and reboot into slax and poof you're now an admin... use truecrypt it's the best

if you can't burn a cd http://www.ubuntu.com have them send you a cd you can use it as a live CD and poof your admin again... use truecrypt it's l33t

WM_Hunter hasn't provided much information on the circumstances but if he's in an environment (school, work, uni etc) where he has a limited account and the administrator won't install TrueCrypt on the computers (most likely running Windows), then I would say running a Linux Live CD would raise a bit of suspicion and possibly break any computer usage policies. You also have to consider if it's going to be practical to reboot into Slax everytime you need to copy your homework over. I'm not saying it's a bad idea, just it might not be practical depending on the circumstances.

Another option to consider if you want to walk the line a bit is priviledge escalation exploits. But again this really depends on your circumstances and it seems like you want to avoid anything that could get you into trouble or raise suspicion.

Link to comment
Share on other sites

It is a school computer. The BIOS is passworded on the few computers I have tested.

I like to be as white hat as possible, but the only solution I can think of right now is to do something out of character in order to get admin ... :?

The admin is not an idiot, and if I approached her and asked if she would be nice enough to install TC, not only would she say no, but probably ask to see my USB key quite often in class. One of the few teachers that has access to near-full admin is the computer sci teacher, there is also a woman from the division that is in a lot with full admin dealing with issues, she is also no idiot and I doubt asking either of these people would help.

The program (TrueCrypt) is clean, but I don't think they would help me with a program that has the multiple password and data filling features so no one can tell I am hiding files 8)

EDIT:

I try and avoid doing anything that could get me in trouble, yes. I don't really like doing anything malicious either, my conscience kills me = ). These are possibilities of course, but an alternative would be nice.

Link to comment
Share on other sites

I like the idea of making a password protected zip file. Is it possible for you to go to a public library and install truecrypt? The library near me uses deepfreeze, so you can install anything you want and it goes away on reboot, unless... well thats a whole other bag of skeletons.

Link to comment
Share on other sites

Well, there's these guys but I don't think it'll be any better than TrueCrypt - It still seems some driver or whatever needs to be installed on your system to get the drive recognised (i.e. to get it to ask your PIN).

I'm with Vako on this one. Just use an encrypted ZIP or RAR file.

Link to comment
Share on other sites

Zip has the benifit of not needing winrar etc, as windows XP can deal with zip files by defualt. If your dealing with a large amount of data, keeping the compression set to zero and just using it as a wrapper will speed things up somewhat.

Link to comment
Share on other sites

True, its not hacker proof but if the average joe in your school finds or steals it, there probally not going to be able to crack it. Just use a massively long password (ie something like "mYf1rSth0usehadar3dfrOntdo0randagR33nb/Ckd00r") and characters you wouldn't find in common use where you are. For instance, most bruteforcers i've come accross don't look for the english £ symbol or the € symbol by default.

If your taking data to school that needs the level of encryption offered by truecrypt, you probally shouldn't.

Link to comment
Share on other sites

Again this is using a bootable cd but at least its a win environment. Anyways basically you run truecrypt under BartPE .

Also I'm thinking the sony microvault encrypts/decrypts on the fly with no device drivers needed - just either fingerprint or password input?

Link to comment
Share on other sites

What if he is at a school computer where the BIOS is protected and it isnt set to boot from cd?

Allthough those are good methods...they depend on the circumstances

You open the pc up and d/c the IDE hdd cable and FDD and wala, it skips the boot from the hdd and boots off the CD/DVD.

Link to comment
Share on other sites

You open the pc up and d/c the IDE hdd cable and FDD and wala, it skips the boot from the hdd and boots off the CD/DVD.

....nice i'd never though of that I had a computer with a locked BIOS and the battery was like welded inside the case and there was no listed BIOS reset jumper that would have saved me the hassel of driveing back to my house to pickup a spare HD

Link to comment
Share on other sites

True, its not hacker proof but if the average joe in your school finds or steals it, there probally not going to be able to crack it. Just use a massively long password (ie something like "mYf1rSth0usehadar3dfrOntdo0randagR33nb/Ckd00r") and characters you wouldn't find in common use where you are. For instance, most bruteforcers i've come accross don't look for the english £ symbol or the € symbol by default.

If your taking data to school that needs the level of encryption offered by truecrypt, you probally shouldn't.

It was only for future protection, as I mentioned above I am quite white hat but I have a few things that would get me a bit of a lecture (stuff I just carry around on my key).

Thanks for your help all, I think I will go with a ZIP file.

Link to comment
Share on other sites

Ok. I've been checking around for a program for myself. I managed to find one that offers $100,000 to anyone who can retrieve information without a password after it's been encrypted using this program. It uses a 1344bit Military Grade encryption. The company cannot even retrieve information after this program has encrypted it. There is no 'backdoor'. The company is based in Germany which has very few restrictions on encryption and exporting it. The program is called DriveCrypt. Best place to learn more is:

www.securstar.com

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...