4

Using any external USB drive under Windows XP, how to encrypt/decrypt files on the fly, but without too much slow-down from the overhead.

Most of the obvious solutions like Truecrypt won't work because with these the host system needs to have first had some drivers installed by a system administrator.

How to have an encrypted USB drive, so the data will still be accessible on any XP system?

Rob Kam
  • 143
  • 1
  • 4
  • Truecrypt is really an ideal solution for this, is there any way to get admin to install or grant privileges to do so? Otherwise, a lot of external usb drives come with standalone encryption software, most of it's not particularly high grade but also mostly shouldn't require admin. – nedm May 16 '09 at 18:47
  • Not always practicable to have admin rights, for example passing through someplace and having to use a PC in an internet café, with nobody else there having admin rights either. – Rob Kam May 16 '09 at 20:55
  • Truecrypt is NOT an ideal solution. It requires admin rights on the local machine. – GregD Dec 01 '09 at 17:25

10 Answers10

2

I second the vote for TrueCrypt. As to the problem of accessing it on Windows:

You can use FreeOTFE to read TrueCrypt data under Windows. It offers FreeOTFE Explorer, which, unlike regular TrueCrypt (or FreeOTFE) does not need admin privs (it also does not need installation).

sleske
  • 9,851
  • 4
  • 33
  • 44
2

As a note, Windows 7's bitlocker will allow for thumb drive encryption, and you can force it to do so.

MathewC
  • 6,877
  • 9
  • 38
  • 53
1

Truecrypt has an traveler mode, maybe it helps?

It will be difficult to do full disk encryption or even on-the-fly-encryption without drivers! The only thing that woudln't decrypt to the harddrive would be some programm that injects itself in userspace in every process and touches open calls etc.

Christian
  • 1,033
  • 5
  • 16
  • 24
  • You need administrator privileges in order to able to run TrueCrypt in traveler mode ... http://www.truecrypt.org/docs/?s=truecrypt-portable – Rob Kam May 16 '09 at 17:56
1

As already mentioned Truecrypt is not an option that would run on any Windows XP installation. This is due to the fact that creating a "virtual" drive requires administrator privileges. Without such a virtual drive you cannot:

  • use files on the usb drive from any software
  • run programs from it

Afaik the is no solution to overcome this limitation in a easy and secure way. The simplest solution that would work everywhere is an encrypted archive file. 7Zip for example can use AES256 which is, combined with a sufficient long pass phrase, a good layer of privacy. 7zip is also available as es plain exe, so you could put it one the stick and take it with you.One thing you have to keep in mind: If you access an file from inside the archive it will be copied to the host temporary directory and possible not deleted securely.

Also I recently saw (on the Cebit, which is an Internationale IT fair in Germany) some AES encrypted usb drives which were explicitly advertised as being true AES combined with a host software which fed the encryption key. Sadly I haven't the name of the manufacturer in mind. But I'm convinced that there are some real solution if you are willing to pay the price (both: money and transfer rates).

Martin
  • 1,123
  • 1
  • 10
  • 10
1

I don't have experience with this but you may want to try iron key Having a secure flash drive doesn't give complete protection, what if someone copys the files from the drive to there personal computer and that computer gets stolen, a trogen horse gets installed on a computer they access the drive from, etc.

Jared
  • 1,420
  • 2
  • 16
  • 22
  • Not looking to have complete protection, just enough to have some security against casual inspection, say if inadvertently leaving the drive available somewhere for a few hours. – Rob Kam May 16 '09 at 22:51
  • I use an IronKey. It's great, not just for easy-to-use encryption (without needing admin rights) but also for the identity manager and other inclusions. It works on both my Windows and Linux PCs. The enterprise admin is a good addition if you have multiple IronKey users. – William Mar 05 '10 at 01:33
0

Iron key is great, it has encryption hardware inside. It works everywhere because it doesn't need privileges (nothing to install), and is really secure (used by usa military). After 10 bad try, the inside of they key get a fatal liquid free up.

Iron key web site

Mathieu Chateau
  • 3,175
  • 15
  • 10
0

Corsair’s Flash Padlock might work for you. It isn't encrypted, but it's better than nothing.

http://www.corsair.com/products/padlock/default.aspx

Joseph
  • 3,787
  • 26
  • 33
0

We use Lexar JumpDrive Secure for our USB keys. The key have 2 partitions, one that is accessible by anyone, and one that is encrypted. The public partition contains the software to access the private part, so make sure you use a strong pass phrase. It works well with windows xp, but not on linux. The old versions we have doesn't work on vista, but the new ones are suppose to work fine.

ehogue
  • 243
  • 2
  • 8
  • You can achieve the same with any USB key and TrueCrypt, which works everywhere. The only solution that doesn't involve installing something on the host would be to use a USB key that uses hardware/biometric encryption. Saddly I can't recommend any, but do a search for "biometric USB key" or "hardware encryption USB key". – Ivan May 16 '09 at 15:22
0

Beware a common mistake, reported by Schneier on Security:

Lessons in Key Management

Encrypting your USB drive is smart. Writing the encryption key on a piece of paper and attaching it to the USB drive is not.

gimel
  • 1,193
  • 7
  • 9
  • You mean like this? http://thedailywtf.com/Articles/Security_by_Oblivity.aspx Although this isn't as bad as it first seems because you must have the 4 digit PIN and given a serial number, there are free utils that will generate the numbers on the SecureID tokens. – K. Brian Kelley May 16 '09 at 12:29
  • A token costs a little more then a piece of paper, but this story shows it can be just as smart. – gimel May 16 '09 at 12:48
0

NTFS (one option for file systems in XP, which you can choose when you format the drive) has transparent encryption support built in.

eternaleye
  • 331
  • 2
  • 6
  • http://en.wikipedia.org/wiki/Encrypting_File_System – Rob Kam May 16 '09 at 22:39
  • EFS has been broken and is useless for all practical purposes on the host computer: http://www.securitysoftwarezone.com/vista-and-windows-server-2008-encryption-broken-review968-6.html . However it would not be possible to break encryption having only a USB key with EFS protected files. – Mike May 17 '09 at 11:09