* Posts by Andrew

2 posts • joined 3 Dec 2008

How can I secure a USB Flash drive?


Go for TrueCrypt

I agree with the above, TrueCrypt is the best option. Its free and easy to use. I've been using it on my flash drives and computer for 3+ years now without a single hitch. In my encrypted partition I have PortableApps and ran the flash drive on my computer at an internship daily for 3 months so I could use Firefox; always flawless performance.


In short TrueCrypt uses really good (NSA and world recognized) encryption to do on-the-fly encryption. There are three ways to use it: encrypt the entire drive (not recommended), create an encrypted partition (not recommend, especially for this type of application) or create a "file" that is actually you're encrypted information. In all cases you run TrueCrypt and it accesses either the partition or file and uses on-the-fly encryption to mount it as a normal drive on your computer, so you can write/read/use it as normal. I have a 2GB flash drive (same one referenced above) and have a 1.5GB "file" on it that is my TrueCrypt secure data. There are a couple of good reasons for doing the file method, but the most important in this case is so that you can have the TrueCrypt software installed on the encrypted portion so that you can mount your encrypted portion without having to install software on any computer you want to use it on. Also, you can actually move your encrypted file (which is actually a drive remember) off the USB drive and onto another drive and use it there. This is great if you need more room on your flash drive temporarily (because you only have 1.5GB file taking up room, not a different partition) or want to back it up easily. And a third reason is it makes it easy to have some space to put low-security files and/or when you need someone else to be able to access some files without you having to mount your secure files (this way it just acts like a normal flash drive to them and makes life easier).

On my drive I have an autorun.inf file so I can mount the file straight from AutoPlay. Heres the code:



label=TrueCrypt Traveler Disk


action=Mount TrueCrypt volume

open=TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "FILE NAME"

shell\start=Start TrueCrypt


shell\dismount=Dismount all TrueCrypt volumes

shell\dismount\command=TrueCrypt\TrueCrypt.exe /q /d


One final note and my only grievance with TrueCrypt: If you use Vista where you do not have administrator access (we have one lab at my University like that), you cannot mount your drive if TrueCrypt has not be installed. Even the portable edition needs a driver and Vista blocks if you're not an administrator privilege. Hopefully they will find a way around this in a newer version. It does work on Vista though, just you need one-time admin rights (http://www.truecrypt.org/docs/?s=administrator-privileges).

Good luck with it. Its a great program and the best solution IMHO to what you're asking. Sorry for the long post, but I wanted to include some of the most important things I've learned along the way.


Is there any good external HDD encryption software?


I Fourth TrueCrypt

Absolutely amazing software. It lets you create a file that when run through TrueCrypt mounts as another drive. I have used it to encrypt an entire drive before (the formatting does take forever, and I did it before putting data on it, but its well worth it. It will wipe out the entire drive so you need to get the information off of it first, but it's well worth it.) If you choose to encrypt the drive vs just a container (original file type I mentioned), then I suggest you encrypt a partition rather than the entire drive, for it doesn't encrypt the Boot Sector and thus has less of a chance of problems due to data corruption. More than mention, I think this is the ONLY way to go IMHO. You create a very small partition on the drive (as small as you can) and don't format it, then create another partition for the rest and encrypt that partition (again no need to format initially). If you are really worried about security, shred the drive first. In Windows you can then just remove the drive letter from the first small partition so it doesn't try to mount.

The software is great and easy to use on a basic level---I did my first container in minutes from hearing about the program to using it the first time (probably a worthwhile way to learn at first). However, TrueCrypt is also quite powerful, so I'd suggest before doing your whole drive to read as much about it as you can and better understand the features and how to use it.

I have used it on external HDDs, I keep 3/4 of my 2GB flash drive encrypted with it for all of my real documents and PortableApps start menu/programs (the other 500mb is for non-crucial docs that others may need to access readily or I just need to transfer), as well as on my laptop for certain files I want to protect. I've been meaning to encrypt my entire laptop, but just haven't gotten to doing that yet. In all of these cases (flash drive being best example as its on my keychain) I have no fear if I lose it--I can store documents, my FF passwords, e-mails etc, and no one can get into it. Its the type of encryption that if police/FBI/etc encounter, they try some common passwords, but its useless to attempt to crack unless its of major importance.

Hope this was helpful! Good luck with it! Sorry for the length, but the program deserves it.



Biting the hand that feeds IT © 1998–2017