Flash Drive Encryption Program

[casefan]

Does anyone make a flash drive encryption program that can be used on any computer that the flash drive is attached to? I've seen a few that will let you make files portable, but you have to have the flash drive plugged into a specific computer to read them. I'd like to be able to encrypt files at work and at home to carry them back and forth, but IT at work is very picky about installing new apps on their machines.


casefan

 

[casefan]

Wow. If you guys don't know then it must not exist.

casefan

 

[Nazo]

Uhm, just to what extent are you looking for here? Does it have to do the entire drive? The normal method is to just encrypt necessary files and then decrypt them when you need them. If you did it this way, it would be a lot simpler. If this method is ok, there's a super-simplistic little program with basically no extras to it, so it doesn't require installation or anything, called ccrypt. It's a console application, but, the syntax is pretty simple. To encrypt, you open a console and type "ccrypt -e filename.ext" and it asks for a password (which isn't echoed back.) Then, later, to decrypt, you'd type "ccrypt -d filename.ext" (no quotes in either case of course.) Thing is, this would require that you understand at least how to change directories and that sort of thing in the console.

If this works for you, just get the ccrypt.exe file and copy it to the flashdrive, then run it from there. What I do is keep a ccrypt folder on mine and put all the files into it, then run \ccrypt\ccrypt to do all the work in any folder on the drive (this keeps down the clutter.) I'm pretty sure it only needs the binary file to work though. Oh, and it comes with a linux binary as well if you work with that anywhere (just ccrypt with no extention.)

The advantage of ccrypt versus the others is the simple design meaning that it doesn't have to be installed, the fact it doesn't have to keep up with keyfiles like a proper RAS encryption, but, also, it has 256-bit encryption (eg a real pain in the rear to decrypt forcibly and about only the government would try to do it right now.)

If it DOES have to be the whole drive, you might perhaps consider setting up a batch file to do all the files individually or something. Using a program kind of like this is about the only way you can encrypt so well without installing software. (Yeah, lexar has a "secure" drive -- which, btw, is NOT secure at all since your password is directly compared unencrypted for anyone to see and apparently even stored unencrypted on the drive itself if you have the appropriate software to view it directly -- but, their software has to be installed to use the drive at all in encryption mode.)

PS. Little tip. If you have a filename that has spaces in it, put the filename in quotes.

 

[casefan]

Thanks, Nazo. That might be a winner. I just want something to keep my files on the drive secure, in case it gets lost or stolen. It doesn't have to do the entire drive, just my files from work, some contain personal info of other ppl, that I work on at home.

casefan

 

[Ice Czar]

a valid enough reason that the IT department should accommodate whatever encryption scheme your drive comes with, alternately one of their choice and you use it at home
they should have sorted that out by now

Nazo, know anything about the native encryption employed with apacer flash drives?

 

[csims]

a valid enough reason that the IT department should accommodate whatever encryption scheme your drive comes with, alternately one of their choice and you use it at home
they should have sorted that out by now

Nazo, know anything about the native encryption employed with apacer flash drives?

I see it another way. He says he wants to take the files home to work on them(and vice versa), but that and the combination of wanting to encrypt them is a huge red flag.

Call me a paranoid IT person, but this just sounds fishy.

 

[coastertux]

I like AcCrypt.

http://axcrypt.sourceforge.net/

 

[Nazo]

Call me a paranoid IT person, but this just sounds fishy.

I can see how you might think that, but, it seems to me a lot more likely that he just wants to encrypt his work in case the flash drive should be lost. If it were a simple matter of copying stuff, he'd probably be satisfied to simply put a password in an archive or something. It's EXTREMELY (painfully so) common to loose one's flash drive (they are so small and sometimes the keychain part is on the end that comes off....) This is the reason I personally use such methods when I go back and forth to my school. I have some sensitive data that I carry to a class (that's right, other way around) which I don't want just anyone to be able to look at (passwords and such.)

And Ice Czar, sorry, I'm afraid I only knew about the horrible security flaw in the lexar drives because I had one (traded it for my current PNY -- I never used the security part on it anyway since it's not compatible with linux/etc.) Apparently, the software was just loading the password off the drive and comparing the password entered directly to the unencrypted real password, so anyone could see it by watching the program in memory or something like that. Also, apparently it was being stored directly to the drive (not in the filesystem, but, still inside a directly accessable area) without encryption. These are the two main things to look out for with any such drive.

IMO, just forget their security features that cost you extra money and break compatibility. Make your own security. Then you have full control over the quality level and maximum compatibility as well.

BTW, another encryption method to look at is the GnuPG. It has RAS and that sort of thing so that you can do the public/private key thing when sending files back and forth. Oh, and for what it's worth, ccrypt is 256-bit so it's a little more secure (128 is still a royal pain in the rear to decrypt forcably though...) It's made by someone in canada, so outside of the US laws on 256-bit for other countries. Seems like most things such as RAR use 128-bit. Probably due in large part to the US laws regulating encryptions. GPG and ccrypt are both unrestricted by this though, so can use 256-bit. You know that in a few years, 256-bit will have to be replaced by 512-bit? Generally the more the better within reason.

 

[Ice Czar]

I see it another way. He says he wants to take the files home to work on them(and vice versa), but that and the combination of wanting to encrypt them is a huge red flag.

Call me a paranoid IT person, but this just sounds fishy.

well its either work related or not
the point of the encryption would be falling into hands outside the organization
if the IT department had the encryption key I dont see much to be worried about
(for instance my USB encryption software is native to the computer and is seemless from that computer)
encrypting data on the work computer that the sysadmin or appropriate authority cant view would be fishy

 

[csims]

I see where you guys are coming from, but what I'm seeing here is someone asking about encryption to take work files home. Fine and dandy that he wants to protect them if they get lost, but that is what I'm concerned about.

Are they work files or/and personal files? If it's work files does he have permission to work on them at home? Is it a home computer or a work computer? If it were a work computer I would think, maybe, there would be some way to communicate with dialin/broadband VPN to work and do it that way.

I'm just saying in my opinion unless he spells things out completely on what he can/can not do I wouldn't even be recommending anything.

 

[Nazo]

You know, one thing you might consider is that someone trying to duplicate stuff they aren't supposed to usually is more interested in the best compressions/etc than in encryption which does no compression whatsoever... If you're going to bring home data you shouldn't be, why would you go out of your way to encrypt it? What need is there for it to be encrypted AT ALL? You only encrypt data when you want to ensure it doesn't get into the wrong hands usually. Like I said, flash drives are lost every day (I once left one just sitting inside a commonly used system at my school. Thank god no one stole it, it was expensive for me at the time. It also had some of my passwords on it, encrypted in a file. Go figure.) I'm sorry, but, you aren't just jumping to conclusions, you are closing your eyes and diving forward as hard as you can. Seriously, if someone asks you how to use Nero to burn CDs, do you immediately say "I can't tell you that because it can be used in bad ways"?

Based purely on the information he gave us (which is all we can assume by without being unreasonable people) it seems like he simply wants to protect his work in the (hopefully) unlikely event he looses his flashdrive. Anything else requires such a blind leap of faith to assume that we just can't assume it with the given information.


BTW, if you decide you might be more interested in GnuPG (GPG) than ccrypt or axcrypt, I have somehow managed to compile it with optimizations for P4s and Athlon XPs without errors (believe it or not, for me this is quite an achievement. I typically see 10+ errors and a refusal to compile in the end whenever I try compiling stuff, which makes my usage of Linux a royal pain I might add since I just don't know enough to fix all the things that are insuitable for the compilation environment...) d-: I could show you how to do it or just give you a copy if you trust me (lol, really, you shouldn't when it comes to encryption software, though for what it's worth I do say that I don't know nearly enough programming to make some sort of backdoor.) They have pretty good instructions on their site somewhere though.

If you have to share this data with specific people at your job securely, you may want to get something using the public/private key system like GPG.

 

[I_Need_Money]

Uhm, just to what extent are you looking for here? Does it have to do the entire drive? The normal method is to just encrypt necessary files and then decrypt them when you need them. If you did it this way, it would be a lot simpler. If this method is ok, there's a super-simplistic little program with basically no extras to it, so it doesn't require installation or anything, called ccrypt. It's a console application, but, the syntax is pretty simple. To encrypt, you open a console and type "ccrypt -e filename.ext" and it asks for a password (which isn't echoed back.) Then, later, to decrypt, you'd type "ccrypt -d filename.ext" (no quotes in either case of course.) Thing is, this would require that you understand at least how to change directories and that sort of thing in the console.

If this works for you, just get the ccrypt.exe file and copy it to the flashdrive, then run it from there. What I do is keep a ccrypt folder on mine and put all the files into it, then run \ccrypt\ccrypt to do all the work in any folder on the drive (this keeps down the clutter.) I'm pretty sure it only needs the binary file to work though. Oh, and it comes with a linux binary as well if you work with that anywhere (just ccrypt with no extention.)

Hey Nazo, I know this isn't my thread but I just wanted to ask a quick question. I downloaded ccrypt but it needs cygwin.dll to run. I have Cygwin and I successfully ran ccrypt using it, but is there a way to get it to work without using Cygwin? Sorry if this is a stupid question.

 

[Nazo]

It's not a stupid question. Hrm, you downloaded it from there? It needs to be compiled with MingW rather than Cygwin to remove the requirement for that. Uhm, I haven't tried this as I never cared about the cygwin dll, but, come to think of it, recompiling it makes it possible to add optimizations, which is probably a good thing when it comes to something that should be mostly CPU dependant. It may require modifications to the code to make it work in MingW though, and if it does, then I sure don't know how to fix it.

I'll check it out out of curiosity. I'll add an edit in just a bit saying whether or not it works at least on this setup.

EDIT: Sorry, couldn't seem to figure it out. Meh, I don't know half of what I'm doing here. I don't know, google around a bit for a non-cygwin binary. Probably it will be compiled with MingW32, so that might help narrow the search.

 

[Ice Czar]

hmmm...Im going to give gnugp a try
I also run cygwin, have an openssh server setup to encrypt tightvnc
Ive always liked cygwin it has been pretty seemless for me
Uwin was what gave me fits

 

[Nazo]

Well, GnuPG can be compiled in MingW32 instead of Cygwin: http://clbianco.altervista.org/gnupg/eng/gnupg.html (These instructions include the actual setting up MingW and MSys in the appropriate manner.)

Requires some minor modifications of the source (something like two lines in two files, each of which they tell you what to do with,) but, it uses the windows api instead of the cygwin wrappers and such, so no DLL dependancies that I know of. One thing to note. Their instructions, when you optimize, call for the command -mtune=[cputype] in the C/CXXFLAGS variables, however, my version of GCC at least didn't like that (./configure sees this as meaning GCC can't compile binaries and stops -- it just means GCC errored out.)

Oh, and I just found out that it's REALLY easy to optimize ccrypt if you compile it in Cygwin. I just ran the rather simple "CFLAGS='-O3 -march=i686 -mcpu=athlon-xp -mfpmath=sse -mmmx -msse -m3dnow' CXXFLAGS='-O3 -march=i686 -mcpu=athlon-xp -
mfpmath=sse -mmmx -msse -m3dnow' ./configure; make" and I know it only needed one of those two, but, I was too lazy to see which one... Took it about 2 seconds to compile when I ran it in Cygwin without any errors. Unfortunately, I think that ccrypt is just simply made for a *nix system originally and the author just didn't want to spend huge hours correcting this and that to make it work without the *nix emulation and wrappers that cygwin pulls off. Ah well, it's just one DLL file, not too big of a deal, right? I did some searching around while waiting (well, everything else takes longer than two seconds to compile, sheesh. I didn't even look until I was done searching...) I never found a non Cygwin dependant binary. Just throw that cygwin dll in there with the exe and you're set though.

EDIT: BTW, when following those instructions, I found it unnecessary to strip the files and insert the localization. Since it was set up for plain character sets as nearly as I could tell, it just wasn't necessary that I localize it. I haven't had any errors, but, I must admit I havent done much checking beyond the built in test after compiling that they give in those instructions (make check.) That means several instructions that can just be skipped. Might be beneficial to add unicode or something though. I'm not really sure if it actually HAS unicode though.

EDIT2: Just realized, but, they forgot 3DNow2 in their instructions. I'm pretty sure the Athlon-XP has 3DNow 2 (well, if I understand what "3DNow+" is, mine at least has it.) Just add -m3dnow2 at the end of the CFLAGS. Er... I think... *hasn't tried it yet* - ANOTHER EDIT: Ok, just ignore me. GCC won't report an error, it just says it's an unknown option. Probably not much difference anyway. I imagine it's SSE that does the most help in something like this.

 

[casefan]

Geez, I'm not a terrorist. I swear on the blood of infidels and my 1000 virgins that....er...nm. If it makes you feel any better, I'm nothing more threatening than a school teacher, so the information that I'm smuggling out of my top secret workplace is my gradebook and copies of student's papers that they did in the PC lab. If all my kids do a research paper, then I've got over 150 papers to grade, so it takes a while. Thus, I do a good bit of my grading on the weekend, at home. Those of you still in school, your teachers really do go home. No kidding.
Back on topic, I've found plenty of encryption programs, but most require a local install. The problem here is that my district's IT dept. has to deal with some really, really, really computer illiterate people, so they pretty much don't let anyone install anything at all on the district machines. Honestly, I can't say that I blame them, after some of the stuff I've seen. So, I don't need some kind of 1024 bit military level super encryption, just something to keep other ppl from seeing the info that I'm required by law to keep private, if I loose my flash drive. Thanks for all the input so far.

casefan

 

[csims]

.....just something to keep other ppl from seeing the info that I'm required by law to keep private, if I loose my flash drive.

Thanks for proving my point.

 

[Ice Czar]

casefan, given the following points

1. your teaching and grading computer lab (thus no hard copy)
2. the requirements of the law

I think your issue points to an obvious hole in the distrcit's scheme
and they might want to be aware of it if they arent already

I can see where they are coming from however, no funds and stringent software licensing compliance on top of idiots at large and thousands of junior hellions mostly more computer savy than thier teachers

when you do loose those drives does everyone get an A?

 

[casefan]

You lost me on that one csims. Most teachers take papers home to grade them. If you have more than a handful of students, you have to. But, for some reason, many teachers still use a paper gradebook. By law, they aren't supposed to let other people read their gradebook, for privacy reasons. But, they also carry their gradebooks home and then back to school, sometimes every day. I'm doing the exact same thing, but just with 1 and 0s on my keychain, instead of with physical stacks of paper. I'm not sneaking or stealing anything at all, just doing things a better way, imho, than many of my peers.
If someone stole a teacher's paper gradebook, then they could read the grades. The teacher wouldn't get in trouble for having their gradebook stolen, but they really don't want the whole world to see who is failing their class either, for the sake of the kids who would be embarrassed. All I'm trying to do is to take it a step further and use on of the advantages of the computer based system, so that what I have is actually more secure than the old paper based way of doing things. I don't see how that proves your point, csims, but I will thank you in advance for some clarification.

Ice Czar, the district's IT dept. concerns are to 1.)protect their hardware and software resources, 2.)not get sued for software issues and 3.)send out techs as little as possible. That's not a dis against them, it's just their job. They could not care less what I do with my teaching and grading, as long as it doesn't cause a problem with one of the three issues listed above. Since it has nothing to do with one of the "big three", they don't protect the student info, I do. There isn't really a hole, from their point of view, just "File, Save As". I probably should have been clearer about this earlier. And don't get your hopes up about the "A" thing. There is a copy of all the stuff on my local machine, one on the district's server that is off site and one on my flash drive. Haven't lost a paper yet.

casefan

 

[Ice Czar]

its been 27 years since I was an inmate in a institution of higher education

luckly I had several good teachers that turned me into a professional student
the lack of sheepskins made no difference in my profession

 

[Nazo]

What HAVE I done?!?! I've helped a teacher!!! ROFL, just kidding. I think...

Well, ccrypt is probably your best choice unless that axcrypt is a simpler interface (maybe a GUI in there somewhere?) 128-bit encryption should be enough for your purposes even since you really can't be held responsible if it just happens to fall into the hands of someone who actually knows how to crack such a thing (besides, it probably would still end up taking them a week to do it...) In fact, you may want to look into just using a good compression program. According to it's makers, if you put a password on your archive with WinRAR, it uses 128-bit AES encryption (AES is basically the standard for such things and supposedly even the government uses it, though who ever really knows with them.)

 

[casefan]

An inmate, ouch. It sounds like you know the truth, that higher edu. is a business and, just like any other business, the goal is to make money. The only odd part being, that your customers are you students who have to work for you to get what they paid thousands of dollars for in the first place. Crazy.

Thanks for the help. I'll probably just go with ccrypt until something with a pretty GUI shows up, I'll have to look at axcrypt to see if that fits the bill there, though.

casefan

 

[Ice Czar]

your customers are your students who have to work for you to get what they paid thousands of dollars for in the first place.

and which is generally available for free if you apply yourself

Good Luck

 

[Nazo]

You know, I may throw together a simplistic GUI in Visual Basic or something I suppose. Could be kind of useful really as it would make things simpler -- especially since I'd like to be able to encrypt some things to send to a friend of mine who isn't familiar with the whole command-line thing either.

I'll let you know if it turns out ok.

 

[coastertux]

Thanks for the help. I'll probably just go with ccrypt until something with a pretty GUI shows up, I'll have to look at axcrypt to see if that fits the bill there, though.

casefan

AcCrypt has a pretty GUI. I use it to encrypt my work for school.

 

[casefan]

and which is generally available for free if you apply yourself

That is totally true. All of the information that is available through school can be learned on your own, if you want to know badly enough. There were courses in school I wanted to take, but couldn't, so I'd just look into it myself and throw hours at it until it made sense. The biggest thing that most college degrees get you is a sheet of paper showing that you have the proven ability to learn. To an employer, this is proof that they can teach you to do things their way, in whatever kind of business they run. Also, many jobs now require some level of college education. Just be aware when you are taking classes that seem pointless, like cultural sensitivity or whatnot, that the point is the class cost a few grand. The longer you stay in school, the more it costs you and the more the university profits. The best deal going, the "loophole" in the system, is tracked programs where everyone from a group takes the same classes in pretty much the same order, guaranteeing that your 4-year program will be done in 4 years. Well, unless you screw up.

casefan

 

[Nazo]

I'd say go with Axcrypt then. You won't be needing > 128-bit encryption. I'm going to go ahead and make the GUI to simplify things for myself and my friend because I prefer 256-bit, but, for your purposes, 128 is plenty. (My stuff goes across the web and has information only my friend should see, so I prefer a stronger encryption just in case.) I'm willing to bet that my GUI for ccrypt can never compete with the axcrypt gui. ^_^ I still haven't decided if I'm going to go to the effort to make it save settings for example...