Comments on: How can I make a flash drive more secure?

Question: How can I make a flash drive more secure?

tomble — Thu, 19 Jan 2006 00:02:28 -0800

How do I make a flash drive more secure?

My father recently bought himself a flash drive, and now uses it for transferring all sorts of work documents to and from home. He asked me if there was any way of putting a password on it, or securing it somehow to stop someone reading all his work documents in the event it was lost / stolen.

I had to admit I was stumped.

So the question is, is there some way of making a generic flash drive more secure? I would like something fairly simple, maybe something where you pop the flash drive into the USB port and it prompts you for a password. I don't even know if this is really possible.

I did a bit of googling but never managed to find quite what I was looking for.

By: pompomtom

pompomtom — Thu, 19 Jan 2006 00:10:09 -0800

http://google.com/search?q=flash+drive+encryption

By: krisjohn

krisjohn — Thu, 19 Jan 2006 00:26:01 -0800

PGPi -- useful for more than just flash drives.

By: insomnia_lj

insomnia_lj — Thu, 19 Jan 2006 00:48:54 -0800

If it's your dad, you probably want it to be dead simple.

Assuming we're talking PC here, I would suggest this solution. WinZip is also useful and pretty much foolproof for creating password protected folders.

By: raaka

raaka — Thu, 19 Jan 2006 00:56:43 -0800

http://www.truecrypt.org/

By: ed\26h

ed\26h — Thu, 19 Jan 2006 01:17:47 -0800

If it's Windows XP you'll have encryption for NTFS volumes built in. I've not used it myself though.

By: Mijo Bijo

Mijo Bijo — Thu, 19 Jan 2006 01:22:59 -0800

I second the WinZip solution.

It's not wise to use NTFS on a flash drive, because you might be in a situation where you have to connect it to a non-Windows 2000/XP computer and it will not be able to read it (some OS's have read support), and almost suredly will not be able to write to it.

By: ed\26h

ed\26h — Thu, 19 Jan 2006 02:45:20 -0800

To expand on that a little, my suggestion would not work on Windows 2000 either, as it requires an encrypting file system on top of NTFS - it's purely an XP solution.

By: tiamat

tiamat — Thu, 19 Jan 2006 03:01:28 -0800

I also second the Winzip (or Winrar) solution. You can run winrar right off the flash drive, for that matter. And Winrar has an option to mask/encrypt the filenames in the compressed file as well, making it a little more secure than winzip.

By: schwa

schwa — Thu, 19 Jan 2006 05:24:56 -0800

Assuming your Father is running Mac OS X (you didn't specify so I get to assume whatever I want), then the easiest way is to use Disk Utility and create a password protected sparse disk image. The disk image is AES encrypted - which is good, and by using a sparse image the disk image wont take up any more room than it has to.

By: shepd

shepd — Thu, 19 Jan 2006 05:48:42 -0800

Do not forget to zero out (or better yet, radomize) the data on the flash drive first! If you don't, the old, unencrypted documents will still be easy to access with the right tools. I believe the DOD standard is to wipe it seven times with a random pattern.

By: blag

blag — Thu, 19 Jan 2006 06:09:35 -0800

Yes, 7. Gutmann recommends 35, though I think that was based on old hard drive technology.

Seconding TrueCrypt - it's surprisingly easy to use, once set up.

By: Sharcho

Sharcho — Thu, 19 Jan 2006 07:40:35 -0800

Secure Deletion of Data from Magnetic and Solid-State Memory

some people have treated the 35-pass overwrite technique as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data

By: Mitheral

Mitheral — Thu, 19 Jan 2006 07:42:05 -0800

Thirding truecrypt if he's serious about the security. Amazingly easy to use and setup, much better than PGP in that regard. Windows built in encryption won't work unless his home machine is on the domain his work machine is on.

Note that the nature of TrueCrypt, or any truely secure encryption alogrithm, is there will be increased wear on his flash drive.

By: ed\26h

ed\26h — Thu, 19 Jan 2006 08:42:15 -0800

Windows built in encryption won't work unless his home machine is on the domain his work machine is on.

You'd need to add the certificates to the logon you're using if you're transporting the files to a separate network, as I understand it.

By: gwenzel

gwenzel — Thu, 19 Jan 2006 08:56:52 -0800

One note about Truecrypt - it needs to have a device driver installed on the destination computer in order to access the encrypted files. This might be an issue if you need to access the secured files from a system where you don't have administrator privileges (since non-administrators can't install device drivers). This is noted in the Truecrypt FAQ.

By: winston

winston — Thu, 19 Jan 2006 10:29:49 -0800

You can buy flash drives that have security/encryption mechanisms built into the hardware. That's probably the simplest and most secure.

By: Mitheral

Mitheral — Thu, 19 Jan 2006 11:41:41 -0800

I wouldn't trust the built in encryption on a flash drive. Who knows what method they are using, how secure it is, or whether the implementation has a flaw.

By: JudgeBork

JudgeBork — Thu, 19 Jan 2006 12:55:22 -0800

My vote goes to Keynesis Lockngo Pro. Simple interface, solid encryption -- this is an exceptional product.