Post by thread:[OT]: Security For Flash Drive Applications

I owe Dr Skip a long round of applause for this one. Thanks, Doc! - - - I have to haul around personally owned files, such as PCB layout tools, invoice writers, password manager, documentation editors of several types. I consult on product designs, like many of us here. Dragging around a laptop was the normal way to do this, but carrying it around my neck would be better. So, I decided to use a USB Flash drive for windows XP, since all my clients use that O/S. I purchased a U3-compatible 4GB Flash Drive. It works adequately but there is no security... what if I LOST the flash drive, and an evil person (or my wife) got it? What I decided was needed was a U3-like setup that could be folded up and tucked away between uses. Dr Skip suggested the use of a TrueCrypt container to hold all of the applications and working files. This means that when you no longer need any file from the container, the container is encrypted properly into background noise. Then if your flash drive falls into evil hands, NO damage is done. I've been testing this for several days at home and at two offices, and it works GREAT. Even better, it is sourceforge and FREE. I built the 3.5GB container, then filled it with portable applications (http://www.portableapps.com) (apps that will operate within the flash drive and not spill over into other areas.). Not everything can operate from a flash drive, but my PCB layout software and most everything else will. BTW, I stripped U3 out of the hard disk before I went to TrueCrypt; its another bloated $MS thingy and I decided it wasn't for me. And thanks again, Dr Skip! --Bob Axtell

Say Dr Skip, can you run MPLAB 7.4 on your flash drive? --Bob Bob Axtell wrote: {Quote hidden}> I owe Dr Skip a long round of applause for this one. > Thanks, Doc! > - - - > > I have to haul around personally owned files, such as > PCB layout tools, invoice writers, password manager, > documentation editors of several types. I consult on > product designs, like many of us here. Dragging around > a laptop was the normal way to do this, but carrying > it around my neck would be better. > > So, I decided to use a USB Flash drive for windows > XP, since all my clients use that O/S. > > I purchased a U3-compatible 4GB Flash Drive. It > works adequately but there is no security... what if > I LOST the flash drive, and an evil person (or my > wife) got it? > > What I decided was needed was a U3-like setup that > could be folded up and tucked away between uses. > > Dr Skip suggested the use of a TrueCrypt container > to hold all of the applications and working files. This > means that when you no longer need any file from > the container, the container is encrypted properly > into background noise. Then if your flash drive > falls into evil hands, NO damage is done. > > I've been testing this for several days at home and > at two offices, and it works GREAT. Even better, > it is sourceforge and FREE. > > I built the 3.5GB container, then filled it with portable > applications (http://www.portableapps.com) (apps that will > operate within the flash drive and not spill over into > other areas.). Not everything can operate from a > flash drive, but my PCB layout software and most > everything else will. > > BTW, I stripped U3 out of the hard disk before I > went to TrueCrypt; its another bloated $MS thingy > and I decided it wasn't for me. > > And thanks again, Dr Skip! > > --Bob Axtell >

William "Chops" Westfield wrote: > On Jan 15, 2008, at 8:14 AM, Bob Axtell wrote: > > >> I built the 3.5GB container, then filled it with portable >> applications (http://www.portableapps.com) (apps that will >> operate within the flash drive and not spill over into >> other areas.) >> > > So why do you feel the need to encrypt freely downloadable > apps? Am I missing something? > > BillW > > Yes. You missed the one about your personal data, such as passwords, emails, downloads being known to other people, especially if you lose the flash disk itself. The apps themselves have no worth, of course. In other words, I can download my personal business email using my own copy of Firefox, using my own passwords, etc while on another person's computer. I download to the protected container itself, not to the TEMP file of the other person's system. To prevent a keylogger from learning my Truecrypt password, I use keyfiles as well.. no tracks. --Bob A

Bob Axtell wrote: > I owe Dr Skip a long round of applause for this one. > Thanks, Doc! > Dr Skip suggested the use of a TrueCrypt container > to hold all of the applications and working files. This > means that when you no longer need any file from > the container, the container is encrypted properly > into background noise. Then if your flash drive > falls into evil hands, NO damage is done. > > I've been testing this for several days at home and > at two offices, and it works GREAT. Even better, > it is sourceforge and FREE. <humor> AHHH! Links, links links man we need links! ... http://sourceforge.net/projects/truecrypt/ Ahhh, now I feel better (I've got my fix). </humor> Oh, it also works with Linux, thanks Bob, Doc! -- Linux Home Automation Neil Cherry spam_OUTncherryTakeThisOuTlinuxha.com http://www.linuxha.com/ Main site http://linuxha.blogspot.com/ My HA Blog Author of: Linux Smart Homes For Dummies

Bob Axtell wrote: > ... > > I built the 3.5GB container, then filled it with portable > applications (http://www.portableapps.com) (apps that will > operate within the flash drive and not spill over into > other areas.). Not everything can operate from a > flash drive, but my PCB layout software and most > everything else will. > > > Bob, I tried this - and it worked but when I go to another computer without TrueCrypt, the flash drive just looks like an unformatted flash drive. I'm thinking you have to make a container in the flash drive, not make the whole flash drive a container. Then put the TrueCrypt program on the flash drive but outside the container. Or ??? Thanks, Carey

> > I built the 3.5GB container, then filled it with portable > > applications (http://www.portableapps.com) (apps that will > > operate within the flash drive and not spill over into > > other areas.). Not everything can operate from a > > flash drive, but my PCB layout software and most > > everything else will. > I did not try the latest portable thunderbird, but 2 years back, my experience was that the flash drive could not take the beating of portable thunderbird. Prior total failure, on the first occurance, the Imation flash could be reformated. And on the second failure, the flash was totaly gone. Ling SM

Carey Fisher wrote: {Quote hidden}> Bob Axtell wrote: > >> ... >> >> I built the 3.5GB container, then filled it with portable >> applications (http://www.portableapps.com) (apps that will >> operate within the flash drive and not spill over into >> other areas.). Not everything can operate from a >> flash drive, but my PCB layout software and most >> everything else will. >> >> >> >> > Bob, > I tried this - and it worked but when I go to another computer without > TrueCrypt, the flash drive just looks like an unformatted flash drive. > I'm thinking you have to make a container in the flash drive, not make the > whole flash drive a container. Then put the TrueCrypt program on the flash > drive but outside the container. Or ??? > Thanks, > Carey > You are correct. Truecrypt needs to be in the root of the flash drive. I also put the SYS and the FORMAT there as well. I then created a container sized 3.5G (leaving 500Mb for Truecrypt and other stuff. When I power up, I click on TRUECRYPT then identify the container, providing a password. That's all it takes. BTW, if you don't use the container for an hour or so, Truecrypt disconnects the container. --Bob

On Mon, 2008-01-21 at 07:08 -0700, Bob Axtell wrote: > You are correct. Truecrypt needs to be in the root of the flash drive. I > also put the SYS and the > FORMAT there as well. I then created a container sized 3.5G (leaving > 500Mb for Truecrypt and > other stuff. When I power up, I click on TRUECRYPT then identify the > container, providing a password. > > That's all it takes. I tried Truecrypt on the weekend. While typical of OSS in that it's got probably thousands of options that aren't described in the most simple way, it was actually VERY simple to set up. I told it to use the whole drive, it asked for a password, and that was it? Inserting the hard drive in a PC results in the drive not appearing to have any data on it. Start up truecrypt, pick the volume, supply the password and boom, working without a hitch. VERY impressive! Only complaint I have is it severely slows down drive speed. I copied about 40GB of data to my now encrypted hard drive and it took well over an hour. As a result I wouldn't recommend Truecrypt be used with it's default settings on your primary volume. I'm sure there is a way to speed things up, but for my purposes it is perfect, and multiplatform to boot! TTYL

On Mon, 2008-01-21 at 17:01 +0000, Alan B. Pearce wrote: > >I copied about 40GB of data to my now encrypted hard drive > >and it took well over an hour. > > And how long would it take without encrypting it ??? Well, that particular drive sustains about 30MBps (I've benchmarked it in the past), so: 40GB/30MBps ~= 22 minutes Most of the files are large (very minimal seeking), so worst case it should have taken perhaps 45 minutes. My gut tells me it probably was faster then that, but lets be conservative. I didn't benchmark the truecrypt copy, but it was easily over an hour and a half, very likely longer then 2 hours, I didn't watch it continuously. So, say 1/2 to 1/3 the speed, for my particular case. > That sounds quite acceptable to me for that volume of data, being massaged > along the way. I would agree, except the CPU was barely being used, which is what confused me. If the CPU were chugging I'd understand the slowdown, but the CPU usage barely went over 10% on the copy. I guess I'm just curious WHY it was slow, what was holding it back? Raw HD bandwidth wasn't the limit, CPU power wasn't the limit, what was it? :) Again, I didn't read any documentation for truecrypt, it's entirely possible that the default settings result in something more secure but less speedy. For me the speed is fine, I don't do the offsite backup that often, I usually just let it copy and walk away anyways. I was impressed by how easy it was to get working though, both on Linux and windows. My only gripe there was it required a reboot of my linux box to work, but I didn't notice any message stating a reboot was required. I probably missed it... :) TTYL

Herbert Graf wrote: {Quote hidden}> On Mon, 2008-01-21 at 07:08 -0700, Bob Axtell wrote: > >> You are correct. Truecrypt needs to be in the root of the flash drive. I >> also put the SYS and the >> FORMAT there as well. I then created a container sized 3.5G (leaving >> 500Mb for Truecrypt and >> other stuff. When I power up, I click on TRUECRYPT then identify the >> container, providing a password. >> >> That's all it takes. >> > > I tried Truecrypt on the weekend. While typical of OSS in that it's got > probably thousands of options that aren't described in the most simple > way, it was actually VERY simple to set up. > > I told it to use the whole drive, it asked for a password, and that was > it? Inserting the hard drive in a PC results in the drive not appearing > to have any data on it. Start up truecrypt, pick the volume, supply the > password and boom, working without a hitch. VERY impressive! > > Only complaint I have is it severely slows down drive speed. I copied > about 40GB of data to my now encrypted hard drive and it took well over > an hour. As a result I wouldn't recommend Truecrypt be used with it's > default settings on your primary volume. I'm sure there is a way to > speed things up, but for my purposes it is perfect, and multiplatform to > boot! > > Just about my experience exactly. But I didn't find the flash drive to run too slow...I noticed that the 4GB drive by Sandisk (the one I use) seems to load pretty fast. I'm happy with it. --Bob > TTYL >

On Mon, 2008-01-21 at 12:57 -0700, Bob Axtell wrote: > Just about my experience exactly. But I didn't find the flash drive to > run too slow...I noticed that > the 4GB drive by Sandisk (the one I use) seems to load pretty fast. I'm > happy with it. Hmm. Well, FWIW I was using a hard drive. I've noticed most flash drives are pretty slow when writing to begin with, so I'd believe you not noticing a difference in performance. Funny thing is a quick check makes it look like read performance isn't that bad, haven't really benchmarked it, more of a "it feels just as fast" sort of thing. Oh, finally, the hard drive is a USB2.0 hard drive, hence the only about 30MBps I get without Truecrypt. TTYL

Herbert Graf wrote: > On Mon, 2008-01-21 at 12:57 -0700, Bob Axtell wrote: > >> Just about my experience exactly. But I didn't find the flash drive to >> run too slow...I noticed that >> the 4GB drive by Sandisk (the one I use) seems to load pretty fast. I'm >> happy with it. >> > > Hmm. Well, FWIW I was using a hard drive. I've noticed most flash drives > are pretty slow when writing to begin with, so I'd believe you not > noticing a difference in performance. > > Oh, sorry, no all are the tiny SanDisk USB Flash Drives. I have a 1G and a 4G, both work very well. > Funny thing is a quick check makes it look like read performance isn't > that bad, haven't really benchmarked it, more of a "it feels just as > fast" sort of thing. > I believe the Truecrypt decryptor/encryptor is written in assembly. --Bob Axtell > Oh, finally, the hard drive is a USB2.0 hard drive, hence the only about > 30MBps I get without Truecrypt. > > TTYL >

Herbert Graf wrote: > I would agree, except the CPU was barely being used, which is what > confused me. If the CPU were chugging I'd understand the slowdown, but > the CPU usage barely went over 10% on the copy. I guess I'm just curious > WHY it was slow, what was holding it back? Raw HD bandwidth wasn't the > limit, CPU power wasn't the limit, what was it? :) > It had to upload your data to Google for indexing first. ;) - Martin