Posted on 01/26/2019 12:25:35 AM PST by vannrox
USB memory sticks are a great addition to computing. Having the ability to carry hundreds of gigs of data in your pocket is amazing. Especially to those of us that remember the days of 360K (yes, K) floppy disks. Almost every computer has a USB port for you to connect your USB stick and copy or access files. You can carry all your documents with you and use them anywhere.
However, carrying your data with you has significant security and privacy concerns. If you loose your USB stick, anyone can now access your files. They would have access to your word documents, spreadsheets, maybe even your finances or taxes.
To protect your data on your USB stick, you should encrypt your data. There are two methods to encrypt data on a USB stick hardware and software. Hardware encryption is a special USB stick that includes additional chips in the USB stick to encrypt your data. Software encryption uses a normal USB stick and does the encryption though software on the computer. Hardware
There are a few general types of hardware encryption USB sticks. All will have a encryption chip built-in to the stick and offer either software that runs on the computers and access the stick or a key pad on the case to enter your password. Look for sticks certified to FIPS 140-2 Level 2 or higher. Level 2 ensures good cryptographic chips and the stick will show evidence if tampered with. Hardware encrypted sticks provide improved security at a higher cost. The will cost 10 to 20 times the cost of a normal drive. When choosing a hardware stick that doesnt have a key pad, make sure it supports the operating systems you use. Most support Windows and Mac, but few support Linux or Android. Software
Software encryption on a USB stick uses an application run from the computer to create a encrypted partition or container on the USB stick. Software encryption allows you to use lower cost normal USB sticks and makes it easier to keep your encryption software updated. Windows 10 Pro includes BitLocker, encryption software from Microsoft, that can also encrypt a USB stick. BitLocker does not come with the home version of Windows. Linux has a built-in system for encrypting drives called the LUKS file system. Unfortunately, both of these only work on the single operating system they are not cross compatible. When creating a encrypted USB for carrying files with you, you need to use software that can run on any operating system and doesnt have to be installed. Many places that might let you use their computer to access your USB wont allow you to install software. Veracrypt
Veracrypt is the most popular disk encryption software and its free. Veracrypt is the successor to Truecrypt and is available on Windows, Mac, Linux, and there are even Android and iOS (Apple) versions. Veracrypt supports encrypting a partition or creating a container. Containers are large Veracrypt files that when you enter the password, become a mounted drive on the computer. Veracrypt containers are large files that dont have any characteristics that indicate they are a Veracrypt file. You can name them anything you want to help hide their true use.
Veracrypt has several advanced features, including a plausible deniable hidden volume mode where a encrypted container has two passwords. One password opens your truly secret files and the other password opens a sacrificial drive where you would store fake secret files that are OK if they got out. This allows you to show someone its just Grandmas secret recipes youre hiding. Today well cover the easiest installation Standard Veracrypt volume. Installing Veracrypt
Visit the Veracrypt web site and download the version for each operating system Windows, Windows Portable, Mac, and Linux. Copy all the installers to a folder on your new USB stick. Putting the installers on the stick ensure you can install Veracrypt on any computer you come across. Windows Portable is a version for windows that does not have to be installed onto the computer. You use this version when borrowing a computer you cant install software on. Now, install Veracrypt on your computer by running the proper installer and following the screens. Once its installed, run Veracrypt.
To start the creation of our first volume:
Click the Create Volume button. Then select Create encrypted file container. On the next screen, select Standard Veracrypt volume. Now its time to select where we want the container to be stored. Click Select File and navigate to your new USB stick. Enter a file name and click save. On the next screen, leave the standard encryption options and click next. Now enter the volume size. Leave some room on your new USB stick. Look at the Free space information and make the volume 1 or 2 GB smaller. This leaves room for new Veracrypt installers and any plain files you need to carry. Next you enter the volume password. Enter a long phrase twice and click next.
The last step is to start the formatting of the new volume. Move your mouse around the screen to create random information that will feed into the encryption process. Once the indicator turns green, Click Format.
After a few minutes, your new encrypted volume has been created.
To mount your new encrypted volume (so you can use it):
go to the Veracrypt home screen, click on a drive letter then Select file. Select your new file, click on mount, and enter your pass phrase. Veracrypt will mount your encrypted volume as a drive on your computer.
Use your normal file manager to copy files to your new volume. Once you are finished using your volume, use Veracrypt to dismount the encrypted volume before you eject the USB stick.
Read more about using Veracrypt including the Beginners Tutorial on the Veracrypt web site.
Now, you have a encrypted USB you can use almost anywhere.
No rule says you can't combine both. Defense in depth.
I like hardware encryption for the simplicity. My Ironkey will allow only two consecutive failed password attempts and destroy the data if the third attempt fails. Therefore the password can be something short and simple.
Bookmarking
“Windows 10 Pro includes BitLocker, encryption software from Microsoft, that can also encrypt a USB stick. BitLocker does not come with the home version of Windows.”
Actually that’s not quite true. BitLocker does come with the home version of Windows (or Windas, as we call it in Texas), but it is not enabled.
To enable it, you have to pay $99 (when I did it 2 years ago), but it’s one-time and when done you don’t even know it on your computer, other than having to log in every time you open it. And yes, it also works great with memory sticks and those encrypted sticks are portable to any Windas 10 computer, whether it has BitLocker enabled or not.
So, I use it and I really like knowing that my memory sticks are secure, at least as far as I know.
Thats seems a little overboard. wATCH OUT FOR THAT {caps lock} KEY.
Ironkey is a new one to me and I will have to see about getting some.
Thank you for the tip.
pfl
bttt
bbb
Partition 2 contains an encrypted (LUKS) ext4 filesystem that I use for my files.
On a 128GB stick, Ubuntu takes up approx. 2GB, leaving the rest for my files.
I have access to my files anywhere there is a computer. I boot up with the Ubuntu partition, which guarantees me a clean filesystem free of any viruses and spyware. It essentially becomes my computer for the duration I'm running the live installation.
Hmmm... Bump for later...
Always have a backup of the data you put on a usb drive. The drives are cheap and if the encryption password fails and the recovery key fails and it will. The data security dept tells the person to format the drive.
BTTT
BTTT
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.