USB drive encryption

Mark M · 31 Mar 2017 at 12:07

I wasn't sure whether to post this here or in the HDD sub forum but please move if you think over there is more suited.

Im after a solution to secure a USB stick so that its as difficult as possible for anyone to access it. There is nothing massively sensitive on there but it will contain client documents that I might copy from their computers if Im at their premises. I appreciate that if anyone really wanted to get the data they could but Im just talking about making it difficult if someone found it in the street they would just plug it in and realise thats its useless to them.

Is there a software solution out there or do you need to look at USB drives that come with encryption built in?

joey1211 · 31 Mar 2017 at 12:23

Password protected and encrypted rar/zip file?

nox_uk · 31 Mar 2017 at 12:33

just bitlocker it

CaptainCrash · 1 Apr 2017 at 09:42

nox_uk said:
just bitlocker it

That's not particularly helpful if the client PCs he's accessing aren't Bitlocker-enabled.

VeraCrypt (formerly TrueCrypt) in traveller mode with an encrypted container file on the USB drive is probably the best bet (you'll need admin privileges to run it though): https://veracrypt.codeplex.com/wikipage?title=Portable Mode

Django x2 · 1 Apr 2017 at 22:16

Get an iStorage Datashur. It's a USB key with a physical PIN that you enter on the body of the stick. It unlocks the drive for 20 seconds (enough time to plug it in), otherwise it times out and locks again. That 20s is just to physically connect it, not to use it.

joey1211 · 1 Apr 2017 at 23:21

£75 for 16GB. Ouch! Though if it's 100% maybe it's a small price to pay. But I'd imagine there are free alternatives.

nox_uk · 2 Apr 2017 at 07:52

CaptainCrash said:
That's not particularly helpful if the client PCs he's accessing aren't Bitlocker-enabled.

VeraCrypt (formerly TrueCrypt) in traveller mode with an encrypted container file on the USB drive is probably the best bet (you'll need admin privileges to run it though): https://veracrypt.codeplex.com/wikipage?title=Portable Mode

Once you bit locker a USB stick, it puts a .exe file on the root of the disk in case it is not natively supported by the OS. If you insert it into a non bitlocker capable machine, you just click this .exe and have access to your files through the app. The only downside is the app is read only on at least Server 2012. (Desktop OS are normal). Had a bit of an assumption the OP was talking about Windows due to the forum it's posted in. Also means no extra third party software needs installing, all built in

nox_uk · 2 Apr 2017 at 08:02

i think I'd trust software encryption over the hardware stuff built into to a lot of devices currently. There is a lot more auditing and testing going on with software suites, and when the hardware versions get tested there are often big unsolvable problems... if you do go for a hardware stick, try to make sure it's FIPS compliant. (Higher the number the better) but we are starting to get to the point of discussing standards far beyond your requirement.

Truecrypt/veracrypt are also fine, but not as easy as bitlocker and require additional software installing but you do get a software suite that's far more capable, also beyond what you asked for