Chinese | EngLish
KeyWord   Seach GO   
News Center
Search
Key:
Scope:
HomeNews Center Industry Knowledge
 
How to keep the data on your flash drive secure
News source:wspusb.com       AddTime:2011-05-05 11:43:56     Collects this page

While the best security (and speed) often comes from hardware-secured flash drives with their built-in cryptologic co-processors, anyone can secure their regular flash drive through the use of a free open source program called TrueCrypt. TrueCrypt offers a large array of encryption algorithms to choose from including 256-bit AES, Serpent and TwoFish, or any combination of all three, and is available for Windows, Mac and Linux operating systems.
If TrueCrypt is installed on the host machines you plan on using the flash drive with, it's possible to put a single large file on the flash drive that houses all your encrypted data. This file has built-in plausible deniability - you can't tell it's a TrueCrypt file until its mounted, and if required to divulge the password, you can provide a second password that unlocks a different portion of the encrypted volume that's filled with "safe" data like a fake journal, and there's no way for anyone to tell that this isn't what you're really protecting.
TrueCrypt can also be ran in "portable mode" with the binaries for encryption and decryption kept on the flash drive itself, although this would give away the fact that you're housing a TrueCrypt volume on the flash drive. The caveat to this is that you'll need administrator privileges for any computer you plan on using to access the TrueCrypt volume.
An alternative to TrueCrypt is Microsoft's BitLocker To Go, a full-disk flash drive encryption technology that's limited to Windows 7 Enterprise and Ultimate editions and Windows Server 2008 R2. Unlike TrueCrypt, BitLocker To Go doesn't require administrative rights to install or use, and if your workplace likes to stay on the bleeding edge of tech, it may already be widely accessible to you. BitLocker uses AES 128/256-bit encryption.
Unlike TrueCrypt, BitLocker does not have plausible deniability, and Microsoft actively aids law enforcement with recovery in certain scenarios. In a nutshell, don't leave your computer running because the encryption keys are stored in RAM and can be accessed using forensic software. This is a vulnerability shared by many drive encryption programs and should not be viewed as actually cracking BitLocker. In an enterprise environment, if the volume recovery keys are stored in Active Directory and the system administrator has loose lips or gets handed a subpoena by the authorities, you're boned. Cryptome hosts a copy of Microsoft's BitLocker lawful spying guide on their website if you're interested; search for "win7-bit-spy".
 
Remember, there's no way to keep your data 100% secure if the computer you're using has been compromised, so be cautious of accessing your private data at public computers like those in a PC cafe. Also, Randall Munroe over at xkcd raises a very valid point in that the weakest link in security is always the human factor.
 

 
CopyRight Winsparkling Technology Co.,LTD © 2010-2011 -All rights reserved!
Email:sales@wstopled.com    Tel:86-755-33127898    Fax:86-755-27901289
Addres:5F, Jing Ye Fang industrial park No.210, the middle road of Wan feng,Sha Jing, Bao'an, Shenzhen