Recipe: How to make an encrypted USB flash drive?
Every person has secrets. A personal diary, a password from a bank account in Switzerland, pictures of fortifications of a potential enemy, drawings of a perpetual motion machine, a list of mistresses, but what else. Data is conveniently stored on a USB flash drive. It is small, cheap, capacious. It is easy to carry in your pocket, just to hide or pass on to another person. But just as easy to lose a flash drive.
Task: I need a USB flash drive, all information on which is encrypted. When I insert a USB flash drive into my computer, it must ask for a password and cannot be decrypted without the correct password. The flash drive should work autonomously, without installing any software on the computer.
We take any flash disk available to us and proceed.
Downloading TrueCrypt . Now the latest version is 6.1a . There is Russification . TrueCrypt is a free, open source program for data encryption. Works under Windows, Mac and Linux.
')
Install TrueCrypt on your computer. Installing TrueCrypt-a we need only to create a flash drive. Then TrueCrypt can be removed.
Prepare a flash drive for work. To start, erase all the data from there. Now run TrueCrypt and select Tools -> Traveler Disk Setup ...
In the window that appears, specify the drive letter where the USB flash drive is mounted now and the path to the [non-existent yet] file with encrypted data: e: \ datafile.tc
I recommend setting the remaining options as in the screenshot.
Click Create and TrueCrypt will write all the necessary service files to the USB flash drive.
Now it remains to create an encrypted data file on the flash drive.
In the menu TrueCrypt-a choose Tools -> Volume Creation Wizard
Specify the path to the same file that you entered when creating the flash drive:
We select encryption and hashing algorithms to taste. It is recommended to leave everything as it is.
Select the size of the data file. Since we want the entire space of the flash drive to be encrypted, enter the maximum possible number.
We invent and enter the password. Be attentive! The password must be long and complicated so that it cannot be broken by a brute force. But also memorable. Because if you forget - the data will be lost.
Now select the type of the file system and move the mouse around the window area so that True Crypt can generate a truly random number. Click Format.
A few minutes later a large encrypted file will be created on the flash drive.
If you insert such a USB flash drive into any computer under Windows, a window will appear:
And if the password is entered correctly, the system will mount the encrypted file as another disk.
So we have a flash drive that is encrypted with a reliable algorithm and ready to work on any, even unprepared computer. Of course, there is no perfect protection, but now a potential attacker will need many orders of time, more money and experience to get to your data.
Before removing the flash drive, do not forget to unmount the disk through the icon in the taskbar.
Keep in mind that after editing or viewing your secret data may remain in temporary files or in the operating system's swap file.
The very fact of using encryption will not be secret. On the computer there can be records in logs or the register. The contents of the flash drive openly indicates the use of encryption technology. So that the thermal-thermal hacking methods will be the most effective.
To hide the fact of encryption, TrueCrypt offers encrypted disk technology with a double bottom and with a hidden operating system. But that's another story.
Thanks to all the discussion participants for interesting questions and criticism.
As an afterword I want to answer the two most popular objections.
I read about this Encrypted File System and experimented on my computer. Perhaps for some cases, this encryption method is suitable. But not for me.
The most important thing. EFS encrypts only the contents of files. The list of files, the structure of subfolders, their names, sizes, dates of editing remain open. This information may compromise you directly or may cause you to further develop. If you find an encrypted file called BlackNal Movement.xls or RapeTriven-year-oldDevent.avi in your folder, then it will be no easier for you to encrypt the file itself.
The second. Encrypted files are available all the time while you are logged on to your computer. It doesn't matter if you work with secret information or play sapper. Of course, it’s better not to let anyone under your username at the computer. But situations are different. In addition, working under Windows, even on your own computer, you never know what process is being played around in your file system. TrueCrypt provides easy and intuitive session management for an encrypted volume. Mounted, worked, unmounted. The time available data is reduced by orders of magnitude. And with it the risk.
And finally, about autonomy and portability on an arbitrary computer. By inserting a USB flash drive into someone else's computer, we run the risk and should not do this regularly. But, again, there are different situations. The main computer can fail, be thrown in the trash 3 years ago, remain in another country. Specific scenario - Imagine that you went on a business trip and forgot the flash drive at work. And you need to phone the secretary to explain how to get to the file you need. Information not only must be reliably protected. It should also be easily accessible. All you need to access files on a flash drive under TrueCrypt is a computer under XP in the standard configuration, password and 10 seconds of time. C EFS can also achieve portability flash drives. But the connection procedure will be much more difficult. Need to decrypt and import key. And at the end of the session - remove it from the system.
Of course, the described recipe has a number of drawbacks and vulnerabilities. But, IMHO, this is the most practical and balanced way to keep secrets at the moment.
Task: I need a USB flash drive, all information on which is encrypted. When I insert a USB flash drive into my computer, it must ask for a password and cannot be decrypted without the correct password. The flash drive should work autonomously, without installing any software on the computer.
We take any flash disk available to us and proceed.
Step 1.
Downloading TrueCrypt . Now the latest version is 6.1a . There is Russification . TrueCrypt is a free, open source program for data encryption. Works under Windows, Mac and Linux.
')
Install TrueCrypt on your computer. Installing TrueCrypt-a we need only to create a flash drive. Then TrueCrypt can be removed.
Step 2.
Prepare a flash drive for work. To start, erase all the data from there. Now run TrueCrypt and select Tools -> Traveler Disk Setup ...
In the window that appears, specify the drive letter where the USB flash drive is mounted now and the path to the [non-existent yet] file with encrypted data: e: \ datafile.tc
I recommend setting the remaining options as in the screenshot.
Click Create and TrueCrypt will write all the necessary service files to the USB flash drive.
Step 3.
Now it remains to create an encrypted data file on the flash drive.
In the menu TrueCrypt-a choose Tools -> Volume Creation Wizard
Specify the path to the same file that you entered when creating the flash drive:
We select encryption and hashing algorithms to taste. It is recommended to leave everything as it is.
Select the size of the data file. Since we want the entire space of the flash drive to be encrypted, enter the maximum possible number.
We invent and enter the password. Be attentive! The password must be long and complicated so that it cannot be broken by a brute force. But also memorable. Because if you forget - the data will be lost.
Now select the type of the file system and move the mouse around the window area so that True Crypt can generate a truly random number. Click Format.
A few minutes later a large encrypted file will be created on the flash drive.
If you insert such a USB flash drive into any computer under Windows, a window will appear:
And if the password is entered correctly, the system will mount the encrypted file as another disk.
A few caveats
So we have a flash drive that is encrypted with a reliable algorithm and ready to work on any, even unprepared computer. Of course, there is no perfect protection, but now a potential attacker will need many orders of time, more money and experience to get to your data.
Before removing the flash drive, do not forget to unmount the disk through the icon in the taskbar.
Keep in mind that after editing or viewing your secret data may remain in temporary files or in the operating system's swap file.
The very fact of using encryption will not be secret. On the computer there can be records in logs or the register. The contents of the flash drive openly indicates the use of encryption technology. So that the thermal-thermal hacking methods will be the most effective.
To hide the fact of encryption, TrueCrypt offers encrypted disk technology with a double bottom and with a hidden operating system. But that's another story.
Post scriptum
Thanks to all the discussion participants for interesting questions and criticism.
As an afterword I want to answer the two most popular objections.
- Why not use the built-in Windows NTFS Encrypted File System, as recommended by Backspace ?
- Why do you need the autonomy condition of the flash drive, because you can install TrueCrypt permanently on your computer? And by connecting a USB flash drive to someone else's computer, we risk losing it on keyloggers and other bookmarks.
I read about this Encrypted File System and experimented on my computer. Perhaps for some cases, this encryption method is suitable. But not for me.
The most important thing. EFS encrypts only the contents of files. The list of files, the structure of subfolders, their names, sizes, dates of editing remain open. This information may compromise you directly or may cause you to further develop. If you find an encrypted file called BlackNal Movement.xls or RapeTriven-year-oldDevent.avi in your folder, then it will be no easier for you to encrypt the file itself.
The second. Encrypted files are available all the time while you are logged on to your computer. It doesn't matter if you work with secret information or play sapper. Of course, it’s better not to let anyone under your username at the computer. But situations are different. In addition, working under Windows, even on your own computer, you never know what process is being played around in your file system. TrueCrypt provides easy and intuitive session management for an encrypted volume. Mounted, worked, unmounted. The time available data is reduced by orders of magnitude. And with it the risk.
And finally, about autonomy and portability on an arbitrary computer. By inserting a USB flash drive into someone else's computer, we run the risk and should not do this regularly. But, again, there are different situations. The main computer can fail, be thrown in the trash 3 years ago, remain in another country. Specific scenario - Imagine that you went on a business trip and forgot the flash drive at work. And you need to phone the secretary to explain how to get to the file you need. Information not only must be reliably protected. It should also be easily accessible. All you need to access files on a flash drive under TrueCrypt is a computer under XP in the standard configuration, password and 10 seconds of time. C EFS can also achieve portability flash drives. But the connection procedure will be much more difficult. Need to decrypt and import key. And at the end of the session - remove it from the system.
Of course, the described recipe has a number of drawbacks and vulnerabilities. But, IMHO, this is the most practical and balanced way to keep secrets at the moment.
Source: https://habr.com/ru/post/53720/
All Articles