9

I am looking for a USB Thumbdrive / Flash drive encryption solution. I have searched the net but I have never come accross a solution which meets the following:

  1. Must handle at least 4GB volume
  2. If possible, fully portable (no install required required)
  3. Does not require admin rights in order to access/write encrypted files on the flash drive
  4. Does not corrupt data should the flash drive is removed from a USB port and the data is in a 'unencrypted' status
  5. Data is automatically encrypted if the flash drive is removed from a USB port and the data is in a 'unencrypted' status
  6. Portable apps must be able to run from the 'unencrypted' volume (in non-admin mode)

PLEASE do not mention TrueCrypt as I am not considering (especially for wish list #3)

Many thanks!

Update 5th October 2009: Still unresolved.

Improve this question
2
  • 4
    Just so you understand: It's not possible to do what you want and have the encrypted volume show up as a normal drive. As long as you are OK with using a special app to access stuff, you can do it.
    – Michael Kohne
    Commented Sep 28, 2009 at 17:48
  • I think it would be possible to write encrypted fs with dokan (code.google.com/p/dokan) - FUSE clone for Windows
    – Maciek Sawicki
    Commented Jan 11, 2010 at 22:38

6 Answers 6

Reset to default
9

It's an all in one solution rather than software that can run on any USB stick. The IronKey seems to fit your criteria.

Improve this answer
2
  • Interesting...But not the solution I was looking for. I am the proud owner of the fastest USB flash drive on the planet (pendrivereviews.com/ocz-rally-2-turbo) so a software solution is a must.
    – Max888
    Commented Oct 5, 2009 at 19:41
  • 2
    Encryption or speed: choose one.
    – Craig
    Commented Apr 10, 2010 at 20:47
4

You may be interested in the Corsair Flash Padlock USB drive:

Featuring auto-lock hardware security, Flash Padlock is the best way to secure your data while on the go. This prevents any unauthorized access or “Brute Force” attack to the data on Flash Padlock. Users can program in a PIN, much like they do for an ATM machine, to lock/unlock their data. An easy to use keypad in conjunction with lock/unlock indicator lights makes the Flash Padlock highly intuitive to use. Lastly, the Flash Padlock is fully plug-and-play, and requires no software or drivers to work properly.

Flash Padlock

I have one of these drives, and it works quite well. Once your PIN is set, you press the Lock key, type in your PIN, press the lock key again, and the green light flashes for 30 seconds, during which you can plug it into the computer.

Because the security is hardware-based, there is no OS or software requirements - it works on any computer that can access a USB flash drive.

Improve this answer
2
2

Rohos mini-drive will meet many of your requirements. To create the drive, you DO have to install it on one computer. But after that, it does not require admin rights.

Improve this answer
4
  • Thanks Michelle, Rohos mini-drive looks good so far. I am testing it now. However, i seem to be getting read only access on guest accounts. Still investigating....
    – Max888
    Commented Oct 5, 2009 at 13:58
  • 1
    OK, I can confirm that Rohos does not meet my criteria 6. Portable apps must be able to run from the 'unencrypted' volume (in non-admin mode)
    – Max888
    Commented Oct 5, 2009 at 20:18
  • what is the difference between this and True Crypt used with file based volume?
    – Maciek Sawicki
    Commented Jan 11, 2010 at 22:29
  • 1
    This answer was in Sep 09, when Rohos did not satisfy all the criteria. Just a month later, Rohos updated and it does appear support criterion 6: rohos.com/2009/10/on-the-fly-encryption-without-admin-rights
    – Daniel H
    Commented Jan 26, 2010 at 1:17
1

Check out FreeOTFE, I think it fits your criteria.

Improve this answer
3
  • No it does not: it requires admin access to FULLY READ/WRITE files and programs.
    – Max888
    Commented Oct 5, 2009 at 19:39
  • See my req: 6. Portable apps must be able to run from the 'unencrypted' volume (in non-admin mode)
    – Max888
    Commented Oct 5, 2009 at 20:18
  • FreeOTFE Requires admin rights to mount a volume as a drive letter - as will pretty much any encryption solution that mounts to a drive letter. FreeOTFE Explorer does NOT require admin rights to use the (rather cumbersome) interface to add / open files from the encrypted container.
    – Goyuix
    Commented Jan 11, 2010 at 22:49
1

SafeHouse Explorer 3.00 software. I use it on my SanDisk miniCruzer 4GB flash drive. Since I use a uber-complex password for accessing the SafeHouse volume, I use Sisma password manager.

Improve this answer
1
  • Thanks but this only encrypt files/folders: it does not allow me to run a full program. I like it anyway.
    – Max888
    Commented Dec 7, 2009 at 10:47
0

Boot from USB and mount encrypted partition

The only way that I can think of that will allow you to do that is to partition your drive and use an unencrypted partition to boot a Linux distro. That will then mount the encrypted partition after you type in the appropriate passphrase. Since the cleartext is only ever kept in memory, the data on the key itself is always protected, even if you pull it out mid-write. Of course, if you pull the drive mid-write, you'll corrupt data, but that has nothing to do with the encryption.

As far as portable apps go, you can install them to a third partition that is accessible to windows. Encrypting applications is unnecessary unless you're running some really exotic stuff (in which case you'd know how to do it anyway.) just make sure your apps don't leave fingerprints all over. Since a modern linux distro will run on pretty much any x86 machine, you'll also be able to access your data anywhere.

Another advantage from this is that you leave absolutely no marks on the host machine.

As a sidenote, because of flash memory wear, I advise doing full byte-for-byte backups of the entire key regularly, especially since you'll be running an os from it.

If you're paranoid (and I know you are) then you must not use the unencrypted OS if you have not kept a careful chain of custody, since some clever clog could have modified it to get your passphrase (via email, for example). If you misplace it for a few days, nuke the unencrypted partition and reinstall the os from scratch. (after a dd if=/dev/random of=/dev/sdxn where xn is your OS partition ID). Also make sure that the OS partition is mounted as read-only, that way no program will inadvertently leave info in it.

This is fairly watertight, but not exactly simple to execute. It does, however, fulfill all of your requirements. Unfortunately, you'll have to boot from your usb key if you want access to your data.

Improve this answer

Not the answer you're looking for? Browse other questions tagged .