How to protect against against data access if USB drive gets lost?
Using any external USB drive under Windows XP, how to encrypt/decrypt files on the fly, but without too much slow-down from the overhead.
Most of the obvious solutions like Truecrypt won't work because with these the host system needs to have first had some drivers installed by a system administrator.
How to have an encrypted USB drive, so the data will still be accessible on any XP system?
I second the vote for TrueCrypt. As to the problem of accessing it on Windows:
You can use FreeOTFE to read TrueCrypt data under Windows. It offers FreeOTFE Explorer, which, unlike regular TrueCrypt (or FreeOTFE) does not need admin privs (it also does not need installation).
As a note, Windows 7's bitlocker will allow for thumb drive encryption, and you can force it to do so.
Truecrypt has an traveler mode, maybe it helps?
It will be difficult to do full disk encryption or even on-the-fly-encryption without drivers! The only thing that woudln't decrypt to the harddrive would be some programm that injects itself in userspace in every process and touches open calls etc.
As already mentioned Truecrypt is not an option that would run on any Windows XP installation. This is due to the fact that creating a "virtual" drive requires administrator privileges. Without such a virtual drive you cannot:
- use files on the usb drive from any software
- run programs from it
Afaik the is no solution to overcome this limitation in a easy and secure way. The simplest solution that would work everywhere is an encrypted archive file. 7Zip for example can use AES256 which is, combined with a sufficient long pass phrase, a good layer of privacy. 7zip is also available as es plain exe, so you could put it one the stick and take it with you.One thing you have to keep in mind: If you access an file from inside the archive it will be copied to the host temporary directory and possible not deleted securely.
Also I recently saw (on the Cebit, which is an Internationale IT fair in Germany) some AES encrypted usb drives which were explicitly advertised as being true AES combined with a host software which fed the encryption key. Sadly I haven't the name of the manufacturer in mind. But I'm convinced that there are some real solution if you are willing to pay the price (both: money and transfer rates).