How to protect against against data access if USB drive gets lost?

usb-flash-drive windows-xp encryption application

Using any external USB drive under Windows XP, how to encrypt/decrypt files on the fly, but without too much slow-down from the overhead.

Most of the obvious solutions like Truecrypt won't work because with these the host system needs to have first had some drivers installed by a system administrator.

How to have an encrypted USB drive, so the data will still be accessible on any XP system?


I second the vote for TrueCrypt. As to the problem of accessing it on Windows:

You can use FreeOTFE to read TrueCrypt data under Windows. It offers FreeOTFE Explorer, which, unlike regular TrueCrypt (or FreeOTFE) does not need admin privs (it also does not need installation).


As a note, Windows 7's bitlocker will allow for thumb drive encryption, and you can force it to do so.


Truecrypt has an traveler mode, maybe it helps?

It will be difficult to do full disk encryption or even on-the-fly-encryption without drivers! The only thing that woudln't decrypt to the harddrive would be some programm that injects itself in userspace in every process and touches open calls etc.


As already mentioned Truecrypt is not an option that would run on any Windows XP installation. This is due to the fact that creating a "virtual" drive requires administrator privileges. Without such a virtual drive you cannot:

  • use files on the usb drive from any software
  • run programs from it

Afaik the is no solution to overcome this limitation in a easy and secure way. The simplest solution that would work everywhere is an encrypted archive file. 7Zip for example can use AES256 which is, combined with a sufficient long pass phrase, a good layer of privacy. 7zip is also available as es plain exe, so you could put it one the stick and take it with you.One thing you have to keep in mind: If you access an file from inside the archive it will be copied to the host temporary directory and possible not deleted securely.

Also I recently saw (on the Cebit, which is an Internationale IT fair in Germany) some AES encrypted usb drives which were explicitly advertised as being true AES combined with a host software which fed the encryption key. Sadly I haven't the name of the manufacturer in mind. But I'm convinced that there are some real solution if you are willing to pay the price (both: money and transfer rates).

Related

How to switch from a custom Linux kernel to a distribution kernel
vmstat -f shows large number of forks
Is there a sexier datacenter than Bahnhof's "Pionen"?
Infiniband on Linux?
Is there a scalable open source web BB/forum?
Can Nginx handle php (or similar fcgi) requests inside of an alias?
Delete Emails older than X days in Exchange 2003
Login to MsSQL without first Authenticating to the AD Domain
How to customize a Windows boot CD
Apache throwing 403 on serving images from an NFS share
Best non-VPN Solution for remote access to SAMBA Shares? [closed]
How do I set up a read-only file system mirror for an SVN repository?