Encrypted flash drives

bbigford

Maybe I am asking for something that doesn't exist...

For instance, Bitlocker to Go is functionally exactly what we need (minus the PIN option), but doesn't work for Macs. But it relies on software that is already installed on the PC (Bitlocker).

Alex Sage

@BBigford Format the USB Drive and start again.

First, run the VeraCrypt Volume Creation Wizard to create a Volume on the USB drive. You can make it as large as you want, just leave a little space for VeraCrypt itself.

Now, run the VeraCrypt Traveler Disk Setup. In the first box, select your USB drive letter. Then select auto-mount, and select the VeraCrypt Volume you created.

0_1461349949282_upload-e811f602-dc87-4fe8-9095-7cd88b36fd04

Alex Sage

@scottalanmiller You can use two partitions too, but it's much easier to use a VeraCrypt Volume.

Alex Sage

So to be clear, you not really encrypting the drive itself, your encrypting the data your putting on the drive.

Alex Sage

Remember that a VeraCrypt Volume is just a file. It can have no extension or it can have a fake one. I normally fill the flash drive with a bunch of unimportant unencrypted documents, as well some VeraCrypt Volume's named TPS_Report.xls, pics.zip, etc. Any normally person finding the USB drive, just assumes that those files at corrupted, and deletes then or better yet just wipes the drive and reuses it.

scottalanmiller

@aaronstuder said in Encrypted flash drives:

So to be clear, you not really encrypting the drive itself, your encrypting the data your putting on the drive.

Oh I see, that makes more sense then.

BRRABill

@aaronstuder said in Encrypted flash drives:

Remember that a VeraCrypt Volume is just a file. It can have no extension or it can have a fake one. I normally fill the flash drive with a bunch of unimportant unencrypted documents, as well some VeraCrypt Volume's named TPS_Report.xls, pics.zip, etc. Any normally person finding the USB drive, just assumes that those files at corrupted, and deletes then or better yet just wipes the drive and reuses it.

Don't you trust VC to do its job?

bbigford

Decided to just use the built in tools (Bitlocker to Go and HFS+ encryption), for each device respectively. The Corsair Padlocks are cheaper than, say, IronKey. But still too spendy when we can get thumb drives for $3 apiece for regular 8GB drives.

VeraCrypt is awesome, but it's going to be too cumbersome for end users. Going with the built in options are just going to be the easiest method instead of fighting with it, since it allows for plug in and prompt for password.

http://www.amazon.com/Corsair-Padlock-Secure-Flash-CMFPLA8GB/dp/B003809LBS/ref=sr_1_2?ie=UTF8&qid=1461363132&sr=8-2&keywords=corsair+padlock

Dashrender

@BRRABill said in Encrypted flash drives:

@aaronstuder said in Encrypted flash drives:

Remember that a VeraCrypt Volume is just a file. It can have no extension or it can have a fake one. I normally fill the flash drive with a bunch of unimportant unencrypted documents, as well some VeraCrypt Volume's named TPS_Report.xls, pics.zip, etc. Any normally person finding the USB drive, just assumes that those files at corrupted, and deletes then or better yet just wipes the drive and reuses it.

Don't you trust VC to do its job?

I'm not sure what you're asking?

BRRABill

@Dashrender said

Don't you trust VC to do its job?

I'm not sure what you're asking?

He said he obscures his VC container on the disk. I guess a little extra security is OK, but isn't that the point of VC, that if someone gets their hands on your container they can't get into it?

An average user wouldn't know what it was anyway, and a hacker wouldn't be thrown off by the renaming.

scottalanmiller

@BRRABill said in Encrypted flash drives:

@Dashrender said

Don't you trust VC to do its job?

I'm not sure what you're asking?

He said he obscures his VC container on the disk. I guess a little extra security is OK, but isn't that the point of VC, that if someone gets their hands on your container they can't get into it?

An average user wouldn't know what it was anyway, and a hacker wouldn't be thrown off by the renaming.

That would be my thought. It's just obscurity. The casual hacker is already thwarted. The determined one is not affected.

BRRABill

@scottalanmiller said

That would be my thought. It's just obscurity. The casual hacker is already thwarted. The determined one is not affected.

My thoughts exactly.

iroal

@aaronstuder said in Encrypted flash drives:

Remember that a VeraCrypt Volume is just a file. It can have no extension or it can have a fake one. I normally fill the flash drive with a bunch of unimportant unencrypted documents, as well some VeraCrypt Volume's named TPS_Report.xls, pics.zip, etc. Any normally person finding the USB drive, just assumes that those files at corrupted, and deletes then or better yet just wipes the drive and reuses it.

Same think I do in my PenDrive using Veracrypt.

Veracrypt is great and Free!!!