As previously discussed, portable storage (e.g., USB
PenDrives) has changed the way that we move our data, but it brings the issue
of potential data loss firmly into the forefront of our security strategy. These
devices are very small, and they are all too easy to misplace (or have stolen),
so how do we go about making sure that the data stored on these devices issecure and can only be accessed by those who are authorised to do so?
Some device manufacturers like SanDisk offer encryption /
protection software, which is CruzerLock in its
case. The basic features offered by these packages are pretty much equal across
the board. The free version of CruzerLock includes both file encryption andcompression:
- Encrypt entire directory
structures, folders, or drives files from a PC hard drive, or from the flash
drive, into the CruzerLock-protected archive using an integrated MSWindows Explorer utility
- Upgrades encryption to 448 bit Advanced Encryption Standard from current 56 bit
- Powerful compression engine
(PKZip) built into the software, compresses data up to one tenth of itsoriginal size
- Integrated password recovery
Upgraded versions of the software are available; some of the
additional features offered by these include the ability to assign permission
rights (view, copy, delete etc.), use integrated filesharing, and lock content
to specific machines. To be honest, I dont think its worth paying up to $100
for the upgraded featuresI simply want to lock my files away so they are
protected if I lose the device. I currently use a small USB key to store a
backup of my financial records. This is protected by the manufacturers'
included software, which is easy to use and portable, as the unlock program is
run straight from a small unencrypted partition on the key. There is, however,
one reason why I have not used encryption on my main 2GB USB key: very simply,
its that the manufacturers' programs never support Linux. I keep copies of
letters, e-mail and bookmark backups, photos, etc. on my key (not exactly top-secret
military documents, but I would rather not have people looking through them if
I lost it). I am in Linux often, so if I want to update my bookmarks to put
them in sync with my Windows bookmarksmy key is encrypted by the Windows
software, and I have no chance of getting to the bookmarks file while in Linux.
Of course, if I set up an encrypted filesystem on the key from Linux, I cantaccess my data in Windows.
Well, now I have found a solutionan Open Source project called TrueCrypt.
Not only is TrueCrypt available for Windows, but I was
delighted to see that Linux packages are available in many flavours: Fedora
rpm, Debian/Ubuntu deb, plus SuSE rpm. Add to that the source code for both the
Windows and Linux applications, and the only major OS lacking is Apples OS X. Afuture release is apparently planned. So what are the main features?
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire hard disk partition or a device, such as USB flash drive.
- Encryption is automatic, real-time (on-the-fly) and transparent.
two levels of plausible deniability, in case an adversary forces you toreveal the password:
- Hidden volume (steganography more information may be found here).
TrueCrypt volume can be identified (volumes cannot be distinguished fromrandom data).
algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES,and Twofish. Mode of operation: LRW (CBC supported as legacy).
The documentation is very complete. It seems there is also a
traveller mode for Windows usethis installs an application which can automatically
launch the unlock program and then, once supplied with the password, it will
mount your encrypted drive. It would be nice to have this functionality for
Linux too, but I cant see it happening (due to differing Kernel versions etc.).
Next week well take a look at setting up TrueCrypt in Windows. How well willit work?