Your life on a USB stick

Printable View

January 19th, 2008, 03:05 AM
Negative

Your life on a USB stick

Does anyone here have any recommendations/suggestions on using a USB stick to store private data (as in everything from passwords to sites to social security numbers and bank account numbers)? Needless to say, I'm looking for something secure.

For my desktop, I use RoboForm (commercial), which lets me choose between AES, BlowFish, and RC6 (I have it set, of course, to use Belgium's best export product since the exodus of myself). I'm extremely pleased with RoboForm (can't beat those features), and it has a portable version specifically designed for USB sticks (with the same features), included in the price.

So why ask? RoboForm is commercial and proprietary, and thus the implementation of the algorithms cannot be verified. Not that I would know whether or not they had been properly implemented if allowed to verify, but anyway...

Other alternatives I have come across: Schneier's Password Safe (using TwoFish), and KeePass (using AES or TwoFish).

Any advice? What are the risks involved (other than the NSA suddenly growing an interest in my private data, or border representatives demanding I tell them the password)?
January 19th, 2008, 03:26 AM
Negative

I'm going to reply to my own thread, since I seem to be the only one online right now :)

http://www.ironkey.com seems interesting... "self-destruct sequence that securely and permanently erases your encryption keys and data" after 10 incorrect password guesses? Nice... "If the Cryptochip detects a physical attack from a hacker, it will destroy the encryption keys, making the stored encrypted files inaccessible" - that sounds like it'll self-destruct if I keep it too close to a magnet or something...
January 19th, 2008, 09:39 AM
gore

Quote:

Originally Posted by Negative

(I have it set, of course, to use Belgium's best export product since the exodus of myself).

I didn't realize Chocolate could do that... Hmm..

Anyway, what is that about demanding your password?

In my personal opinion on the thread I think you have the right product already unless you buy a new stick that has built in security... I'm trying to remember the product but I only briefly saw it at BestBuy and it was saying it had encryption and other things built in, but I'm not real sure what it was called.

EDIT:

just re-read what you said, verdammt I miss-understood that...

Risks I'd say would be of you lost the thing. People love how small they are but that makes it WAY easier to misplace it or lose the thing somewhere.

I mean if I drop a penny and can't find it, that's not exactly hard to comprehend, but if I misplace my Schwanz, well the size alone makes it hard to even comprehend not being able to find it ! *giggling heavily at this point*

So anyway, I'd say fi you're going to put all that on something THAT small, get like a steel chain embedded in your arm or something to attach it to, because if someone finds it and cracks it, well, you know...

Not that it would be done in 2 hours, but cracking passwords comes standard on Linux and BSD these days heh, and it just takes ONE star trek jack ass living in his Mother's basement with more CPU than friends to try ;)
January 19th, 2008, 10:18 AM
nihil

SirDice posted this link in another thread:

http://www.fox-it.com/downloads/pdf/..._USBreport.pdf

Personally, I don't trust the technology yet. I have seen far too many dead and corrupted ones for my liking, and they were not all cheap and nasty generic varieties.

Also I see no valid reason for carrying important/personal information around in that manner.............. I use the space between my ears, an excellent storage medium ;)

If you only carry what you are legally required to, that is all that can be legally demanded of you?.............. not that I don't trust "nanny state" or anything :D

In the UK if you don't provide passwords and encryption keys you can get 2 years "bubba time".

"No back doors".............. does anyone seriously believe that?

OK I'm paranoid?

EDIT: The link doesn't work, except for Neg~ ( it is in Dutch :))............ the report is in the "news" section. Here is the AO thread with a working link to download a .pdf

http://antionline.com/showthread.php?t=276484
January 21st, 2008, 09:18 PM
JuniorT

ironkey...nuff said!
January 22nd, 2008, 02:10 PM
dalek

TrueCryptHowto

http://www.truecrypt.org/

Quote:

encrypts an entire drive, selected partition/directory and even USB flash drive,