Welcome Guest.   Make a donation to an author on the site December 20, 2014, 07:00:26 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
View the new Member Awards and Badges page.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: How to encrypt a USB drive without admin rights?  (Read 13854 times)
rjbull
Charter Member
***
Posts: 2,792

View Profile Give some DonationCredits to this forum member
« on: February 18, 2010, 04:16:58 PM »

Does anyone know a way to encrypt a USB drive, without having to have admin rights to read it again?  As far as I can see, TrueCrypt only works if you either have admin privileges, or if TrueCrypt is already installed on the host machine.  In other words, TrueCrypt isn't truly "portable" as you can't guarantee either situation in a college or library, say.  The TrueCrypt docs point out that it has to install a device driver, hence the need for installation rights, and that admins can "see" what you've been typing, including your passwords.  In fact I'm more interested in securing the drive against students and casual users rather than admins gone to the bad.  I doubt I'd outwit those anyway...

By contrast, AxCrypt, from reading their Web site, seems to work file by file, though at least they offer a portable decrypter.  I'd rather encrypt the whole volume in one go.  Is there a reasonably easy way to do this, please?

Thanks...
Logged
sajman99
Supporting Member
**
Posts: 663


View Profile Give some DonationCredits to this forum member
« Reply #1 on: February 18, 2010, 04:34:09 PM »

Perhaps Rohos Mini Drive ? undecided
Logged
patthecat
Member
**
Posts: 88


View Profile Give some DonationCredits to this forum member
« Reply #2 on: February 18, 2010, 04:50:53 PM »

Take a look at FreeOTFE Explorer.
Here are the differences between the FreeOTFE and FreeOFTE Explorer:
http://www.freeotfe.org/m...explorer_differences.html

Also there is an online manual.

The Explorer version is not a true virtual drive like FreeOTFE so you can't run programs on it but at least allowed you to read and/or edit files.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: February 18, 2010, 06:10:20 PM »

rjbull: the short answer is "if you want it done securely, then no".
Logged

- carpe noctem
4wd
Supporting Member
**
Posts: 3,528



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: February 18, 2010, 06:49:59 PM »

If you mean for Flash Drives, some manufacturers offer a utility that will allow you to partition the drive into secure/unsecured areas.  Then when you run the program and enter the password the unsecured area gets demounted and the secured unlocked and mounted.  eg. Imation Flash Drives, Astone' FlashUtility.

These might not require Admin Rights, (at least ImationLOCK didn't cause UAC to pop up on W7), but they aren't exactly encryption either.

Have you checked the manufacturers site?

Otherwise, see f0dder' answer.
Logged

I do not need to control my anger ... people just need to stop pissing me off!
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: February 18, 2010, 06:56:16 PM »

If you mean for Flash Drives, some manufacturers offer a utility that will allow you to partition the drive into secure/unsecured areas.  Then when you run the program and enter the password the unsecured area gets demounted and the secured unlocked and mounted.  eg. Imation Flash Drives, Astone' FlashUtility.
Forget about those - most of those "secure" drives can currently be easily bypassed. Some of them don't have any kind of encryption, others have the flash cell contents encrypted but effectively always use the same passphrase - useless.
Logged

- carpe noctem
Perry Mowbray
N.A.N.Y. Organizer
Charter Member
***
Posts: 1,807



Thoughtful Scribbles

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: February 19, 2010, 02:08:05 AM »

I'm no expert and am pretty easily pleased; but keeping that in mind...

AxCrypt, that I do use on occasions, will encrypt a whole directory or drive of files in one go. Though if you add files they won't be encripted.

has, what I'd hope is, some recommendations. They mention some of those previously mentioned and some others and focus on the need to install and how to work around that.

It seems the first question to ask is how critical is the stuff on the drive and how serious encryption do I need? Hence F0dder's:
rjbull: the short answer is "if you want it done securely, then no".




« Last Edit: February 19, 2010, 02:09:43 AM by Perry Mowbray » Logged

f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: February 19, 2010, 04:06:18 AM »

AxCrypt is apparently good, but keep in mind that it's a usermode solution - meaning that to access the files, they have to be temporarily decrypted. This means the possibility of leaving residue on the computer where you're accessing the files; even if the temporary files are overwritten/wiped, it does mean they're temporarily available in plaintext... and if you're modifying them with a program that uses "save-to-tempfile-then-rename" in order to achieve safe saves, then wiping will not get rid of that residue. Also, if the target system is using an SSD, wear leveling means that the old data will be available.
Logged

- carpe noctem
tinjaw
Supporting Member
**
Posts: 1,926



I'm so glad breakbeat techno isn't an illegal drug

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: February 19, 2010, 08:02:02 AM »

I have a Man Crush on f0dder because of his knowledge of all things secret.  Cool
Logged

 
MerleOne
Supporting Member
**
Posts: 893


4D thinking

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: February 19, 2010, 08:36:29 AM »

I think Safehouse Explorer from Safehouse software works without Admin rights.  A bit more limited (you cannot edit files from the container, you have to extract them on the Desktop for instance) but it works.  I like their products a lot.  Oh, and it's free.  The full Safehouse suite is payware.
Logged

.merle1.
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: February 19, 2010, 08:43:58 AM »

I have a Man Crush on f0dder because of his knowledge of all things secret.  Cool


I think Safehouse Explorer from Safehouse software works without Admin rights.  A bit more limited (you cannot edit files from the container, you have to extract them on the Desktop for instance) but it works.  I like their products a lot.  Oh, and it's free.  The full Safehouse suite is payware.
Which means it'll leave residue behind - might as well go for AxCrypt - free + opensource.
Logged

- carpe noctem
MerleOne
Supporting Member
**
Posts: 893


4D thinking

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: February 19, 2010, 09:44:55 AM »

Which means it'll leave residue behind - might as well go for AxCrypt - free + opensource.

AFAIK, AxCrypt encrypts file by file, while SHE creates a container accessible through the application. If you have admin rights, you may install a driver (that can be removed from Add/Remove Panel) that turns the mounted container into a virtual with a letter.
Logged

.merle1.
superboyac
Charter Member
***
Posts: 5,794


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: February 19, 2010, 09:56:12 AM »

This is not really a helpful comment, but related:
When I first got my usb drive last year, I looked into making things encrypted on it.  All the solutions were such a pain in the butt that I said "F--k it!"  Sure, there is stuff on there I'd rather not have people see, but nothing that will kill me.  The only stuff I was truly concerned about were my passwords.  But I use RoboForm which has pretty strong encryption in the program and is pretty safe.
Logged

rjbull
Charter Member
***
Posts: 2,792

View Profile Give some DonationCredits to this forum member
« Reply #13 on: February 19, 2010, 03:11:45 PM »

Thanks for the suggestions.  I should have thought out what I wanted a bit better, though your posts are helping me do that.  I occasionally use the USB key at college and the public library.  I'm not really expecting industrial-strength security.  I want to (1) prevent average users accessing payware programs on my USB key, (2) prevent same accessing certain files, and (3) should I lose the key, or forget and leave it behind, plugged into a machine (mine are all on cables, so they're more obvious than usual), then no-one, not even a sysadmin (who hadn't already sniffed the password) could access any secure area.  That seems to mean I'd be better off with a TrueCrypt-type secure container to stop (1) and (3) while still making the programs accessible to me.  For (2) I could use AxCrypt or equivalent, but even then it would (probably) be a pain while doing things like digital photography evening class where I want to access lots of files, so an encrypted container would still be best.  Ideally it would lock itself after a given period of inactivity.

I suppose I should add the obvious - I don't usually have admin rights on the PCs I would in these situations be using.

Like superboyac I use RoboForm, and KeePass, and one of my MemPad files is also encrypted using Windows' built-in system.  I could leave those outside the container.

Found two more not mentioned above:  Wondershare USB Drive Encryption and WinEncrypt.  I don't know anything about them.

I notice that some encryption programs are fairly expensive.  The ones that have free and payware versions seem to limit the container size in the free version as an incentive to upgrade.  Rohos, for example, is 2GB.  But that seems quite a bit on a USB drive which isn't enormous anyway.
« Last Edit: February 19, 2010, 03:15:28 PM by rjbull » Logged
superboyac
Charter Member
***
Posts: 5,794


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: February 19, 2010, 03:37:23 PM »

Sidenote:  I love Roboform2Go (the portable version).  Such a great thing.  All your passwords are with you and you don't have to worry too much about losing your usb drive.  If you do need to keep a few other things secure, you can use Roboform's note capabilities.  But if you actually need secure/encrypted files beyond that, it's going to be a pain in the butt.
Logged

rjbull
Charter Member
***
Posts: 2,792

View Profile Give some DonationCredits to this forum member
« Reply #15 on: February 19, 2010, 04:04:12 PM »

I have a Man Crush on f0dder because of his knowledge of all things secret.  Cool
f0dder, going off topic a bit, how do you rate Dariusz Stanislawek's encryption utilities?
Logged
rjbull
Charter Member
***
Posts: 2,792

View Profile Give some DonationCredits to this forum member
« Reply #16 on: February 19, 2010, 04:08:59 PM »

I love Roboform2Go (the portable version).
So do I.  I also have the now-freeware version for Palm.  But Palm abandoned their users  Angry  You can't synch a T3 with Vista.
Logged
4wd
Supporting Member
**
Posts: 3,528



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: February 19, 2010, 07:02:19 PM »

Thanks for the suggestions.  I should have thought out what I wanted a bit better, though your posts are helping me do that.  I occasionally use the USB key at college and the public library.  I'm not really expecting industrial-strength security.  I want to (1) prevent average users accessing payware programs on my USB key, (2) prevent same accessing certain files, and (3) should I lose the key, or forget and leave it behind, plugged into a machine (mine are all on cables, so they're more obvious than usual), then no-one, not even a sysadmin (who hadn't already sniffed the password) could access any secure area.  That seems to mean I'd be better off with a TrueCrypt-type secure container to stop (1) and (3) while still making the programs accessible to me.

For (1) and (2), isn't the problem with using a encrypted container that once you have entered the passphrase everything in it will be decrypted and accessible?

If you wander away from the computer, (eg. to look at a reference book), then anyone will be able to access what's on it until you return, (or nick it).

I think the main problem is (3) for which there is a simple solution: go to a hardware shop, buy one of those retractable key chains, attach it to your belt/pants and the flash drive.  Job Done!  cheesy

Other than that, if you want true container-like encryption without Admin Rights then, I believe, you're restricted to using a flash drive with always-on hardware encryption.
Logged

I do not need to control my anger ... people just need to stop pissing me off!
rjbull
Charter Member
***
Posts: 2,792

View Profile Give some DonationCredits to this forum member
« Reply #18 on: February 20, 2010, 11:23:30 AM »

(1) prevent average users accessing payware programs on my USB key, (2) prevent same accessing certain files, and (3) should I lose the key, or forget and leave it behind,
For (1) and (2), isn't the problem with using a encrypted container that once you have entered the passphrase everything in it will be decrypted and accessible?
True, but, there has to be some balance between security and accessibility if I'm going to use a USB key at all.
Quote
If you wander away from the computer, (eg. to look at a reference book), then anyone will be able to access what's on it until you return, (or nick it).
True again, but see above: and I'm hoping that if anyone does steal it, they won't be able to access it ever again because they won't know the password.  That is, I'm assuming that if they plug it into another PC, the encryption will hold.  Also I'm assuming that one can set a timeout, so that if I don't access it for a while, I'd have to re-enter the password.  I do that with KeePass, even at home.
Quote
I think the main problem is (3) for which there is a simple solution: go to a hardware shop, buy one of those retractable key chains, attach it to your belt/pants and the flash drive.  Job Done!  cheesy
I hadn't thought of that  smiley  Not sure how practical it is, though; it would tie me to the computer as well.  Unless you have a chain long enough to reach to the toilet at the other end of the corridor  Wink
Quote
you're restricted to using a flash drive with always-on hardware encryption.
If I read him right, f0dder seems to rule those out.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: February 20, 2010, 03:54:24 PM »

I have a Man Crush on f0dder because of his knowledge of all things secret.  Cool
f0dder, going off topic a bit, how do you rate Dariusz Stanislawek's encryption utilities?
Never used them, so can't comment - I pretty much exclusively use TrueCrypt and fSekrit, and the occasional password-protected RAR archive.

Other than that, if you want true container-like encryption without Admin Rights then, I believe, you're restricted to using a flash drive with always-on hardware encryption.
If I read him right, f0dder seems to rule those out.
Pretty much, yes - there's been too many of those that have been exposed as being pretty much worthless. The IronKey seems to be the exception, though.
Logged

- carpe noctem
imtrobin
Charter Member
***
Posts: 120

View Profile Give some DonationCredits to this forum member
« Reply #20 on: February 21, 2010, 11:16:26 PM »

There is TrueCrypt Explorer which is a portable without needing admin rights. It works but needs an update.

http://sourceforge.net/projects/tcexplorer/
Logged
MerleOne
Supporting Member
**
Posts: 893


4D thinking

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #21 on: February 22, 2010, 02:18:58 AM »

And, as I said earlier, Safehouse Explorer also proposes container encryption without admin rights.  The only trick I know is to get the full application, not the installer, which tries to install a driver.
Logged

.merle1.
wurst
Participant
*
Posts: 12

View Profile Give some DonationCredits to this forum member
« Reply #22 on: March 09, 2010, 06:38:50 AM »

AFAIK TC Explorer needs admin rights as well.

Just a week ago the excellent c't magazine introduced a tool for true usb-stick encryption with open source tools, working in Windows/Linux/OSX.
This method does not need admin rights and works cross-platform.
Check the (google translated) website here: http://translate.google.c...rstick%2F&langpair=de|en
Or Original in German here: http://www.withopf.com/tools/securstick/
« Last Edit: March 09, 2010, 06:49:46 AM by wurst » Logged
MerleOne
Supporting Member
**
Posts: 893


4D thinking

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: March 09, 2010, 06:41:57 AM »

AFAIK TC Explorer needs admin rights as well.
...

Yes if you want all features (mount container as a virtual drive), no if you just use the explorer itself.
Logged

.merle1.
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #24 on: March 09, 2010, 06:59:28 AM »

wurst: heh, yet another tool... and using webdav for local access of files? Seems pretty... funky. Is there any guarantee that unencrypted data is never exposed?
Logged

- carpe noctem
Pages: [1] 2 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.054s | Server load: 0.13 ]