Any good USB drive/key encryt software?

mick.fr

Hi,

I am looking for a good USB drive/key encryption software.

Anyone knows?

Thank you

Capt'n Midnight

truecrypt windows linux and soon Mac
encfs is handy on linux as very simple to setup

open source is the only way to go if you want to avoid backdoors

CptSternn

Capt'n Midnight wrote: »

truecrypt windows linux and soon Mac
encfs is handy on linux as very simple to setup

open source is the only way to go if you want to avoid backdoors

Where there is some truth to that statement, it is still very misleading. Open source does offer a user the option of looking at the source code, however, how many of the average users are fluent enough in various languages to review said code?

The fact a large chunk of users are not programmers means to them open source is no different than standard MS or other software. It also means hackers can even more easily inject a back-door into the code, and distribute it to users unknowingly and they will inadvertently installed software with a back-door even with open source.

I have seen this happen a few times in recent memory. Various websites offering bit torrent downloads have a link to download Azuerus. Sure, it's available on it's homepage at Sourceforge, but a site with a large torrent list has a nice quick download link. Only problem is the version they have there is modified with a back-door.

If your going to say open source is better because you can spot a back-door, then you also have to tell the user they need to be able to read the code, verify the download source, check the domain, and also make sure it's not a 'trojanised' version as well. Once again, this alienates the average user who is going to probably type 'FILENAME' into Google and look for the first, flashy site that offers what he thinks he is looking for.

Pushing open source on the average users is much like trying to get an average person to raise and kill his own cattle - to stay safe from BSE. It's a great idea, but due to the level of expertise and the amount of time one needs to invest it's just not practical.

jmcdoe

Vista!

Surely it will render your drive dead but nevertheless it will be well encrypted!

mick.fr

Capt'n Midnight wrote: »

truecrypt windows linux and soon Mac
encfs is handy on linux as very simple to setup

open source is the only way to go if you want to avoid backdoors

Thanks will try Truecrypt

ntlbell

CptSternn wrote: »

Where there is some truth to that statement, it is still very misleading. Open source does offer a user the option of looking at the source code, however, how many of the average users are fluent enough in various languages to review said code?

In general an open source project like this will be peered upon by hundreds,thousands and in some cases millions of eyes.

Take IIS V's apache for example

CptSternn wrote: »

The fact a large chunk of users are not programmers means to them open source is no different than standard MS or other software. It also means hackers can even more easily inject a back-door into the code, and distribute it to users unknowingly and they will inadvertently installed software with a back-door even with open source.

Where one can "pretend" to be a bit of closed software and be distributed unknowingly to the user, pointless argument.

CptSternn wrote: »

I have seen this happen a few times in recent memory. Various websites offering bit torrent downloads have a link to download Azuerus. Sure, it's available on it's homepage at Sourceforge, but a site with a large torrent list has a nice quick download link. Only problem is the version they have there is modified with a back-door.

And anyone can upload closedsource.exe to bittorent and pretend to be legit piece of software and when you run it install whatever, this is not exclusive to open source.

CptSternn wrote: »

If your going to say open source is better because you can spot a back-door, then you also have to tell the user they need to be able to read the code, verify the download source, check the domain, and also make sure it's not a 'trojanised' version as well. Once again, this alienates the average user who is going to probably type 'FILENAME' into Google and look for the first, flashy site that offers what he thinks he is looking for.

He didn't state it was better he stated if he wanted backdoor free software. People should be checking all software they download against MD5 checksums etc regardless of what it is, but it's not midnight's responsibility to make sure he points out every single pit fall, stupidity will always win regardless.

CptSternn wrote: »

Pushing open source on the average users is much like trying to get an average person to raise and kill his own cattle - to stay safe from BSE. It's a great idea, but due to the level of expertise and the amount of time one needs to invest it's just not practical.

This is really typical MCSE nonsense talk.

Capt'n Midnight

sorry should have phrased that better

With closed source encryption software the chances are that someone has a backdoor, whether it's the software company themselves, or the NSA or Mossad or even a disgruntled employee or perhaps it just a delibrate weakness to allow law enforcement easier access

I didn't mean to imply that open source is totally safe, just that there are probably less vested interests.

Must find that article again about the compiler that inserts an exploit in all the code it compiles and needless to say later versions of itself would be compiled with guess what ? so even if the code is trustworthy there could be an exploit in it.

Hecate

I think people are confusing open source with encryption algorithms & standards that are open to peer review and criticism vs Proprietary algorithm from <insert random evil company/organisation/cabal here>.

If an algorithm is out in the public domain for all to see, and is proven to withstand attack from extremely smart cryptography researchers then it could be considered "safer" than one that is proprietary and not open to such criticism:

http://en.wikipedia.org/wiki/Security_through_obscurity

However, if the implementation sucks (whether open source or not), then it doesn't matter how robust the algorithm is.

Capt'n Midnight

Hecate wrote: »

If an algorithm is out in the public domain for all to see, and is proven to withstand attack from extremely smart cryptography researchers then it could be considered "safer" than one that is proprietary and not open to such criticism:
...
However, if the implementation sucks (whether open source or not), then it doesn't matter how robust the algorithm is.

gotta agree with you on the first point look at how many cracking programs there are for encrypted file formats.
Look at WEP,
Look at the way almost all the satellite / cable encryption schemes have been routinely broken apart from the one SKY use.

on the second SSH comes to mind

in an ideal world you would try several different implementations of your preferred algorithm to verify they produced the same output with the same input. But would that would mean you couldn't use salt ?

cros13

Truecrypt is great.
If you wanted to go commercial go for drivecrypt.

www.securstar.com

Bob.

jmcdoe wrote: »

Vista!

Surely it will render your drive dead but nevertheless it will be well encrypted!

until someone pops in a boot cd and can do what they like, or easily crack ur lanman password hashes....

i also agree that truecrypt is the best, i miss pgp though, it went closed source a good while ago, it was so good the us gov made the developer put in a backdoor...:(