EvilZone
Hacking and Security => Hacking and Security => : Kulverstukas February 06, 2015, 07:06:33 PM
-
Oh hey,
So I have a flash drive with some personal data that I carry around and I'd like to have it encrypted in case I lose it and also be able to use it on any computer, otherwise what good is it if the drive can only be used on your computer?
I guess bitlocker is one option but only for non-home versions of win7, then there's truecrypt, but it'll have to be installed on the computer :/ I read somewhere that you can carry a portable version that asks for a password once plugged? are there any other reliable solutions instead of buying a drive that has encryption built-in?
Edit: after some searching I found 2 promising solutions:
http://www.rohos.com/
http://www.usbsafeguard.com/features.html
Not sure which is better tho, any comments?
-
Personally I'm a fan of LUKS encryption (extremely versitile) you could even set it up with two factor authentication.... say... a password and a file on a thumbdrive.
if you're using windows it will work with freeotfe on an NTFS drive.
Oh hey,
So I have a flash drive with some personal data that I carry around and I'd like to have it encrypted in case I lose it and also be able to use it on any computer, otherwise what good is it if the drive can only be used on your computer?
I guess bitlocker is one option but only for non-home versions of win7, then there's truecrypt, but it'll have to be installed on the computer :/ I read somewhere that you can carry a portable version that asks for a password once plugged? are there any other reliable solutions instead of buying a drive that has encryption built-in?
Edit: after some searching I found 2 promising solutions:
http://www.rohos.com/ (http://www.rohos.com/)
http://www.usbsafeguard.com/features.html (http://www.usbsafeguard.com/features.html)
Not sure which is better tho, any comments?
-
Edit: after some searching I found 2 promising solutions:
http://www.rohos.com/
http://www.usbsafeguard.com/features.html
Not sure which is better tho, any comments?
It seems that free version of the usb safeguard only works with USB flash drive of size max 2 GB. Instead with that Rohos you can encrypt up to 8gb of stuff with any flash drive. At least in that Rohos seems like better solution.
This is where i got the info, don't know how updated it is:
http://m.download.cnet.com/USB-Safeguard-Free/3000-2092_4-75115673.html
http://m.download.cnet.com/Rohos-Mini-Drive/3000-2092_4-10629845.html
edit: Info seems to be correct, same thing is said in usbsafeguard sites dowload section.
-
I'm just going to leave this here....
USB.Safeguard.v7.4.Incl.Keymaker-CORE.rar (http://upload.evilzone.org?page=download&file=uif06To6h89LQIYRrGbtTIw4FKcRMfPnoTiWY3EXtAGJ3eV681)
-
I'm just going to leave this here....
USB.Safeguard.v7.4.Incl.Keymaker-CORE.rar (http://upload.evilzone.org?page=download&file=uif06To6h89LQIYRrGbtTIw4FKcRMfPnoTiWY3EXtAGJ3eV681)
Nice one lol. Seems it has been cracked just recently. +1 my friend.
-
Ironically I was reading this post and then started browsing iptorrents and saw that uploaded. I tested and works a treat, however if you're planning on transferring a large amount of data, turn off the autounmount shit or it will stop transferring after 3 minutes
Only thing though its exe and idk if it will run in wine
-
Ironically I was reading this post and then started browsing iptorrents and saw that uploaded. I tested and works a treat, however if you're planning on transferring a large amount of data, turn off the autounmount shit or it will stop transferring after 3 minutes
Only thing though its exe and idk if it will run in wine
Probably not, but meh - most machines I come across are windows anyway...
-
http://ppgp.sourceforge.net
Dunno if this would be better open source + java = multiplatform support
-
http://ppgp.sourceforge.net
Dunno if this would be better open source + java = multiplatform support
For multi-platform I'd guess it's good. Only bad thing I see is that it encrypts individual files, they are not hidden at all, while tools like Safeguard allows to mount once and use it like a normal drive.
-
For multi-platform I'd guess it's good. Only bad thing I see is that it encrypts individual files, they are not hidden at all, while tools like Safeguard allows to mount once and use it like a normal drive.
Well I guess a solution would be to use both? For windows related and wanting hidden files, use USB safeguard, and then for cross platform things that you may want to access on a nix system, say an automated bash script to own a n00bz box could work
Also another easy solution would be hardware encryption. Are you looking for a specific type of encryption? AES 256bit, PGP, etc
This seems to be a pretty good one:
http://sourceforge.net/projects/freeotfe.mirror/
Features:
Highly portable - Offers a portable mode, eliminating the need to install to the computer, there is also FreeOTFE Explorer; a system which allows FreeOTFE volumes to be accessed without installing software, and on computers where no administrator rights are available.
Easy to use - A full wizard is included for creating new volumes.
PC and PDA versions available. Encrypted data on your PC can be read/written from your PDA and vice versa.
Support for encryped Linux volumes (Cryptoloop "losetup," dm-crypt, and LUKS).
Available in multiple languages.
Optional support for smartcards and security tokens.
Powerful - Supporting numerous hash (including SHA-512, RIPEMD-320, Tiger) and encryption algorithms (Including AES, Twofish, and Serpent) in several modes (CBC, LRW, AND XTS), providing a much greater level of flexibility than a number of other OTFE systems.
Encrypted volumes can be file, partition, or disk based.
-
If you lost the pswd, how can you decrpyt it? :-X
-
If you lost the pswd, how can you decrpyt it? :-X
you can't
EDIT:
Also, don't hijack old threads, make a new one instead
-
If you lost the pswd, how can you decrpyt it? :-X
Your question contradicts the sole purpose of these programs, therefore it's a stupid question.
-
I just want to remind people that its very rarely that a hacker says something cant be done.
What im sure they meant was that it would be a bitch and would not be worth the time or effort.
Pretty sure a keylogger on the OS would do the trick.
-
Your question contradicts the sole purpose of these programs, therefore it's a stupid question.
This is why I didn't answer. +1
I just want to remind people that its very rarely that a hacker says something cant be done.
What im sure they meant was that it would be a bitch and would not be worth the time or effort.
Pretty sure a keylogger on the OS would do the trick.
In the right context, your statement is true, however in this particular case it is not. If you wanted to access encrypted content from someone else, a keylogger would easily be the way to do it. However let's reread the post Kulverstukas was directing his response to.
If you lost the pswd, how can you decrpyt it? :-X
As he stated HE LOST the password. This implys he's the one who set it up and either wrote down the password and lost it, or he forgot it. Then goes on to ask if there's a way to decrypt it. As Kulverstukas pointed it out, that defeats the purpose of it, hence why you encrypt it in the first place. Now flowjob is somewhat correct, as to decrypt it, it would literally take years, so many years you'll forget why you were doing it in the first place
-
Then one day in the not so distant future, a dev for the mentioned product is not paid enough or for whatever reason hates his boss and decides to divulge the easter-egg.
I got it that they themselves forgot their own password, however, alot of times people use the same passwords. Using a tools like LaZagne (https://github.com/AlessandroZ/LaZagne) the user can dump all the computers stored credentials to a file and see if one of those works.
A key-logger, even though most people think of them as malware, can actually be used as a great tool. Especially when coding or creating passwords. If you are the only person aware of it, what the damage?
Point being, companies sell security products that hackers hack for shits, lulz and profits.
This reminds me of MediaMax CD3:
http://news.cnet.com/Shift-key-breaks-CD-copy-locks/2100-1025_3-5087875.html
That example shows that even though it was found to be impossible to break, simply holding the shift key down bypassed the encryption all together. Whoda thunkit?
Now review the fallout:
http://www.theregister.co.uk/2003/10/09/sunncomm_to_sue_shift_key/
just sayin..
-
Bump. Yesterday I bought a SanDisk Cruzer 8gb drive (metal case for durability), because my old personal SanDisk chinese version started to act stupid. The Cruzer had SanDisk SecureAccess software (http://www.sandisk.com/products/software/secureaccess/) on the label and it was put on a drive as well. So I tried it out, and I have to say it's quite good. It encrypts your files with AES128 on the fly, but instead a making a hidden partition, it just makes a special folder where all your encrypted stuff is put. Of course everything (file operations) has to be done through the SecureAccess program, but that's not a big deal, since the interface is similar to TotalCommander. And having a folder instead of a hidden partition seems more reliable anyway. So I'll think I'll stick with official SanDisk software for now... USBSafeGuard seemed a bit slow encrypting files on the fly.
-
@Kulverstukas
The video is rough on the eyes, short + quick, and most likely is outdated... feel like validating if it still works?
How to access SanDisk SecureAccess vaults without the use of a password
http://tune.pk/video/1586842/how-to-access-sandisk-secureaccess-vaults-without-the-use-of-a-password
-
No, this video is outdated. It probably worked with first versions of Sandisk, but now there are no XML files to begin with. All the files (even config files) seem encrypted.
But now that you mentioned this, I just had to google about this and found some articles, how they are really old and probably irrelevant:
http://forums.sandisk.com/t5/All-SanDisk-USB-Flash-Drives/CRUZER-Secure-Access-Waste-of-TIme/td-p/243262
http://www.darkreading.com/risk/secure-usb-flaw-exposed/d/d-id/1132694?
And this review has valid points, even though it's old as well:
http://www.reviewstream.com/reviews/?p=155863
One being that your files are still visible to anyone, they can be deleted or corrupted. After using it for a while, I can say that the SanDisk software is indeed not convenient to use and it looks like they only made it to put something on the label to compete with other vendors. You can't cut and paste into the program, you can't cut and paste anywhere inside the programs in the file manager... I switched back to USBSafeguard, gonna see how that will go with a new flash drive.
-
What I would do is create two partitions. One partition on the flash drive should be formated as exFAT, for multi-platform support.This first partitions should have the executables and other required files for LibreCrypt (https://github.com/t-d-k/LibreCrypt) (Windows) and OSXCrypt (http://freecode.com/projects/osxcrypt) (OS X), (all Linux computers will have the built in support.) On the other partition create a dm-crypt encrypted partition (https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_a_non-root_file_system#Partition).