Encrypting a flash drive

[0E 800]

Then one day in the not so distant future, a dev for the mentioned product is not paid enough or for whatever reason hates his boss and decides to divulge the easter-egg.

I got it that they themselves forgot their own password, however, alot of times people use the same passwords. Using a tools like LaZagne (https://github.com/AlessandroZ/LaZagne) the user can dump all the computers stored credentials to a file and see if one of those works.

A key-logger, even though most people think of them as malware, can actually be used as a great tool. Especially when coding or creating passwords. If you are the only person aware of it, what the damage?

Point being, companies sell security products that hackers hack for shits, lulz and profits.

This reminds me of MediaMax CD3:
http://news.cnet.com/Shift-key-breaks-CD-copy-locks/2100-1025_3-5087875.html

That example shows that even though it was found to be impossible to break, simply holding the shift key down bypassed the encryption all together. Whoda thunkit?

Now review the fallout:
http://www.theregister.co.uk/2003/10/09/sunncomm_to_sue_shift_key/


just sayin..

[Kulverstukas]

Bump. Yesterday I bought a SanDisk Cruzer 8gb drive (metal case for durability), because my old personal SanDisk chinese version started to act stupid. The Cruzer had SanDisk SecureAccess software on the label and it was put on a drive as well. So I tried it out, and I have to say it's quite good. It encrypts your files with AES128 on the fly, but instead a making a hidden partition, it just makes a special folder where all your encrypted stuff is put. Of course everything (file operations) has to be done through the SecureAccess program, but that's not a big deal, since the interface is similar to TotalCommander. And having a folder instead of a hidden partition seems more reliable anyway. So I'll think I'll stick with official SanDisk software for now... USBSafeGuard seemed a bit slow encrypting files on the fly.

[0E 800]

@Kulverstukas

The video is rough on the eyes, short + quick, and most likely is outdated... feel like validating if it still works?

How to access SanDisk SecureAccess vaults without the use of a password
http://tune.pk/video/1586842/how-to-access-sandisk-secureaccess-vaults-without-the-use-of-a-password

[Kulverstukas]

No, this video is outdated. It probably worked with first versions of Sandisk, but now there are no XML files to begin with. All the files (even config files) seem encrypted.
But now that you mentioned this, I just had to google about this and found some articles, how they are really old and probably irrelevant:
http://forums.sandisk.com/t5/All-SanDisk-USB-Flash-Drives/CRUZER-Secure-Access-Waste-of-TIme/td-p/243262
http://www.darkreading.com/risk/secure-usb-flaw-exposed/d/d-id/1132694?

And this review has valid points, even though it's old as well:
http://www.reviewstream.com/reviews/?p=155863

One being that your files are still visible to anyone, they can be deleted or corrupted. After using it for a while, I can say that the SanDisk software is indeed not convenient to use and it looks like they only made it to put something on the label to compete with other vendors. You can't cut and paste into the program, you can't cut and paste anywhere inside the programs in the file manager... I switched back to USBSafeguard, gonna see how that will go with a new flash drive.

[x40a0e]

What I would do is create two partitions. One partition on the flash drive should be formated as exFAT, for multi-platform support.This first partitions should have the executables and other required files for LibreCrypt (Windows) and OSXCrypt (OS X), (all Linux computers will have the built in support.) On the other partition create a dm-crypt encrypted partition.