Veracrypt. Make a file on your disk.
Don't want a storage file?
Make 2 partitions, put veracrypt portable exe on the first normal storage partition. (fat32 is likely ideal here) Second partition formatted with veracrypt.
this post was submitted on 29 Aug 2024
5 points (100.0% liked)
Privacy
31859 readers
129 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
This, except consider exFAT. It's more modern than FAT32 but also widely compatible.
https://www.howtogeek.com/235596/whats-the-difference-between-fat32-exfat-and-ntfs/
I would not just default to exfat because it is "newer," it does have compatibility issues on non-windows systems. The implementations differ wildly.
+1 for veracrypt. Very convenient.
I make 1 single partition for the entire drive and encrypt it with veracrypt. Veracrypt has portable executables for windows and if I lose the flash drive in the worst case people will think it's a corrupted disk (unrecognized partition) and reformat them probably.
Cryptomator might be a good option. They have clients for Windows, macOS, and Linux. It’s designed around encrypting your cloud storage but nothing should stop you from using it on a USB drive.
Yup Veracrypt is great even has a portable version that can be kept on the drive (might still need admin privileges though) so you won't have to install it on the system iirc . Would also go with cryptomator if you plan on using it with mobile systems but it has a one time payment for mobile.
The best option is going to be a USB drive that has an external key entry feature. Kingston IronKey has these and its as simple as enter a key and plug in. I use them at work and it works on all the major OSes. They're not cheap though so if you want or are looking for a free solution then something like VeraCrypt portable and an encrypted container will be your next best option.
Ooff, terrible advise
How about you tell me why instead of just saying "TeRribLe AdViSe."
Because historically when FDE is done in hardware there's been massive compromises. FDE is better done in software. Its more secure.
But, sure, there's no shortage of companies trying to sell you shitty hardware thats "100% secure" (which is a major red flag)
Probably far from the best option; but you could use 7zip? Put a 7zip portable exe & linux binary on the usb, put the regular contents in an encrypted .zip file, anyone with the password can decrypt. I assume there are much more secure options though.
Encrypted ZIPs are very trivial to break. I can break it with a simple python script.
For instance, Microsoft does that for all encrypted ZIPs
ZIP isn't a good way to encrypt, but what Microsoft is doing is simply reading the email, and decrypting zips with the password found in the email body.
All encryptions schemes can be trivially broken if you have the key. It's not even breaking, it's just normal decryption.
No, zip encryption is very weak. Thus is because million of combinations can be tried very quickly