TrueCrypt is a personal fav of mine also, switched to it & dumped aging, now closed source DriveCrypt. Check out https://www.ironkey.com if you are looking for something more complete for portable, secure storage.
Load that sucker with your TrueCrypt keyfiles, don't use their online key backup and you likely have a "key chain" that could survive in the wild & remain uncrackable if you choose your passphrase wisely! After I heard about it in Scot Finies newsletter I spent a few weeks going back & forth with Ironkey asking probing questions about details missing from the sale literature and after a bit of resistance, got a detailed response from them to at least my password & government questions: * Passwords can be 255 characters in length. We tested this recently and confirmed it. You can use most of the keys on the keyboard... I'm trying to get an exact list, but I do know that it's unicode 255 characters, which expands the character pool size and potential complexity. As you can see, you can use a nice long passphrase instead of a password (e.g. "the quick brown fox jumped over my ironkey").* * Currently a password is the only way into the device. While it is technically possible for us to do PKI type authentication into the device, we have not implemented that.* * In addition to a password to unlock the device, and hardware try-count, we also encrypt the AES keys with a hash of the password. This means that the keys themselves are encrypted when the device is at rest. * * We do USB channel encryption from the password entry application to the device to prevent USB loggers from sniffing the password. * * With regard to backups on our servers.... we do need to store your device password in a way that it can be accessed and displayed to you. Thus if you are concerned about subpoenas you should choose not to have your device password backed up to our servers. * * The Password Manager contents can be optionally backed up to our servers. This uses a local AES key which is encrypted with a hash of your device password. Thus we cannot decrypt these if we don't have your device password ( I suppose a brute-force AES attack is possible... just like with any other software encrypted data). * * We have a DCAA approved accounting system and thus can provide contracting services and products to the US Government. We do not have any active contracts currently with the government, but we are hoping to get some product trials shortly. There are numerous groups in the government that have bought IronKeys from our website or through our resellers. * Some of this detail still seems to be missing from or buried on the the site even @ the FAQ link: https://learn.ironkey.com/ I have 2 issues still but am trying to save some cash & pick one up: 1. They say "...does not require any driver or software installations, nor do you need to have Windows administrative privileges to use it." but it's "client" is currently Windows XP & Vista client only, with OSX & Linux "in testing". 2. Cost vs same size "unprotected" flash drives. :( Brian Weeden wrote: > Not that I think it is a good idea but if you are the NSA/FBI and > trying to track "bad guys" (however you define that) you have to admit > it is much harder these days. You can't just put a tap on someone's > phone line because of this darn thing called the Internet. The person > you want to track could be in any country and streaming data across > any number of other countries using multiple protocols, proxies, and > encryption techniques. > > It's called asymmetric warfare and has applications across the full > spectrum of conflict, from $15 IEDs to $50 disposable cell phones to > free open source encryption software. And most of the powers that be > don't really get it yet that you can't fight by simply putting more > money and manpower into your centers of gravity because it just makes > you that much more cumbersome and vulnerable to asymmetric attack. > > Sorry for the rant - holdover from my frustrations when I was in the > military. Gets frustrating sometimes when the previous generation > doesn't realize the world has moved on and won't get out of the damn > way. > > More on topic, Truecrypt is one of the greatest software tools ever. > > > On Nov 15, 2007 9:31 PM, j maccraw <[EMAIL PROTECTED]> wrote: >> That's why I like my 2-step process. Thumbdrive w/ >> encryption & strong >> passphrase contains keyfiles to mount all other >> encrypted volumes. Loose the >> thumbdrive, loose access to all encrypted data on >> other drives because the huge, >> random passphrases used to create them are not known >> or written down. >> >> So I guess I'd be fracked in the UK since I would >> literally not have the key to >> give them. How fracked I can't tell since the article >> does not make mention of >> requirements for maintaining key backups to prevent >> loss. Thank god I am not in >> the UK because it sounds like you could be busted even >> if you simply lost the >> keys needed which is twisted because data is lost all >> the time to "acts of god >> and clueless mortals", LOL. >> >> Bill wrote: >>> >>> >>> >> <snip> >> >>>> A nice round of encryption for all! Start with your >>>> local data, consider it with >>>> email, and hopefully it's coming to a phone near >> you >>>> soon. It's not paranoia any >>>> more, it's the new definition of privacy! >>> >>> >>> Amen. >>> >>> >>> >>> But now in the UK they're trying to chip away at >> encryption by forcing >>> individuals or businesses, under "certain >> circumstances" >>> to up their encryption keys. >>> >>> >>> >>> >> http://www.washingtonpost.com/wp-dyn/content/article/2007/10/01/AR2007100100511. >>> html >>> >>> >>> >>> More shuddering. >>> >>> >>> >>> Bill >> >> >> ____________________________________________________________________________________ >> Be a better pen pal. >> Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/ >> > > > ____________________________________________________________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
