Posts Tagged ‘encrypt with password’

USBCrypt makes it easier to get back your lost USB drive

Saturday, December 4th, 2010

If you’ve encrypted a removable USB drive with USBCrypt, you know your files are safe: if you lose the drive, no one will be able to get your files without the correct password that you’ve set up, and the only loss you do suffer in such a case is the cost of the physical drive itself. Still, wouldn’t it be nice to get the drive back anyway?

You can increase the chance of getting your encrypted drive back by putting a message on it to be seen by the person who finds the drive. USBCrypt makes it easy to create such a message: just enter the appropriate text as the host disk name when encrypting the drive:

The message to the founder as the host disk name

(If you’ve already encrypted the drive, you can change the host disk name with the Rename host disk command). The host disk name is the first thing the person sees after plugging the drive in the computer:

The message appears when someone plugs the drive in the computer

Even if the computer happens to have the autoplay function disabled, the person would see the message when s/he opens the Computer folder:

The message is shown as the label of the drive

Yet another place to catch attention of the person who found the drive is the screen that appears when s/he runs the file USBCrypt.exe off the encrypted drive:

The built-in message when unlocking the encrypted drive

Such a message appears automatically, you don’t have to do anything special, and the name that is included in the message is the registered name that your copy of the software was licensed to (that is, presumably, your name). If the person clicks on the Not you? link, s/he will be presented with the following message:

The built-in message when unlocking the encrypted drive

This message gives the person an opportunity to contact us with the details of the drive found, and we in turn would attempt to locate your email address in our records and let you know that someone has found your lost drive. Note that what happens after that is entirely up to you, whether you want to reward the person who found the drive or not, etc. would be entirely your decision, we would just offer you our help with getting in touch with that person.

Of course, the best solution to any such problem would be not to lose the drive in the first place. However, it’s a good idea to be prepared for such a misfortune before it might happen.

Choosing a good encryption password

Sunday, April 18th, 2010

Selecting a good encryption password is hard. On the one hand, it should be complex and non-obvious enough for others not to easily guess it. Yet, it should be sufficiently simple for you to remember and avoid the temptation to write it down. Besides, there are quite a few misconceptions around that make choosing a good password rather confusing.

For example, whenever you are prompted to set up a password, the system usually informs you about the minimum length of the password that you should select. Such a requirement may create the impression that the longer the password, the more secure it is. This is not always true! It would be true if you were choosing a random combination of characters for the password, such as “dkoirnfyut”, or “alokifjnwl”, or whatever other combination you could produce by typing random keys on the keyboard. The problem is, however, that more likely than not, you are selecting an existing word (or, a word from a dictionary), like “apple” or “orange” for the password. In such a case, if someone would try the dictionary attack on your encrypted data, it would make virtually no difference whether the word is short or long. It takes the same amount of computer time (give or take a few nanoseconds) to try “tea” or “antidisestablishmentarianism” as the password.

By the way, what is the strength of a dictionary word as the password, you might be wondering? Let’s assume that you’ve selected a random word from a dictionary that has a million words. Considering that 1 million is roughly the same as 220, it means that the strength of such a password is only about 20 bits! It does not matter if the software uses 128- or 256-bit encryption key, because if your password can be recovered in 220 attempts, the effective security of your encryption gets reduced to 20 bits, simply by the fact that you’ve chosen the password from the dictionary.

That’s why most systems insist that your password should contain a mixture of uppercase and lowercase letters, numbers, and special characters: such additions make the dictionary attacks much harder. However, they make remembering the passwords harder, too. What should you do?

There are several methods available for creating complex passwords that are easier to remember. One of them is by creating artificial passphrases (rather than passwords), by combining random words from a dictionary. Take a dictionary book, open it on a random page, and write down a random word you like on that page. Open the dictionary on another page, write down another word. Repeat several times, then move the words around to create a phrase. (The phrase does not have to make sense!). For example, I just tried it and came up with: “Antisocial Pomegranate holds back Blue Herring” (Sounds fun, doesn’t it?) If you can remember such a phrase (including the capitalization of the words), you’ve got yourself a rather strong passphrase.

Another method that’s often recommended is the “first letters of a phrase” technique. Think of a phrase that contains several words, that you could remember. For example, it could be a line from your favorite Beatles song, like “Desmond has a barrow in the market place, Molly is the singer in a band.” Take the first letter of each word, and combine them together: Dhabitmp,Mitsiab. Note that we’ve preserved the capitalization of the letters, and also kept the comma in the middle. The resultant password is almost as strong as a random combination of 17 characters, yet you should be able to remember it easily, as long as you remember the original phrase.

Yet another approach is to create complex and long passwords for each situation, and use some password management software to keep track of them, such as KeePass. When using a software password manager, you only have to remember the master password. Of course, the inconvenience of this method is that you always have to use the password manager to recall the passwords for you, but if you need to have many strong passwords, that’s a small price to pay for the security. And, of course, don’t forget to backup your password database, because if you lose it, you lose them all!