How to solve this problem? Easy: you need to replace the FAT/FAT32 file system on the drive with the NTFS file system. The latter does not have the 4GB file size limitation, and you should have no problem copying large files to such a drive. Besides, the NTFS file system allows for many other features not supported by FAT/FAT32: file security, EFS encryption, file compression, etc.

Keep in mind, however, that the older versions of Windows (such as Windows 95, 98, or Windows Millennium) do not support the NTFS file system. If you plan on using the external drive with such old computers, then DO NOT change the file system to NTFS, because you won’t be able to get the old Windows to recognize it anyway. If, however, you only plan on using the drive with the more recent versions of Windows, such as Windows 2000, Windows XP, Windows Vista, and of course Windows 7 or 8, such computers should work with the NTFS drives just fine.

How to change the drive file system from FAT/FAT32 to NTFS?

The easiest way is to use the Windows Format command to format the drive with the NTFS file system. Specifically:

1. Attach the external drive to the computer, wait for Windows to recognize it and assign a drive letter to it.

2. Open the Computer folder and locate the drive you want to format with NTFS.

3. Before continuing, open the drive in a window and make sure it’s empty or does not contain any important files, because after you format a drive, all information that was on it will be erased! If there are files on the drive that you want to keep, take this opportunity to copy them over to the hard drive or some other drive.

4. If you are sure that the external drive contains no important files of yours, go back to the Computer folder, right click on its icon and select Format from the menu:

5. Make sure to select NTFS in the File System drop-down list. Also, you may want to select the Quick Format option, which should speed up the formatting process quite considerably.

6. Press the Start button on the Format window, and Windows should warn you once again about erasing any existing information on the drive (see step 3 above). Again, if you are sure the drive does not contain any irreplaceable documents, confirm that you want to proceed with the formatting:

7. If you’ve selected the Quick format option, the formatting should take no longer than a minute or two.

When the formatting is finished, you should have the same drive, but now it should have the NTFS file system on it. Now you should be able to copy the files larger than 4GB to the drive just fine.

One last note: our encryption software USBCrypt can create a NTFS-formatted Virtual Encrypted Disk even if the host drive is formatted with FAT/FAT32. This suggests another solution: instead of re-formatting the host disk with NTFS, you can instead use USBCrypt to create a NTFS-formatted Virtual Encrypted Disk. In addition to breaking the 4GB file size barrier, you will also get the strong security and password protection for files you put inside of the Virtual Encrypted Disk. See the USBCrypt web page for more information or to download a free 30-day trial.

Why can’t I copy a 4GB file to my external USB drive? is a post from: USBCrypt

It’s easy to find an answer to such a question, using the built-in Recover Password command of USBCrypt software. It’s easy to find it: just try starting an encrypted drive, as usual, but instead of entering the password, click on the Tools button and select the Recover Password item on the menu:

If you select the Recover Password command from the menu, the next screen will ask you to choose the character set to use for trying the passwords:

You can select the minimum and maximum length of the passwords to try, and also choose between the lower-case or upper-case characters, digits, special characters, or any combination of them. When you press the Start button, USBCrypt starts trying the passwords from the character set you’ve selected, in turn, until it finds one that unlocks the encrypted drive. While it’s doing that, you can see the progress in a separate window, that also shows the estimated time to complete the enumeration of all possible passwords from the character set you selected:

If your password is short and simple, it can be discovered rather quickly:

What about the more complex passwords? The time to go through them all increases rapidly with the length of the passwords and their complexity. Here are a few numbers, obtained on computer with a mid-range (as of the time of this writing) Intel i5-650 CPU:

(Your numbers may be different if your computer has a different processor.)

The table above should give you a pretty good idea about the length and complexity of the password to use to keep your password safe from brute forcing. On the other hand, it can also serve as a strong reminder to take care to remember your password, because if you forget it, it may be practically impossible to recover it (unless you have created a spare key file with USBCrypt, of course.

How long would it take to recover your password? is a post from: USBCrypt

You can increase the chance of getting your encrypted drive back by putting a message on it to be seen by the person who finds the drive. USBCrypt makes it easy to create such a message: just enter the appropriate text as the host disk name when encrypting the drive:

(If you’ve already encrypted the drive, you can change the host disk name with the Rename host disk command). The host disk name is the first thing the person sees after plugging the drive in the computer:

Even if the computer happens to have the autoplay function disabled, the person would see the message when s/he opens the Computer folder:

Yet another place to catch attention of the person who found the drive is the screen that appears when s/he runs the file USBCrypt.exe off the encrypted drive:

Such a message appears automatically, you don’t have to do anything special, and the name that is included in the message is the registered name that your copy of the software was licensed to (that is, presumably, your name). If the person clicks on the Not you? link, s/he will be presented with the following message:

This message gives the person an opportunity to contact us with the details of the drive found, and we in turn would attempt to locate your email address in our records and let you know that someone has found your lost drive. Note that what happens after that is entirely up to you, whether you want to reward the person who found the drive or not, etc. would be entirely your decision, we would just offer you our help with getting in touch with that person.

Of course, the best solution to any such problem would be not to lose the drive in the first place. However, it’s a good idea to be prepared for such a misfortune before it might happen.

USBCrypt makes it easier to get back your lost USB drive is a post from: USBCrypt

• When encrypting a drive, the size of the Virtual Encrypted Disk can now be selected using units other than MB.
• The size of the Virtual Encrypted Disk is now displayed when choosing the Properties command from the taskbar icon right-click menu.
• In some usage scenarios, the Optimize for performance option could cause 100% of the available RAM to be consumed. We have corrected that.

If you are already using a previous version of USBCrypt, you don’t need to remove it: just download and run the new version, and it should update the previous version while keeping your settings and customizations intact.

Happy encrypting!

USBCrypt 10.9 released is a post from: USBCrypt

This version includes many improvements and fixes, such as:

• An option to select the preferred optimization of the Virtual Encrypted Disks: you can now choose whether to optimize for performance or for quick removal of the encrypted disks.
• An option to launch the "autorun" process "As Admininstrator" when starting or stopping the encrypted disks.
• While the encryption process of a drive is in progress, you can now minimize the USBCrypt window to the taskbar. You may find it handly when encrypting large drives.
• You can now create custom names for the host disks (other than the default USBCrypt Host disk), to make it easier to recognize different disks in the Explorer windows.
• Also, you can now pause and resume the encryption process, if you need to temporarily allow other programs to use the full CPU power fo your computer.
• USBCrypt now warns you if you log off or shut down the computer while a disk is being encrypted.
• The built-in backup software that comes with Windows 7 or Windows Vista can now recognize the Virtual Encrypted Disks as valid backup destinations for the documents and settings.
• And more! Please give the new USBCrypt a try.

USBCrypt v.10.8 released is a post from: USBCrypt

For example, whenever you are prompted to set up a password, the system usually informs you about the minimum length of the password that you should select. Such a requirement may create the impression that the longer the password, the more secure it is. This is not always true! It would be true if you were choosing a random combination of characters for the password, such as “dkoirnfyut”, or “alokifjnwl”, or whatever other combination you could produce by typing random keys on the keyboard. The problem is, however, that more likely than not, you are selecting an existing word (or, a word from a dictionary), like “apple” or “orange” for the password. In such a case, if someone would try the dictionary attack on your encrypted data, it would make virtually no difference whether the word is short or long. It takes the same amount of computer time (give or take a few nanoseconds) to try “tea” or “antidisestablishmentarianism” as the password.

By the way, what is the strength of a dictionary word as the password, you might be wondering? Let’s assume that you’ve selected a random word from a dictionary that has a million words. Considering that 1 million is roughly the same as 2²⁰, it means that the strength of such a password is only about 20 bits! It does not matter if the software uses 128- or 256-bit encryption key, because if your password can be recovered in 2²⁰ attempts, the effective security of your encryption gets reduced to 20 bits, simply by the fact that you’ve chosen the password from the dictionary.

That’s why most systems insist that your password should contain a mixture of uppercase and lowercase letters, numbers, and special characters: such additions make the dictionary attacks much harder. However, they make remembering the passwords harder, too. What should you do?

There are several methods available for creating complex passwords that are easier to remember. One of them is by creating artificial passphrases (rather than passwords), by combining random words from a dictionary. Take a dictionary book, open it on a random page, and write down a random word you like on that page. Open the dictionary on another page, write down another word. Repeat several times, then move the words around to create a phrase. (The phrase does not have to make sense!). For example, I just tried it and came up with: “Antisocial Pomegranate holds back Blue Herring” (Sounds fun, doesn’t it?) If you can remember such a phrase (including the capitalization of the words), you’ve got yourself a rather strong passphrase.

Another method that’s often recommended is the “first letters of a phrase” technique. Think of a phrase that contains several words, that you could remember. For example, it could be a line from your favorite Beatles song, like “Desmond has a barrow in the market place, Molly is the singer in a band.” Take the first letter of each word, and combine them together: Dhabitmp,Mitsiab. Note that we’ve preserved the capitalization of the letters, and also kept the comma in the middle. The resultant password is almost as strong as a random combination of 17 characters, yet you should be able to remember it easily, as long as you remember the original phrase.

Yet another approach is to create complex and long passwords for each situation, and use some password management software to keep track of them, such as KeePass. When using a software password manager, you only have to remember the master password. Of course, the inconvenience of this method is that you always have to use the password manager to recall the passwords for you, but if you need to have many strong passwords, that’s a small price to pay for the security. And, of course, don’t forget to backup your password database, because if you lose it, you lose them all!

Choosing a good encryption password is a post from: USBCrypt

Let’s discuss these options in more detail. First of all, in this example there are two choices for the FAT format, one listed as Default (FAT) and another one as just FAT, what is the difference between the two, you might be wondering? The Default choice instructs USBCrypt to select the same file system for the Virtual Encrypted Disk as that of the host drive. As you can see in this case, the host drive is formatted with FAT32 (as shown at the bottom of the USBCrypt window). Therefore, the default choice of the file system for the Virtual Encrypted Disk is FAT, too. If the next drive you are going to encrypt with USBCrypt happens to have the NTFS file system, then the Default option would format the Virtual Encrypted Disk with NTFS file system, too.

If that’s how you want USBCrypt to select the file system for you, then choose the Default option. If, however, you prefer one of the available file systems, and want all Virtual Encrypted Disks to be formatted with it, then select that item in the list (rather than Default). For example, if you select the FAT option, then all Virtual Encrypted Disks you create in the future will be formatted with the FAT file system, no matter how the host drive is formatted. (Of course, you can change your selection at any time!).

Which file system is “better”, FAT or NTFS? The correct answer is: it depends. The FAT format is more suitable for the smaller drives (say, smaller than 1GB or so). The FAT system is much simpler than NTFS and has less overhead. If all you need the encrypted drive for is to keep your documents and spreadsheets, then FAT would suit you just fine.

However, if you intend to store very large files on it (4GB or larger, such as the video files), then you should select the NTFS system, because FAT system cannot store such large files. (It was designed such a long time ago that it was difficult to imagine we would ever need to have files larger than 4GB!). NTFS offers several other options over FAT, such as the built-in file-based compression and access control (although you don’t really need it, since USBCrypt already provides security for all files within the Virtual Encrypted Disk, whether it is formatted with NTFS or FAT).

What about the last choice in the list, None? If you select it, then USBCrypt will create the Virtual Encrypted Disk without any file system inside at all. In such a case, you will not be able to put any files into the Virtual Encrypted disk until you format it by yourself (Windows Explorer should prompt you to format the drive when you attempt to open it for the first time). You may want to select this option if you want to use a formatting option other than the one built-in into Windows that USBCrypt uses.

Happy formatting!

Selecting encrypted file system is a post from: USBCrypt

If you have not tried it yet, please feel free to download the fully functional evaluation version from our web site. If you have any questions or encounter a problem, please don’t hesitate to contact us.

Happy encrypting!

It’s official: USBCrypt 10.3 released is a post from: USBCrypt

(If you don’t see such a prompt, use the Start – Computer menu to open your drive). Then double-click on USBCrypt (or USBCrypt.exe) to run it off the drive:

OK, there is one catch: if there is no USBCrypt software installed on this computer, then in order to run USBCrypt off the attached encrypted drive the administrator of the computer must give his or her permission for that:

This message is not entirely accurate: USBCrypt does not want to make changes to the computer, all it wants is load the encryption driver. Anyway, come to think of it, this message is a good thing: after all, if it were your computer, you wouldn’t want your friends to run arbitrary software on it without your permission, would you? Go ahead, tell the owner of the computer what USBCrypt is all about, and if you ask nicely, the owner should let you continue.

Note that the admininstrator’s consent must be obtained only once per Windows session: the consent remains in effect even if you detach the drive and insert it again: there should be no second prompt asking for the admininstrator’s password (we don’t want to annoy the administrators with our little questions, do we?) Only if the computer is restarted a new admininstrator’s permission must be obtained again.

After that, you can work with your encrypted drive as usual: you can enter your password and start the Virtual Encrypted Disk, stop it, rename it, etc. Note, however, that one cannot encrypt a new drive by running USBCrypt off another encrypted drive as described above. For that, USBCrypt must be installed on the computer the usual way. Happy encrypting!

Using encrypted drives on computers without USBCrypt installed is a post from: USBCrypt

The naïve answer seems to be “the longer the better”: the 256-bit encryption’s got to be much better than 128-bit one, why not use it? The reality, however, is that the 128-bit encryption is just as strong as the 256-bit, while it requires less computational resources and is performed a bit faster.

How can it be, you might be wondering? Let me try an example. Consider two stars: Alpha Centauri and Sirius. It takes light 4.4 years to travel from Sun to the former star and 8.6 year to reach the latter. Which one is easier for us to get to?  The correct answer is: they are both unreachable. There is no technology available to the humankind now and for the foreseeable future to reach either of them. The same is true about the encryption: no technology exists now that would break either 128-bit or 256-bit encryption. It would take the power of 15 Hoover dams for one year to just flip all of the 128 bits, not including the actual verification of each such key. It would take longer than the age of the Universe to try all possible 128-bit keys for the fastest of the existing computers. In other words, if someone wants to get to your encrypted files, they are not going to try to discover the key by applying each possible combination of the bits until they come across the actual key. For such a method both 128-bit and 256-bit key are equally strong.

Instead of the brute-force, the adversaries have many much more effective methods at their disposal: they could install a keylogger on your computer that would intercept the keys when you are entering your encryption  password. They could install a hidden video device and record your keyboard as you are entering your password. They could monitor the electromagnetic signals your keyboard emits and discover your password that way from the distance. Or, they could kidnap and torture you until you tell them the password. All such methods are much easier and cheaper for the adversaries to use than the brute-force attack.

I hope this answers the question of this post, as well as other related questions you might have, such as “Why don’t you offer 2048-bit encryption like some of your competitors do?”

Andrei Belogortseff
the author of USBCrypt

Which encryption key to choose, 128- or 256-bit? is a post from: USBCrypt