This version includes many improvements and fixes, such as:

• An option to select the preferred optimization of the Virtual Encrypted Disks: you can now choose whether to optimize for performance or for quick removal of the encrypted disks.
• An option to launch the "autorun" process "As Admininstrator" when starting or stopping the encrypted disks.
• While the encryption process of a drive is in progress, you can now minimize the USBCrypt window to the taskbar. You may find it handly when encrypting large drives.
• You can now create custom names for the host disks (other than the default USBCrypt Host disk), to make it easier to recognize different disks in the Explorer windows.
• Also, you can now pause and resume the encryption process, if you need to temporarily allow other programs to use the full CPU power fo your computer.
• USBCrypt now warns you if you log off or shut down the computer while a disk is being encrypted.
• The built-in backup software that comes with Windows 7 or Windows Vista can now recognize the Virtual Encrypted Disks as valid backup destinations for the documents and settings.
• And more! Please give the new USBCrypt a try.

USBCrypt v.10.8 released is a post from: USBCrypt

For example, whenever you are prompted to set up a password, the system usually informs you about the minimum length of the password that you should select. Such a requirement may create the impression that the longer the password, the more secure it is. This is not always true! It would be true if you were choosing a random combination of characters for the password, such as “dkoirnfyut”, or “alokifjnwl”, or whatever other combination you could produce by typing random keys on the keyboard. The problem is, however, that more likely than not, you are selecting an existing word (or, a word from a dictionary), like “apple” or “orange” for the password. In such a case, if someone would try the dictionary attack on your encrypted data, it would make virtually no difference whether the word is short or long. It takes the same amount of computer time (give or take a few nanoseconds) to try “tea” or “antidisestablishmentarianism” as the password.

By the way, what is the strength of a dictionary word as the password, you might be wondering? Let’s assume that you’ve selected a random word from a dictionary that has a million words. Considering that 1 million is roughly the same as 2²⁰, it means that the strength of such a password is only about 20 bits! It does not matter if the software uses 128- or 256-bit encryption key, because if your password can be recovered in 2²⁰ attempts, the effective security of your encryption gets reduced to 20 bits, simply by the fact that you’ve chosen the password from the dictionary.

That’s why most systems insist that your password should contain a mixture of uppercase and lowercase letters, numbers, and special characters: such additions make the dictionary attacks much harder. However, they make remembering the passwords harder, too. What should you do?

There are several methods available for creating complex passwords that are easier to remember. One of them is by creating artificial passphrases (rather than passwords), by combining random words from a dictionary. Take a dictionary book, open it on a random page, and write down a random word you like on that page. Open the dictionary on another page, write down another word. Repeat several times, then move the words around to create a phrase. (The phrase does not have to make sense!). For example, I just tried it and came up with: “Antisocial Pomegranate holds back Blue Herring” (Sounds fun, doesn’t it?) If you can remember such a phrase (including the capitalization of the words), you’ve got yourself a rather strong passphrase.

Another method that’s often recommended is the “first letters of a phrase” technique. Think of a phrase that contains several words, that you could remember. For example, it could be a line from your favorite Beatles song, like “Desmond has a barrow in the market place, Molly is the singer in a band.” Take the first letter of each word, and combine them together: Dhabitmp,Mitsiab. Note that we’ve preserved the capitalization of the letters, and also kept the comma in the middle. The resultant password is almost as strong as a random combination of 17 characters, yet you should be able to remember it easily, as long as you remember the original phrase.

Yet another approach is to create complex and long passwords for each situation, and use some password management software to keep track of them, such as KeePass. When using a software password manager, you only have to remember the master password. Of course, the inconvenience of this method is that you always have to use the password manager to recall the passwords for you, but if you need to have many strong passwords, that’s a small price to pay for the security. And, of course, don’t forget to backup your password database, because if you lose it, you lose them all!

Choosing a good encryption password is a post from: USBCrypt

Let’s discuss these options in more detail. First of all, in this example there are two choices for the FAT format, one listed as Default (FAT) and another one as just FAT, what is the difference between the two, you might be wondering? The Default choice instructs USBCrypt to select the same file system for the Virtual Encrypted Disk as that of the host drive. As you can see in this case, the host drive is formatted with FAT32 (as shown at the bottom of the USBCrypt window). Therefore, the default choice of the file system for the Virtual Encrypted Disk is FAT, too. If the next drive you are going to encrypt with USBCrypt happens to have the NTFS file system, then the Default option would format the Virtual Encrypted Disk with NTFS file system, too.

If that’s how you want USBCrypt to select the file system for you, then choose the Default option. If, however, you prefer one of the available file systems, and want all Virtual Encrypted Disks to be formatted with it, then select that item in the list (rather than Default). For example, if you select the FAT option, then all Virtual Encrypted Disks you create in the future will be formatted with the FAT file system, no matter how the host drive is formatted. (Of course, you can change your selection at any time!).

Which file system is “better”, FAT or NTFS? The correct answer is: it depends. The FAT format is more suitable for the smaller drives (say, smaller than 1GB or so). The FAT system is much simpler than NTFS and has less overhead. If all you need the encrypted drive for is to keep your documents and spreadsheets, then FAT would suit you just fine.

However, if you intend to store very large files on it (4GB or larger, such as the video files), then you should select the NTFS system, because FAT system cannot store such large files. (It was designed such a long time ago that it was difficult to imagine we would ever need to have files larger than 4GB!). NTFS offers several other options over FAT, such as the built-in file-based compression and access control (although you don’t really need it, since USBCrypt already provides security for all files within the Virtual Encrypted Disk, whether it is formatted with NTFS or FAT).

What about the last choice in the list, None? If you select it, then USBCrypt will create the Virtual Encrypted Disk without any file system inside at all. In such a case, you will not be able to put any files into the Virtual Encrypted disk until you format it by yourself (Windows Explorer should prompt you to format the drive when you attempt to open it for the first time). You may want to select this option if you want to use a formatting option other than the one built-in into Windows that USBCrypt uses.

Happy formatting!

Selecting encrypted file system is a post from: USBCrypt

If you have not tried it yet, please feel free to download the fully functional evaluation version from our web site. If you have any questions or encounter a problem, please don’t hesitate to contact us.

Happy encrypting!

It’s official: USBCrypt 10.3 released is a post from: USBCrypt

(If you don’t see such a prompt, use the Start – Computer menu to open your drive). Then double-click on USBCrypt (or USBCrypt.exe) to run it off the drive:

OK, there is one catch: if there is no USBCrypt software installed on this computer, then in order to run USBCrypt off the attached encrypted drive the administrator of the computer must give his or her permission for that:

This message is not entirely accurate: USBCrypt does not want to make changes to the computer, all it wants is load the encryption driver. Anyway, come to think of it, this message is a good thing: after all, if it were your computer, you wouldn’t want your friends to run arbitrary software on it without your permission, would you? Go ahead, tell the owner of the computer what USBCrypt is all about, and if you ask nicely, the owner should let you continue.

Note that the admininstrator’s consent must be obtained only once per Windows session: the consent remains in effect even if you detach the drive and insert it again: there should be no second prompt asking for the admininstrator’s password (we don’t want to annoy the administrators with our little questions, do we?) Only if the computer is restarted a new admininstrator’s permission must be obtained again.

After that, you can work with your encrypted drive as usual: you can enter your password and start the Virtual Encrypted Disk, stop it, rename it, etc. Note, however, that one cannot encrypt a new drive by running USBCrypt off another encrypted drive as described above. For that, USBCrypt must be installed on the computer the usual way. Happy encrypting!

Using encrypted drives on computers without USBCrypt installed is a post from: USBCrypt

The naïve answer seems to be “the longer the better”: the 256-bit encryption’s got to be much better than 128-bit one, why not use it? The reality, however, is that the 128-bit encryption is just as strong as the 256-bit, while it requires less computational resources and is performed a bit faster.

How can it be, you might be wondering? Let me try an example. Consider two stars: Alpha Centauri and Sirius. It takes light 4.4 years to travel from Sun to the former star and 8.6 year to reach the latter. Which one is easier for us to get to?  The correct answer is: they are both unreachable. There is no technology available to the humankind now and for the foreseeable future to reach either of them. The same is true about the encryption: no technology exists now that would break either 128-bit or 256-bit encryption. It would take the power of 15 Hoover dams for one year to just flip all of the 128 bits, not including the actual verification of each such key. It would take longer than the age of the Universe to try all possible 128-bit keys for the fastest of the existing computers. In other words, if someone wants to get to your encrypted files, they are not going to try to discover the key by applying each possible combination of the bits until they come across the actual key. For such a method both 128-bit and 256-bit key are equally strong.

Instead of the brute-force, the adversaries have many much more effective methods at their disposal: they could install a keylogger on your computer that would intercept the keys when you are entering your encryption  password. They could install a hidden video device and record your keyboard as you are entering your password. They could monitor the electromagnetic signals your keyboard emits and discover your password that way from the distance. Or, they could kidnap and torture you until you tell them the password. All such methods are much easier and cheaper for the adversaries to use than the brute-force attack.

I hope this answers the question of this post, as well as other related questions you might have, such as “Why don’t you offer 2048-bit encryption like some of your competitors do?”

Andrei Belogortseff
the author of USBCrypt

Which encryption key to choose, 128- or 256-bit? is a post from: USBCrypt

USBCrypt Beta 3 released is a post from: USBCrypt

USBCrypt Beta 2 (v.0.9.2) released is a post from: USBCrypt

Low Disk Space balloon

It may not appear immediately, it may take a few minutes after you log in to Windows to become visible. Because it has the USBCrypt icon, the balloon looks like it’s displayed by USBCrypt, but in fact it is displayed by Windows itself (it just grabs the icon from the autorun.inf file of the disk). And it’s not related to the disks encrypted with USBCrypt specifically: the balloon would be displayed for other disks as well, if you fill them up to their capacity.

The designers of Windows have probably had good intentions when they added this balloon to Windows, it probably is nice to get an advance warning before a disk becomes full. However, if this specific case, the warning serves no useful purpose:  after all, when you told USBCrypt to use all available space to host the encrypted data, the disk becomes filled up by design, and you should now be concerned (and warned) about the Virtual Encrypted Disk being filled up, instead of the host disk.

After seeing the balloon a few times, you’ve probably wondered if it’s possible to suppress it (even Microsoft itself calls this pop up irritating!).  It would be nice if Microsoft would put in a bit extra effort and allowed the user to stop the balloon from appearing for the specific disks, such as the USBCrypt host disks, which are often expected to be filled up by design. Unfortunately, that’s not the case: you cannot suppress the balloon for some disks and leave it for others, it’s all or nothing.

To suppress all Low Disk Space balloons, for all disks, you can follow the steps described in the Microsoft support article. Keep in mind, however, that this article contains an error (at least it did at the time of this writing): it instructs you to name the DWORD value “NoLowDiscSpaceChecks”, while the correct name should be  “NoLowDiskSpaceChecks” (without the quotes).

Or, you can download and import this registry script: NoLowDiskSpace, that would create the required registry value for you.

To use this script, save the file onto your hard disk (by right-clicking on the link and choosing Save Link As or Save Target As or a similar command). Change the extension of the saved file from .txt to .reg (that is, rename it to NoLowDiskSpace.reg. We made it a text file because some anti-virus programs block attempts to download .reg files). Then double-click on NoLowDiskSpace.reg file that you have saved to your hard disk, confirm that you want to add it into the registry, and when it’s done, restart the computer. You should not see the Low Disk Space balloons after that.

If, however, one day you decide that you miss that balloon, you can use another script to restore it back: YesLowDiskSpace. (Use the same procedure to  apply it).

Suppressing the Low Disk Space balloons is a post from: USBCrypt

You can try the pre-release (beta) version to see how well it works for you. If you encounter a problem, please report it directly to the USBCrypt development team, to give it a chance to correct the error before officially releasing USBCrypt. In return, as our “thank you”, we are offering a free license to anyone who gives useful^* feedback during the beta testing.

Of course, before you decide to try the beta version, consider carefully that it has not been fully tested yet and contains some unfinished pieces of code that may result in various problems (including the system crashes and data loss!). We DO NOT recommend trying the beta version on your main computer. Instead, we’d highly recommend installing it on a spare computer, that has no important files of yours. Only after giving it a good test, if you are confident in the beta version and your troubleshooting skills, you may want to try it on your main computer. In any case, it’s always a good idea to do the regular backup of your hard disk, to avoid losing your files should an unanticipated problem occur.

Want to give it a try? Go to the USBCrypt beta page to to find the download link and other related information.

Note: Due to the US government export restrictions, we can distribute USBCrypt software to the US residents only at this time. We anticipate to open the beta test to other users at a later date, after we have received the necessary export clearance from the US government.

^*We reserve the right to decide which feedback is useful and which is not. For example, the general statements like “The application runs well” or “The application does not run” will not be considered useful. To be “useful”, we need much more detailed information about the problem you are experiencing, including the specifics of your computer, the version and edition of Windows that you run, the list of steps that we could execute to reproduce the error, and other relevant information that may help us correct the error.

USBCrypt Beta 0.9.1 released is a post from: USBCrypt