Not sure is this is the best place to post this question, but wondering what is the best way to encrypt a usb drive?
Want to be able to carry an encrypted flash drive with me but also be able to unlock it, if possible, on various OSes. Preferably with some kind of portable software. Something similar to the method that comes with the Kingston Data Traveler USB drives.
Edit: Seems like Veracrypt and Cryptomator are the best options to check out. Thank everyone!
Probably far from the best option; but you could use 7zip? Put a 7zip portable exe & linux binary on the usb, put the regular contents in an encrypted .zip file, anyone with the password can decrypt. I assume there are much more secure options though.
7zip encryption is solid, but the problem with this is that you don’t Mount 7zip, so you have to extract it. Once you extract encrypted files into a drive thats not encrypted, they may as well never have been encrypted in the first place.
Its better to use a tool that creates an encrypted filesystem that you can mount and read-write directly without copying the files onto another disk
Encrypted ZIPs are very trivial to break. I can break it with a simple python script.
For instance, Microsoft does that for all encrypted ZIPs
ZIP isn’t a good way to encrypt, but what Microsoft is doing is simply reading the email, and decrypting zips with the password found in the email body.
All encryptions schemes can be trivially broken if you have the key. It’s not even breaking, it’s just normal decryption.
No, zip encryption is very weak. Thus is because million of combinations can be tried very quickly
Cryptomator might be a good option. They have clients for Windows, macOS, and Linux. It’s designed around encrypting your cloud storage but nothing should stop you from using it on a USB drive.
Veracrypt. Make a file on your disk.
Don’t want a storage file?
Make 2 partitions, put veracrypt portable exe on the first normal storage partition. (fat32 is likely ideal here) Second partition formatted with veracrypt.
This, except consider exFAT. It’s more modern than FAT32 but also widely compatible.
https://www.howtogeek.com/235596/whats-the-difference-between-fat32-exfat-and-ntfs/
I would not just default to exfat because it is “newer,” it does have compatibility issues on non-windows systems. The implementations differ wildly.
I have had major issues with exFAT across a variety of platforms. But I also work with a bunch of niche gear. But my point is simply that being widely compatible isn’t the same as being fully compatible. And OP was asking for the best way to reach the widest compatibility. That calls for FAT32, even if it has issues with things like file size.
This was my immediate thought as well. Portable launchers for the various OS’es on a tiny (just large enough to store the launchers) FAT32 partition, then a large FAT32 partition (the majority of the drive) encrypted by VeraCrypt. As long as it can read FAT32 and run VeraCrypt, it’ll be compatible. And that covers Windows, Linux, Raspberry Pi, and Mac ecosystems. It’s not as simple as just plugging it in and getting a password prompt, but it’s going to be the most compatible while still allowing for (nearly) the entire drive to be encrypted.
The best option is going to be a USB drive that has an external key entry feature. Kingston IronKey has these and its as simple as enter a key and plug in. I use them at work and it works on all the major OSes. They’re not cheap though so if you want or are looking for a free solution then something like VeraCrypt portable and an encrypted container will be your next best option.
Because historically when FDE is done in hardware there’s been massive compromises. FDE is better done in software. Its more secure.
But, sure, there’s no shortage of companies trying to sell you shitty hardware thats “100% secure” (which is a major red flag)
