Is the source available so it can be audited?
Free AES 256 encryption Software - http://www.rohos.com/rohos_mini.exe
Usefull link if anybody is interested in some free software for encrypting a USB Key?
Is the source available so it can be audited?
I looked at Rohos last week as part of an evaluation of different encryption programs, but I decided against it as it all looked a bit too complex for many people to bother with. I'm favouring TrueCrypt now, which is a bit of a faff to set up but works nicely once running (cross-platform, too).
Rohos has a costed version which has recovery options; not sure if every user would need it or if you could just have the one copy on your PC for recovery purposes.
We have looked at true crypt but found it fiddly to setup and broke on one occation and couldn't get to my backups on the stick.
We are now looking to issue all staff with kingston data travellers with built in hard encryption.
Kingston data traveller
We can also get branded all for £10 each
Seems much simpler solution for staff even if its cost a few quid more.
That's my thinking too, goodhead - the problem I'm having with my Kingston Locker+ is that it takes 20 seconds from plugging the USB in to having a usable drive, which isn't practical. I'm now trying to find out what is causing this slowdown...
Have you looked at Safestick (Military Grade encrypted USB Sticks) and Safe console (Management and auditing software). Really rugged product can be dropped, stood on, left in water and set on fire and the data is still safe.
Safestick:• No admin right required – user plugs and play
• AES 256 and RSA 1024 military grade encryption
• Robust design – They will work if left in water, Dropped from great heights, Heavy pressure applied to the unit.
• No user knowledge required – Hardware encrypted. Plug in the sticks, set the password and the stick will encrypt “on the fly”.
• SafeStick will work with all Security solutions currently in place as a standalone unit.
Safe-console:• Remote kill or Disable USB sticks when lost anywhere in the world from the central management system.
• No admin Rights are required – Plug and Play (Windows, Mac’s, Linux and VMware) no software install required.
• Full audit trail - details what ﬁle types are copied to the Safe Stick. Details include files by MIME type, User ID, PC name, time and date. Will also Record what sticks are active, what sticks where lost, who has ownership of what sticks.
• Logging of User, PC name, IP address and time when Safe Stick is locked or unlocked. Can help track lost Safe Sticks!
If you need anymore information or an evaluation unit please contact me firstname.lastname@example.org.
I would seriously consider a Safestick if it worked natively with Linux kernels and you provided source (NDA if you like) so it can be audited. Not until.
Last edited by Domino; 15th April 2010 at 01:47 PM.
@craigt47 - do SafeSticks play with Macs okay?
there are no problems with using SafeSticks on Mac's. If you would like a unit to test to try please pm with your details.
Thanks Richard - someone else is hopefully hooking me up with an eval unit, but I'll give you a shout if there are any problems...
In fact, seeing your signature, it is your company who is sending it to me! (following Craig's post above).
I've found TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux - Downloads which is a free open source alternative. Works for Windows 7, Vista, XP and 2000. Mac OS X and Linux (32 and 64 bit).
Turecrypt is a good open source encryption product for the public domain to encrypt your CV or some personal information for personal use. However, it is not considered safe for sensitive government (including schools) or corporate data. By the very definition of Truecrypt is ”Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux". Which means that hackers have direct access to the Hash Algorithms that encode and encrypt the data, meaning they can with ease decrypt the data? Here is a thought to ponder on, if you supply users with encrypted USB sticks to use you wouldn’t expect them, to write their passwords on the sticks. So we would not recommend an open source product to encrypt your data.
Last edited by Domino; 15th April 2010 at 01:41 PM. Reason: removed non sponsor contact details
All good security products are open source, if the only protection from hackers is they don't know the encryption method because they can't afford a disassembler, then it's not worth the money it might actually cost.
How does a closed source program stop people writing down passwords? Does it integrate into the user's brain?
By making your hashing methods public you have a huge testing base, so you can see how quickly these get broken, by a huge cross section of society. An encryption method is never unbreakable, but it only has to last until the data is no longer relevant.
There are currently 1 users browsing this thread. (0 members and 1 guests)