Seeking USB stick crypto

A piece of software that does the following would be very helpful to me:

  1. Creates an encrypted archive on a USB key
  2. Does so using a credible open-source algorithm, such as AES
  3. Ideally, is open source and well scrutinized by competent members of the security community
  4. This archive can be read using software on the key, on either a Mac OS X machine or a Windows XP box
  5. The software that does the encryption and decryption does not require administrator priveleges to run.

Do any such utilities exist? TrueCrypt is cool, but requires an admin account. SanDisk’s CruzerLock is Windows only, and has a really awkward interface. The disk encryption feature of PGP cannot be run off a flash drive. The encrypted disk images created by Mac OS cannot be read using a Windows machine.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

6 thoughts on “Seeking USB stick crypto”

  1. 30 July 2009, 11:31
    Bootkit bypasses hard disk encryption

    At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. A bootkit combines a rootkit with the ability to modify a PC’s Master Boot Record, enabling the malware to be activated even before the operating system is started.

    Available as source code, Kleissner’s bootkit can infect any currently available 32-bit variety of Windows from Windows 2000 to Windows Vista and the Windows 7 release candidate. Stoned injects itself into the Master Boot Record (MBR), a record which remains unencrypted even if the hard disk itself is fully encrypted. During startup, the BIOS first calls the bootkit, which in turn starts the TrueCrypt boot loader. Kleissner says that he neither modified any hooks, nor the boot loader, itself to bypass the TrueCrypt encryption mechanism. The bootkit rather uses a “double forward” to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt. Kleissner tailored the bootkit for TrueCrypt using the freely available TrueCrypt source code.

  2. I noticed you’ve shared TrueCrypt on this page, as you may be aware, development of TrueCrypt was discontinued back in 2014 and has subsequently not been maintained. A number of security flaws have been uncovered and as a result we are reaching out to people to highlight a list of alternatives.

    Here’s the list (along with further details about TrueCrypt no longer being maintained) –, when you update your page it could be a useful resource to point your visitors to.

  3. Just to let you know that “I noticed you’ve shared Truecrypt on this page” is spam… I get the same message and so did many other :-(

Leave a Reply

Your email address will not be published. Required fields are marked *