On 18/08/2011 10:08 AM, Lars R. wrote:
> GPG and Truecrypt don't have to be “installed” but can be used directly
> from USB drive, sure.

GPG, yes. (I've done it.) Truecrypt, I couldn't say. Never tried it.

> But: If you have sensitive data on your USB drive you never ever should
> decrypt them on a foreign PC, in an Internet café etc. because you
> cannot trust them at all (keylogger, spyware etc.)

This is of course a valid point. If your drive actually contains 
anything "sensitive" then no, you really don't want to be decrypting 
that for arbitrary PCs.

If, on the other hand, the drive just contains your holiday photos that 
you'd prefer random strangers to /not/ be able to access, then 
encrypting the data will prevent that, and I wouldn't be too worried 
about decrypting it in an Internet cafe.

As with everything security-wise, it depends how much security you need.

1. I keep all my favourite program installers on a flash drive. None of 
it is encrypted, but then again, none of it is secret either. I don't 
really care who can see it. Security is not an issue.

2. If I had, say, my holiday photos or something on there, which I don't 
want random strangers looking at, I could encrypt it in various ways. If 
the drive gets lost or stolen, nobody can access the contents. But 
decrypting it on an untrusted PC is no big deal, really.

3. If I had something like my bank details on there, I would /not/ be 
decrypting that stuff on any system except one that I set up myself. But 
then, really, WTF would that be on a portable drive for anyway? I would 
probably GPG encrypt, using public key cryptography rather than a mere 
password to secure it. Since presumably only trusted systems have a copy 
of my private key, I /can't/ decrypt the data from anywhere else, even 
if I want to.

Post a reply to this message