[NCLUG] Good news from the hardware front
jim at ubuntu-rocks.org
Fri Mar 28 11:56:19 MDT 2008
On Fri, Mar 28, 2008 at 11:41 AM, Chad Perrin <perrin at apotheon.com> wrote:
> The reason I got a 1GB USB flash drive is to store sensitive data (like
> your password use for a flash drive). While I'm considering carrying
> around some portable apps and doing file transfers on a larger USB flash
> drive, the *main* reason I'm looking for something bigger than 4GB is so
> I don't have to store sensitive data on my only portable storage device.
> See . . . it's generally a *really* bad idea to store such sensitive data
> and stuff you use casually on the same storage device that you're willing
> to plug into just about any computer. I don't want to expose that kind
> of data to computing environments over which I have no control and that I
> can't trust. I don't know what software may be running on others'
> computers -- such as something that might clone the contents of my USB
> flash drive.
> Obviously, I could just refuse to use it on computers other than my own,
> and that would be the end of it -- except that there are a lot of people
> in the world who just don't understand concerns like this. As such, I'd
> get people wanting an explanation (kinda like this) for why I won't just
> use it. The primary purpose of a second, larger USB flash drive would be
> to act as a buffer against the inconvenience of having to try to explain
> my reasoning for not using the 1GB drive to someone who probably won't
> understand anyway.
> Of course, I could get a second 1GB flash drive, except that -- if I'm
> going to get a second one -- I'd rather it be big enough to be more
> useful than that. 1GB is probably overkill for the purposes to which
> I'll put the one I already got, but insufficient for a lot of other uses.
> Anyway, my point in bringing this all up is to point out that you may not
> want to store passwords on the same USB flash drive as your portable
> apps, even if the passwords are managed by a portable password manager
> that encrypts them. The password manager could be cloned as easily as a
> text file full of passwords, and offline brute-forced at someone's
> leisure later.
> On the other hand, if they're just passwords for things like your Unix
> Forums (unix.com) account and you don't much care about that account, and
> don't use the password anywhere else where your security might be more
> important, maybe it doesn't matter.
Thanks for the tip. I don't claim to know all the ins and outs of data
protection, but I think keepass (and keepassx in Linux) is a pretty secure
way to store passwords. If you want to have passwords be portable at all,
then something like this a good defense. By the time someone could crack it,
I can probably change all the passwords - assuming I know it was taken. Of
course, the first defense is to not lose it :). I think using two flash
drives just increased that possibility. I do have a second one I can use for
sharing files and such that doesn't contain anything sensitive. I never loan
out or share my main one.
Along the same lines is truecrypt which allows you to encrypt part or all of
a flash drive and store documents and such securely. I'm sure there are
other tools out there, but I just wanted to point out that there are
solutions to keeping data both safe and portable.
Please avoid sending me Word or PowerPoint attachments.
More information about the NCLUG