

Ask HN: What is the best way to encrypt an off-the-shelf USB drive? - chiochio


======
pwg
Two possibilities:

encfs: [http://www.arg0.net/encfs](http://www.arg0.net/encfs)

LUKS:
[http://code.google.com/p/cryptsetup/](http://code.google.com/p/cryptsetup/)

~~~
icebraining
Regarding encfs, here's the security review:

[https://defuse.ca/audits/encfs.htm](https://defuse.ca/audits/encfs.htm)

[https://news.ycombinator.com/item?id=7384730](https://news.ycombinator.com/item?id=7384730)

    
    
      EncFS is probably safe as long as the adversary only gets one copy of
      the ciphertext and nothing more. EncFS is not safe if the adversary
      has the opportunity to see two or more snapshots of the ciphertext at
      different times.

------
vitovito
What sort of USB drive? Flash memory? Spinning rust?

What sort of encryption? Hardware? Software? If software, what platform?

If you use hardware encryption, it will work independent of OS platform.

You can buy removable flash drives and rotational media both with built-in
encryption:
[http://www.wired.com/2012/07/reviews_secure_hard_drives/?vie...](http://www.wired.com/2012/07/reviews_secure_hard_drives/?viewall=true)
and
[http://www.pcworld.com/article/254816/the_best_encrypted_fla...](http://www.pcworld.com/article/254816/the_best_encrypted_flash_drives.html)
for example.

You can also buy hardware encryption enclosures for rotational media (or I
guess SSDs) of your own provision, as well as use hardware encryption pass-
through adapters for USB flash drives (or any USB media, I suppose):
[http://www.zdnet.com/encrypt-all-your-usb-storage-media-
with...](http://www.zdnet.com/encrypt-all-your-usb-storage-media-with-
cipherusb-7000017141/)

~~~
DanBC
See "Enclosed but not encrypted" for a warning about hardware encryption:

[http://www.h-online.com/security/features/Enclosed-but-
not-e...](http://www.h-online.com/security/features/Enclosed-but-not-
encrypted-746199.html)

------
kogir
geli, FileVault, BitLocker To Go - depends quite a bit on what OS needs to
read it.

TrueCrypt was (and perhaps still is) the best cross-platform option.

------
sarciszewski
Paging @tpatcek ;)

