Slashdot Mirror
Condensing Your Life on to a USB Flash Drive?
Fear the Clam asks: "My wife and I figure that if we plan for the worst, it'll never happen, so we've been putting together 'If public transportation bites it and we have two minutes to grab our stuff and start walking, never to return to NYC' getaway knapsacks. With luck they'll live in the closet forever.
Coincidently, this morning the New York Times has an article about what to take when you have to leave home in a big hurry [DNA verification required], and they suggest making a list of all of things like Social Security and credit card numbers, scanning birth certificates, marriage license and tax returns, and saving it all on a USB flash drive. Since this would be a complete identity kit, encryption is of utmost importance. What's the best solution? A flash drive that claims to encrypt or a platform-independent, self-extracting, encrypted file on a regular drive? Any suggestions for sturdy drives?" Of course, the choice of USB flash drive covers only a part of the problem. What other data would you put on this piece of "contingency hardware", and how would you protect the drive itself in case you did have to "swim for it"?
I've had three USB Flash Drives (Lexar, and two Sandisks) die on me, usually under a year, presumably a byproduct of the limited writes available to NAND memory.
Most USB drives are pretty tough. I would make a copy or two and put it in a crush/water proof case like an Otterbox.
Well if your going to be all paranoid, you might as well get one of these.
Reality test... am I dreaming?
Also for my private data, I have a TrueCrypt volume on the drive so that in case someone gets their hands on it, my not so public data will be safe.
If you're actually intending to put your LIFE on it though also consider a backup strategy so you won't lose everything when your drive falls off your keychain and into the sewer where it's eaten by technologically advanced rodents.
Use Truecrypt (www.truecrypt.org). It's free, open source, and extremely secure (AES, Blowfish, CAST5, Serpent, Triple DES, and Twofish). I use it on my thumbdrive to backup all of my important data.
"Just the fax, ma'am."
Two words: ziplock bag.
I put my wallet in one on rafting trips. And nary a trouble I've had, despite one two good dunkings.
That might not last hours underwater, but for long-term storage I'd use one of those vacuum-seal gizmos, which would basically be water-right until you tore it open.
Here's what I can think of off the top of my head...
Social Security cards
Driver's licenses
Recent photos, head only and full body (clothed!)
Passports
Contact info of relatives, friends
Vehicle registration
Birth certificates
Wedding license
Property deeds
Will
Living will
Account and contact information: banks, credit cards, utilities, insurance (health, house, car), mortgages, loans
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
Since this is the sort of thing one isn't likely to think about often, and digital archives tend to deteriorate or become obsolete, paper is a good bet, but make it acid free bond, and store it in acid free covers. There should be a second, similar, copy far enough away that a single event is not likely to take out both. This should be good for well over a lifetime.
I forgot my USB drive in my pocket before washing my pants once. It survived without any problem. :)
Slashdot anagrams to "Sad Sloth"
It's for Windows only, but I stumbled upon TrueCrypt found at http://www.truecrypt.org/ and really like it. And it's not only useful for USB drives, but can be used to create encrypted logical drives on a Hard Drive. For the really paranoid, the documentation even covers lots of stealthy ways to use it so as not to be detected.
I'm certainly no expert at encryption, but it seems pretty solid. Basically, it creates an encrypted container file and then mounts it as a logical drive when you open the file through the app. I've seen commercial counterparts such as StealthDisk, and I think TrueCrypt's interface is easier to use and its execution is more solid.
It's OSS and free as in beer and as in speech.
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
they suggest making a list of all of things like Social Security and credit card numbers, scanning birth certificates, marriage license and tax returns, and saving it all on a USB flash drive.
Why not just use a CD (full size, or 180 meg)? They are cheaper and more durable than a flash drive. Before I had my new, larger, flash drive I used to carry a 50 meg business card CD in my wallet. It would have to be replaced every 3-6 months from being repeatedly sat on :). I would imagine they would hold up better outside of the pocket, though :).
Since this would be a complete identity kit, encryption is of utmost importance. What's the best solution? A flash drive that claims to encrypt or a platform-independent, self-extracting, encrypted file on a regular drive?
I wouldn't use the software that comes with the drive. If I were doing this I would use GNU Privacy Guard. You should probably store the key in a safe location far away from home, and preferably with a strong passphrase.
Any suggestions for sturdy drives?
I currently have a PQI I-Stick. I have only had it about a year so far and I haven't doen anything stupid with it yet. It mostly just sits in my wallet in its little wallet case. I very much prefer keeping my flash drive in my wallet as opposed to my keychain. I also like that the little wallet insert will hold two drive. The only thing I dislike is that the wallet holder is so much thicker than the drive.
What other data would you put on this piece of "contingency hardware",
I have all of my revision control repositories mirrored to my flash drive and also any documentation or notes that I write. That is basically everything that I created myself and would have to do work to replace.
how would you protect the drive itself in case you did have to "swim for it"?
I would probably make sure the data was out of town before I was. Most of this data either doesn't change often (credit card numbers), or it never changes (SSN, birth certificates). Encrypt it, put it on some media of some sort, and send it out of town. Most people probably have friends or family living out of town that they can trust, send it to them. If this is not an option for you, you can probably get a box at a bank out of town I suppose...
How immediate is the need for access to the information? The stronger the solution, the slower the access for the most part. Something that needs to be immediately accessable will need to be bundled with proper decryption tools (assume nothing better than Windows 95 will be available) on-stick.
Also related: what operating system are you using? Under Linux, you could use a loopback encrypted filesystem, for example, but under windows such would not be viable.
Are we assuming that the computer will be destroyed, or that we need to stick to a pure-RAM access system to prevent residue on the hard drive from being intercepted?
Are you willing to trust a corperate product for ease-of-use concerns?
Finally, how are you securing your original documents? Might it just be as easy to grab an organized safe-box as keep all the digital security on a digital form? Keep in mind that only origial copies are good for anything beyond having a reference point to start receiveing replacement copies of your stuff.
One more thing: How much of this is overkill? Keep in mind how cheap and simple it is to acquire copies of an arbitrary person's complete identifying information (I often see ways to do it under two hundred dollars, including original copies of all the usual certificates and plastic cards, which would cost less for a professional). A chain is only as strong as its weakest link, and in this case, with just some reasonable precaution, the path of least cost and difficulty is through more common means of aqusition than stealing a thumbdrive.
"Fight for lost causes. You may discover they weren't."
Homeland security has a website called www.ready.gov that has built a whole website about preparing for emergencies. They also have an Emergency Financial First Aid Kit that includes a nice form that consolidates all the personal information you might need in order to get financial services in an emergency.
After getting the basic emergency kit ready, fill out and print this form and put it in your kit. Then, encrypt it and put save on internet, maybe mail it to your gmail account.
echo '123...testing...123' > test.txt
openssl enc -bf < test.txt > test.txt.bf
mv test.txt test.txt.orig
openssl enc -d -bf < test.txt.bf > test.txt
diff test.txt.orig test.txt
pimtamf
Hadn't thought of the otterbox (nice idea, makes sense). If your really trying to prep for something like this, consider making a non-magnetic copy also. While the odds of an EMP type disaster killing the drive (especially if stashed in a safe place) are slim, so are the odds of a nuclear disaster I guess.
Consider burning it to a CDR also. This is stuff that might have to be updated once a year (such as deeds or photos/contacts) anyway, so its not like the age of the media and deterioration will be a big problem.
A rule of thumb I've learned is that if your planning for stuff that occurs more then 2 standard deviations away from the mean, then chances are you want something that is (or can at least be considered virtually) full-proof. At the very least, the odds of all of the combined methods together have a lesser chance of failing then the original threat does of occuring.
We don't need an "overrated" so much as we need a "you completely missed the parent's point, dumbass..."
Maybe no one will give a damn if NYC gets nuked. But if someone breaks into your house and steals the box you keep all your documents in, that would suck. And what if the city has an earthquake and he's evacuated for a few months. If he takes a drive with him for employment/reference/historical purposes and loses it, that would also suck.
And the reason your social security card/birth certificate/stock certificate aren't encrypted....because you're supposed to keep them in a safe place. Like a safe. So it's only logical that if you want to make them portable in case of emergency, you want to store them in a secure way.
I've had 4 of my 512 mb usb mem key's go through the wash dozens of times.. :-) no problems there at all :-)
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
- The drive's presence
- The drive must be mountable (I test for
/lost+found on the drive to figure out when it's been successfully mounted (it's ext3 with a one-month/1000 mount fsck))
- The ssh private key, which lives on the drive, must be loaded with ssh-add
The automount timeout for the drive is 2 seconds, so I can pretty much unplug it at leisure. I put a call to run ~/bin/usb-storage-hook (as my uid) in the hotplug scripts, which in turn forgets the encryption key for the drive and xscreensaver-command -locks my $DISPLAY when the drive is unplugged. When I plug it back in and unlock xscreensaver, it wants the keys for the USB drive again. I load the keys with ssh-askpass-fullscreen, but there's a bit too much of a delay between prompting, mounting, and retrying, during which you can focus and input to other windows (think: xdm crash-restarting and logging in, key-by-key, on console), which I'm still working on.Sounds more complicated than it is, and there's still more stuff I have to do (move gaim-encryption and OTR stuffs to the drive and point symlinks, require the drive to boot, etc.), but this system makes me feel all warm and fuzzy.
Anyway, long story short, devmapper, automount, ext3. (Feel free to poke holes in my description, btw, I'm open to suggestions).
Hrm. Sure I've left something out...
For example:
Zip up your stuff (or tar.bz2, whatever...)
gpg -c --cipher-algo AES256 Stuff.zip
Copy Stuff.gpg to your flash media.
To decrypt, copy Stuff.gpg to your computer and run:
gpg -d Stuff.gpg > Stuff.zip
Don't forget your password. Make sure you use a trustworthy GPG binary, and the unencrypted archive should never be stored on your flash media!. The unencrypted version could be easily recovered using undelete software.
Now if it was me doing this, and I had some time on my hands, I'd look into the Linux crypto loop stuff. But that doesn't work all that well if nobody in your family runs Linux. So, I would have to opt for True Crypt on a Windows machine, create an encrypted volume on my flash drive, copy over the improtant files, unmount and run for it. At my parents/grandparents/whatever, it would be trivial to download and intall true crypt again and get access to my files.
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
I have done a fair amount of canoeing/rafting and have some wilderness medical training so the need to keep important things dry and protected is something that I have had some experience with. I have been most happy with this hard case it is completely waterproof and you can see what's in it (this is actually useful). It is also fairly small which is nice. I recently went to Africa so I wanted to be able to communicate. I was able to pick upa quad band mobile phone (as well as a satellite phone), which worked well in cities and surprisingly far out into the bush.
The phone and charger fit well inside the case along with a small knife/multitool, and laminated (and shruken) copies of all of my important documents (visa, passport, list of important contacts). It would not be hard at all to fit all of that and a small USB drive in that space. The hardcase is also a better bet than something soft for really important stuff. In a wilderness/emrgency situation you really want to make sure than any gear you do take with you is protected. Also the hard copies of the documents is a hugely good idea in an emergecy where computer availability could be scarce/swamped.
There are a lot of waterproof bags and cases, and they all tend to be well reviewd by people that beat the hell out of them (outdoor enthuisits). I higly reccomend a small hard case over a soft case for electronics. If you do your homework its pretty much a no brainer. Also if you are really serious make sure to test the gear. Put some toilet paper in it and dunk it in water, beat the hell out of it, leave it outside when its cold and hot. That way you can see how much it takes to pop open a case underwater or what conditions cause condensation etc. Then you will really know if your protection works.
I managed to eacape from an East European country without anything, no passport, no PhD, DSc certificates or any other documents. Months later I managed to come to the US. After many unsuccsessful attempts to find an academic job, I eventually managed to get hired by a small university based only on the testimonies of three fellow American scientists who met me before and knew my work and a few photocopies of some of my publications.
Records are not always necessary, good, generous people can help you.
Another great flash drive if you're looking for something sturdy, is the "Corsair Flash Voyager". It was rated 8/10 on the Ars Technica flash drive roundup [arstechnica.com], and it is actually encased in rubber.
While this may not have the rock hard connotations of words like "Titanium", it is an excellent choice if the sturdiness of the drive is important. You can throw it against walls, bounce it on floors, and even submerge it in a glass of water and it will still work! While I don't actually have first-hand experience of this, it seems very possible if it is completely encased in rubber.
Of course, actually doing this probably isn't recommended, but if this does happen to the drive, it will still work. While it doesn't get any points for its looks, it is probably one of the best drives out there if you're concerned about how much abuse it can take!
Let's start out with:
Don't forget to review the US Army Corps of Engineers.
You can google and wiki more on your own.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
EMP effects were observed at a distance of 1500 km during the Starfish Prime test blast. Quoting the linked article:
This was in 1962, so we're talking about vacuum tubes and electro-mechanical systems. Modern semiconductors would be significantly more sensitive to EMP effects.
It is entirely focused on records. This is the information age, right? So we need our personal information to survive, right? As I've already posted the information might well turn out to be important, and you should make sure you have it, but if Katrina taught anybody anything it's that papers don't insure your survival. You can't eat your papers (although when things get really, really sticky you might be able to trade them for food).
.money. If you don't, more gorp. When push comes to shove people will trade you nearly anthing for food. Money weighs less than gorp though. If you have your choice don't stay civilized. Head for the woods. Cities are a barren desert when it comes to survival. The woods have everything you need to survive (these days even including manufactured items, more's the pity). Cities often do not. Cities are also full people. Being full of people stretches resources so they don't have things in 'em anymore. People are also nasty sumbitches who will hit you over the head and take your precious personal information, encrypted or not (they don't find out how well you encrypted your information until after they have hit you on the head).
What you really need in that pack:
A good, sturdy pocket knife. Not a Swiss Army jobber. A single blade, like are sold to hunters. Metal, not ceramic.
A metal spoon.
Cheap chopsticks.
Do not, literally upon pain of death, use any other utensils than these to prepare or eat your food if you can at all avoid it. Make it a religion to keep them clean and sanitary.
Strike anywhere matches in a waterproof safe.
A firestarting piston. Use this before you resort to using your matches. Learn how to use it before you leave home.
A personal water filter.
A bottle of alcohol. 190 proof vodka is 190% better than the stuff from the drugstore. Make it yourself if you have to. Learn about cold distilling if you want to take the long, but easy way.
A few ounces of honey is nice to have along, but this is the most dangerous stuff in the pack. Think hard about it before including it. You can eat it if you have to, but that's not what it's here for.
Aspirin.
Antihistimines.
Any other drugs you personally need to stay alive. If you really need Prozac or Valium to stay alive, plan on dying.
A homemade soda can stove.
A mini roll of duct tape.
5 pounds of gorp. If tightly rationed this well feed you for a week.
An "Emergency Blanket."
Ziploc Baggies (These last two items are the only survival gear of note invented in the 20th century).
A camelback water resevior recently filled with known good water.
100 feet of parachute cord. Learn how to tie knots before you need to.
Wool cloth. Two shirtweight peices 45"X 72". One heavier weight 60"X108". These are your clothes, your hammok, your chair, your carryall, your. . .
Learn how to use them as such before you need to. Do not be tempted to substitute cotton for wool to save money. The savings could kill you. Not in a pleasant way either.
Two pair of wool socks.
Three yards of 36" wide cotton could come in hand as well. This is your hat, your belt, your shoulder bag, your sling, your . . .
A waterproof, windproof shell. Yes, even if you're in a tropical zone.
A pennywhistle. Yes, I'm dead serious about that one. Learn how to play it a bit before you leave home. Even better, also learn how to make a pennywhistle out of any tubular thing you can find, before you need to.
If you expect to stay "civilized". .
Two weeks with me showing you how to combine all this stuff with stuff you can find anywhere (like pebbles), especially in a disaster zone, otherwise you're just going to be in deep shit within an hour anyway.
Time with me is limited. Start poking around the internet for this information now. For God's sake, learn to take care of yourself. Any baby cockroach can do it. Your brain is bigger. Learn to use it for somthing other than tracking your stock portfolio.
KFG
Living in New Orleans has burned a few lessons into me.
First, make a list of things to take if you have to evacuate. I forgot several things when packing up at 3am the day before the storm hit.
Second, keeping a safety deposit box in the same area as your house is a bad idea. We have banks which have been closed for a month and will probably be closed for many more. People come in every day asking about when they can get it. People wanting to leave the country but can't get their passports, very bad news.
Third, keep a decent supply of water and canned food. Rotate the supplies to keep them fresh but always maintain one weeks worth of supplies. Figure at least one week before outside relief gets to you. Two weeks would be a safer bet. It's easier to do than you think. A water dispenser with 3 or 4 bottles should hold you over nicely and large cans of food from Chef Boyardee will make this very inexpensive. To use those cans, make sure you have a mechanical can opener on the assumption of no electricity. Keeping a 12 pack of Toilet Paper around doesn't hurt. If anyone asks why the large amount, simply say that you get it cheaper.Keeping some cash also doesn't hurt a bit. When the power is out, checks and debit/credit cards are worthless. Multiple things can happen outside of a nuclear war or hurricane which can force you to be self-sufficient for a week or two. Trust me, when the lights don't work, the police won't answer 911 calls and people are looting, you will be forever grateful you took a little time and money to be prepared.
Fourth, paranoia can be a good thing. My wife complained when I bought a generator and 40 gallons of gas at the start of hurricane season. She gave me even more grief when I bought canned goods and water we didn't need within the next week. She sat on the sofa while I boarded up my house like world war III was coming to New Orleans. She thanked me several times for doing all of the above when we had electricity, food, water and an unlooted house after the storm.
Personally, I send all of my files to both Gmail and Yahoo. I have seperate accounts set up just for those files. If a disaster befalls the US that takes out both of those companies and destroys my home computer on the other side of the country, losing computer files won't matter a bit, I'll be too busy trying to survive.
I know enough about Google's servers to know that they have many datacenters, spread out around the world, with redundant backups. While I wouldn't ever trust anything completely to them, I think a GMailed file would have a better chance of surviving a disaster than a USB drive in your closet. As for encryption, it may be that nothing's unbreakable, but it gets pretty damn close. I don't anticipate anyone willing to spend billions of dollars and millions of years to crack my bank account number.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Why not just save your "important" data on a drive mounted in a removable IDE drive bay. If you ever need to take everything, you just shut down the machine and take the drive... Yes, this may be a little heavier than a USB flash drive... You could build a set of cron jobs (like I have) to back up your important directories to the removable drive on a nightly basis...
"Documents and Settings" for a Windoze box
"/var/mail" for Linux
User directories under Linux
Bookmarks, Mail Client directories (Thunderbird, Evolution, etc), IM directories (GAIM, Trillian, Google Talk, etc)
This would probably be preferable to say an external USB/Firewire drive, because it would be much faster for standard operations and would be connected until you took it with you...not to mention, there's more you can do for a damaged harddisk than a damaged USB flash drive...hard drives are sealed...most flash drives are not...there's a whole industry built on recovery of harddisks...not so on flash drives (not yet...it's probably coming)...
Or better yet, why not use one of the GMail Filesystem. This would certainly be more likely to survive...you wouldn't need to "grab" anything...all you would need is a machine with web access...keep something like 7-zip for Windows, GPG (or what ever you used to encrypt the data), and the GFS software for Windoze and Linux...you wouldn't really even need the archives, just a "draft" message with links to the files/projects. You could use another online filesystem and mirror the accounts (don't use software raid, just use 2 devices), so you could always recover the data if you lost access to one account.
But then again, what ever happened to the idea of keeping a safety deposit box in another city??? You can get to it once you are "safe"...not to mention that the authenticity of "scanned" copies of documents would be questioned because of Photoshop/Gimp...with a safety deposit box, you could have notarized, physical copies...Many of the things you list are things that you really don't need at home and generally wouldn't mind driving to get when/if the need arises (SSN, wills, Birth Certificates, Tax Returns, negatives of family photos, etc)...which would make a much more difficult situation easier for you (knowing that your important personal documents were safe)...who wants to worry if the only scan of their birth certificate was going to survive when they themselves are in danger...not me...
If you DO go with the USB Key idea, then don't trust any of the "built-in" security schemes and use your own encryption and buy 2 and use software RAID to mirror the drives. That way the data could be rebuilt if either one fails...you could each carry one of them as well...in case something happened to the other one...also beware of the pitfalls of flash memory (limited number of writes comes to mind right away)...
Any idea of saving hardware is moot if you're thinking of a flood in a major city (like NYC), because even waterproof hardware would be destroyed by all of the chemicals that would be floating in the water...
I agree with almost everything you say except the bit about encryption not being unbreakable. While I admit that in theory all current encryption schemes are breakable it is easy to encrypt something so that it is for all intents and purposes unbreakable without the key. Of course this assumes that there isn't a flaw in the encryption method and that nobody has built a quantum computer naturally. The first could be partially overcome by multiply encrypting the data with different methods - thus requireing a flaw to be found in each.
Anyway that's beside the point. The OP must be on crack or something. If the disaster is so big one of the worlds leading cities is never inhabitable again the guy, his wife and everyone they know is probably dead anyway. What the point planning for a situation you can't hope to live though. You might as well just enjoy the here and now. As for saving your CC numbers - hahahahha = like anyone will accept credit cards. You might be able to barter with food and water but that's about it.
Personally I would take water purification tablets and a 5 * 1 litre bottles of water as my number one thing to pack (more if I have space). After that I would pack low salt high energy food + a small pot of salt (allows you to replace salt when you need it rather than every time you eat). Some sturdy cloth would be useful as it would be easy to rig up a crude filter if you have to drink muddy water (at least the water will be free from bigger bits and the purification tablets will see to the rest - last resort though as "purified" water is horrible). A few boxes of matches sealed in plastic bags would be good as well as a really big coat. And finally, an assortment of large sturdy knives and a hand axe. No where in my list of essentials would I include a USB flash drive.
I used to have a better sig but it broke.
As far as encryption goes, for god's sake don't rely on anything the manufacturers ship.
I agree. And don't rely on full disc encryption products. We are just starting to understand the security issues of full disc encryptions, it will be a few years before I'd expect manufacturers to start understand it as well and be able to implement something secure. For now GBDE is probably the most secure, but even that isn't perfect. gpg --symmetric --cipher AES256 would probably beat any full disc encryption when it comes to security.
Use Blowfish or Twofish for proper 2 way encryption.
Uhm, what is a two way encryption? And I'd advice against blowfish as it only uses 64 bit cipher blocks. Go for something with at least 128 bit cipher blocks and even more if you have many GB of data. AES256 have 256 bit keys and 128 bit blocks, which I think should be sufficient as long as you don't need to encrypt more than 64GB of data in the key's lifetime.
Do you care about the security of your wireless mouse?
One way to waterproof a box of matches is to pour melted wax into the box and wait for it to set. When you need a match, just pick one out (The rest, naturally, remain waterproof in case you drop the box.) and rub off the wax.
Who ordered that?
Keepass is an excellent free, opensource, no-install password/data manager featuring strong crypto. here are a few pointers to USB key-based app collections that I've bookmarked over time.
-- No Sig is a Good Sig
Corsair has a rubberized water resistent shock-resistent flash drive available. I have one and found that it is quite durable: http://www.corsair.com/
As for encryption, check-out this open source project which offers an excellent encryption solution for Flash drives:
http://www.truecrypt.org/
The information that they recommended you store is important, but not the most important. You also need to:
n cy_checklist.html
a l_kit.html
1) Create an emergency checklist (do it today). A good example of what to include can be found here; http://www.geocities.com/survival_planning/emerge
2) Put together a couple of emergency survival kits. Again, some of the items to include can be found here; http://www.geocities.com/survival_planning/surviv
3) Read and learn as much as you can about survival. Knowledge is key and you can buy books like the SAS survival guides or one of many Survival CDs like the one found here; http://www.militaryebooks.com/survival.php
Good luck and Semper Fi!
Reminds me of a post nucular survivalist scifi book by Heinlein, I think it was Farnham's Freehold. One idea from that book was that the most valued item after the war was a useful text book.
It's caused by massive electron migration away from the blast which produces a huge current. The EMP effect is strongest at the edge of the atmosphere where there is space to the upper side of the weapon or at ground level where the earth prevents any movement of electrons. In the middle the movement of electrons is symmetrical and cancels itself out.
:-)
http://nuclearweaponarchive.org/
It's in the High energy weapons FAQ somewhere (sorry working you'll have to find it