Slashdot Mirror

← Back to Stories (view on slashdot.org)

Condensing Your Life on to a USB Flash Drive?

Posted by Cliff on from the what-to-take-and-what-to-put-it-on-to dept.

Fear the Clam asks: "My wife and I figure that if we plan for the worst, it'll never happen, so we've been putting together 'If public transportation bites it and we have two minutes to grab our stuff and start walking, never to return to NYC' getaway knapsacks. With luck they'll live in the closet forever. Coincidently, this morning the New York Times has an article about what to take when you have to leave home in a big hurry [DNA verification required], and they suggest making a list of all of things like Social Security and credit card numbers, scanning birth certificates, marriage license and tax returns, and saving it all on a USB flash drive. Since this would be a complete identity kit, encryption is of utmost importance. What's the best solution? A flash drive that claims to encrypt or a platform-independent, self-extracting, encrypted file on a regular drive? Any suggestions for sturdy drives?" Of course, the choice of USB flash drive covers only a part of the problem. What other data would you put on this piece of "contingency hardware", and how would you protect the drive itself in case you did have to "swim for it"?

27 of 888 comments (clear)

  1. I'd take a backup of my backup. by Anonymous Coward · · Score: 3, Informative

    I've had three USB Flash Drives (Lexar, and two Sandisks) die on me, usually under a year, presumably a byproduct of the limited writes available to NAND memory.

    1. Re:I'd take a backup of my backup. by Anonymous Coward · · Score: 4, Informative

      I deal with the write issue on a regular basis. We used to use flash for embedded systems but the annual replacement of flash drives got excessive. We now use microdrives, which have an actual spinning media drive in them.

      If you're looking for a backup solution for your family data, organize your files in a competent manner (so it is comprehensive and well organized), and then develop a routine to write monthly CDs off. We dump two to CD, one of which goes to the bank safety deposit box (in a town 30 miles from here where I work), and the other gets dropped off at my folks. We keep their own backup as well. Mine is encrypted (theirs isn't since they're not that sophisticated and don't care).

      Works like a champ and was tested once already when my home workstation died and needed data recovery. Damn cheap-assed capacitors leaked on the motherboard...

      *flyover sam*
      (I'd post under my sig but there's nothing like a Slashdot stalker to change your interest in karma)

    2. Re:I'd take a backup of my backup. by arodland · · Score: 3, Informative

      I'd say that's a bit out of date. Current parts are usually expected to get 1 million write cycles per block "minimum", and if you get good ones, you can approach 10 million. And provided that you don't rewrite every single piece of data every time, wear leveling will help you out too. So the parent is probably right. You would have to work really hard (or get a number of lousy chips) to kill a decent-sized drive with writes in a year.

    3. Re:I'd take a backup of my backup. by bani · · Score: 4, Informative

      Yes, on all counts.

      Modern flash is quite sophisticated (at least compactflash and USB sticks are, no idea about SD/MMC)

      Not only does modern flash have multiple redundancies and ECC, it also has wear leveling and badblock reallocation. This is all completely transparent to the end user / operating system.

      IOW, there is no need for the OS or filesystem to handle any of this.

      And yes, the flash is larger than advertised for exactly these reasons. So are your hard drives (IDE, SCSI) which have similar features and have similarly reserved space.

  2. They tend to be pretty tough by Helios1182 · · Score: 5, Informative

    Most USB drives are pretty tough. I would make a copy or two and put it in a crush/water proof case like an Otterbox.

  3. OMG! The sky is falling! by Brent+Spiner · · Score: 4, Informative

    Well if your going to be all paranoid, you might as well get one of these.

    --
    Reality test... am I dreaming?
  4. contents by egburr · · Score: 5, Informative

    Here's what I can think of off the top of my head...

    Social Security cards
    Driver's licenses
    Recent photos, head only and full body (clothed!)
    Passports
    Contact info of relatives, friends
    Vehicle registration
    Birth certificates
    Wedding license
    Property deeds
    Will
    Living will
    Account and contact information: banks, credit cards, utilities, insurance (health, house, car), mortgages, loans

    --

    Edward Burr
    Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
  5. Re:What's the best solution? by jmcharry · · Score: 4, Informative

    Since this is the sort of thing one isn't likely to think about often, and digital archives tend to deteriorate or become obsolete, paper is a good bet, but make it acid free bond, and store it in acid free covers. There should be a second, similar, copy far enough away that a single event is not likely to take out both. This should be good for well over a lifetime.

  6. I like TrueCrypt... by jbarr · · Score: 5, Informative

    It's for Windows only, but I stumbled upon TrueCrypt found at http://www.truecrypt.org/ and really like it. And it's not only useful for USB drives, but can be used to create encrypted logical drives on a Hard Drive. For the really paranoid, the documentation even covers lots of stealthy ways to use it so as not to be detected.

    I'm certainly no expert at encryption, but it seems pretty solid. Basically, it creates an encrypted container file and then mounts it as a logical drive when you open the file through the app. I've seen commercial counterparts such as StealthDisk, and I think TrueCrypt's interface is easier to use and its execution is more solid.

    It's OSS and free as in beer and as in speech.

    --
    My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
  7. Lots of missing information... by rcbarnes · · Score: 3, Informative

    How immediate is the need for access to the information? The stronger the solution, the slower the access for the most part. Something that needs to be immediately accessable will need to be bundled with proper decryption tools (assume nothing better than Windows 95 will be available) on-stick.

    Also related: what operating system are you using? Under Linux, you could use a loopback encrypted filesystem, for example, but under windows such would not be viable.

    Are we assuming that the computer will be destroyed, or that we need to stick to a pure-RAM access system to prevent residue on the hard drive from being intercepted?

    Are you willing to trust a corperate product for ease-of-use concerns?

    Finally, how are you securing your original documents? Might it just be as easy to grab an organized safe-box as keep all the digital security on a digital form? Keep in mind that only origial copies are good for anything beyond having a reference point to start receiveing replacement copies of your stuff.

    One more thing: How much of this is overkill? Keep in mind how cheap and simple it is to acquire copies of an arbitrary person's complete identifying information (I often see ways to do it under two hundred dollars, including original copies of all the usual certificates and plastic cards, which would cost less for a professional). A chain is only as strong as its weakest link, and in this case, with just some reasonable precaution, the path of least cost and difficulty is through more common means of aqusition than stealing a thumbdrive.

    --
    "Fight for lost causes. You may discover they weren't."
  8. non-magnetic copy [Re:They tend to be pretty tough by saitoh · · Score: 4, Informative

    Hadn't thought of the otterbox (nice idea, makes sense). If your really trying to prep for something like this, consider making a non-magnetic copy also. While the odds of an EMP type disaster killing the drive (especially if stashed in a safe place) are slim, so are the odds of a nuclear disaster I guess.

    Consider burning it to a CDR also. This is stuff that might have to be updated once a year (such as deeds or photos/contacts) anyway, so its not like the age of the media and deterioration will be a big problem.

    A rule of thumb I've learned is that if your planning for stuff that occurs more then 2 standard deviations away from the mean, then chances are you want something that is (or can at least be considered virtually) full-proof. At the very least, the odds of all of the combined methods together have a lesser chance of failing then the original threat does of occuring.

    --
    We don't need an "overrated" so much as we need a "you completely missed the parent's point, dumbass..."
  9. wash away by marcushnk · · Score: 3, Informative

    I've had 4 of my 512 mb usb mem key's go through the wash dozens of times.. :-) no problems there at all :-)

    --
    "Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
  10. Re:PGP by Xibby · · Score: 4, Informative

    For example:
    Zip up your stuff (or tar.bz2, whatever...)
    gpg -c --cipher-algo AES256 Stuff.zip

    Copy Stuff.gpg to your flash media.

    To decrypt, copy Stuff.gpg to your computer and run:
    gpg -d Stuff.gpg > Stuff.zip

    Don't forget your password. Make sure you use a trustworthy GPG binary, and the unencrypted archive should never be stored on your flash media!. The unencrypted version could be easily recovered using undelete software.

    Now if it was me doing this, and I had some time on my hands, I'd look into the Linux crypto loop stuff. But that doesn't work all that well if nobody in your family runs Linux. So, I would have to opt for True Crypt on a Windows machine, create an encrypted volume on my flash drive, copy over the improtant files, unmount and run for it. At my parents/grandparents/whatever, it would be trivial to download and intall true crypt again and get access to my files.

    --
    I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
  11. In 1983 I came to the US with no records by Anonymous Coward · · Score: 3, Informative

    I managed to eacape from an East European country without anything, no passport, no PhD, DSc certificates or any other documents. Months later I managed to come to the US. After many unsuccsessful attempts to find an academic job, I eventually managed to get hired by a small university based only on the testimonies of three fellow American scientists who met me before and knew my work and a few photocopies of some of my publications.

    Records are not always necessary, good, generous people can help you.

  12. Re:If there's a (thermo)nuclear attack... by keraneuology · · Score: 3, Informative
    I don't know where you people get these wacky ideas. EMP is a myth, propagated by science fiction and kept alive by idiots like yourself.

    Let's start out with:

    The existence of the electromagnetic pulse has been known since the 1940's when nuclear weapons were being developed and tested. However, because of lack of data, the effects of an EMP were not fully known until 1962. At this time, the United States was conducting a series of high-altitude atmospheric tests, code named "Fishbowl." The nuclear explosion, "Starfish Prime," which was detonated in the Pacific Ocean 800 miles from Hawaii, caused an EMP that disrupted radio stations and electrical equipment throughout Hawaii. Consequently, in 1963, the United States and the Soviet Union signed the Atmospheric Test Ban Treaty to counter the considerable threat posed by EMPs. Unfortunately, the destructive potential of an EMP increases everyday as society becomes evermore technological because of an escalating dependence on electronics.

    Don't forget to review the US Army Corps of Engineers.

    You can google and wiki more on your own.

    --
    If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
  13. Re:If there's a (thermo)nuclear attack... by Your+Pal+Dave · · Score: 3, Informative
    I don't know where you people get these wacky ideas. EMP is a myth, propagated by science fiction and kept alive by idiots like yourself.


    EMP effects were observed at a distance of 1500 km during the Starfish Prime test blast. Quoting the linked article:

    the EMP created by the explosion was felt as three hundred street lights failed, television sets and radios malfunctioned, burglar alarms went off and power lines fused.


    This was in 1962, so we're talking about vacuum tubes and electro-mechanical systems. Modern semiconductors would be significantly more sensitive to EMP effects.
  14. My objection to the article: by kfg · · Score: 5, Informative

    It is entirely focused on records. This is the information age, right? So we need our personal information to survive, right? As I've already posted the information might well turn out to be important, and you should make sure you have it, but if Katrina taught anybody anything it's that papers don't insure your survival. You can't eat your papers (although when things get really, really sticky you might be able to trade them for food).

    What you really need in that pack:

    A good, sturdy pocket knife. Not a Swiss Army jobber. A single blade, like are sold to hunters. Metal, not ceramic.

    A metal spoon.

    Cheap chopsticks.

    Do not, literally upon pain of death, use any other utensils than these to prepare or eat your food if you can at all avoid it. Make it a religion to keep them clean and sanitary.

    Strike anywhere matches in a waterproof safe.

    A firestarting piston. Use this before you resort to using your matches. Learn how to use it before you leave home.

    A personal water filter.

    A bottle of alcohol. 190 proof vodka is 190% better than the stuff from the drugstore. Make it yourself if you have to. Learn about cold distilling if you want to take the long, but easy way.

    A few ounces of honey is nice to have along, but this is the most dangerous stuff in the pack. Think hard about it before including it. You can eat it if you have to, but that's not what it's here for.

    Aspirin.

    Antihistimines.

    Any other drugs you personally need to stay alive. If you really need Prozac or Valium to stay alive, plan on dying.

    A homemade soda can stove.

    A mini roll of duct tape.

    5 pounds of gorp. If tightly rationed this well feed you for a week.

    An "Emergency Blanket."

    Ziploc Baggies (These last two items are the only survival gear of note invented in the 20th century).

    A camelback water resevior recently filled with known good water.

    100 feet of parachute cord. Learn how to tie knots before you need to.

    Wool cloth. Two shirtweight peices 45"X 72". One heavier weight 60"X108". These are your clothes, your hammok, your chair, your carryall, your. . .

    Learn how to use them as such before you need to. Do not be tempted to substitute cotton for wool to save money. The savings could kill you. Not in a pleasant way either.

    Two pair of wool socks.

    Three yards of 36" wide cotton could come in hand as well. This is your hat, your belt, your shoulder bag, your sling, your . . .

    A waterproof, windproof shell. Yes, even if you're in a tropical zone.

    A pennywhistle. Yes, I'm dead serious about that one. Learn how to play it a bit before you leave home. Even better, also learn how to make a pennywhistle out of any tubular thing you can find, before you need to.

    If you expect to stay "civilized". . .money. If you don't, more gorp. When push comes to shove people will trade you nearly anthing for food. Money weighs less than gorp though. If you have your choice don't stay civilized. Head for the woods. Cities are a barren desert when it comes to survival. The woods have everything you need to survive (these days even including manufactured items, more's the pity). Cities often do not. Cities are also full people. Being full of people stretches resources so they don't have things in 'em anymore. People are also nasty sumbitches who will hit you over the head and take your precious personal information, encrypted or not (they don't find out how well you encrypted your information until after they have hit you on the head).

    Two weeks with me showing you how to combine all this stuff with stuff you can find anywhere (like pebbles), especially in a disaster zone, otherwise you're just going to be in deep shit within an hour anyway.

    Time with me is limited. Start poking around the internet for this information now. For God's sake, learn to take care of yourself. Any baby cockroach can do it. Your brain is bigger. Learn to use it for somthing other than tracking your stock portfolio.

    KFG

    1. Re:My objection to the article: by TheoMurpse · · Score: 3, Informative

      It's killing me to know why the honey is the most dangerous thing in the pack, and what it's really in the pack for, if not for food. Attracting animals to kill? Can you commit suicide with honey? What?

    2. Re:My objection to the article: by kfg · · Score: 4, Informative

      . . .what's the honey for?

      It's a topical antibacterial. Even when push comes to shove I don't recommend eating Neosporin. When you have a choice between packing something you can eat and something you can't, go with the thing you can eat. Native Americans didn't typically use chemical tanning, not because they didn't know how. They did. They also knew that tanning meant you couldn't eat your clothing or horse tack when times got sticky.

      Clean a wound with alcohol. Seal the wound with honey. If corn starch is available dust the honey with it (You're carrying cornstarch because you can eat it. You can't eat talcum powder). Seal the honey with duct tape.

      KFG

    3. Re:My objection to the article: by Anonymous Coward · · Score: 3, Informative

      The honey will only be active as a wound treatment if it is unpasturized. The heat destroys the enzyme responsible for its antibacterial action.

      http://www.worldwidewounds.com/2001/november/Molan /honey-as-topical-agent.html

      The antibacterial/antifungal activity is not only due to osmosis.

      -Bob

    4. Re:My objection to the article: by kfg · · Score: 3, Informative

      I still haven't figured out how the honey would be dangerous. . .

      It's a vector of sticky. :)

      Yes, the penny whistle has me guessing as well. . .

      Never underestimate the value of being able to make friends by being able to play an instrument, particularly when the shit hits the fan. The friends might well have food. Eat theirs when you can instead of your own. The pennywhistle is inexpensive (duh), easy to get started on, nearly indestructable, versatile, but particularly good at playing "happy" music.

      Never underestimate the power of happy music to turn misery into a party. In the last big blackout nobody in my neighborhood has anything but happy memories of the experience. I had an impromptu music festival going within an hour of the lights going out and kept it going until they came back on. It wasn't a blackout, it was a block party (of course nobody's homes were blowing away or under water either).

      A foot long metal tube can also be a suprisingly useful thing to have around. When you're packing light and moving in a hurry you have to learn to see things for what they actually are, and not for what they are labeled. Duct tape, for instance is a strip of rubberized cloth with some adhesive on one side of it. Thus it's repair tape, bandages, moleskin, a bit of rope, etc. Corn starch is soup thickener, foot powder, dry lubricant, etc.

      A foot long metal tube likewise has a variety of utilitarian uses. In this case signal whistle is the most obvious. You really should carry a signal whistle. Why shouldn't it also be a musical one? (my 6'x 3/4" PVC hiking staff is a suprisingly loud herald's trumpet, even though it lacks a bell and you should see the look on a Coast Guard officer's face when you demonstrate that you do have the required signal horn on board by blowing out his eardrums with your "boathook")

      Actually, my own choice is 3/4" PVC pipe quena (an end blown flute). People don't even realize it's a bo until it hits them. There is value in other people seeing what a thing is labeled as, as opposed to what it really is. Someone who will take away your knife will leave you your flute/thumper/cheaterbar/bo.

  15. From Katrina Ground Zero by DownTheLongRoad · · Score: 5, Informative

    Living in New Orleans has burned a few lessons into me.
    First, make a list of things to take if you have to evacuate. I forgot several things when packing up at 3am the day before the storm hit.
    Second, keeping a safety deposit box in the same area as your house is a bad idea. We have banks which have been closed for a month and will probably be closed for many more. People come in every day asking about when they can get it. People wanting to leave the country but can't get their passports, very bad news.
    Third, keep a decent supply of water and canned food. Rotate the supplies to keep them fresh but always maintain one weeks worth of supplies. Figure at least one week before outside relief gets to you. Two weeks would be a safer bet. It's easier to do than you think. A water dispenser with 3 or 4 bottles should hold you over nicely and large cans of food from Chef Boyardee will make this very inexpensive. To use those cans, make sure you have a mechanical can opener on the assumption of no electricity. Keeping a 12 pack of Toilet Paper around doesn't hurt. If anyone asks why the large amount, simply say that you get it cheaper.Keeping some cash also doesn't hurt a bit. When the power is out, checks and debit/credit cards are worthless. Multiple things can happen outside of a nuclear war or hurricane which can force you to be self-sufficient for a week or two. Trust me, when the lights don't work, the police won't answer 911 calls and people are looting, you will be forever grateful you took a little time and money to be prepared.
    Fourth, paranoia can be a good thing. My wife complained when I bought a generator and 40 gallons of gas at the start of hurricane season. She gave me even more grief when I bought canned goods and water we didn't need within the next week. She sat on the sofa while I boarded up my house like world war III was coming to New Orleans. She thanked me several times for doing all of the above when we had electricity, food, water and an unlooted house after the storm.

    Personally, I send all of my files to both Gmail and Yahoo. I have seperate accounts set up just for those files. If a disaster befalls the US that takes out both of those companies and destroys my home computer on the other side of the country, losing computer files won't matter a bit, I'll be too busy trying to survive.

  16. Other ideas... by OneFix · · Score: 3, Informative

    Why not just save your "important" data on a drive mounted in a removable IDE drive bay. If you ever need to take everything, you just shut down the machine and take the drive... Yes, this may be a little heavier than a USB flash drive... You could build a set of cron jobs (like I have) to back up your important directories to the removable drive on a nightly basis...

    "Documents and Settings" for a Windoze box
    "/var/mail" for Linux
    User directories under Linux
    Bookmarks, Mail Client directories (Thunderbird, Evolution, etc), IM directories (GAIM, Trillian, Google Talk, etc)

    This would probably be preferable to say an external USB/Firewire drive, because it would be much faster for standard operations and would be connected until you took it with you...not to mention, there's more you can do for a damaged harddisk than a damaged USB flash drive...hard drives are sealed...most flash drives are not...there's a whole industry built on recovery of harddisks...not so on flash drives (not yet...it's probably coming)...

    Or better yet, why not use one of the GMail Filesystem. This would certainly be more likely to survive...you wouldn't need to "grab" anything...all you would need is a machine with web access...keep something like 7-zip for Windows, GPG (or what ever you used to encrypt the data), and the GFS software for Windoze and Linux...you wouldn't really even need the archives, just a "draft" message with links to the files/projects. You could use another online filesystem and mirror the accounts (don't use software raid, just use 2 devices), so you could always recover the data if you lost access to one account.

    But then again, what ever happened to the idea of keeping a safety deposit box in another city??? You can get to it once you are "safe"...not to mention that the authenticity of "scanned" copies of documents would be questioned because of Photoshop/Gimp...with a safety deposit box, you could have notarized, physical copies...Many of the things you list are things that you really don't need at home and generally wouldn't mind driving to get when/if the need arises (SSN, wills, Birth Certificates, Tax Returns, negatives of family photos, etc)...which would make a much more difficult situation easier for you (knowing that your important personal documents were safe)...who wants to worry if the only scan of their birth certificate was going to survive when they themselves are in danger...not me...

    If you DO go with the USB Key idea, then don't trust any of the "built-in" security schemes and use your own encryption and buy 2 and use software RAID to mirror the drives. That way the data could be rebuilt if either one fails...you could each carry one of them as well...in case something happened to the other one...also beware of the pitfalls of flash memory (limited number of writes comes to mind right away)...

    Any idea of saving hardware is moot if you're thinking of a flood in a major city (like NYC), because even waterproof hardware would be destroyed by all of the chemicals that would be floating in the water...

  17. Re:Why save it locally at all? by squoozer · · Score: 4, Informative

    I agree with almost everything you say except the bit about encryption not being unbreakable. While I admit that in theory all current encryption schemes are breakable it is easy to encrypt something so that it is for all intents and purposes unbreakable without the key. Of course this assumes that there isn't a flaw in the encryption method and that nobody has built a quantum computer naturally. The first could be partially overcome by multiply encrypting the data with different methods - thus requireing a flaw to be found in each.

    Anyway that's beside the point. The OP must be on crack or something. If the disaster is so big one of the worlds leading cities is never inhabitable again the guy, his wife and everyone they know is probably dead anyway. What the point planning for a situation you can't hope to live though. You might as well just enjoy the here and now. As for saving your CC numbers - hahahahha = like anyone will accept credit cards. You might be able to barter with food and water but that's about it.

    Personally I would take water purification tablets and a 5 * 1 litre bottles of water as my number one thing to pack (more if I have space). After that I would pack low salt high energy food + a small pot of salt (allows you to replace salt when you need it rather than every time you eat). Some sturdy cloth would be useful as it would be easy to rig up a crude filter if you have to drink muddy water (at least the water will be free from bigger bits and the purification tablets will see to the rest - last resort though as "purified" water is horrible). A few boxes of matches sealed in plastic bags would be good as well as a really big coat. And finally, an assortment of large sturdy knives and a hand axe. No where in my list of essentials would I include a USB flash drive.

    --
    I used to have a better sig but it broke.
  18. Re:Encryption by kasperd · · Score: 4, Informative

    As far as encryption goes, for god's sake don't rely on anything the manufacturers ship.
    I agree. And don't rely on full disc encryption products. We are just starting to understand the security issues of full disc encryptions, it will be a few years before I'd expect manufacturers to start understand it as well and be able to implement something secure. For now GBDE is probably the most secure, but even that isn't perfect. gpg --symmetric --cipher AES256 would probably beat any full disc encryption when it comes to security.

    Use Blowfish or Twofish for proper 2 way encryption.
    Uhm, what is a two way encryption? And I'd advice against blowfish as it only uses 64 bit cipher blocks. Go for something with at least 128 bit cipher blocks and even more if you have many GB of data. AES256 have 256 bit keys and 128 bit blocks, which I think should be sufficient as long as you don't need to encrypt more than 64GB of data in the key's lifetime.

    --

    Do you care about the security of your wireless mouse?
  19. Re:Why save it locally at all? by Jamu · · Score: 3, Informative

    One way to waterproof a box of matches is to pour melted wax into the box and wait for it to set. When you need a match, just pick one out (The rest, naturally, remain waterproof in case you drop the box.) and rub off the wax.

    --
    Who ordered that?
  20. Durable flash drive, open source encryption by Anonymous Coward · · Score: 3, Informative

    Corsair has a rubberized water resistent shock-resistent flash drive available. I have one and found that it is quite durable: http://www.corsair.com/

    As for encryption, check-out this open source project which offers an excellent encryption solution for Flash drives:
    http://www.truecrypt.org/