Slashdot Mirror
Condensing Your Life on to a USB Flash Drive?
Fear the Clam asks: "My wife and I figure that if we plan for the worst, it'll never happen, so we've been putting together 'If public transportation bites it and we have two minutes to grab our stuff and start walking, never to return to NYC' getaway knapsacks. With luck they'll live in the closet forever.
Coincidently, this morning the New York Times has an article about what to take when you have to leave home in a big hurry [DNA verification required], and they suggest making a list of all of things like Social Security and credit card numbers, scanning birth certificates, marriage license and tax returns, and saving it all on a USB flash drive. Since this would be a complete identity kit, encryption is of utmost importance. What's the best solution? A flash drive that claims to encrypt or a platform-independent, self-extracting, encrypted file on a regular drive? Any suggestions for sturdy drives?" Of course, the choice of USB flash drive covers only a part of the problem. What other data would you put on this piece of "contingency hardware", and how would you protect the drive itself in case you did have to "swim for it"?
Most USB drives are pretty tough. I would make a copy or two and put it in a crush/water proof case like an Otterbox.
Well if your going to be all paranoid, you might as well get one of these.
Reality test... am I dreaming?
Here's what I can think of off the top of my head...
Social Security cards
Driver's licenses
Recent photos, head only and full body (clothed!)
Passports
Contact info of relatives, friends
Vehicle registration
Birth certificates
Wedding license
Property deeds
Will
Living will
Account and contact information: banks, credit cards, utilities, insurance (health, house, car), mortgages, loans
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
Since this is the sort of thing one isn't likely to think about often, and digital archives tend to deteriorate or become obsolete, paper is a good bet, but make it acid free bond, and store it in acid free covers. There should be a second, similar, copy far enough away that a single event is not likely to take out both. This should be good for well over a lifetime.
It's for Windows only, but I stumbled upon TrueCrypt found at http://www.truecrypt.org/ and really like it. And it's not only useful for USB drives, but can be used to create encrypted logical drives on a Hard Drive. For the really paranoid, the documentation even covers lots of stealthy ways to use it so as not to be detected.
I'm certainly no expert at encryption, but it seems pretty solid. Basically, it creates an encrypted container file and then mounts it as a logical drive when you open the file through the app. I've seen commercial counterparts such as StealthDisk, and I think TrueCrypt's interface is easier to use and its execution is more solid.
It's OSS and free as in beer and as in speech.
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
I deal with the write issue on a regular basis. We used to use flash for embedded systems but the annual replacement of flash drives got excessive. We now use microdrives, which have an actual spinning media drive in them.
If you're looking for a backup solution for your family data, organize your files in a competent manner (so it is comprehensive and well organized), and then develop a routine to write monthly CDs off. We dump two to CD, one of which goes to the bank safety deposit box (in a town 30 miles from here where I work), and the other gets dropped off at my folks. We keep their own backup as well. Mine is encrypted (theirs isn't since they're not that sophisticated and don't care).
Works like a champ and was tested once already when my home workstation died and needed data recovery. Damn cheap-assed capacitors leaked on the motherboard...
*flyover sam*
(I'd post under my sig but there's nothing like a Slashdot stalker to change your interest in karma)
Hadn't thought of the otterbox (nice idea, makes sense). If your really trying to prep for something like this, consider making a non-magnetic copy also. While the odds of an EMP type disaster killing the drive (especially if stashed in a safe place) are slim, so are the odds of a nuclear disaster I guess.
Consider burning it to a CDR also. This is stuff that might have to be updated once a year (such as deeds or photos/contacts) anyway, so its not like the age of the media and deterioration will be a big problem.
A rule of thumb I've learned is that if your planning for stuff that occurs more then 2 standard deviations away from the mean, then chances are you want something that is (or can at least be considered virtually) full-proof. At the very least, the odds of all of the combined methods together have a lesser chance of failing then the original threat does of occuring.
We don't need an "overrated" so much as we need a "you completely missed the parent's point, dumbass..."
For example:
Zip up your stuff (or tar.bz2, whatever...)
gpg -c --cipher-algo AES256 Stuff.zip
Copy Stuff.gpg to your flash media.
To decrypt, copy Stuff.gpg to your computer and run:
gpg -d Stuff.gpg > Stuff.zip
Don't forget your password. Make sure you use a trustworthy GPG binary, and the unencrypted archive should never be stored on your flash media!. The unencrypted version could be easily recovered using undelete software.
Now if it was me doing this, and I had some time on my hands, I'd look into the Linux crypto loop stuff. But that doesn't work all that well if nobody in your family runs Linux. So, I would have to opt for True Crypt on a Windows machine, create an encrypted volume on my flash drive, copy over the improtant files, unmount and run for it. At my parents/grandparents/whatever, it would be trivial to download and intall true crypt again and get access to my files.
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
It is entirely focused on records. This is the information age, right? So we need our personal information to survive, right? As I've already posted the information might well turn out to be important, and you should make sure you have it, but if Katrina taught anybody anything it's that papers don't insure your survival. You can't eat your papers (although when things get really, really sticky you might be able to trade them for food).
.money. If you don't, more gorp. When push comes to shove people will trade you nearly anthing for food. Money weighs less than gorp though. If you have your choice don't stay civilized. Head for the woods. Cities are a barren desert when it comes to survival. The woods have everything you need to survive (these days even including manufactured items, more's the pity). Cities often do not. Cities are also full people. Being full of people stretches resources so they don't have things in 'em anymore. People are also nasty sumbitches who will hit you over the head and take your precious personal information, encrypted or not (they don't find out how well you encrypted your information until after they have hit you on the head).
What you really need in that pack:
A good, sturdy pocket knife. Not a Swiss Army jobber. A single blade, like are sold to hunters. Metal, not ceramic.
A metal spoon.
Cheap chopsticks.
Do not, literally upon pain of death, use any other utensils than these to prepare or eat your food if you can at all avoid it. Make it a religion to keep them clean and sanitary.
Strike anywhere matches in a waterproof safe.
A firestarting piston. Use this before you resort to using your matches. Learn how to use it before you leave home.
A personal water filter.
A bottle of alcohol. 190 proof vodka is 190% better than the stuff from the drugstore. Make it yourself if you have to. Learn about cold distilling if you want to take the long, but easy way.
A few ounces of honey is nice to have along, but this is the most dangerous stuff in the pack. Think hard about it before including it. You can eat it if you have to, but that's not what it's here for.
Aspirin.
Antihistimines.
Any other drugs you personally need to stay alive. If you really need Prozac or Valium to stay alive, plan on dying.
A homemade soda can stove.
A mini roll of duct tape.
5 pounds of gorp. If tightly rationed this well feed you for a week.
An "Emergency Blanket."
Ziploc Baggies (These last two items are the only survival gear of note invented in the 20th century).
A camelback water resevior recently filled with known good water.
100 feet of parachute cord. Learn how to tie knots before you need to.
Wool cloth. Two shirtweight peices 45"X 72". One heavier weight 60"X108". These are your clothes, your hammok, your chair, your carryall, your. . .
Learn how to use them as such before you need to. Do not be tempted to substitute cotton for wool to save money. The savings could kill you. Not in a pleasant way either.
Two pair of wool socks.
Three yards of 36" wide cotton could come in hand as well. This is your hat, your belt, your shoulder bag, your sling, your . . .
A waterproof, windproof shell. Yes, even if you're in a tropical zone.
A pennywhistle. Yes, I'm dead serious about that one. Learn how to play it a bit before you leave home. Even better, also learn how to make a pennywhistle out of any tubular thing you can find, before you need to.
If you expect to stay "civilized". .
Two weeks with me showing you how to combine all this stuff with stuff you can find anywhere (like pebbles), especially in a disaster zone, otherwise you're just going to be in deep shit within an hour anyway.
Time with me is limited. Start poking around the internet for this information now. For God's sake, learn to take care of yourself. Any baby cockroach can do it. Your brain is bigger. Learn to use it for somthing other than tracking your stock portfolio.
KFG
Living in New Orleans has burned a few lessons into me.
First, make a list of things to take if you have to evacuate. I forgot several things when packing up at 3am the day before the storm hit.
Second, keeping a safety deposit box in the same area as your house is a bad idea. We have banks which have been closed for a month and will probably be closed for many more. People come in every day asking about when they can get it. People wanting to leave the country but can't get their passports, very bad news.
Third, keep a decent supply of water and canned food. Rotate the supplies to keep them fresh but always maintain one weeks worth of supplies. Figure at least one week before outside relief gets to you. Two weeks would be a safer bet. It's easier to do than you think. A water dispenser with 3 or 4 bottles should hold you over nicely and large cans of food from Chef Boyardee will make this very inexpensive. To use those cans, make sure you have a mechanical can opener on the assumption of no electricity. Keeping a 12 pack of Toilet Paper around doesn't hurt. If anyone asks why the large amount, simply say that you get it cheaper.Keeping some cash also doesn't hurt a bit. When the power is out, checks and debit/credit cards are worthless. Multiple things can happen outside of a nuclear war or hurricane which can force you to be self-sufficient for a week or two. Trust me, when the lights don't work, the police won't answer 911 calls and people are looting, you will be forever grateful you took a little time and money to be prepared.
Fourth, paranoia can be a good thing. My wife complained when I bought a generator and 40 gallons of gas at the start of hurricane season. She gave me even more grief when I bought canned goods and water we didn't need within the next week. She sat on the sofa while I boarded up my house like world war III was coming to New Orleans. She thanked me several times for doing all of the above when we had electricity, food, water and an unlooted house after the storm.
Personally, I send all of my files to both Gmail and Yahoo. I have seperate accounts set up just for those files. If a disaster befalls the US that takes out both of those companies and destroys my home computer on the other side of the country, losing computer files won't matter a bit, I'll be too busy trying to survive.
I agree with almost everything you say except the bit about encryption not being unbreakable. While I admit that in theory all current encryption schemes are breakable it is easy to encrypt something so that it is for all intents and purposes unbreakable without the key. Of course this assumes that there isn't a flaw in the encryption method and that nobody has built a quantum computer naturally. The first could be partially overcome by multiply encrypting the data with different methods - thus requireing a flaw to be found in each.
Anyway that's beside the point. The OP must be on crack or something. If the disaster is so big one of the worlds leading cities is never inhabitable again the guy, his wife and everyone they know is probably dead anyway. What the point planning for a situation you can't hope to live though. You might as well just enjoy the here and now. As for saving your CC numbers - hahahahha = like anyone will accept credit cards. You might be able to barter with food and water but that's about it.
Personally I would take water purification tablets and a 5 * 1 litre bottles of water as my number one thing to pack (more if I have space). After that I would pack low salt high energy food + a small pot of salt (allows you to replace salt when you need it rather than every time you eat). Some sturdy cloth would be useful as it would be easy to rig up a crude filter if you have to drink muddy water (at least the water will be free from bigger bits and the purification tablets will see to the rest - last resort though as "purified" water is horrible). A few boxes of matches sealed in plastic bags would be good as well as a really big coat. And finally, an assortment of large sturdy knives and a hand axe. No where in my list of essentials would I include a USB flash drive.
I used to have a better sig but it broke.
As far as encryption goes, for god's sake don't rely on anything the manufacturers ship.
I agree. And don't rely on full disc encryption products. We are just starting to understand the security issues of full disc encryptions, it will be a few years before I'd expect manufacturers to start understand it as well and be able to implement something secure. For now GBDE is probably the most secure, but even that isn't perfect. gpg --symmetric --cipher AES256 would probably beat any full disc encryption when it comes to security.
Use Blowfish or Twofish for proper 2 way encryption.
Uhm, what is a two way encryption? And I'd advice against blowfish as it only uses 64 bit cipher blocks. Go for something with at least 128 bit cipher blocks and even more if you have many GB of data. AES256 have 256 bit keys and 128 bit blocks, which I think should be sufficient as long as you don't need to encrypt more than 64GB of data in the key's lifetime.
Do you care about the security of your wireless mouse?
Yes, on all counts.
Modern flash is quite sophisticated (at least compactflash and USB sticks are, no idea about SD/MMC)
Not only does modern flash have multiple redundancies and ECC, it also has wear leveling and badblock reallocation. This is all completely transparent to the end user / operating system.
IOW, there is no need for the OS or filesystem to handle any of this.
And yes, the flash is larger than advertised for exactly these reasons. So are your hard drives (IDE, SCSI) which have similar features and have similarly reserved space.