Open Source Removable Media Encryption?

An anonymous reader asks: "I'm trying to find a solution for encrypting removable media connected to my network's computers. Ideally, the solution would: allow Enterprise deployment and configuration in a Windows XP environment; be free and open source; not require administrative privileges to use (encrypt/decrypt files and media); and allow decryption via freely available and platform-independent methods on the destination machine. I've looked at PointSec for Removable Media, but it requires Windows on both ends. I've also looked at TrueCrypt, but it doesn't appear to limit encryption to only removable media (I don't want users encrypting their hard drives). Slashdot, can you help me?"

One link answer that has worked well for me

[takeya]

http://glosoli.blogspot.com/2005/09/encrypted-thum b-drive-and-autoplay.html

work off that its good

Why not TrueCrypt?

[wuzzeb]

Truecrypt can do exactly what you want. From here

After a system administrator installs TrueCrypt on the system, users without administrator privileges will be able to run TrueCrypt, mount/dismount any TrueCrypt volume, and create file-hosted TrueCrypt volumes on the system. However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall TrueCrypt, cannot change passwords/keyfiles for TrueCrypt partitions/devices, cannot backup/restore headers of TrueCrypt partitions/devices, and they cannot run TrueCrypt in 'traveller' mode.

Exactly what you want... when running TrueCrypt in normal user mode, no one will be able to encrypt the hard drive or anything else.

Challenger thumbdrive encryption

[badzilla]

Challenger thumbdrive encryption, not checked it out in depth but works for me for those "OMG what if I lost this thumdrive" moments.

http://www.encryption-software.de/challenger/en/do c_short_manual.html

Encrypting removable media

[CastrTroy]

The problem with encrypting removable media is a little bit shakey. I'm assuming you want the to encrypt it so they can bring the information home with them. If they aren't bringing it home, you're probably better leaving the data on the computer/network to keep it more secure. However, once they bring it home, and type in the decryption key, any spyware on their home computer is free to read the data just as the user would be free to read the data. Smart spyware would probably actively look for encrypted partitions (although I don't know of any that does), because it's more likely that there is confidential and important information there. Encrypting the media will give you lots of protection if the data happens to go lost, but won't protect you once the user plugs it into a foriegn computer and types the password. You also need the software on every computer, so if you're bringing a presentation on an encrypted drive to a client's office, they need to have the software to read it. Also, remants of the files can be left on the computer in the swap partition, which can be read later if the swap partition isn't encrypted, which is the case with most windows, as well as Linux setups (althought it's quite easy to encrypt your Linux swap partition)

On a side note, I don't think you have to worry too much about the users encrypting their hard drive if you use truecrypt, because as far as i'm aware, you have to unmount and format the volume in order to encrypt it. I don't think that regular users have that privilege, and I'm not even sure if it's possible with admin privileges, if they only have 1 partition. You can't unmount C: when you only have C:. Same reason why Format C: will not work at the command prompt.