Tell me: what does your usb key contain?
“Uh… movies, music, personal documents”
Right, please focus on personal documents. Go on.
“Hmmm. I currently have: some school reports, a letter to my insurance, documents from my mom, and my resume”
Still don’t get my point? Most people will end up attaching it to their keychain, which is equivalent to attaching a small note mentioning “hello, this is my address; feel free to visit my house” to whoever finds the lost keychain.
This key is a security disaster because it suggests to bring at the same place a token and detailed information about what the token opens. Usually, losing your houses key is no big deal since the lock it opens is secret, because a key looks like another key. Here we are breaking this information asymmetry between you and an attacker about the question “what does this key open?”.
Unless?
- Unless you encrypt the whole volume, but these keys are for easy data exchange, aren't they? Having to install TrueCrypt on a friend’s pc just to copy a video file seems a bit overkill to me, defeating the purpose of “easy data exchange”.
- Unless you are reeaaally careful about what you put into the key, but that seems pretty impossible to me. You know that one day or another you will end up with some document identifying you.
---
Edit Dec.5th 2009: hello Lifehacker commenters. Some nice alternative solutions were suggested in the LH comments. Note the two "unless" points mentioned above remain valid, but these solutions are good in-betweens.
- create 2 partitions: a small (some MB) partition in order to just host the TrueCrypt binaries, used then to access to the bigger (encrypted) partition
- create 2 partitions of mostly the same size: one for non-personal documents and binaries (including TrueCrypt) and one for personal documents
Thank you JTX & TheLostVikings
---