March 29, 2021

Self deleting USB

Hey, fellow redditors.

Long story short: I loan money on r/borrow and therefore I am presented with a lot of personal informations (scan/pics of ID, drivers license etc.). I keep them on a USB Drive encrypted with VeryCrypt (Serpent/SHA512) and a decent long passwort (20 characters [Numbers, letters, Signs]. After a burglary in our next doors apartment I was wondering if there are self deleting USB Drives or software which like deletes the data after 5 wrong login attempts. I am pretty sure my passwort would be pretty much unhackable but I was still wondering if it exists.

Comments

CyberSpecOps

You may want to consider using hardware based encryption. Something like the Apricorn AEGIS USB stick. I believe it will destruct itself after 10 attempts or so. Its been a while since I looked at the exact models available so things may have changed. I believe Ironkey also has something similar but on a software level.

On a side note, there is always techniques to bypass protections. Coworker of mine won a blackhat challenge by using an oscilloscope to pull a key from an encrypted device on bootup. Beat everyone else by over 10 mins getting the key by software means.

Ghawblin

> I am pretty sure my password would be pretty much unhackable

For now, anyway. Tricky thing with PII is that it never changes. Your DOB, SSN, Name, etc will always be the same outside of fringe cases (name change, SSN can be changed up to 5 times per lfietime). With PII, it’s important to think years in the future, not just right now.

Is a 20 character password with complexity uncrackable now via bruteforce/rainbowtable? Yeah, basically. If it self deletes, that would help prevent this.

Is a 20 character password with complexity uncrackable in 10 years via the same methods? Maybe, maybe not.

Does the authentication your USB drive uses 100% secure with zero bugs that allow a person to entirely bypass the authentication? Does the self-deleting have zero bugs that allow you to bypass the “5 and bye” rule? Maybe, maybe not.

**Will a common burglar breaking into apartments give more than 5 minutes worth of effort to try to do all this, assuming they even know how to use a computer?** Highly unlikely.

I think what you have now is fine unless there’s a conspiracy by tech-savvy gangsters to bust into your apartment and grab the USB like it’s a James Bond movie. Your password can probably literally be “beepbeep123” and likely would thwart the kind of person that breaks into apartments.

In CyberSec, we have a thing called “Risk Acceptance”, and it’s described as the level of acceptable risk. Is there a risk that a Chinese state hacker will break into your house and use state-of-the-art tools to hack your USB? Yeah that risk can happen. What are the chances it could happen? Basically zero. Should you spend time/money/effort trying to mitigate this risk, or should you just accept it?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.