Yes, on all counts.

Modern flash is quite sophisticated (at least compactflash and USB sticks are, no idea about SD/MMC)

Not only does modern flash have multiple redundancies and ECC, it also has wear leveling and badblock reallocation. This is all completely transparent to the end user / operating system.

IOW, there is no need for the OS or filesystem to handle any of this.

And yes, the flash is larger than advertised for exactly these reasons. So are your hard drives (IDE, SCSI) which have similar features and have similarly reserved space.

by bani (467531)

Fujifilm. I just had one of those suckers go through the washing machine a while back. Still works.

by Fujisawa Sensei (207127)

I've had 4 of my 512 mb usb mem key's go through the wash dozens of times.. :-) no problems there at all :-)

documented on: Monday October 03, '05, marcushnk

Flash can survive being submersed just fine as long as you dry it out before using it. But the USB flash drives seem likely to get mechanically messed up because of the way they stick out. I didn't get to use mine that long before it got pried the wrong direction by accident and went "crunch," so now I just use CF and SD cards. Of course, if you don't use it a lot, only often enough to keep the documents up-to-date, maybe it won't be a problem.

Transflash or SmartMedia would be sturdier. But SmartMedia is obsolete and transflash is so small that it's very easy to lose.

You could just store the docs on your cellphone and plan not to lose it, or store on a memory card which is in your cell phone. But then the memory will get used more and be more subject to wearing out.

iButtons are about the sturdiest format there is, and they have encrypted ones too, but they don't have enough memory for much data. There are also flash-based smart cards you could keep in your wallet. But neither of those is common enough - it's hard to find a reader for them, harder than finding a usb port anyway. Smartcards _should_ be standard equipment for securely storing all your passwords and personal info, but it hasn't caught on, mostly because of paranoia about "big brother" or "mark of the beast" or identity theft or some such.

Maybe you could pop open an SD card, fill the empty space with epoxy and put it back together. It would probably be more durable that way. Or, do the same with a USB drive. Or use the SD card by itself most of the time, and keep a compact new USB SD reader in your knapsack.

Yeah somebody should be manufacturing a really tiny usb key that has encrypted flash, implements some smart-card-like protocols for partitioning information with different keys, and sticks out of the port less than 1 cm, and is very sturdy. Having it stick out less would reduce the leverage when it gets bumped against something.

ecloud

I deal with the write issue on a regular basis. We used to use flash for embedded systems but the annual replacement of flash drives got excessive. We now use microdrives, which have an actual spinning media drive in them.

If you're looking for a backup solution for your family data, organize your files in a competent manner (so it is comprehensive and well organized), and then develop a routine to write monthly CDs off.

by Anonymous on Monday October 03, '05

by PsychicX (866028) on Monday October 03

As far as encryption goes, for god's sake don't rely on anything the manufacturers ship. That stuff is meant to protect you from your average luser seeing files, not anybody who is honestly interested. Use Blowfish or Twofish for proper 2 way encryption.

> As far as encryption goes, for god's sake don't rely on anything the
> manufacturers ship.

I agree. And don't rely on full disc encryption products. We are just starting to understand the security issues of full disc encryptions, it will be a few years before I'd expect manufacturers to start understand it as well and be able to implement something secure. For now GBDE is probably the most secure, but even that isn't perfect. gpg —symmetric —cipher AES256 would probably beat any full disc encryption when it comes to security.

> Use Blowfish or Twofish for proper 2 way encryption.

Uhm, what is a two way encryption? And I'd advice against blowfish as it only uses 64 bit cipher blocks. Go for something with at least 128 bit cipher blocks and even more if you have many GB of data. AES256 have 256 bit keys and 128 bit blocks, which I think should be sufficient as long as you don't need to encrypt more than 64GB of data in the key's lifetime.

That's why you should use the plausible deniability built into TrueCrypt. Giving the attacker the password to the outer volume (who has been robbed at knifepoint for a USB memory device? that'll be the day..), and they still still have no idea an entire volume of your real data is hiding in the noise that is the freespace of the aforementioned outer volume. the outer volume needs to be FAT and it can have innocuous stuff on there like fake financial documents.. Enjoy [sourceforge.net]!

tonyz2k

by Xibby

…is your friend. Don't trust the key vendor's utility. PGP can be. accessed from any platform and isn't Win32-specific as the vendor's software is.

 For example:
Zip up your stuff (or tar.bz2, whatever...)
gpg -c --cipher-algo AES256 Stuff.zip

Copy Stuff.gpg to your flash media.

To decrypt, copy Stuff.gpg to your computer and run:

gpg -d Stuff.gpg > Stuff.zip

Don't forget your password. Make sure you use a trustworthy GPG binary, and the unencrypted archive should never be stored on your flash media!. The unencrypted version could be easily recovered using undelete software.

Now if it was me doing this, and I had some time on my hands, I'd look into the Linux crypto loop stuff. But that doesn't work all that well if nobody in your family runs Linux. So, I would have to opt for True Crypt [truecrypt.org] on a Windows machine, create an encrypted volume on my flash drive, copy over the improtant files, unmount and run for it. At my parents/grandparents/whatever, it would be trivial to download and intall true crypt again and get access to my files.

It's for Windows only, but I stumbled upon TrueCrypt found at http://www.truecrypt.org/ [truecrypt.org] and really like it. And it's not only useful for USB drives, but can be used to create encrypted logical drives on a Hard Drive. For the really paranoid, the documentation even covers lots of stealthy ways to use it so as not to be detected.

I'm certainly no expert at encryption, but it seems pretty solid. Basically, it creates an encrypted container file and then mounts it as a logical drive when you open the file through the app. I've seen commercial counterparts such as StealthDisk, and I think TrueCrypt's interface is easier to use and its execution is more solid.

It's OSS and free as in beer and as in speech.