How to Secure Your Computer, Disks, and Portable Drives

Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.

Cryptography is an exception. As long as you don’t write your own algorithm, secure encryption is easy. And the defender has an inherent mathematical advantage: Longer keys increase the amount of work the defender has to do linearly, while geometrically increasing the amount of work the attacker has to do.

Unfortunately, cryptography can’t solve most computer-security problems. The one problem cryptography can solve is the security of data when it’s not in use. Encrypting files, archives—even entire disks—is easy.

All of this makes it even more amazing that Her Majesty’s Revenue & Customs in the United Kingdom lost two disks with personal data on 25 million British citizens, including dates of birth, addresses, bank-account information and national insurance numbers. On the one hand, this is no bigger a deal than any of the thousands of other exposures of personal data we’ve read about in recent years—the U.S. Veteran’s Administration loss of personal data of 26 million American veterans is an obvious similar event. But this has turned into Britain’s privacy Chernobyl.

Perhaps encryption isn’t so easy after all, and some people could use a little primer. This is how I protect my laptop.

There are several whole-disk encryption products on the market. I use PGP Disk’s Whole Disk Encryption tool for two reasons. It’s easy, and I trust both the company and the developers to write it securely. (Disclosure: I’m also on PGP Corp.’s Technical Advisory Board.)

Setup only takes a few minutes. After that, the program runs in the background. Everything works like before, and the performance degradation is negligible. Just make sure you choose a secure password—PGP’s encouragement of passphrases makes this much easier—and you’re secure against leaving your laptop in the airport or having it stolen out of your hotel room.

The reason you encrypt your entire disk, and not just key files, is so you don’t have to worry about swap files, temp files, hibernation files, erased files, browser cookies or whatever. You don’t need to enforce a complex policy about which files are important enough to be encrypted. And you have an easy answer to your boss or to the press if the computer is stolen: no problem; the laptop is encrypted.

PGP Disk can also encrypt external disks, which means you can also secure that USB memory device you’ve been using to transfer data from computer to computer. When I travel, I use a portable USB drive for backup. Those devices are getting physically smaller—but larger in capacity—every year, and by encrypting I don’t have to worry about losing them.

I recommend one more complication. Whole-disk encryption means that anyone at your computer has access to everything: someone at your unattended computer, a Trojan that infected your computer and so on. To deal with these and similar threats I recommend a two-tier encryption strategy. Encrypt anything you don’t need access to regularly—archived documents, old e-mail, whatever—separately, with a different password. I like to use PGP Disk’s encrypted zip files, because it also makes secure backup easier (and lets you secure those files before you burn them on a DVD and mail them across the country), but you can also use the program’s virtual-encrypted-disk feature to create a separately encrypted volume. Both options are easy to set up and use.

There are still two scenarios you aren’t secure against, though. You’re not secure against someone snatching your laptop out of your hands as you’re typing away at the local coffee shop. And you’re not secure against the authorities telling you to decrypt your data for them.

The latter threat is becoming more real. I have long been worried that someday, at a border crossing, a customs official will open my laptop and ask me to type in my password. Of course I could refuse, but the consequences might be severe—and permanent. And some countries—the United Kingdom, Singapore, Malaysia—have passed laws giving police the authority to demand that you divulge your passwords and encryption keys.

To defend against both of these threats, minimize the amount of data on your laptop. Do you really need 10 years of old e-mails? Does everyone in the company really need to carry around the entire customer database? One of the most incredible things about the Revenue & Customs story is that a low-level government employee mailed a copy of the entire national child database to the National Audit Office in London. Did he have to? Doubtful. The best defense against data loss is to not have the data in the first place.

Failing that, you can try to convince the authorities that you don’t have the encryption key. This works better if it’s a zipped archive than the whole disk. You can argue that you’re transporting the files for your boss, or that you forgot the key long ago. Make sure the time stamp on the files matches your claim, though.

There are other encryption programs out there. If you’re a Windows Vista user, you might consider BitLocker. This program, embedded in the operating system, also encrypts the computer’s entire drive. But it only works on the C: drive, so it won’t help with external disks or USB tokens. And it can’t be used to make encrypted zip files. But it’s easy to use, and it’s free.

This essay previously appeared on Wired.com.

EDITED TO ADD (12/14): Lots of people have pointed out that the free and open-source program TrueCrypt is a good alternative to PGP Disk. I haven’t used or reviewed the program at all.

Tags: , , , , , , , , , , ,

Posted on December 4, 2007 at 6:40 AM109 Comments

Comments

Mihai Criveti December 4, 2007 7:32 AM

I suggest you try TrueCrypt – an open-source disk encryption software for Windows (2000/XP/2003/Vista) and Linux. It provides two levels of plausible deniability (hidden values / no signatures to make a distinction from random data), on the fly encryption and various encryption algorithms (AES-256, Serpent and Twofish) and can use both passwords and keys.

http://www.truecrypt.org/

I’ve listed a few more tools (FreeBSD GELI, NetBSD CGD and so on) on http://unixsadm.blogspot.com/2007/10/digital-forensic-tools-imaging.html

Mike Delta Sierra December 4, 2007 7:42 AM

TrueCrypt doesn’t provide whole disk encryption.

Speaking of PGP: Is the whole disk encryption still Windows only?

Mike Delta Sierra December 4, 2007 7:50 AM

TrueCrypt is great, it’s true FOSS, however, it doesn’t provide whole disk encryption. Although encrypted disk images are great for the purpose Bruce described above (or if you have to work with a Mac), there are never sufficient to really protect the data on a system.

Forsetti December 4, 2007 7:56 AM

Any recommendations for key escrow ? I don’t want my employees encrypting company data on their company PC in such a way that the company cannot recover it in the event the key is lost or the employee fired.

Anonymous December 4, 2007 8:01 AM

TrueCrypt is good, but it’s strange license is not compatible with the Debian software guidelines, DFSG, which stops it from being a part Debian based distributions, like Ubuntu. If it would use another license, like BSD or GPL, I’m sure it would become the de facto standard for disk encryption. But that choice is entirely up to the developers.

Paeniteo December 4, 2007 8:02 AM

One might want to modify the statement that BitLocker is “free” a little bit.

Being a proprietaty Microsoft product, it is definetely not free software (as in freedom).
It is not even “for free” (as in beer), because it ships only with Vista Enterprise or Vista Ultimate – the two most expensive editions of Vista.
http://technet2.microsoft.com/WindowsVista/en/library/58358421-a7f5-4c97-ab41-2bcc61a58a701033.mspx#BKMK_Vista

As to easiness of use, I cannot make any definite statement. However, if it’s anything like NT-EFS, it will look simple at first (check “encrypted” and there you go) but become awful when it comes to things like backing up the encryption keys to survive a reinstall.
See the above FAQ link for questions like “Can I use BitLocker without a TPM” to get a hint of what I mean.

Mihai Criveti December 4, 2007 8:10 AM

@Forsetti: I’m afraid you can’t really stop empoyees from encrypting company data on their PC.

You can try to stop them from installing 3rd party tools, or ban various products based on hashes or DEP or some kind of group policy / SMS / whatever. And implement proper company policies that restrict them from using 3rd party encryption software.

You can also lure them into using your encryption tools (like a PKI certificate based solution for encryption and signature) and hope they won’t use anything else :-).

Bogos December 4, 2007 8:17 AM

Truecrypt is indeed a pretty good solution for encrypted containers only (no whole disk encryption), but it only works in Windows and Linux, no Mac support. It’s supposedly forthcoming however.

Also, like someone already mentioned, its strange license prevents it from being included in most Linux distributions out of the box. It also lacks a simple to use GUI on Linux at the moment, but apparently there’s a tool for this that will be included on the upcoming Ubuntu release:

http://ubuntuguru.wordpress.com/2007/12/01/how-to-keep-secret-with-easy-crypt/

As for whole disk encryption in Linux there is native support in the form of dm-crypt/cryptsetup-luks, and most modern distros will allow you to encrypt all partitions and swap space you create, except for the /boot partition which is needed to boot the system.

However, both of these solutions, as far as I know, haven’t been reviewed by security professionals. I’d still rate them higher than Vista’s Bitlocker due to it being closed source without any peer review.

Martin December 4, 2007 8:20 AM

@Bruce –
Good posting. I am sure PGP appreciates the plug. Given your position in the field, it would be even more helpful to give a broader review of personal computer security products — or at least a pointer to one. Is PGP truly unique?

As to “stand and deliver” tactics at border crossings, etc.: is there a “shadow disk” method where you have two keys – one opens up the real stuff and one opens up a sanitized disk version?

mike December 4, 2007 8:21 AM

“The one problem cryptography can solve is the security of data when it’s not in use.”

This statement is only true if “cryptography” equals “classic encryption”. There is plenty of research in modern cryptography about more “active” encryption schemes that allow various computations on the encrypted data.

TR December 4, 2007 8:23 AM

Or you can switch to Mac and use File Vault, it has built in AES 128 bits encryption for the user home folder, it’s my favorite one.
And yes it just work on a Mac.

Mihai Criveti December 4, 2007 8:26 AM

File Vault in MAC had a pretty nasty vulnerability a while ago. It didn’t used to encrypt SWAP and you could carve out the keys from the page file. Make sure you also use encrypted swap if you’re using File Vault.

See Unlocking File Vault:
crypto.nsa.org/vilefault/23C3-VileFault.pdf

Yes, newer versions of MacOS FileVault also support swap encryption.

Same applies for other non-full-disk-encryption programs: clear the swap or disable it.. last thing you want is a safe with the keys under the rug :-).

Flasker December 4, 2007 8:26 AM

@Forsetti “recommendations for key escrow”

If you use bitlocker you can set up group policies to have the keys backed up into active directory.

Dewey December 4, 2007 8:32 AM

@Martin

While a review of the whole spectrum would be nice, I suspect Bruce’s visibility into PGP is much better than into any others (in fact, from the others perspective, his business relationship with PGP would prevent them giving him similar insight into their products.)

Note that Bruce didn’t say it’s unique or better than anyone else or that it’s perfect. He simply said he trusts it, based on his (better than average) knowledge.

Quercus December 4, 2007 8:32 AM

So for border crossings/UK, do we need an encryption program that that accepts any of n different passwords, each of which gives access to different data (while not ever disclosing what n is)? The first area is a full windows installation, with some really boring data, while the real subversive material is on a second, hidden area. (You need to have more than two, for when the authorities eventually figure this out and make you type in two passwords. In this case, the second area has embarassing, but not anti-government stuff- say, gay porn– while the third area has the ACLU literature and Paine speeches).

[On preview: what Martin said]

Mike Delta Sierra December 4, 2007 8:33 AM

@Mihai Criveti: Swap encryption is still not enable by default in Mac OS X 10.5. In addition, FileVault still uses RSA-1024 to encrypt the FileVault keychain, AES-128 is ‘only’ used for the data encryption. FileVault is only recommendable because it’s the best of many bad encryption solutions on the Mac.

Dewey December 4, 2007 8:34 AM

BTW, does anyone know the “security” of the hardware level IDE disk “encryption”. Short password, yes, but other than that, any ideas?

(Other than it being a PITA now that my laptop died, my other laptop using SATA instead of IDE and the IDE->USB converters not handling the password issues.)

TIA

Mihai Criveti December 4, 2007 8:44 AM

@Martin and @Quercus – You can use Truecrypt with hidden volumes (they cannot be detected and provide plausible deniability – you can say there’s nothing there and they can’t prove it). You can have a key that opens a fake data store – where you have some files that look confidential, and a hidden volume that can only be opened if you’re using the proper key.

You can also use random files as keys on your USB drives. Example: you can only open your hidden volume if you select your favorite MP3, JPG and a password.

Though you cannot use it for full disk encryption (for your system disk), so you really should use it for your external disk or USB drive. Remember to clear swap on shutdown.

BestCrypt, DriveCrypt, FreeOTFE, Scramdisk and e-Capsule also support hidden containers.

Mihai Criveti December 4, 2007 8:58 AM

@sid77 quite true. This is where open source, full disclosure and source code auditing come in.

Remember, there were encryption products that had a “master / skeleton key” built in :-).

Anonymous December 4, 2007 10:27 AM

RE: the authorities telling you to decrypt your data for them.

System on USB flash? You can show customs your laptop, while your secret plans for world domination are safely in your pocket. Security through obscurity, sure. But there’s nothing wrong with that as long you don’t rely on it as your ONLY protocol.

Anonymous December 4, 2007 10:48 AM

Truecrypt’s plausible deniability may not be good enough. As you won’t be able to prove that the random data on the disk drive is not actually encrypted data.

Be careful about letting people handle your computer while it on, even if locked. There are firewire devices that can be used to dump memory and that might recover some cached keys.

Probably the best thing to do for border crossing is do a wipe and reinstall of windows (as just doing a wipe would probably draw more suspicion) and then when you get to your destination, reinstall your OS of choice and download any needed files. This also protects you from any software they may have installed on your machine while they were inspecting it.

Bob December 4, 2007 11:04 AM

@Anonymous: “Truecrypt’s plausible deniability may not be good enough. As you won’t be able to prove that the random data on the disk drive is not actually encrypted data.”

You don’t have to. You admit it’s encrypted data and give them the password for the outer volume. The burden is then on them to show beyond reasonable doubt (at least for RIPA I believe) that there’s a hidden volume.

nedu December 4, 2007 11:10 AM

“The one problem cryptography can solve is the security of data when it’s not in use.”

Bruce,

I know you didn’t mean to imply otherwise, but this is worth stating explicitly: Cryptography is not a substitute for a risk analysis.

In particular, if the risk to data availability outweighs the risk to data confidentiality, encryptation may be contra-indicated. Iow, if you’re maintaining long-term backups, off-line at a site with adequate physical security, you might be much more concerned about reading them a decade from now as opposed to preventing people from reading them in the intervening decade.

This point is worth emphasizing–especially because these “rules” tend to work their way into regulatory requirements.

Cryptography is not a substitute for risk analysis.

mike December 4, 2007 11:13 AM

Perhaps you can set up a dual-boot system, one of which boots into your sanitized, unencrypted OS image. Let the border guards scan that all they want.

nix December 4, 2007 11:23 AM

Bruce, I would like to make a short comment on your two-tier encryption strategy. The protection against a Trojan reading the not-so-often-used files depends on the time when the computer got infected with the Trojan. Having the presumption that you actually do read those files from time to time, a Trojan that infected the computer BEFORE you accessed those files could read the password (and the files) as you access them. If the attacker knows what she is looking for, all she has to do is sit and wait until next time you make access to the not-so-often-used files. To increase security of the archived files one could store (and access) the files securely, off the network, which would be a classic example of comfort-security tradeoff 🙂

Gé Weijers December 4, 2007 11:26 AM

Another option: the latest Ubuntu version can be set up to use (almost) whole disk encryption. Only a boot partition remains unencrypted, the remaining partitions are stored in an encrypted volume manager partition.

You will be asked for your pass phrase early in the boot process.

You will need to download the ‘alternate’ install CD for this functionality (it uses a text-mode installer).

FreeBSD can be persuaded to do all this too, but it requires advanced system administration skills.

Anonymous December 4, 2007 11:48 AM

@Bob
Showing the first set of data doesn’t work. As there will be more random data than can be account for by the files being displayed. What is taking up the rest of the space?
Your average border guard will be fooled for now, but eventually you can expect people using TrueCrypt to get asked for their second password or else.
It’s better to take a clean PC through and get the data for it later. (As long as you expect to have good bandwidth at your destination.)

Paeniteo December 4, 2007 12:02 PM

@Anonymous: “What is taking up the rest of the space?”

Well, Truecrypt uses Containers of a fixed size. There will always be unused space at the end unless you like to fill up your encrypted volume to exactly 0% space left (which means that you will likely have to create a new volume at the time of the next write access).
The unused space is filled with random data upon creation and it cannot be distinguished from an “inner” volume stored there.

OK, so you might come to arguments like “Why do you create a 1GB Truecrypt volume to store only 10MB of financial records?”
Well, it’s hard to buy smaller USB drives nowadays and you just choose to use the whole drive.
HDD storage space is cheap, too, and as you cannot trivially enlarge containers, you would create one that is really large enough for your future purposes.

Ex-PGP Customer December 4, 2007 12:31 PM

I just dropped PGP after using it for more than 10 years (since the ViaCrypt days) because of their terrible support for the Mac product (which I switched to last year). Their Leopard Beta was late, still don’t have a production date, and they refuse to state what the upgrade cost/path looks like.

I keep hoping that Apple will work with the hard drive vendors to develop a hardware-based whole disk encryption scheme.

zconsultant December 4, 2007 12:32 PM

I see many organizations scrambling to utilize whole disk encryption while minimizing the burden on the user. Very often this includes synchronizing the password used to access the decryption key with the user’s Windows password. With all the keyboard trojans, phishing attacks, dictionary attacks etc this seems like a very bad practice. We are putting a lot of faith and power in one credential.

konrads December 4, 2007 12:54 PM

@Forsetti: Usually, companies are concerned that sensitive data is not disclosed if laptop is lost; not that authorities will demand encryption keys and thus data will be available. There are a number of products which feature some sort of key management for encrypted partitions. My company uses SafeBoot – not the best of them (Hibernate kills the partition, e.g.), but it features key management – if an employee forgets his passphrase, there is usually a second account – local sysadmin, who can access the data.

Brian December 4, 2007 1:19 PM

System on USB flash? You can show customs your laptop, while your secret plans for world domination are safely in your pocket. Security through obscurity, sure. But there’s nothing wrong with that as long you don’t rely on it as your ONLY protocol.

@Anonymous

Yeah, I keep a USB card in my wallet for all my important information such as passwordsafe.

Jeff Flowers December 4, 2007 1:45 PM

I really like things like Damn Small Linux, where everything in the system is read only but for the working space provided on a ramdisk. That way, decrypted information is never written to the hard drive, where a computer forensics tool might be able to recover it from swap or from an application’s temp file.

But booting from CD sucks. I wish I knew of a way to create a hard drive booting read only Linux system that worked that way.

RC December 4, 2007 1:51 PM

TrueCrypt has bugs, including that if you use it, close it, and then try to reopen the same encrypted file, it fails. Bugs like this make me doubt the integrity of the security implementation.

AES is secure, but a particular implementation might not be.

Steve December 4, 2007 2:00 PM

@RC

Odd.. TrueCrypt doesn’t show any problems when I use, close, and then reopen the same file.

allochthon December 4, 2007 2:12 PM

I am waiting impatiently for TrueCrypt to come out with a mac version. Not having a tool to share an encrypted USB drive between my windows, ubuntu and mac computers is very frustrating.

But I know better than to expect TrueCrypt to actually follow through…

RC December 4, 2007 2:30 PM

@Steve

I think it is this problem, described in their documentation:
If dismount is forced on a TrueCrypt volume when TrueCrypt runs in traveller mode, the TrueCrypt
driver will not be unloaded when TrueCrypt exits (it will be unloaded only when the system is restarted
or shut down). This prevents various problems caused by a bug in Windows (for instance, it would be
impossible to start TrueCrypt again as long as there are applications using the dismounted volume).

Has anyone heard of this bug in PGP?
http://it.slashdot.org/article.pl?sid=07/10/04/1639224

Darren Meyer December 4, 2007 2:39 PM

I’ve had varying degrees of success with TrueCrypt, but there is one thing I really like about it: deniable encrypted file systems. It’s a great way around the “turn over your keys” hole.

It works (in general) like this: you create an encrypted volume — say 4GiB in size. On that volume you store some “sensitive” data, but not truly important stuff. Maybe some personal information that you’re willing to “lose” if necessary.

Additionally, you create an invisible encrypted volume within that outer volume — say 2GiB in size. You store the truly sensitive data in that volume. According to TrueCrypt, and best I can tell from my limited analysis, you simply can’t mount that “inner” volume unless you already know it’s there.

The additional data in the outer volume serves as a red herring. You turn over your key to the outer volume, the authorities/bad-guys-with-guns/what have you see some protected data and conclude they have everything. If they ask you if there’s an inner volume, you can say “No, sir!”, and they can’t prove otherwise.

Very nice. I’d love to see someone of Bruce’s caliber do a detailed analysis and review to see if the claims are really true, but they do appear true on first blush.

Anonymous December 4, 2007 2:44 PM

You guys keep getting the burden of proof wrong. This isn’t a court of law; you don’t have rights at the border. You need to prove to them that there isn’t encrypted information hidden in that random looking data. They don’t have to prove anything to you.

Mace Moneta December 4, 2007 3:18 PM

On Linux, I prefer encfs:

http://arg0.net/wiki/encfs

No pre-allocation of space. No pointless encrypting of system files – and the attendant performance impact (more significant on slower CPUs). Secure, even from root access, as the filesystem runs in user space.

I’ve used encfs with laptops, desktops, flash, and even network drives. Even the AOL ssh(fs) mountable 100MB you get when you sign up for an AOL IM account.

I put all sensitive configuration files (like ~/.ssh private keys, firefox saved passwords, email accounts and data, etc.), as well as personal data (financial, medical, legal, etc.) into encfs, and unlock at login. If someone steals hardware, all they get is hardware.

I get better use of my hardware, because 99.9% of the data doesn’t involve encryption overhead. The encrypted data can be backed-up like regular data. Usage is easy; place data in an encfs directory, and it’s encrypted transparently. It was the best solution I could find, after trying many, many alternatives.

Mihai Criveti December 4, 2007 3:43 PM

@ Mace Moneta
One of the points of pre-allocating space is hidden volumes and (2 levels of) plausible deniability. They can’t prove there is data there, it looks like you just did a dd if=/dev/urandom of=/dev/rwd0c bs=2048 or whatever.

Performance impact wouldn’t be all that bad with a crypto card or a CPU with built in crypto (see Via C7 or Niagara 2).

ENCFS is also vulnerable to an inference attack, as people can see how many files you have, permissions, size, filename length, MAC times and such. It can’t use hidden volumes either, or do full filesystem encryption. Also, you can’t format it with any filesystem. Overall, it looks pretty weak. Consider Truecrypt or dm-crypt at least…

infosponge December 4, 2007 5:17 PM

It’s all well to discuss plausible deniability strategies to protect privacy and data when crossing borders but the elephant in the room is why techniques designed for espionage and survival in unfree states are necessary for international travelers crossing between nominally free countries.

The whole idea of searching individuals’ data and property at border crossings is utterly ridiculous in the era where data moves without limit via the Internet and commercial transborder movements measured in the trillions of dollars are essentially unsupervised.

Truecrypt hidden volumes are good, but what’s really needed is a political fix for the unlimited power of customs to search and seize without due process.

David December 4, 2007 7:16 PM

If the various border-security dudes want to crawl over my laptop, then it would certainly encourage me to sanitise the machine. But I’d still need access to files on the road.

Rather than encryption, which I think generally encourages the dudes to be suspicious, I would consider storing my ‘fun’ files that I need on the road on any of the web-based services – be they email (Gmail for instance), storage (YouSendIt as an example) or even the upcoming web-based document management services.

Stored suitably encypted, of course!

Colossal Squid December 5, 2007 4:03 AM

Got full disk encryption on my Debian box.
Regarding the airport scenario, could one set the machine to boot off a live CD? Are the border agents really going to attempt to trawl through your hard disk? Surely they’re more interested in seeing whether you’ve replaced the innards with a verboten toothpaste dispenser or something.
As for data storage maybe Amazon’s S3 service might be worth a look,holding encrypted ISOs to be downloaded when required.
This might also be a way around the UK’s RIPA provisions for key disclosure, if this Heise article is to be believed:

“Finally, due to jurisdictional limits, only encrypted data and keys physically held within the UK seem to be subject to the new provisions.”

Link: http://www.heise-security.co.uk/search/result/?rm=result;words=RIPA;q=ripa;url=/news/96850/

(You can specify whether to hold data on US or European servers. S3 link:
http://www.amazon.com/gp/browse.html?node=16427261)

Weird December 5, 2007 5:41 AM

i use bestcrypt volume encryption for my windows machines. it also has the option of two containers, like truecrypt, but the best part is the “message” that indicates (to me) that i should type in my boot passphrase, it simply gives you a common boot failure error message, ala “operating system not found”, giving you the opportunity to tell the customs officer that the machine is broken or not yet in use.

Rob December 5, 2007 6:21 AM

I like using TrueCrypt at home, but I can’t use it for the USB drive I take to work: I can’t get administrator access to run the TrueCrypt drivers – it’s just not happening. Any suggestions on how to protect my USB drive? I can run Password Safe and CruzerLock from the USB drive, but I find CruzerLock cumbersome.

Bob December 5, 2007 6:59 AM

@Rob “I can’t get administrator access to run the TrueCrypt drivers”:

You could try tcexplorer.

@Anonymous “This isn’t a court of law; you don’t have rights at the border”:

Sure – I mentioned burden of proof only in the context of RIPA being used. At a border crossing a better bet would be stenography/obfuscation (e.g. Wierd’s “operating system not found” message) as border guards won’t have the time/resources/inclination to perform a more thorough search.

Paeniteo December 5, 2007 7:05 AM

@Rob: Maybe you can convince an Admin to install Truecrypt for you, as this is the only step that requires Administrator rights. You can run it as an unpriviledged user if the driver is installed.
(NB: As “traveller mode” requires driver installation every time you run TC, Admin rights are always required in that case.)

Otherwise you are screwed for practically all software that uses some virtual device driver to give you a transparently encrypted filesystem.

The problem with gay porn December 5, 2007 8:56 AM

The problem with gay porn is that it’s now being such a standard for “embarrassing data that you pretend you want to hide” that the time the police sees gay porn on your hard drive, they’ll know you’re hiding something.

Bad time to like gay porn, I say.

curious December 5, 2007 9:00 AM

Anybody has any feedback on what I’ve been trying ?

losetup -e aes /dev/loop0 /some/file
mount /dev/loop0 /mnt/enc

/mnt/enc has an ext2 fs on it.

AFAIK, the crypto is 256 bit AES. Any known flaws here (apart from having to enter a passphrase every time and not forgetting to umount and losetup -d) ?

Thanks, just curious.

mack December 5, 2007 9:15 AM

You guys keep getting the burden of proof wrong. This isn’t a court of law; you don’t have rights at the border. You need to prove to them that there isn’t encrypted information hidden in that random looking data. They don’t have to prove anything to you.

This makes my blood boil. While (probably) true, this comments just goes to show some people need shooting, and quick.
And not just the border guards, the politics as well. First, actually.

Clive Robinson December 5, 2007 9:25 AM

@ Bruce,

You say,

“The one problem cryptography can solve is the security of data when it’s not in use.”

Ouch… You forgot to mention the cryptography “dark side” i.e. “key managment”.

As any Tech Support bod knows one of the more common problems is when a user says “I’ve forgoton my password”. With “whole disk” or any other encryption of user data, how long will it be before the reply from Tech Support is “I’m sorry there is nothing we can do”.

And what do you think the CEO/CFO who is told this about their laptop will say?

nedu December 5, 2007 9:32 AM

When protecting your (digital) papers from an unreasonable search and seizure, there are a number of scenarios to consider:

a) Expected checkpoints, such as border crossings.

b) i) Unexpected checkpoints, and ii) expected checkpoints with unexpectedly intrusive searches (e.g. during airport security screening for a domestic flight.)

c) Subpoena or other compulsion to produce your papers.

d) Warrant or other physical seizure i) executed while you are working with your papers, and ii) executed at a place where your papers are stored.

e) Covert surveillance: i) hardware keylogging, ii) software trojan, iii) passive optical or IR wavelengths (camera) or other EMR (e.g. RF) (aka TEMPEST).

What did I leave out? Are there other ways the authorities may search or seize your digital papers?

Which of these attack classes are redundant? Iow, do any of these share significant properties? For instance, I classified subpoena and warrant separately, because a subpoena leaves the defender in physical control of their papers. Is that really a significant difference?

In all these scenarios, encrypting your data may be a useful and necessary component of a defense. But it seems to me that it shouldn’t be your first line, and one shouldn’t be overconfident in its effectiveness.

Are you going to cough up your password after they waterboard you?

Sam Greenfield December 5, 2007 9:48 AM

What’s the performance and recovery impact of using whole disk encryption on a laptop? I don’t keep confidential or sensitive information on my laptop, but I do frequently need laptops to run quickly. (For example, if I am working with photographers, the ability to read data from a flash card and write it to a drive quickly is important.) In addition, there are many times when I have worked with people who needed their drive recovered due to hardware failures. If the file system is encrypted, I believe it makes recovery significantly more difficult.

You write, “Cryptography is an exception. As long as you don’t write your own algorithm, secure encryption is easy.” And you are correct. But it doesn’t negate your original statement, “Computer security is hard.” There are trade-offs when using whole disk encryption.

Paeniteo December 5, 2007 9:57 AM

@Clive Robinson:
Encryption does not solve problems of data backup and recovery. It might even make those more difficult to solve.

arctanck December 5, 2007 10:48 AM

Thank you for the updates. I didn’t realise that Malaysia has passed the law that gives police the authority to demand people to divulge passwords and encryption keys! I wonder what’s the motive for the Malaysian government to take such a tough stance on information getting in and out of Malaysia, physically!

Bob December 5, 2007 11:14 AM

@curious “Anybody has any feedback on what I’ve been trying ? [losetup crypto]”:

I wouldn’t touch cryptoloop with a barge pole, do a few google searches about it. It’s deprecated now anyway, look into loop-AES or dm-crypt with LUKS instead.

stingray December 5, 2007 11:42 AM

While reading the comments and the blogpost I was wondering: is it possible that somebody calls himself an expert in IT security issues without knowing “TrueCrypt”? He is affiliated with PGP and could use all their programs for free but a real expert should have a overview over the complete market in order to make really good recommendations.

I thinks this shows a basic problem: security and commercial interest simply do not fit together. Every commercial product could have a hidden backdoor to let the authorities or blackmailers have access to your data. The only solution is to have an open source product where the community of developers makes sure that the product is clean and secure.

stingless ray December 5, 2007 1:01 PM

Stingray: PGP publishes their source, and it’s probably the single best reviewed piece of crypto software in the world. There are no back doors.

Lots of bugs, but no back doors.

woody weaver December 5, 2007 2:38 PM

I think Clive Robertson’s observation, and Paenito’s clarification, are very much on the mark. Bruce’s original comment, “The one problem cryptography can solve is the security of data when it’s not in use. Encrypting files, archives — even entire disks — is easy.” is naive, but probably predictable. Its the same voyage of personal discovery he made going from Applied_Cryptography to Secrets_And_Lies — math is easy, but security is hard.

Even the personal deployment of encryption technology has a lot of hard questions. Key generation and management are tough, even with very useful tools like PasswordSafe. (I have a usb watch, and keep a copy there…) Paeniteo raises the data availability issue. Other kind of control issues come up — computers that aren’t connected to other computers are only slightly more useful than toasters. Even if you have perfect control over what is on a particular piece of media, its really hard to control what crosses the security boundary for that media.

I keep going back to something Bill Murray said to a kid who was complaining that his CIO wasn’t taking his advice about upgrading security by switching from DES to 3DES: Bill’s response was that if that is your biggest worry, you have a very secure site indeed. Theoretical bugs or back doors in PGP or TrueCrypt are fun to think about, but its not where the problem lies…

James C-S December 5, 2007 5:04 PM

TrueCrypt does allow whole disk encryption – but not of C drive (for Windows machines.)

You can tell TrueCrypt to format a device as a true crypt volume. Useful for extra drives, USB drives, etc.

I can’t comment on Linux I’m afraid.

Anonymous December 5, 2007 6:37 PM

I just came across a produce called ‘Free CompuSec’,
which provides whole-disk encryption:
http://www.ce-infosys.com.sg/english/products/free_compusec.html

I use it and it seems to work great. It’s some pre-boot authentication software which encrypts the whole drive, including every partition on that drive. It also allows you to encrypt USB sticks and CDs, and has a few other features I don’t use.
Of course I don’t really know how secure it is.
For really sensitive data I use several Truecrypt containers with hidden containers. That means some of my data is encrypted three times! ( I know that this doesn’t necessarily increase security… Guess it can’t hurt though, hopefully at least one of them is safe)

No perceivable performance penalty, modern computers can easily handle the little overhead.

John Macdonald December 5, 2007 8:24 PM

For data that really must be protected even when the investigators have the law to force you to provide a password, there may be a safeguard possible.

Use a software variant of the military missle activation system, which requires multiple people to each insert their key to enable access.

Have a file or filesystem which is encrypted, but the crypt key is created from merging a number of separate keys. The crypt key is never saved, but recomputed when it is needed. When you need to unlock the data, then, you run a program that connects with the other keyholders, explain the reason for access, and then all of the keyholders provide (or refuse to provide) their key.

As long as the other keyholders are outside of the jurisdiction, and as long as you are not forced to trick the other keyholders into believing that this is a business-valid use, they can simply refuse and the data remains safe. (The owner of the laptop on the other hand is still at the mercy of the local police, so he or his company must be willing to provide the appropriate legal resources at this point.)

Instead of other human keyholders, it could be a program that is contacted. The program can include things like a timelock, so it will never provide keys at an unexpected time. The key could even be set so that it is normally locked (and the program refuses access). Unlocking would be a group decision for a specific time period.

While if you have sufficient network access to connect to the keyserver program and securely transfer the one-time unlock key, then you would usually be able to just use the same secure channel to access the data remotely and not have it on the laptop in the first place. However, the timelock code might be provided in advance and included on your laptop, or the final key might be emailed an hour before the expected use – so at the time of crossing the border, you simply do not have the key to unlock the data.

JakeS December 6, 2007 2:37 AM

Why is it so important to encrpt the whole disk – including the operating system and application programs? In a properly implemented system, the OS and applications would be in a read-only space, and data would be in a separate (writeable) space which would be all you would need to encrypt.

Dave Whitelegg December 6, 2007 5:15 AM

“All of this makes it even more amazing that Her Majesty’s Revenue & Customs in the United Kingdom lost two disks with personal data on 25 million British citizens, including dates of birth, addresses, bank-account information and national insurance numbers” “the U.S. Veteran’s Administration loss of personal data of 26 million American veterans is an obvious similar event. But this has turned into Britain’s privacy Chernobyl.”

Hi I’m from the UK, we are talking almost half the UK population is affected by this breach by our own government, who are after all the same people who write the data protection laws.

In my case I was exposed to rise by HMRC two weeks prior the big event when HMRC lost another CD which didn’t really make the press. Then all of my family, including my children were put at risk with the most recent one.

I think the HMRC breach will drive a serious change of perception of Information Security within the public and private sectors in the UK. I know a lot of private organisations who normally wouldn’t care too greatly about InfoSec are now worried, mainly due to the negative press exposure of this event. It’s a real pity it takes a serious breach before an organisation or country places an emphasis on information security.

If you are interested in the HMRC breach in the UK, read by blog @ http://blog.itsecurityexpert.co.uk

Paeniteo December 6, 2007 5:17 AM

@JakeS:
Maybe you do not want everyone to know which applications you are using?

As to the “properly implemented” system: With the possible exception of live CDs, such a thing simply doesn’t exist.
There would be serious limitations, too, if the system and applications could not be changed.

Andrew McQueen December 7, 2007 3:33 AM

Hi

I am from the UK and my family’s financial details have also been put at risk courtesy of the fools at HMR&C. Mind you, if you have any contact with government departments, from the most junior member to senior politicians, you can understand why this happened. They generally aren’t the brightest bunch – guess that’s why they take safe, undemanding jobs with the government.
They compounded the problem by sending us and everyone else affected a letter of apology. However, this letter also lists a great deal of information about my wife (who claims the child benefit) such as National Insurance number and child benefit registration number which would be useful to a 3rd party. Oh, and a significant number of these letters appear to have been sent to the wrong addresses – great!

Andrew McQueen December 7, 2007 3:40 AM

I use PGP Full Disk encryption for the same reasons as Bruce and it gives me great peace of mind (hope that isn’t mis-guided!). However, the one drawback is the performance hit. What about these new Full Disk Encryption drives from Seagate which implement encryption at the hardware level? I am trying to get hold of one in the UK but they are only just being released here. If there is little or no performance hit this solution might be better for me, particularly with Vista, than PGP. The question is which is faster – PGP software with a 7,200 rpm disk or hardware FDE with a 5,400 rpm disk (assuming security is at a similar level)? Now, if they released a 7,200 rpm disk with FDE I think the answer would be clear.
Bruce has commented in the past about these disks but I was surprised he didn’t mention them in this article.

2fewsecrets December 8, 2007 7:56 PM

“…secure encryption is easy.”
Break the implementation, OS, not just the encryption. Even still, almost all software, and maybe hardware crypto is flawed, unless you start getting serious…
Hard drives sure remember a lot…
Oh well, if you want security, don’t have anything valuable, otherwise, unless you have major access and dollars, most locks only keep honest people honest…
Wouldn’t you expect whoever to be able to break almost all implementations and OS, as typically practiced by even smart people who just use one computer for everything, online, etc?
Even the informed tend to only know the tip of the iceberg. There ARE a lot of weird whatevers, that you don’t read about….
.02
Love the blog though, keep up the good work Bruce.

poorguy December 10, 2007 12:56 PM

What if the encrypted message looks like an unencrypted message?

Eg. Message, “Meet you 12:00 pm at Joe’s for lunch.” meaning “Disregard. Next message between 12;00 and 12:30 pm at Kathy’s voicemail.”

Is this steganography?

Richard Johnson December 10, 2007 6:39 PM

One debilitating problem with PGP Disk, which I used from when it was still CryptDisk, is its new (version 9+) requirement on having your PGP keyrings on-line and accessible.

This prevents keeping your keyrings safely separate from your host except when you’re actively using them, e.g. on a USB flash drive that isn’t always mounted. You’re forced to make a wholly unnecessary choice to secure your keyrings or encrypt your data.

There’s never been any acknowledgment of this as a bug, despite multiple reports. And it’s not going to be fixed. I’ve had to ditch using PGP Disk and PGP.com software as a result. It’s a crying shame.

Sherwood Botsford December 11, 2007 3:14 PM

Security through obscurity does have it’s place. Although a good chunk of this is as much social engineering as it is security.

Were I carrying a laptop through borders with Black Hats, I think I would create a hidden partition. Important encrypted data goes there. For the main part of the disk, with the casual stuff, that would be encrypted too. You want them to find something.

Would it work against a thorough search? No. Would it work against a casual border search? Probably, as long as you don’t look too nervous.

We can give some greater depth:
Much has been said about encryption algorithms. Much has been said about the tricks to implement them well. I’ve not seen much about the front end. It occurs to me that the front end can have an enormous multiplier effect on your security.

A good encryption front end should have a way to destroy the data. Often the data in question is mostly duplicated at the home office, so losing the field copy is inconvenient, but not disasterous. Suppose there are two keys, one to decrypt, and one to destroy. The second can be a key close to the real one. Indeed, IT can be the one written in a plain text file on the unencrypted part of the disk. (You of course remember the difference…)

The front end could be gimmicked in the same way the anti-theft system on cars work. Sometimes, you have to turn the left signal on before starting, sometimes lock the driver door three times. Or you have to push and hold the emergency flasher button. Similarly the front end could be set up with one or more things like this. Two right clicks on the enter button. Control-Alt-Meta-coffeecup-Enter. Two backspaces while entering the password. Shift, backspace, two second pause –you get the drift.

Or the front end for the encryption will tolerate only so many wrong attempts before invoking the fake + destroy option.

The destroyer ideally maintains the fiction of decrypting the disk, and has a folder of older versions of stuff from the first ‘dummy’ part of the disk that it will reveal, or possibly some choice porn. (Both the substance and your explanations will buy time.) Meanwhile the remaining part of the disk is being pattern wiped…

The encryption engine maintains the partition at 85% full. Anything that is not data is filled with encrypted noise. It should be done with the same engine, but probably not the same key.

It should always take a lengthly period of time after entering the password, before announcing the results. (The program may have a user chosen escape code to shorten this.) This not only makes Black Hats impatient, but if you enter the destroyer password, it gives the program an extra minute to erase the meta data on the disk. (The thought of a Black Hat presented with a 60 GB partition full of unlabeled clusters, each encrypted, with very little info about which cluster goes with which other cluster, let alone what order they are in warms the cockles of my heart.)

A good encryption front end should have the option to demand re-entry of the password phrase if the laptop goes to sleep, and possibly when it’s plugged-in / unplugged; whenever it connects to a different network; to confirm any configuration changes to the setup, and possibly every N minutes. This makes the ‘rip it out of his hands’ scenario less fruitful.

A good encryption front end should be able to snoop the hardware and be able to tell if it is on the original hardware. The ability to read the MAC address of the ethernet card, a BIOS serial number, checksums of PCI card BIOS’s, extra values in NVRAM.

Would any of this make it impossible? No. But it now requires someone who is very familiar with the specific details of this package, and he has to get the laptop within a fairly small window of it leaving the owner, and he has to grab it when it is active, unencrypted.

Trojans are another matter. The only way I can figure out to defend against a trojan is the concept of run-states. You can put a large crimp in the Black Hats strategy by creating a pair of mutually exclusive states: You can work with the encrypted disk, or you can connect to the network. This means to move data off the encrypted disk to the Black Hat’s Evil Fortress, the trojan has to work while off line, cache on the unencrypted part of the disk, then transmit it when the computer is online. If the unencrypted part of the disk is small, this then becomes difficult. To capture the passphrase, the trojan would have to be programmed to pick up all the events: keystrokes, meta key strokes, (the shift key hit, then released without a character being typed.) mouse movements. This means that the trojan must be coded to break this particular system.

Just thoughts.

Bruce Schneier December 12, 2007 4:09 AM

“Were I carrying a laptop through borders with Black Hats, I think I would create a hidden partition. Important encrypted data goes there. For the main part of the disk, with the casual stuff, that would be encrypted too. You want them to find something.”

You can use PGP Disk to create an encrypted virtual disk, and then hide it. Works great.

Rich December 12, 2007 9:05 AM

The problem our organization is having with Compusec is with the whole disk encryption and pre-boot authentication. The product does not support any system with over 2gb of memory! I tried on various brands of laptops and same problem. As soon as you take the extra memory out and get it down to 2gb or lower Windows loads fine. If you don’t the following happens: You can boot to the Compusec login screen fine and login. Then what happens is the system immediately powercycles back to the Compusec login screen. No blue screen of death, no Windows splash screen nothing. It will continue to let you login into Compusec normally but then powercycles the system. We have posted these findings on Compusec’s website as this is unacceptable. Hopefully they come out with a more memory compatible version soon!

dec2007 December 15, 2007 3:16 PM

Question: If I install PGP Full Disk encryption or any other full disk encryption on my boot drive, does that mean that I have to reinstall my operating system, all my programs, and all my data?

What if I didn’t get any restore disks when I bought my computer? Can I somehow save an image of my C: drive and restore it to the new encrypted drive?

I’m getting the impression that whole disk encryption is only a practical option when starting out with a brand new computer.

(By the way, please see http://www.vvsss.com/grid/ for my solution to the “rubber hose” dilemma.)

Sherwood Botsford December 16, 2007 2:06 AM

Regarding whole disk encryption:

My feeble understanding of code breaking is that if you know the algorithm, a chunk of plain text, and the corresponding cipher text that discovering the key is somewhat easier.

If you encrypt your OS boot disk aren’t you giving the Black Hats a lot of information? You have to use some form of block cipher, because you have to be able to read sectors in the middle of the disk without reading everything in front of them.

For any given OS, you know the order that the OS reads files on boot. Doesn’t this give you the crib?

Ok, it’s not completely deterministic. So, wearing my Headware of Low Reflectivity, I take my captured laptop and put a tap on the cable to the disk drive. THAT is not encrypted. Aha, 12 seconds after boot, it read 4000 sectors from the early part of the drive. ntkernel.exe maybe? I now have a 2 MB crib.

I think encrypting the boot disk is a Bad Idea (TM) Encrypt your data. It’s less predictable.

Winsnooze makes it really hard to move all your data from drive C to another partition in the system. Moving My Documents is easy, but moving the Application Data folder is a bit harder.

Bruce Schneier December 16, 2007 9:52 AM

“My feeble understanding of code breaking is that if you know the algorithm, a chunk of plain text, and the corresponding cipher text that discovering the key is somewhat easier.”

“Somewhat easier,” yes. Known plaintext attacks are easier than ciphertext only attacks. But all modern algorithms are resistant to them both, so it doesn’t matter.

If you’re going to break one of these disk encryption programs, you’re going to do so by guessing the password. So choose a strong password, people.

Alan December 17, 2007 12:33 PM

The border crossing concern is real: it’s happened to me. To make a long story short, I and another mutual friend drove to Vancouver BC, taking an old server that had been retired to some friends who’ve emigrated, and still had equipment in a data center in Portland. Being a dutiful, law abiding citizen (my first mistake), I declared it because it was something I was going to leave there. Silly me. That was something unusual and they didn’t know now to deal with it, and not being mine, I didn’t really know exactly what it was. So we got the full search treatment. I was expecting them to look over the computer, but they did a full search of the vehicle. In the process, they found my macbook in the car and made me login to it. I suspect they were looking for porn, as when I got it back the desktop was all messed up and the default picture directories were pulled up.

There are two major border crossing points a few miles apart here, and these guys decided they didn’t know what to do with a server, so sent me over to the other one — apparently that is where commercial trucks go, and they know better what to do with business goods. So away we go to do the whole thing all over again. There, they didn’t just make me login, they made me give them the password so they could login themselves.

As a result, I turned on FileVault (the mac user directory encryption facility) for my account, and created an admin account I can give them the password for, and my home directory then looks like a single large file. They may eventually learn enough to detect that, but I think it’ll keep them for a while. Of course, the first step is not to do things that get their attention in the first place 😉 though I didn’t think bringing an old computer into the country would be “attention getting”…

I also have an imac at work, the 1rst gen 24” intel version, and it died last summer — wouldn’t power on. I took it into the shop and asked them to swap the hard disk into the rental replacement I got while it was being fixed. They complained about it being too hard to get into and wouldn’t do it. That disk had customer info and internal access info on it, though I already had the most sensitive of that on an encrypted virtual volume. Still, on the rental and, on mine after I got it back, I turned on filevault, as well as my desktop at home — these concerns are real and happening to regular people.

Hermes Ten December 18, 2007 10:55 AM

“I am from the UK and my family’s financial details have also been put at risk courtesy of the fools at HMR&C.”

I think you’re being naive here. This is deliberate (though maybe, maybe not, on the part of the fools at HMR&C). The same thing is going on in the US on a large scale. This is one part of your government exploiting the vulnerabilities in another part in order to populate surveillance databases with data that can’t otherwise be easily or legally obtained.

dcdon December 18, 2007 4:21 PM

One interesting way of encrypting files and/or folders that was told me recently was to use PKzip and password zip the item 3 times with different passwords. What do you think of this method?

tia,
dc

Albert December 31, 2007 9:21 PM

Is anybody still out there?
I’ve used TrueCrypt. It seems to work fine. I’m a little concerned that you have a maximum alpha-numeric count for your password (I think 64 positions), and it limits those to traditional and common ASCII characters and yes I understand the math behind those common characters, I just don’t see why they would limit a thoroughbred. It makes you think! What I really want to know, has any one used a product called freeOTFE ? It makes alot of claims but just as with TrueCrypt, there is no where to go to submit a simple 5kb file for test cracking to see if they really work. Most of us are stuck with word of mouth and thats not good enough.
Any Replies? Thank you.

Bernard Peek January 7, 2008 5:27 AM

The recent problem of the UK’s lost data disks is worse than Bruce paints it. In addition to names and bank details the disks also contained the full names and birth-dates of the account-holders’ children. Many people use this data as the shared secrets and passwords for online banking. So in many cases the disks will contain all of the data a criminal needs to extract money from bank accounts.

The fact that there are no reports of this happen reassures me that the disks are lost and not stolen.

Dan February 22, 2008 5:06 PM

For anyone just reading this thread, TrueCrypt 5.0a recently became available and now offers two things people have been asking for:

— Mac support
— Full disk encryption (including the sysvol)

Simon Bridge March 10, 2008 10:36 PM

I wonder how these “full disk encryption” (FDE) apps actually manage a boot whet the system partitions are included in the encryption. They all seem to have some pre-boot authentication (PBA) that somehow decrypts the system partition and then loads the OS.

The PBA program seems to live on the disk that is claimed to be encrypted… presumably outside the encrypted container. If this is so, then is this truly full disk encryption.

Isn’t this more like, encrypting your system files, but putting their own on the disk? There are still system files on the drive, decrypted, just not the usual ones.

While this is probably good enough against the threat model (losing the lappy), it then becomes a bit silly to poke dmcrypt or loop-AES (say) for not being FDE.

Under GNU/Linux distros, as mentioned for the case of Ubuntu, the PBA software is just linux, and it is set up in the initramfs file in the /boot partition.

The entire /boot is less than a gig, so you keep this in your keydrive – (can you keep the PBA in those Windows apps on an external drive?) with the added effect that the machine won’t boot at all without it.

Add in multi-boot capability, you can seamlessly configure your system to boot to a familiar OS in a small, clean, partition whenever someone asks you to turn the computer on 🙂

See
http://www.linuxquestions.org/questions/linux-security-4/full-disk-encryption-on-boot-partition-626270/#post3083944
… for another discussion.

What I would be interested to hear from anyone who has used one of these products on their drive, removed the drive, and had a look at how the data was actually stored. Are there, as I suspect, any plaintext sections on the HDD?

I’m having trouble finding this kind of analysis… all the comparisons I see are like above discussion: focussed on the user experience. Is it easy to use? Is it pretty? What “features” are supported (by the advertising and the gui). But surely you want to know if it is really FDE and how. You want to know if it is crackable… the way to do that is to look at it from the crackers point of view.

Yes, man May 19, 2008 9:31 PM

PGP… Technical Advisory Board… lol
After 2.6.3i(n) and 6.5.8ckt09b3, all with PGP in the name was and is a S H A M E and D I S H O N O U R for the community. SHAME ON YOU, Carpenter. God protect OpenPGP and Werner Koch.

Olga June 6, 2008 3:24 AM

In the comments I have come across so many encryption softwares but there is one more that was left out – Rohos Mini Drive.And I consider it worth of being called one of the best free encryption solutions.Rohos Mini has a few advantages over its analogues – the hidden disk’s size can be easily enlarged; it has virtual keyboard, which makes it for a key logger impossible to trace your hidden partition password;no need for administrative privileges when using on a guest computer. Two thumbs up!

axcrypt user October 16, 2008 3:23 PM

Re:

“AXCRYPT has the ability to create volumes that don’t look encrypted.”

No it doesn’t. Axcrypt does one thing and does it well; file encryption. You may be thinking of TrueCrypt.

It would be nice if Bruce Schneier were to look at and comment on AxCrypt…

allgreenrecycling February 19, 2019 10:03 AM

Once I stepped on the rake when selling a computer, I thought that deleted all the data from the hard drive, but it was not so 🙁 Then a couple of weeks later I saw personal photos on the network… Now I always give hard drives before selling to companies that are engaged in the destruction of all data and only then sell! Don’t repeat my mistakes!

Antonio Prikolov June 5, 2020 3:05 AM

Hi there! A very interesting article, by the way, but what do you know about CMS systems. Could you write an article on this topic. Because it is very relevant in our time and many, I think, will be happy to read interesting facts about it.
Antonio From https://www.maxpanda.com/

Arnold August 18, 2023 6:48 AM

I think bitlocker is a poor recommendation, this software is not open source and is by windows so should’t have to say anymore, possible for keys to be stored on microsoft servers or a back door

C U Anon August 18, 2023 10:17 AM

@Arnold:

“I think bitlocker is a poor recommendation”

The recommendation was,

“There are other encryption programs out there. If you’re a Windows Vista user, you might consider BitLocker. This program, embedded in the operating system, also encrypts the computer’s entire drive. But it only works on the C: drive,”

Not exactly a positive recomendation, and who uses Vista these days?

It was made prior to Nov 2007 a decade and a half or ‘ten computing generation’ ago.

In human generations that would be between two and three centuries or more back,

https://en.wikipedia.org/wiki/Generation_time

Would you follow “health recomendations” from back then?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.