Encryption~

[~SnowAngel~]

I'm interested in different types of encryption. What works, doesn't, how encryption works, etc.
I'm wanting to know the best ways to keep the best security in files.

First, I want you to read this~
http://nakedsecurity.sophos.com/2012/02/02/filevault-encryption-broken/

it's basically saying that AES and truecrypt files can be broken into via firewire. I'm wondering why they can do that, and what can be done about it? x_x

I'm more concerned about keeping backups more than just the entire OS drive. though it would be nice to have both :f I'm not looking for anything with costs either~

 

[corocoro]

Stay with TrueCrypt - FileVault comes with government approved backdoors already.
Also note that the security hole above was discovered eight months ago - and has been most likely fixed.
Last, but not least, if someone got physical access to your PC, they can also do this:
http://xkcd.com/538/

 

[~SnowAngel~]

hmmmm at an airport maybe~ if randomly stolen I doubt they would :f
I would expect the gov to have stuff like that~ question is what DON'T they have? x_x

I kinda think encrypting my whole drive is pretty pointless, it made things a little slower :f soooo unless I really need to I won't go that way~ I'm wanting to make truecrypt backups and upload them, but then I discovered the expiration time of online storage, even for people paying :f
What I'd pay in a year for that could go toward new drives~ but still, I want to have an alternative that'll last for so long until I'm able to :f (buying school books and paying for the semester.. x_x)

 

[MoreDeath-11]

If you have Windows 7 Professional or above, I'd suggest you to use BitLocker if it's an option to you.

BitLocker is a built in encrypting filesystem within the Windows NT 6.x subsystem. This means you don't have to go out and download stuff like TrueCrypt and whatnot. Why not use something that's built inside Windows? Besides, I've haven't heard of anybody being able to brute force a BitLocker encrypted drive yet... And no, as far as I know there is no backdoors built right in to it.

And no, if you have a recent CPU that has the AVX extensions, the crypto overhead means jack because that instruction helps offload some of the computation required to encrypt/decrypt the data on the disk.

And storing your sensitive stuff in the cloud? You've gotta be out of your mind for stuff that you'd find sensitive - encrypted or not. I store some of my "extremely" sensitive business plans locally and encrypted for this reason "Trust nobody, not even your mama"

 

[~SnowAngel~]

ummm if you read that link I posted, you'll see:

Previous and current versions of Passware's software are also able to bypass Microsoft's BitLocker encryption which is built into some editions of Windows.

Just like apple's encyption has backdoors, I'm pretty sure microsoft does too :f
plus I'm using a mac sooooooo x_x

truecrypt is more of less the best option in terms of reliability and price. I'm not 100% sure about how reliable it is, but it's better than just a passworded rar :f

I've considered making files into fragments (10mb pieces for ex) and putting them into one rar. each rar with it's own password.
of course, that might be going a bit too far :f
until I'm able to get a new drive, there's just some things that are pretty much irreplaceable x_x

I don't know the conditions of an attack on data (gov investigations), but giving an unknown file extension and 60+ character password (numbers, letters, symbols, and foreign language) is pretty close to unbreakable. part of me still feels that truecrypt isn't perfect x_x

 

[MoreDeath-11]

Just like apple's encyption has backdoors, I'm pretty sure microsoft does too :f
plus I'm using a mac sooooooo x_x

No Microsoft legally can't put in a single backdoor at all. If they did it would be 1998 all over for the company again. And oh, if you're a Mac user and aren't afraid of learning how to use the UNIX CLI, then you can certainly use an user-space filesystem with encryption on the parent file easily.

Previous and current versions of Passware's software are also able to bypass Microsoft's BitLocker encryption which is built into some editions of Windows.

Chances are if this happening, it's because it was implemented incorrectly or somebody did a cold boot attack against it. I've implemented BitLocker on a few Windows Server Domain Controllers and I've yet to see this issue of somebody recovering the keys because of a poorly implemented BitLocker system.

Like the predecessor of BitLocker, it was actually not too difficult to recover EFS encrypted files on a NTFS volume in Windows XP because of the default Data Recovery Agents policies in the system. If somebody did RTFM, the chances of recovering an EFS encrypted file was pretty slim. Even if you attempted to reset the user's password to gain access to the account, you'd probably burn out the private keys for the certificates that locked the files in the first place!

I may sound like I'm defending Microsoft, but no I'm not. I'm just defending the fact that nobody RTFM'd before implementing such a system.