Main Area and Open Discussion > General Software Discussion

How many of you use encryption?

<< < (13/16) > >>

MrCrispy:
One more point I'd like to mention - there are many encryption schemes that are uncrackable because of their keyspace. But that doesn't guarantee your data is safe. The imp thing about TC is 'plausible deniability'. Without this a harmful agent (such as the govt) would know that there is encrypted data and by law (or worse) force you to reveal the key. With a hidden container there is no trace that there is any data at all.

CWuestefeld:
The imp thing about TC is 'plausible deniability'. Without this a harmful agent (such as the govt) would know that there is encrypted data and by law (or worse) force you to reveal the key. With a hidden container there is no trace that there is any data at all.-MrCrispy (February 06, 2008, 03:46 PM)
--- End quote ---

That's mostly true, and I do think that one of TC's outstanding features is how well thought out its plausible deniability is.

Not that I'm hiding any crimes, but...

I think that it's incorrect to say that the bad guy would not know that there is encrypted data. The DC container file must still exist; it's impossible to say what's in it, or indeed that it is encrypted data, with absolute certainty. But they don't need that kind of certainty, they just need the reasonable suspicion to issue a warrant that will force you to open it for them (or find you in contempt, and lead to deeper investigation, etc.)

The strong point of TC's plausible deniability is that a given container can have two separate keys, each of which reveals different content. You can have an outer shell that contains slightly embarrassing data, and give up that key when under duress. The bad guy, looking at the outer shell, has no way to know that there is another inner shell with the really juicy stuff, still buried in the container. But to be really plausible you need to mfill the outer shell with something that they'll believe that you were really trying to hide.

Armando:
The strong point of TC's plausible deniability is that a given container can have two separate keys
-CWuestefeld (February 06, 2008, 03:59 PM)
--- End quote ---

I believe that to be plausible, any given container should have an infinite amount of separate keys (infinite being a purely theoretical value...).

But if you take a disk image (sector copy) then it will be the same encrypted data.
-MrCrispy (February 06, 2008, 03:31 PM)
--- End quote ---

...As the container/drive is always encrypted (and only decrypted in RAM, IIRC).

But anybody does imaging of encrypted drives here? According to that thread (as an example) http://www.wilderssecurity.com/showthread.php?t=196136, it doesn't seem like a fun thing.

here's what the Acronis moderator says :
Thank you for your interest in Acronis Software.

Please be aware that Acronis True Image does not officially support third-party encryption software, so it's not recommended to create images of encrypted drives from Windows. It is always possible to create a sector by sector image of a hard drive using Acronis Bootable Rescue Media though, which is the recommended method for such cases.

Please also notice that corporate versions of Acronis True Image feature encrypting backups with industry-standard AES cryptographic algorithm (key size 128, 192, 256 bit).

Thank you.
--
Marat Setdikov
--- End quote ---

And another poster says :

using encrypted virtual disks is the best solution.
Making an image of a normal non-encrypted system partition is a fast, easy, simple and reliable procedure. To backup a virtual disk you just burn it to a DVD.
Making an image of a whole encrypted disk is a nightmare - very slow creation & restoration, the chances something to go wrong are many times higher, images are huge etc. (not only when using ATI, but with any imaging app). Also WDE affects system performance far more than using only encrypted containers for sensitive data.

Any file may get corrupt, it's your fault there was no backup. If you don't like PGP, use TrueCrypt containers. But WDE is just an unnecessary complication
--- End quote ---

stuff to think about IMO if you need to image/backup your system a lot.

Armando:
BTW, an alternative to Truecrypt is also mentioned (free, and open source, and it's got a pda version) : FreeOTFE, and I don't believe it's ever been mentioned here on DC.

Nod5:
Great that it is released!

Has anyone gotten the new system encryption (WDE) to work yet?

I tried twice to do it on a test system with and without secure overwriting but got a CRC-error half way through each time. I did a chkdsk inbetween these two attempts and that showed no errors. Maybe something else installed on that machine is interfering with TrueCrypt.  :huh: Tomorrow I'll put an image of a clean XP install on the same testmachine and see if I succeed with system encryption on that.

Some interface issues for the new features definitely needs to be improved. For example, it would be very useful if TrueCrypt could give you an estimate of how long time the encryption will take BEFORE you start the actual encryption. That way, the choice of what level of overwriting you want would be easier to make. TrueCrypt currently only gives a scary fixed estimate saying that opting for overwriting (3, 5 or 35 times I think) may mean that encryption can take a week to complete, or something like that. Not very helpful.

Navigation

[0] Message Index

[#] Next page

[*] Previous page