RE: The ugly side of using disk encryption

["Will Yonker" <aragonx () dcsnow com>]

<quote who="Hagen, Eric">
> Speaking of TrueCrypt, a bruteforce attack is totally out of the question
> at this point.  Any of the three cyphers in use will make the data
> irrelevantly hard to crack using sheer computing power.   the only reason
> to even bother with the three-cypher is if the data will still be relevant
> in 20-40 years, when the technology to crack any single cypher *might* be
> available.  However, this would also require a mathematical breakthrough,
> as the current state of encryption is not just a few orders of magnitude
> away from being broken, but dozens of orders of magnitude.

That is good to know.  And totally changes my point of view.  After
reading a few other responses, I've also decided the full disk encryption
is the only thing that will help me.

> As for the use of a hidden partition, this is really only useful for
> plausable deniability.  Creating a hidden partition within a real
> partition allows the user to give up a passphrase under interrogation or
> otherwise, and have that passphrase be valid and decrypt some data.
> Unless your employees are likely to be kidnapped and compelled to disclose
> their passphrase, the hidden partition does little for your security.  You
> can, however, use any random filename buried within the file structure
> c:\windows\system32\arrgh.not is just as valid a filename as any other as
> far as truecrypt is concerned, but having a 10GB file floating around
> would be pretty obvious to a would-be attacker, so this really only useful
> for small amounts of data.

My (flawed) idea was that I could auto-mount the encrypted partition on
boot that only required a pass phrase.  Then the user would manually mount
the hidden partition when needed.  I thought this would throw an attacker
off thinking that if they got the passphrase, they had all the data that
is to be gotten from the laptop.





-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------