Security Basics mailing list archives
RE: The ugly side of using disk encryption
From: "Will Yonker" <aragonx () dcsnow com>
Date: Wed, 25 Oct 2006 22:13:43 -0400 (EDT)
<quote who="Hagen, Eric">
Speaking of TrueCrypt, a bruteforce attack is totally out of the question at this point. Any of the three cyphers in use will make the data irrelevantly hard to crack using sheer computing power. the only reason to even bother with the three-cypher is if the data will still be relevant in 20-40 years, when the technology to crack any single cypher *might* be available. However, this would also require a mathematical breakthrough, as the current state of encryption is not just a few orders of magnitude away from being broken, but dozens of orders of magnitude.
That is good to know. And totally changes my point of view. After reading a few other responses, I've also decided the full disk encryption is the only thing that will help me.
As for the use of a hidden partition, this is really only useful for plausable deniability. Creating a hidden partition within a real partition allows the user to give up a passphrase under interrogation or otherwise, and have that passphrase be valid and decrypt some data. Unless your employees are likely to be kidnapped and compelled to disclose their passphrase, the hidden partition does little for your security. You can, however, use any random filename buried within the file structure c:\windows\system32\arrgh.not is just as valid a filename as any other as far as truecrypt is concerned, but having a 10GB file floating around would be pretty obvious to a would-be attacker, so this really only useful for small amounts of data.
My (flawed) idea was that I could auto-mount the encrypted partition on boot that only required a pass phrase. Then the user would manually mount the hidden partition when needed. I thought this would throw an attacker off thinking that if they got the passphrase, they had all the data that is to be gotten from the laptop. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: The ugly side of using disk encryption, (continued)
- RE: The ugly side of using disk encryption Robert D. Holtz - Lists (Oct 20)
- -Real- anonymity (was: The ugly side of using disk encryption) Michael Painter (Oct 20)
- RE: The ugly side of using disk encryption Hagen, Eric (Oct 20)
- Re: The ugly side of using disk encryption Saqib Ali (Oct 20)
- RE: The ugly side of using disk encryption Hagen, Eric (Oct 20)
- Re: RE: The ugly side of using disk encryption qxlr (Oct 23)
- RE: RE: The ugly side of using disk encryption Henry Troup (Oct 23)
- Re: RE: The ugly side of using disk encryption qxlr (Oct 23)
- FW: The ugly side of using disk encryption Isaac Van Name (Oct 20)
- RE: RE: The ugly side of using disk encryption Hagen, Eric (Oct 23)
- RE: The ugly side of using disk encryption Hagen, Eric (Oct 23)
- RE: The ugly side of using disk encryption Will Yonker (Oct 27)