Jump to content



Photo
drive encryption

65 replies to this topic

#16 elenarie

elenarie

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 23-March 14
  • OS: Windows 8.1 Pro x64
  • Phone: Lumia 920 Yellow

Posted 31 May 2014 - 18:33

Check http://prism-break.org

dm-crypt with LUKS for Linux
Anything else, encfs.

 

That's old, outdated, and it shouldn't be used (afaik). There's a new one called encryptfs, I think, or something similar.




#17 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Debian 8 (Jessie)
  • Phone: Lumia 928 Black + WP8.1 Black

Posted 31 May 2014 - 18:46

That's old, outdated, and it shouldn't be used (afaik). There's a new one called encryptfs, I think, or something similar.

It was audited recently in January 2014, but I guess lack of updates is a problem.
DiskCryptor would be my second recommendation.
And possibly do you mean eCryptfs?

#18 Gerowen

Gerowen

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 28-August 05
  • Location: Hills of Kentucky
  • OS: Ubuntu Linux

Posted 31 May 2014 - 19:13

I'd prefer an open-source solution, but a paid version would be fine as long as it's cheaper than the $100 Win 8.1 Pro upgrade (the only way to get BitLocker AFAIK).

 

I want to use it to encrypt my laptop and my external music drive.

 

Thanks!

 

 

...Windows 8.1, 8, and 7 pro all have Bitlocker. What OS are you using?

Linux has all sorts of free open source tools available if that's what you're using.  Ubuntu and Debian both offer you the option to encrypt an entire hard drive/partition or just your home folder on install, plus you can set up seahorse to generate a PGP key to use with Thunderbird or Evolution when sending e-mail.  The "Disks" utility in Ubuntu/Debian allows you to format external drives as an encrypted EXT4 filesystem.

 

From my understanding, Windows has Bitlocker.

 

All of the tools available for Linux probably have OSX ports/versions since it's just a super modified Unix port.



#19 elenarie

elenarie

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 23-March 14
  • OS: Windows 8.1 Pro x64
  • Phone: Lumia 920 Yellow

Posted 31 May 2014 - 19:15

And possibly do you mean eCryptfs?

 

I'm not 100%, it may have been eCryptfs. I read that either on Ars Technica or Stack Overflow, and IIRC it was highly upvoted so I guess it must be true (because we know everything said on the Internet is true!). It was also mentioned that Fedora are in the process of removing or deprecating encfs, or something along those lines.



#20 Andre S.

Andre S.

    Asik

  • Tech Issues Solved: 10
  • Joined: 26-October 05

Posted 31 May 2014 - 19:32

TrueCrypt hasn't suddenly disappeared or become insecure. Its developers have abandoned it. This means that

 

 - if vulnerabilities are discovered,

AND

 - the project was not forked, is not maintained and the vulnerabilities will not be fixed

 

then TrueCrypt will be insecure. But both of these conditions have yet to materialize. So far there is still plenty of interest around TrueCrypt, with an audit presently in progress, and it seems unlikely to remain unmaintained for long. If anything, it's likely to see more activity and fixes now that its original developers, who hadn't released a new version since 2012, have officially given up on it.

 

And NO I'm not going to use Bitlocker. With everything Snowden has released about wiretapping and backdoors I wouldn't rely on closed-source technology.



#21 Orange Battery

Orange Battery

    Neowinian Senior

  • Joined: 09-March 04
  • Location: London

Posted 31 May 2014 - 19:40

I have been using Data Protecto www.dataprotecto.com for a few months with no problems at all, very easy to use and lots of features, not just plain encryption.


Looks interesting

#22 ITFiend

ITFiend

    ハッピー

  • Joined: 13-October 09
  • Location: Galactic Sector ZZ9 Plural Z Alpha
  • OS: Windows Server 2012 R2, Windows 8.1
  • Phone: Windows Phone 8.1

Posted 31 May 2014 - 19:44

Dumb question, since I never had a TPM chip to just mess with... if you use a TPM chip to encrypt using Bit locker, and say the TPM chip is destroyed, it would in essence be impossible to ever recover the encrypted data?

 

BitLocker cannot be enabled on a bootable device unless a recovery method is generated and saved to a USB device or Active Directory.

 

For my personal devices I always disable Recovery Passwords.  They are limited to 48 numeric characters, and thus the easiest to brute force.  Recovery Keys are significantly stronger.  Depends on your tastes, or if it's being deployed to end users who may need to receive a recovery password to a laptop on the road over the phone.

 

You can always remove or add protectors after the disk is encrypted, so you can purge all recovery options if you really wanted to.  There may be a limit to how many total protectors can be assigned to a partition, but I've never hit it.

 

I have another post about BitLocker and TPM chips here:

http://www.neowin.ne...#entry596428145



#23 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 31 May 2014 - 19:47

As of right now you can't claim any of that, we don't know if TC is safe, or if anyone with the right tool can bust open any TC volume in seconds and the devs found out and simply closed shop.

As for BitLocker. Again there's no magic key that can open all volumes it's pretty much impossible and any back doors would be detectable with the amount of scrutiny the code of such apps go through, you don't need the source to find such obvious exploits like back doors.

#24 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Debian 8 (Jessie)
  • Phone: Lumia 928 Black + WP8.1 Black

Posted 01 June 2014 - 01:31

Some more TrueCrypt stuff, for those interested:
The audit will continue to Phase II and will look at how good the entropy is and will check for back doors in the random number generator
Also, the audit found that there were vulnerabilities, but no government back doors or anything deliberately put in https://opencryptoau..._Assessment.pdf
Maybe that's why they closed the project.
The 7.1a source code is available here:
https://github.com/F...ophis/TrueCrypt
A fork has been made (from the same people who made the source available):
http://truecrypt.ch/
And they have every single TrueCrypt version you would ever want:
http://truecrypt.ch/download/

#25 Orange Battery

Orange Battery

    Neowinian Senior

  • Joined: 09-March 04
  • Location: London

Posted 01 June 2014 - 06:32

Some more TrueCrypt stuff, for those interested:
The audit will continue to Phase II and will look at how good the entropy is and will check for back doors in the random number generator
Also, the audit found that there were vulnerabilities, but no government back doors or anything deliberately put in https://opencryptoau..._Assessment.pdf
Maybe that's why they closed the project.
The 7.1a source code is available here:
https://github.com/F...ophis/TrueCrypt
A fork has been made (from the same people who made the source available):
http://truecrypt.ch/
And they have every single TrueCrypt version you would ever want:
http://truecrypt.ch/download/

What does the fork mean with regards to the project? Is it possible that we might see a continuing trusted release?

#26 OP losanglo

losanglo

    Neowinian

  • Joined: 19-April 14

Posted 02 June 2014 - 02:06

Thanks everyone, I'll look into the various alternatives you've suggested. :)

 

 

...Windows 8.1, 8, and 7 pro all have Bitlocker. What OS are you using?

Windows 8.1 Home Premium. I would need to buy the 8.1 Pro Pack ($100) to get BitLocker. I'm not necessarily opposed to that, because there are other good features that come with the Pro Pack, but I want to see what my options are before spending that much money.

 

Want to keep those Bieber albums top secret, huh? :laugh:

 

Seriously though, why would you want to encrypt a drive with only music on it? Just asking.

Because I don't want some thieving jackhole enjoying the close to 2TB of music and concert videos I have on my external drive. I live on Long Beach, where property theft is an unfortunate reality.



#27 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Debian 8 (Jessie)
  • Phone: Lumia 928 Black + WP8.1 Black

Posted 02 June 2014 - 03:08

What does the fork mean with regards to the project? Is it possible that we might see a continuing trusted release?

Their first goal is to make 7.1a available again, which they have done, and then they will wait for the full results of the audit and then fix vulnerabilities and bugs.



#28 vcfan

vcfan

    Doing the Humpty Dance

  • Tech Issues Solved: 3
  • Joined: 12-June 11

Posted 02 June 2014 - 03:20

And NO I'm not going to use Bitlocker. With everything Snowden has released about wiretapping and backdoors I wouldn't rely on closed-source technology.

heartbleed, cough.



#29 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Debian 8 (Jessie)
  • Phone: Lumia 928 Black + WP8.1 Black

Posted 02 June 2014 - 03:22

Windows 8.1 Home Premium

Including results for windows 8.1.

Do you want results only for windows 8.1 home premium?

 

Microsoft only has 2 consumer SKUs now, Windows 8.1, and Windows 8.1 Pro.



#30 Andre S.

Andre S.

    Asik

  • Tech Issues Solved: 10
  • Joined: 26-October 05

Posted 02 June 2014 - 03:22

As of right now you can't claim any of that, we don't know if TC is safe, or if anyone with the right tool can bust open any TC volume in seconds and the devs found out and simply closed shop.

As for BitLocker. Again there's no magic key that can open all volumes it's pretty much impossible and any back doors would be detectable with the amount of scrutiny the code of such apps go through, you don't need the source to find such obvious exploits like back doors.

I'd rather trust a public audit on publicly available source code than rely on the assumption that Microsoft is incorruptible. I don't see for what reason you would think that if a backdoor was present in Bitlocker, it would be obvious to find. And while Bitlocker probably goes through a lot of scrutiny, none of it is independent and none is publicly available, which means you can only rely on assumptions of good will and incorruptibility.

 

See https://www.grc.com/...t/truecrypt.htm