Just spent a good 3/4 hours encrypting my laptop (again) whilst spamming [@]@Recursion[/@].

Bitlocker, bitlocker everywhere.

I did for a short period two years ago (truecrypt), but I got bored of the effort very quickly. Typing a long secure password everytime you want to access anything is hella annoying.

Relevant: http://xkcd.com/538/

Out of curious, why would anyone do this for personal use of their PC? I don't do it, and I'm not sure why anyone would unless you live in a rough area or you're a business user - but that's just me :P

Out of curious, why would anyone do this for personal use of their PC? I don't do it, and I'm not sure why anyone would unless you live in a rough area or you're a business user - but that's just me :P Privacy, reassurance etc.

Privacy, reassurance etc.From physical dangers like someone breaking into your house, or from some sort of access online or through a network?

From physical dangers like someone breaking into your house, or from some sort of access online or through a network? The physical dangers of someone breaking into your house as once you've decrypted the files so you can use them a remote attack is possible (although you probably know this, I'm not insulting your intelligence).

The physical dangers of someone breaking into your house as once you've decrypted the files so you can use them a remote attack is possible (although you probably know this, I'm not insulting your intelligence).
There's no intelligence to insult, I'm genuinely intrigued :P I've not heard of people encrypting their HDDs who are private, home users. I only know of business individuals who do this, and the odd computer scientist/web designer :P

There's no intelligence to insult, I'm genuinely intrigued :P I've not heard of people encrypting their HDDs who are private, home users. I only know of business individuals who do this, and the odd computer scientist/web designer :P

I'm extremely paranoid most of the time (bad thing, heh) and I usually think of the worst possible outcome of things so I'd rather be safe than sorry.

Encrypting the HDD stops anything that I don't know about going on (coupled with the heavy security, the OS being Linux and other stuff). I also Truecrypt my memory sticks.

I've got complete boot drive encryption on my laptop using Truecrypt. For my main computer I don't encrypt the boot drive as it's a fairly good SSD so I don't want to affect the performance by adding the additional overhead. However, I do encrypt any important data in a Truecrypt Container. I use a smart card (Gemalto .Net) for Windows logon (plus stuff like SSH public/private key authentication with the RSA keys generated on the card) and I use the same smart card as a security token for the Truecrypt container. The keyfile stored on the smart card, which has a limited number of PIN attempts before the card becomespermanentlyinaccessible, along with a long+complex password is used for access to the container.

I've got complete boot drive encryption on my laptop using Truecrypt. For my main computer I don't encrypt the boot drive as it's a fairly good SSD so I don't want to affect the performance by adding the additional overhead. However, I do encrypt any important data in a Truecrypt Container. I use a smart card (Gemalto .Net) for Windows logon (plus stuff like SSH public/private key authentication with the RSA keys generated on the card) and I use the same smart card as a security token for the Truecrypt container. The keyfile stored on the smart card, which has a limited number of PIN attempts before the card becomespermanentlyinaccessible, along with a long+complex password is used for access to the container.

I presume you don't mean your boot partition. By the way, TrueCrypt containers have been able to be decrypted for a long time now, you're better off making volumes.

The whole boot drive is encrypted in the laptop using Truecrypt, yep. Also unless we misunderstood each other, what you said makes no sense. There is no difference in the encryption of a container from that of encrypting a whole drive/partition except that it just uses a file stored on aexistingdrive.


I presume you don't mean your boot partition. By the way, TrueCrypt containers have been able to be decrypted for a long time now, you're better off making volumes.

The whole boot drive is encrypted in the laptop using Truecrypt, yep. Also unless we misunderstood each other, what you said makes no sense. There is no difference in the encryption of a container from that of encrypting a whole drive/partition except that it just uses a file stored on aexistingdrive.

IIRC all major governments are able to decrypt the true crypt container, don't ask me how.

IIRC all major governments are able to decrypt the true crypt container, don't ask me how.

Not true. The exploit requires the drive be already mounted and the attacker have access to your computer.

Um, no. Lets take one of the encryptionalgorithmsused, AES. Wikipedia provides a good summary of this:

"All known attacks are computationally infeasible. For AES-128, the key can be recovered with a computational complexity of 2^126.1 using bicliques. For biclique attacks on AES-192 and AES-256, the computational complexities of 2^189.7 and 2^254.4 respectively apply."

You can also layer ciphers in Turecrypt, so lets take a look at another cipher also used in conjunction with AES, Serpent:

"All known attacks are computationally infeasible. A 2011 attack breaks 11 round Serpent (all key sizes) with 2^116 known plaintexts, 2^107.5 time and 2^104 memory (as described in [1]). The same paper also describes two attacks which break 12 rounds of Serpent-256. The first requires 2^118 known plaintexts, 2^228.8 time and 2^228 memory. The other attack requires 2^116 known plaintexts and 2^121 memory but also requires 2^237.5 time."

However, as pointed out above. There are side-channel attacks that show no fault in the cipher used but may leak data. These are still quite infeasable as they typically require physical access to the computerinvolvedwhilst it has the container mounted or in the process of decrypting/encrypting data.

An example of one such side channel attack, is called a cold boot attack. This is possible because the encryption keys are stored in memory as they are constantly needed to encrypt and decrypt the data as it is accessed. Assuming you can getphysicalaccess to the computer whilst the encrypted drive/container is mounted you can recover the key from the RAM by either physically removing the RAM, placing it quickly in another machine and dumping the contentsof the RAM modules or rebooting the machine and booting from a external device that is loaded with theappropriatesoftware to dump the RAM. This attack can easilybe prevented by simply not leaving your machine unattended whilst having encrypted containers/drives mounted.


IIRC all major governments are able to decrypt the true crypt container, don't ask me how.

Ah, maybe I didn't research it properly. Thanks for telling me, although you could've just pointed me to the Wikipedia article rather than spending time typing that up ;-)

I have though about creating a TrueCrypt container for the software I sell, but I haven't done so as of yet. As for whole HDD encryption, I have no need to do so.

Not true. The exploit requires the drive be already mounted and the attacker have access to your computer.

I know this is a total "I heard from somebody that.." thing, but somebody I know in the police who works in one of the the Hi Tech crime units in the UK, like when i was discussin truecrypt, its possible to decrypt it. they've got the software for doing so... god knows what it is, but yeah believe it if you want, it's a total chinese whisper

Trecrypt on all my drives, BIOS is locked down, Finger print logon device on my laptop, and USB Key on my Desktop.

I know this is a total "I heard from somebody that.." thing, but somebody I know in the police who works in one of the the Hi Tech crime units in the UK, like when i was discussin truecrypt, its possible to decrypt it. they've got the software for doing so... god knows what it is, but yeah believe it if you want, it's a total chinese whisper

Yeah, I won't be believing that any time soon.