Out of interest, do any of you encrypt your HDDs?

Jutnux · 18-02-2012, 01:28 AM

Originally Posted by Tomm

I've got complete boot drive encryption on my laptop using Truecrypt. For my main computer I don't encrypt the boot drive as it's a fairly good SSD so I don't want to affect the performance by adding the additional overhead. However, I do encrypt any important data in a Truecrypt Container. I use a smart card (Gemalto .Net) for Windows logon (plus stuff like SSH public/private key authentication with the RSA keys generated on the card) and I use the same smart card as a security token for the Truecrypt container. The keyfile stored on the smart card, which has a limited number of PIN attempts before the card becomespermanentlyinaccessible, along with a long+complex password is used for access to the container.

I presume you don't mean your boot partition. By the way, TrueCrypt containers have been able to be decrypted for a long time now, you're better off making volumes.

Tomm · 18-02-2012, 01:40 AM

The whole boot drive is encrypted in the laptop using Truecrypt, yep. Also unless we misunderstood each other, what you said makes no sense. There is no difference in the encryption of a container from that of encrypting a whole drive/partition except that it just uses a file stored on aexistingdrive.

Originally Posted by Jutnux

I presume you don't mean your boot partition. By the way, TrueCrypt containers have been able to be decrypted for a long time now, you're better off making volumes.

Jutnux · 18-02-2012, 10:50 AM

Originally Posted by Tomm

The whole boot drive is encrypted in the laptop using Truecrypt, yep. Also unless we misunderstood each other, what you said makes no sense. There is no difference in the encryption of a container from that of encrypting a whole drive/partition except that it just uses a file stored on aexistingdrive.

IIRC all major governments are able to decrypt the true crypt container, don't ask me how.

**Recursion** · 18-02-2012, 11:09 AM

Originally Posted by Jutnux

IIRC all major governments are able to decrypt the true crypt container, don't ask me how.

Not true. The exploit requires the drive be already mounted and the attacker have access to your computer.

Tomm · 18-02-2012, 01:52 PM

Um, no. Lets take one of the encryptionalgorithmsused, AES. Wikipedia provides a good summary of this:

"All known attacks are computationally infeasible. For AES-128, the key can be recovered with a computational complexity of 2^126.1 using bicliques. For biclique attacks on AES-192 and AES-256, the computational complexities of 2^189.7 and 2^254.4 respectively apply."

You can also layer ciphers in Turecrypt, so lets take a look at another cipher also used in conjunction with AES, Serpent:

"All known attacks are computationally infeasible. A 2011 attack breaks 11 round Serpent (all key sizes) with 2^116 known plaintexts, 2^107.5 time and 2^104 memory (as described in [1]). The same paper also describes two attacks which break 12 rounds of Serpent-256. The first requires 2^118 known plaintexts, 2^228.8 time and 2^228 memory. The other attack requires 2^116 known plaintexts and 2^121 memory but also requires 2^237.5 time."

However, as pointed out above. There are side-channel attacks that show no fault in the cipher used but may leak data. These are still quite infeasable as they typically require physical access to the computerinvolvedwhilst it has the container mounted or in the process of decrypting/encrypting data.

An example of one such side channel attack, is called a cold boot attack. This is possible because the encryption keys are stored in memory as they are constantly needed to encrypt and decrypt the data as it is accessed. Assuming you can getphysicalaccess to the computer whilst the encrypted drive/container is mounted you can recover the key from the RAM by either physically removing the RAM, placing it quickly in another machine and dumping the contentsof the RAM modules or rebooting the machine and booting from a external device that is loaded with theappropriatesoftware to dump the RAM. This attack can easilybe prevented by simply not leaving your machine unattended whilst having encrypted containers/drives mounted.

Originally Posted by Jutnux

IIRC all major governments are able to decrypt the true crypt container, don't ask me how.

Jutnux · 18-02-2012, 03:46 PM

Ah, maybe I didn't research it properly. Thanks for telling me, although you could've just pointed me to the Wikipedia article rather than spending time typing that up ;-)

triston220 · 19-02-2012, 09:49 PM

I have though about creating a TrueCrypt container for the software I sell, but I haven't done so as of yet. As for whole HDD encryption, I have no need to do so.

RyRy · 19-02-2012, 09:52 PM

Originally Posted by Recursion

Not true. The exploit requires the drive be already mounted and the attacker have access to your computer.

I know this is a total "I heard from somebody that.." thing, but somebody I know in the police who works in one of the the Hi Tech crime units in the UK, like when i was discussin truecrypt, its possible to decrypt it. they've got the software for doing so... god knows what it is, but yeah believe it if you want, it's a total chinese whisper

Jack! · 19-02-2012, 10:00 PM

Trecrypt on all my drives, BIOS is locked down, Finger print logon device on my laptop, and USB Key on my Desktop.

**Recursion** · 19-02-2012, 10:29 PM

Originally Posted by RyRy

I know this is a total "I heard from somebody that.." thing, but somebody I know in the police who works in one of the the Hi Tech crime units in the UK, like when i was discussin truecrypt, its possible to decrypt it. they've got the software for doing so... god knows what it is, but yeah believe it if you want, it's a total chinese whisper

Yeah, I won't be believing that any time soon.

Thread: Out of interest, do any of you encrypt your HDDs?

Thread Tools

Posting Permissions