Re: Help secure my data (They will steal my drive)
From: AE (hidden_at_nospam.com)
Date: 04/12/04
- Next message: AE: "Re: How secure is 2048 bit RSA?"
- Previous message: Bill Unruh: "Re: true random number generator"
- In reply to: Ahmad: "Help secure my data (They will steal my drive)"
- Next in thread: Simon Johnson: "Re: Help secure my data (They will steal my drive)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Apr 2004 18:20:42 +0200
Ahmad wrote:
> ...
> He asked me how to effectively secure the information. At first he
> asked if the drive can be made to only work on his machine or
> somthin similar?! I thought it won't be possible. The only solution in
> my mind is to ecrypt the files, if there is any other solution, please
> keep me updated!
You won't get any other solution for free.
> Anyway, if we take encryption as THE solution. And if we want a free
> (0$) solution. Could you please comment on these questions:
>
> 1- Is GPG my best friend here? Any other solutions?
In case you are running windows you should consider "Blowfish Advanced"
by Markus Hahn (http://maakus.dyndns.org/software.html) - meanwhile it's
fairly old, but it supports strong password-based encryption and can be
used as a file shredder (overwrites files before deleting to make it
harder to recover them).
> 2- If the drive is stolen, the attacker will have my public & private
> keys!! What should the length of my passphrase be to get the real
> protection power of the 1792 bit default encryption method?
1792 bit public key is comparable to about 100 bit private key - since
the password is not truely random you'll need longer passphrases. Plain
english text contains order of magnitude 1.3 bit per character, random
printable ascii characters about 6.5 bit per character.
> 3- Will an 8 character passphrase provide an 8*8=64 bit effective
> protection instead of the 1792???? Am I obliged to use a 220
> chracter passphrase (which is impossible) :(
see above
> PS: The machine is not networked and physically secured.
> regards
Yor main problem are the remains of plaintext on your harddisk:
In case your passphrase is not trivial it's much more likely an attacker
will try to recover plaintext from swap files/virtual memory and from
deleted files than to break an even remotely strong encryption algorithm.
While the software I mentioned above overwrites files it's likely you
won't be able to delete all temporary files and you won't be able to
delete virtual memory.
- Next message: AE: "Re: How secure is 2048 bit RSA?"
- Previous message: Bill Unruh: "Re: true random number generator"
- In reply to: Ahmad: "Help secure my data (They will steal my drive)"
- Next in thread: Simon Johnson: "Re: Help secure my data (They will steal my drive)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- Re: On the Recent PGP and Truecrypt Posting
... changing the passphrase would lock out prior users. ... Clearly a users with
a backup copy of an encrypted disk for which they ... clear that real world users actually
understand the need to re-encrypt ... You will also also see the architecture extend to
some *very* cool storage encryption very soon. ... (Bugtraq) - Re: Hash question ...
... header of the file. ... When a user enters an incorrect passphrase, ...
if I generate an encryption key with the ... could I safely store the SHA of the
passphrase ... (sci.crypt) - Re: needed: reviewers for an implementaion of AES
... This passphrase becomes the default ... encryption key, but is used to
generate a 256 bit encryption key called ... encrypted with any file key which uses this master
key structure. ... using the master key IV and CBC block chaining. ... (sci.crypt) - RE: ADS Password Storage Protection
... Regarding the shorter complex passwords, my understanding is that the reason many organizations
recommend a complex password but only up to 8 characters long is because many unix systems don't support
a password longer than that. ... For purposes of a password policy for windows users - if I understand
your comments - we would suggest a 15-character minimum password, and it can be a passphrase,
but we should try to make it something that wouldn't appear in some body of work that would be a candidate
for digitizing for purposes of a password attack. ... A passphrase that is a real phrase
would make it easier for users to remember their password, but if it could be made much stronger by changing
only one character it would be less of a burden on the users to remember. ... (Security-Basics) - RE: ADS Password Storage Protection
... About your comment that some researchers have concluded that a typical passphrase containing
only whole words is less secure than a much shorter, more complex password - I assume you're not
suggesting using a short complex password but to instead somehow alter the longer passphrase, to make
the passphrase more difficult to crack but still easy to remember? ... treat each word as character,
and apply varying combinations of those ... its hybrid attack. ... (Security-Basics)
