Re: Please advice me about the whole disk encryption software I bought

"macarró" <me@xxxxxxx> wrote in message news:gpic7e$325$1@xxxxxxxxxxxxxxxxxxxx
With your knowledge of encryption would you trust your important data to a product like DriveCrypt Plus Pack?

Looking at the information available, there are a lot of words said about DCPP but not much to actually make a reasoned decision on.

They do make some over the top claims, but these are largely of the out of control marketing department rather than the no one knows what they are doing department. Having dealt with out of control marketing departments before, I know this can be very difficult to get around.

At the same time they have left out information that is critical to delivering a good estimation of the actual security. The biggest omissions I see are that I could find no place where they mention if there is a Message Authentication Code in use, this is actually very important to most real-world security situations, and the second big omission is the lack of discussion of chaining mode.

The biggest concern I have is on http://www.securstar.com/products_drivecryptpp.php where it says "DCPP currently works on Windows NT /2000 /2003 /XP and Vista 32 bit (client and server versions)" this concerns me because full-disk encryption should be completely operating system indifferent.

While I do not see a reason to say "Don't trust this product," I also do not see much of anything to inspire my confidence either.

Do you think it can be broken?

It very much depends on your definition of broken.

From the original text that I snipped you said it was financial documents of
damaging importance, so I'm going to assume it is in a form similar to either a QuickBooks style database, or an Excel style spread***. Both of these reveal quite a bit of information through side channels, so with the lack of information available, I can only say maybe. The reason for this comes from some things inherent in FDE, in particular the bootable area, and the only working on Windows true full-disk encryption is completely operating system indifferent so this gives me some concern that it is mislabelled. So it is fairly likely that some information about the documents is leaked, but how much information cannot be easily determined without further investigation.

In most environments the weakest part of the security is the user passphrase. Passphrases like "guacamole" are relatively easy to guess, and the claimed resistence to password-guessing attacks is simply impossible in FDE without direct hardware support, and so short, easy to remember passphrases are typically the weakest link. Instead it is necessary to use high entropy passphrase. Where only short passwords are allowed this results in secure passwords that look like "kyjtyklid5g" and are very difficult to remember. Whenever possible a longer passphrase should be used, something like "I like my guacamole especially mild with chunks of ripe lychee" (btw, that sounds disgusting) will be vastly more difficult to guess. The best recommendation I have for passphrases is to use diceware (http://world.std.com/~reinhold/diceware.html) along with casino grade dice.
Joe

.