Linux distro with LiveCD for secure online banking?

True. But you can buy a 16GB flash drive and put a TrueCrypt/Diskcryptor container on it yourself.

 

I use TrueCrypt daily. Do you know what hardware encryption is? It's a totally different animal.

 

Yes... I do. I just question if it is worth the extra cost is all.

http://www.h-online.com/security/ne...-with-hardware-encryption-cracked-895308.html

Seems pretty pointless to have "hardware crypto" on a stick, if
critical functions, like authentication, all happen in a vulnerable
piece of software on the computer (or on any other accessible chip).

You do love me, don't you?

 

I sure love you now man, I really do

 

How so? Arent things still done in software?
How are so called hardware encrypted USB sticks better than software encrypted USB sticks?

EDIT: Only advantage I can possibly see is that hardware encrypted discs may not be writable by the malicious entities..

 

I think any Linux LiveCD that has firewall and selinux or other as default will be helpfull.
Some distros don't have a firewall enabled at bootup.

You can probably get the same security as a LiveCD by using a VM and making a snapshot.

Attacks that don't care what OS you are running:
MITM's can affect Linux as well as Windows.
Browser malware. Let's hope there is no such thing, because nobody is looking for it.
Router attacks. Your router gets infected while using Windows then switch to LiveCD you still pwned.
Malware that lives in ram, survives a reboot and maybe has it's own file system. Information can survive in the non-paged pool for upto 14 days.

 

Back in January, several of these were, indeed, "cracked." it wasn't because of the hardware encryption though, it was because they used it in combination with software that revealed the password! Kingston did right by their customers and offered immediate replacements to drives that utilized straight hardware encryption i.e. the Vault series. That vulnerability was found on a limited number of drives and brands using that method. For example, see how Kingston dealt with the problem:
http://www.kingston.com/driveupdate/

It was also never a problem for the IronKey.

So, this is a non-issue.

There are many advantages. It's truly night and day. With all hardware encryption devices, all encryption/decryption is done on a chip onboard the flash drive itself. There is NO caching to memory. Also, forensic specialists cannot image a hardware encrypted drive to attempt a brute-force. Hardware encryption offers X number of attempts at the correct password before it securely erases itself. That kind of thing is worthless for software encryption as the partition or volume can first be imaged and they can try as many times as they want.

And again, those that used software in conjunction which hardware (which Matastasio linked to articles about) are now off the market.

As for hardware encryption and software, there really isn't any debate about which is preferable or "better," as hardware encryption is much better -- it's just very expensive.

IronKey offers an excellent page on the benefits of hardware encryption.
https://www.ironkey.com/hardware-encryption

Oh, yes Matastasio, you're still loved - even if you were wrong.

 

I want one of those Privatix on usb. Thanks for posting. Now I have to find how to get one.

Edit:

Okay, I thought this was a purchase of the usb with OS installed.

 

Thanks for the link

Hmmm.
Using conventional means, yes, hardware encryption is better. Using "creative" means, including physically breaking open the USB disc to get at the memory chips: I am not sure.

Yes, Truecrypt etc allows access to the (unencrypted) contents; and unlimited attacks. But that is the nice thing about it: the encryption algorithm has been designed to hold off those attacks.
Vulnerability to Cold Boot attacks, and write acess to the discs does make things more cumbersome, but they have workarounds.

So, software encryption is better but much more cumbersome.