Full (Whole) Disk Encryption - The Only Choice?

The 'whole world is out to get us' tin-foil hat mentality at its finest, seems to me.
With a nice helping of 'my way is the only proper way' arrogance tossed in.

Encryption should be based on need, nothing more.

I use ordinary vanilla TrueCrypt volumes for data which I want kept private and away from prying eyes.
That's because the data's only on my home desktop, and I have little concern over the FBI or NSA raiding my home.

It's also because I'm not holding government secrets or stashing away kiddie pr0n to transport across international borders.

Yet it's plenty strong, and not easily compromised-- not easily at all, regardless of your dire alarms to the contrary.

I'm not about to even consider doing as you suggest. That's because I have no need of that.
To suggest that everybody need do a thing 'just so' because it's what you deem need be done is preposterous and arrogant.

So is WDE "the only choice?" No. Not by a long shot.

Oh, absolutely. That, plus the fear-mongers, eh what?

 

There's a middle ground, I believe. For many reasons, it's wise to segregate private and non-private work on separate machines (real and/or virtual). Doing so, one can use whole-disk encryption for the private data, without fear that everything might be lost (beyond the usual fear that drives backing up, that is).

And BTW, PooseyII, what's your opinion re Linux dm-crypt?

 

Yet hardly the manner you chose to proffer it originally.

No 'luck' needed. You neglected to quote the rest of my remark there:

 

I use TrueCrypt volumes for personal stuff. And when I have a file that I want to come back and read later I just right click and use AxCrypt and throw it in a "catch up later" folder. As long as I do not have a keylogger on my comp I don't see any need to do any more than this. However, I am considering encrypting my laptop just to see what it's like. If it's easy to do and easy to deal with on a regular basis I'm all for it, whether it appears to be necessary or not. I find it empowering.

 

I agree with Poosey if you have anything of a private nature on your computer. Tin foil not required. Windows now just leaves too much around to expect it all to be cleaned up with the CCleaner's and such. Full disc encryption has become very easy to deploy and use, with few risks if done correctly (no more so than volumes), that it only makes sense at this point.

 

I think the important thing here is that people realize that operating systems stash data all over the place. So that file you think you have securely shredded can easily be retrieved using a system restore feature to restore the system to a previous point. There are also issues with swap files, shadow files and other things.

This means that data you had on an encrypted volume that is viewed on a non-encrypted system could also be retrieved.

People should know these things before deciding on a security strategy.

It all depends on the level of security one needs. Stopping casual perusal is much different than stopping a motivated and skilled attacker.

If the attacker is sufficiently motivated he will cut off your fingers

This brings me to another point, the more security the more the hassle and the more you bring your attacker into physical confrontation.

Put in a lot of security in your home and the attacker waits in your bushes and jumps you when you walk in.

Get rid of the bushes and put in some lights (best defense against burglary from what a few burglars have told me) and the attacker car jacks you down the street from your home and takes your keys, wallet, car and then burgles your house.

Basically people have to make an informed decision about the level of security they need and how to implement it.

 

Is that true for Linux dm-crypt with LVM?

I've read that one can get around home encryption that way, but not dm-crypt.

 

Even to do something as sophisticated as messing with the bootloader takes time and I'm not even certain as to what could be done and still decrypt the contents, at least anything that hasn't been fixed in current FDE products. However, physical security of the computer is paramount.

 

I recently came across a how-to for admins to access users' encrypted home folders in Linux. I'll see if I can find it again, and post the URL.

 

Well, if that's the case; there's no security at all. This would be on the front page of the NY Times, huge news, somebody would have done what all mathematicians/cryptographers thought impossible, etc. (if, in fact, there's a "how-to" of any kind to crack strong encryption). Color me highly suspect.

 

There is a current case winding it's way through the federal courts were a guy had KP on his system as he passed through customs from Canada to the US he also had some encrypted files. Now it is a question of whether one can be forced to give up their password or does the 5th amendment right to not self incriminate apply? The circuit court ruled no he cannot be compelled to give up his password. However I think, but cannot find it again, that I read the appellate court has overturned that ruling so they can now compel you to give up the password. It will probably go to the US supreme court.

Here are some links about that case:

http://www.theregister.co.uk/2008/01/16/encryption_password_showdown/
http://blogs.techrepublic.com.com/tech-news/?p=2052
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011503663.html

Another interesting related fact:

Back in the 1980's a reporter was jailed in the US for not revealing her sources. After three years in the federal jail the appellate or supreme court released her, and ruled that a person cannot be jailed for more than three years for refusing to comply with a court order. (there are issues of punishment fitting the crime and indefinite sentences generally not being allowed in the US)

So if you refuse to give up your password the worst they can do is put you away for three years.

So if you have the plans for your environmental protest that spiked a bunch of trees and it could get you 10yrs, keep your mouth shut and do the three

 

Yet he finds need of emphasizing his points with talk of pizza delivery men putting keyloggers on our machines, maids who work for the FBI loading kiddie pr0n onto them, and claim of the user's complete inability to keep anything private sans WDE.

 

It's often a case-by-case thing, but full (whole) disk encryption is, in my opinion, preferable in many cases because it covers bases that I've seen others (file-based) miss. Oftentimes, with file-based cryptographic applications, a developer might only consider the data that needs to be encrypted, but forget about the contextual metadata; Tadayoshi Kohno demonstrates this weakness in WinZip, which, despite using the provably-secure encrypt-then-authenticate composition, leaks enough information via [unauthenticated] metadata to mount a practical attack for reconstructing plaintext. I am by no means against file-based encryption; this type of problem can be fixed. However, with full (whole) disk encryption, you're encrypting everything, so not only do you avoid this problem altogether, you don't have to spend time classifying which data is more important than other data, and build a policy of sorts around which you decide what gets encrypted and what doesn't. Remember, the few security decisions you have to make, the better.

If this is for a laptop, my advice -- especially for the security-conscious layman -- is to first minimize the data you're lugging around on the laptop; think hard about whether or not you really need to carry around some types of sensitive information. Then, after you've weeded through that, encrypt what's left with full (whole) disk encryption, be it PGP Whole Disk Encryption, BitLocker, or TrueCrypt. (I think I prefer them in that order, too.) First, minimize; second, encrypt the whole dad-blamed thing. The idea behind this is simple: Data that doesn't exist is always more secure than data that does exist, and by encrypting everything else, you do just that -- encrypt the juicy stuff and the contextual and residual particles that may leak information about the aforementioned juicy stuff, and make plaintext recovery a lot easier than it should be. This policy is easy for any of us to enforce -- especially the layman; when it comes to security, take it as easy as you can get it.

On an unrelated note, I've been following Rubicon. My wife gets a kick out of the way the name sounds to her, since English isn't her native tongue (Brazilian). It's incredibly slow-paced, but I admit I'm into it.

 

If I recall correctly, which may be a big "if", it's because the Ubuntu "encrypted home" option relies on the user's login password to unlock the encryption key. Given physical access, a knowledgeable attacker can boot with a LiveCD, and reset the user's password. End of story. That's why I picked dm-crypt/LVM, FWIW (plus hiding root and swap). Anyway, perhaps I've misremembered.

 

Oh! Okay. I was misunderstanding what you were saying anyway. I thought you were saying someone was claiming they could access any and all encrypted information. That makes more sense now.