Encryption Thoughts

Encryption will be a part of my security setup, but I'm new to this.
I don't need any details yet, I don't need softwares names yet, I just want to share thoughts about encryption in general.

I have been reading the manual of TrueCrypt and I'm sure that this counts for any good encryption software
and one thing catched my eyes.

(I have no link of this, but you can read this in the "TrueCrypt User Guide.pdf" (page 64),
when you download the zipped installation file of TrueCrypt)

So if the key and password is well choosen, it would take ME thousands and even millions of years to decrypt my personal data, which also means that ANYBODY ELSE, especially the bad guys, would need the same time to decrypt my personal data.

So why would I care if my personal data is stolen, directly by a hacker or indirectly by a malware.
The thief can NOT READ and will NEVER READ it, because he won't live thousands of years, just like me.

IMHO the only possible way for a bad guy to read an encrypted personal file is when he is able to read my RAM memory, where the personal file is in a decrypted state.
So I have questions about this possible and only weakness :
1. Are the bad guys or malwares able to read the RAM memory?
2. How big is that threat ?
3. If they are able to do this, does that mean that encryption is worthless?

On the other hand, I'm not an interesting target, because I'm just an average working guy without serious secrets.
So I don't really need encryption, but I like :
1. to protect myself in a special way : they can steal my data, as long they can't read it. That is my basic approach and the main reason why I will use encryption.
2. to get familiar with encryption out of interest.
3. to nag the bad guys and to discourage them of stealing my personal data, even a cookie, which means I will encrypt my system and data partition.

Of course there are members, who don't use encryption and what people don't do, people usually don't advice either, but this thread is about encryption. So I don't need negative comments, just because you don't encrypt.
I don't need stories about losing passwords and keys either, because that won't happen to me.

What do you think of all this ?

 

Yep, believe they can. However, disabling Clipbook in Services I think will help.

Pretty broad question depending on your regular security measures I would think. Many PW managing programs, example RoboForm have a setting for how long the password will stay in memory.

No.......just not fool proof much like any other security measures(s). Sorry, my answers probably only muddied up your questions even more.

 

Hello,
You don't want negative feedback, so ...
Well done, man, right on the spot! You're right.
Joking...
Seriously, someone can also read your data by sniffing the cables of your computer using hi-tech lab equipment (digital scope and such). Likelihood? As much as Elvis being an alien. You can easily forget about anyone reading your ram.
Mrk

 

Peter Gutmann, author of the seminal Secure Deletion of Data from Magnetic and Solid-State Memory wrote about this too: Data Remanence in Semiconductor Devices.

You know what, though? I think you should care much more about security holes in your system that would allow keyloggers to be installed, than hackers reading the RAM. "Hackers" won't read from your RAM, ever, if they can't get your hardware, and even if they can, it is such a hard and expensive task that unless you have unimaginably important secrets they won't even think of doing it. Even if they think you have something worth the effort, they would definitely focus on something such as trying to recover from the swap area on your disk, first.

The "clipboard" problem is actually a different one from the RAM and yes, it can be somewhat dangerous. Internet Explorer even allows a site to read from your clipboard. You can use a tool to clean your clipboard, or something like Password Safe that clears the clipboard automatically when minimized (or after an amount of time you decide).

 

@ThunderZ,
Thanks for your comments.
The service "Clipbook" is disabled by default in winXPproSP2. So that won't be a problem.

@Mrkvonic,
LOL. That won't really happen. I'm not an interesting target for high-tech people.
This sounds to me like people who are able to read what is hidden under the zeros of a zero-ed harddisk.

 

I'm not planning to spend money on this. Encryption will be enough in my case.

Which means that encryption is sufficient enough to protect my partitions, because they won't read my RAM.

Keyloggers are a different problem. As I said encryption is just a part of my security setup.

That is indeed a problem. So disabling the Clipbook isn't enough. I hope "Clipbook" and "Clipboard" are the same ?

 

If my system and data partition is encrypted, I don't have to worry about stolen data anymore. One worry less and encrypting is a one-time job and doesn't bother me anymore after that.
TrueCrypt is freeware and sufficient enough to make any file unreadable and makes unwanted decrypting as good as impossible.

 

No. The problems is IE-related... you can disable the clipboard behavior, though http://j-walkblog.com/index.php?/weblog/comments/spying_on_your_clipboard_contents/

 

If it is IE-related, it won't be a problem either, because I use Firefox for all my surfings and searches.

 

That's a very bad conclusion from many aspects.
1, There is no external indication from a PC that hints at whether it contains valuable personal or financial data. A cracker or data thief won't know this until he's into your system. Viewed from the net, targets are targets.
2, Don't under-estimate the value of your system alone. Poorly defended system have value to them as zombie units or spam mailers.
3, There's always your e-mail address book, with links to potentially more valuable PCs.

Right. Only if you write them down or store them in a text file. I've had a few encrypted archives that I've never managed to open again for exactly that reason.
Regarding reading your RAM, there's a much better chance of your passwords being harvested by a trojan or keylogger.
Do you need encryption? If you can answer yes to any of these questions, you should consider it.
Do you use your PC for any financial work involving account numbers or passwords.
Do you have or exchange any messages, e-mails, etc that might be embarrasing, incriminating, or could potentially cause any legal or employment problems if they were publicly available?
Do you visit any sites or have any images or pictures that you wouldn't want your spouse or partner to see or know about?
Do you use P2P for copyrighted material, music, movies, cracked software, etc?
Any medical records on your PC?
Just think about anything that you might want to keep private or unavailable. If it's on your PC, consider using encryption.
Rick

 

herbalist,
Encryption will be a part of my security, necessary or not, target or no target, it doesn't matter.
In this thread I'm trying to find out, were encryption fails.
I don't see any good arguments yet, except stories with 0.01% chance or less.

 

Erik, encryption fails when it's bad encryption. For that, you should only use reputable encryption programs that use algorithms known to be secure. Avoid at all costs anything that uses "secret" algorithms or that claims to be "impossible to break". Any algorithm can be broken (apart from One-Time Pads, which are unusable for almost every use in existence, and definitely for regular tasks); if the algorithm is strong it won't matter at all if the key is badly chosen, or if the program's implementation is faulty. However, a good program that uses a well known "secure" algorithm and a good key is certainly beyond the capability of even the most skilled hacker.

 

A number of factors can cause encryption to fail besides weak passwords and compromised systems. BTW, the number of systems compromised by keyloggers and trojans is far, far higher than 0.01%. Rootkits have to be counted here as many of them can steal passwords and evade detection by most security apps.
Password being cached either in the app itself or in the OS.
Backdoors designed into the application. In our post 9/11 society, don't discount this possibility. It's been claimed that the standard versions of PGP have one, which I can't prove or disprove.
Weak or untested algorithms. There's a lot of these in use.
Flaws or exploitable code in the application that allow bypassing of the password. The use of global hooks. Often easier than brute forcing a good password.

Most of the good encryption apps themselves don't fail, save for NSA or CIA backdoors. The operating system is exploited or compromised more often than the encryption program, but it yields the same results. You said that you didn't want details or software names. That makes it difficult to be any more specific about when or how encryption will fail, or am I missing something in your question?
Rick

 

So TrueCrypt is really a bad encryption program?
If that is really true, what about this one :
DriveCrypt Plus Pack
http://www.securstar.com/products_drivecryptpp.php


@herbalist,
Why do you think I will use a weak password or key?
If I encrypt I will do it right. I'm new, but not stupid.

Another thing is that I'm working on a special system partition, that has never been ON-LINE.
Each time, I want to work on that special system partition, I zero my harddisk first and disconnect myself from the internet and then I restore that special system partition on my harddisk.
If I ever encrypt the first time, I will do it in this special system partition and do a backup, before I go ON-LINE.
So whatever happens ON-LINE, I only need to restore that special system partition and everything is OK again.
And yes I will write my password and key down on a sheet of paper and put it in my installation file.

 

I don't know about DriveCrypt (I heard the name though, and I never saw bad comments about it).

TrueCrypt is a really good encryption program. I never said it was bad, why did you assume I said it?

 

I assumed this, because I already mentioned my encryption program : TrueCrypt and you were talking about a good encryption program, without mentioning TrueCrypt, so I thought TrueCrypt wasn't a good one.
If it is a good enough, than I don't need to buy one.

Isn't it normal, when I use TrueCrypt, that I will take a GOOD key and a GOOD password and all the rest will be good too? I only have to learn HOW. These are details and wasn't the goal of my thread.

 

I can't handle all things together. What has IE and keyloggers to do with encryption anyway? This thread is about encryption only.
My entire encryption will be done off-line with a clean system partition without IE, without keyloggers and without any other threat.

Why do I have to do special actions to safe my critical data. Everything will be encrypted, including critical data.
I don't go backwards either, encryption is a step forward. Maybe not for you, but that is just an opinion.

No, I need better arguments than this, nothing in this thread indicates that encryption fails, except when the encryption has been done badly.
Well EVERYTHING that has been done badly, will fail sooner or later, just do it right. That's not an argument for not using encryption.

Once my encryption is done WELL, I don't need to worry anymore about what is on my system or data partition.
My backup of my system and data partition have exactly the same procedure, only the partition letters and backup file names are different and I have only TWO backups.
I stick to my original plan and encryption will be a part of it.

 

Eric,

I think you misunderstand one thing.

You wrote:
"So why would I care if my personal data is stolen, directly by a hacker or indirectly by a malware."

If your encrypted volumes are open and in use, they are vulnerable. If someone can get to it - they can read it. When a volume is opened, it is decrypted on-the-fly.

If you are counting on your data somehow not being readable because it's encrypted, remember, that's while you have your encrypted volumes closed. As long as they are open - they are decrypted on the fly from your computer. Your data is only safe while they reside encrypted on your data partition and you cannot see it, manipulate it or use it in any way. As soon as you open a volume to read and look at the data, it is vulnerable to being read by anyone - including online snoops who could then steal your data - and it would very much matter if they "stole your data."

It's not an "I can see it - but they can't" sort of thing. If I have remote control over your PC and steal the data while a volume is open - it's mine. The magic of encryption is hiding the data while you're not working with it. I get the feeling by reading the above that you think you are safe from anybody "stealing your data" because it's in an encrypted volume. That's only true when the volume is closed. (While you are not online or closed while online)

If they get a volume file, container, whatever you would like to call it, they aren't going to get a thing; not with good software (and TrueCrypt is good) and a good password policy. It would take an adversary years. But when YOU open that volume - and you're connected to the net - a single Word file (for example) could be stolen and read. The fact it resides - when you are offline in an encrypted volume - won't make a bit of difference. With that said, with all your other security measures, the chances of someone snooping around and stealing data is remote. But, as long as those volumes are OPEN, it is theoretically possible. If YOU can see it and read it - so can an attacker if they're in your computer via hacking or malware.

By the way, you asked what keyloggers had to do with encryption. The answer is everything. They can't brute force a well-encrypted volume or partition. So, what's the easiest way to get it? A keylogger that captures your key strokes as you open a volume. That's why, with encryption, security against keyloggers is a must.

All the best.......Gerard

 

Not sure about reading the RAM, but what about swap files? Temp files?

 

Gerard Morentzy,
Thanks alot for explaining how encryption really works.

This encryption software however, seems to work smarter and only decrypts a part of an open file, while the rest remains encrypted on the harddisk.

DriveCrypt Plus Pack (DCPP)
http://www.securstar.com/products_drivecryptpp.php

Concerning keyloggers :
Keyloggers are ALWAYS capturing your keystrokes with or without encryption, so they have nothing to do with encryption.
You need a security against keyloggers anyway with or without encryption.

 

I didn't say anything close to that. How did you get that from my post? The "general questions" you've asked have been answered by several people. If they aren't what you want to hear, ask a more specific question.

 

OK guys, I explain it better.

1. Why would I waste my time on bad or mediocre encryption programs, if there are good ones ?
A good encryption program has everything to make a good encryption possible. All the rest isn't worth to talk about. Problem solved, I will choose a GOOD encryption program.

2. Why would I spoil a good encryption program with a bad password or bad key or bad algorithm ?
It seems very clear and logical to me that you don't do that, but these are details for later.

3. What have malwares (keyloggers, trojans, whatever) to do with encryption ?
Of course malwares can compromise legitimate softwares, including encryption softwares, but this can happen to any software, from A to Z.
These malwares require another solution and that's another chapter for me.

4. Why do I need encryption? Privacy, like anybody else.
I don't like to pay attention to what I type in personal files, that would make me paranoid.
If I mention my name and full address in a letter, including my bank-account and visa card data, I like to do this without thinking about security, because one day I will forget it anyway.
To solve this problem once and for all : TOTAL ENCRYPTION and I don't have to think about it anymore
and I can keep these files on my data partition, like any other file.

1. The only weakness of encryption seems to me OPEN encrypted files. They are vulnerable, because they are NOT encrypted anymore.
2. Other problems can be RAM, SWAP area, Clipbook, Clipboard, that require cleaning. That's what I learned from this thread so far.

What can we do about that ?