Dual encryption: Twice the protection??

Discussion in 'privacy technology' started by pencarrow, Oct 17, 2014.

  1. pencarrow

    pencarrow Registered Member

    Joined:
    Sep 23, 2014
    Posts:
    5
    Location:
    New Orleans, LA
    The question is: If I first encrypt a file, then move that encrypted file into TrueCrypt, do I get the benefit of dual encryption giving me twice the protection of simply moving an unencrypted file into TrueCrypt?

    I suspect this has been addressed in these forums but I don't believe I'm using the right key words for the search.
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    IMHO, individually encrypting a file in a TrueCrypt volume does have some merit because when a TrueCrypt volume is mounted, malware/hackers can otherwise read the files.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    There is only going to be "twice the protection" IF the different systems use completely different cryptography (key generation and strength, magic numbers, entropy generators and random number sources, encryption algorithm and chaining), different crypto libraries implemented by different people.

    Since we're talking Truecrypt, as you likely know, that already offers the facility of chaining 3 different crypto methods on each container which protects against weakness in any one of them.

    And then there's the assumption that they are both implemented correctly, fully audited, and that you trust the providers not to have weakened it or put backdoors in.

    And then you have to trust you haven't got a system weakness (e.g. keystroke loggers) which would defeat both equally.

    What you do know for sure is that it will be twice the work to maintain and administer. It's important to keep backups and be able to recover the data, storing recovery keys/headers securely and so on, and knowing how to recover. If we're talking EFS, this is not easily transportable between machines or accounts unless you make it so.

    As MrBrian points out, one issue with any container based encryption, once it is opened, is that all the files are available to any user-mode malware running at the time - and this is often also true for other user accounts on the system unless you're very careful with account permissions. EFS wouldn't help in this context because it will open transparently (which is the whole point of EFS).

    When Truecrypt offspring emerge, I sincerely hope they will implement some form of disk firewall, so that all files are not laid bare to all processes when the container is opened. Unfortunately, we live in a world where we cannot trust our own computer environment.
     
    Last edited: Oct 20, 2014
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Assuming it's properly implemented, the encryption itself is most likely the strongest part of the package. In effect, you're trying to strengthen the strongest link in a chain. Encryption is most often defeated by exploiting the operating system or the encryption application itself, the weakest links. These are where your efforts should be concentrated. Using a second layer of encryption can be useful, especially if both layers are never opened on the same PC.
     
Loading...