Encryption Thoughts

Discussion in 'privacy technology' started by ErikAlbert, May 18, 2006.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Encryption will be a part of my security setup, but I'm new to this.
    I don't need any details yet, I don't need softwares names yet, I just want to share thoughts about encryption in general.

    I have been reading the manual of TrueCrypt and I'm sure that this counts for any good encryption software
    and one thing catched my eyes.
    (I have no link of this, but you can read this in the "TrueCrypt User Guide.pdf" (page 64),
    when you download the zipped installation file of TrueCrypt)

    So if the key and password is well choosen, it would take ME thousands and even millions of years to decrypt my personal data, which also means that ANYBODY ELSE, especially the bad guys, would need the same time to decrypt my personal data.

    So why would I care if my personal data is stolen, directly by a hacker or indirectly by a malware.
    The thief can NOT READ and will NEVER READ it, because he won't live thousands of years, just like me.

    IMHO the only possible way for a bad guy to read an encrypted personal file is when he is able to read my RAM memory, where the personal file is in a decrypted state.
    So I have questions about this possible and only weakness :
    1. Are the bad guys or malwares able to read the RAM memory?
    2. How big is that threat ?
    3. If they are able to do this, does that mean that encryption is worthless?

    On the other hand, I'm not an interesting target, because I'm just an average working guy without serious secrets.
    So I don't really need encryption, but I like :
    1. to protect myself in a special way : they can steal my data, as long they can't read it. That is my basic approach and the main reason why I will use encryption.
    2. to get familiar with encryption out of interest.
    3. to nag the bad guys and to discourage them of stealing my personal data, even a cookie, which means I will encrypt my system and data partition.

    Of course there are members, who don't use encryption and what people don't do, people usually don't advice either, but this thread is about encryption. So I don't need negative comments, just because you don't encrypt.
    I don't need stories about losing passwords and keys either, because that won't happen to me.

    What do you think of all this ?
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Yep, believe they can. However, disabling Clipbook in Services I think will help.



    Pretty broad question depending on your regular security measures I would think. Many PW managing programs, example RoboForm have a setting for how long the password will stay in memory.



    No.......just not fool proof much like any other security measures(s). Sorry, my answers probably only muddied up your questions even more. :doubt:
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    You don't want negative feedback, so ...
    Well done, man, right on the spot! You're right.
    Joking...
    Seriously, someone can also read your data by sniffing the cables of your computer using hi-tech lab equipment (digital scope and such). Likelihood? As much as Elvis being an alien. You can easily forget about anyone reading your ram.
    Mrk
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Peter Gutmann, author of the seminal Secure Deletion of Data from Magnetic and Solid-State Memory wrote about this too: Data Remanence in Semiconductor Devices.

    You know what, though? I think you should care much more about security holes in your system that would allow keyloggers to be installed, than hackers reading the RAM. "Hackers" won't read from your RAM, ever, if they can't get your hardware, and even if they can, it is such a hard and expensive task that unless you have unimaginably important secrets they won't even think of doing it. Even if they think you have something worth the effort, they would definitely focus on something such as trying to recover from the swap area on your disk, first.

    The "clipboard" problem is actually a different one from the RAM and yes, it can be somewhat dangerous. Internet Explorer even allows a site to read from your clipboard. You can use a tool to clean your clipboard, or something like Password Safe that clears the clipboard automatically when minimized (or after an amount of time you decide).
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Erik

    I would be willing to bet that every person asking for help thought it wouldn't happen to them.

    One thought though. If you really have data you want to protect but be able to use that might be better than encryption.

    Lacie has some external USB bus powered drives, that don't use passwords for access. They use your fingerprint. I just bought a 40g one as it was cheaper then a 4g usb key. Thing is only 3in by 5 in by 1in. Works slick.

    http://www.lacie.com/products/range.htm?id=10036

    You might take a look as this as another means of protecting valued data.

    Pete

    PS. They also have on that encrypts the data.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    @ThunderZ,
    Thanks for your comments.
    The service "Clipbook" is disabled by default in winXPproSP2. So that won't be a problem.

    @Mrkvonic,
    LOL. That won't really happen. I'm not an interesting target for high-tech people.
    This sounds to me like people who are able to read what is hidden under the zeros of a zero-ed harddisk. :D
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm not planning to spend money on this. Encryption will be enough in my case.


    Which means that encryption is sufficient enough to protect my partitions, because they won't read my RAM.

    Keyloggers are a different problem. As I said encryption is just a part of my security setup.

    That is indeed a problem. So disabling the Clipbook isn't enough. I hope "Clipbook" and "Clipboard" are the same ?
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Erik

    Don't understand your logic. If the data isn't valuable enought to spend money on(Encryption software is free?) then why bother encrypting it.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If my system and data partition is encrypted, I don't have to worry about stolen data anymore. One worry less and encrypting is a one-time job and doesn't bother me anymore after that.
    TrueCrypt is freeware and sufficient enough to make any file unreadable and makes unwanted decrypting as good as impossible.
     
  10. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  12. herbalist

    herbalist Guest

    That's a very bad conclusion from many aspects.
    1, There is no external indication from a PC that hints at whether it contains valuable personal or financial data. A cracker or data thief won't know this until he's into your system. Viewed from the net, targets are targets.
    2, Don't under-estimate the value of your system alone. Poorly defended system have value to them as zombie units or spam mailers.
    3, There's always your e-mail address book, with links to potentially more valuable PCs.
    Right. Only if you write them down or store them in a text file. I've had a few encrypted archives that I've never managed to open again for exactly that reason.
    Regarding reading your RAM, there's a much better chance of your passwords being harvested by a trojan or keylogger.
    Do you need encryption? If you can answer yes to any of these questions, you should consider it.
    Do you use your PC for any financial work involving account numbers or passwords.
    Do you have or exchange any messages, e-mails, etc that might be embarrasing, incriminating, or could potentially cause any legal or employment problems if they were publicly available?
    Do you visit any sites or have any images or pictures that you wouldn't want your spouse or partner to see or know about?
    Do you use P2P for copyrighted material, music, movies, cracked software, etc?
    Any medical records on your PC?
    Just think about anything that you might want to keep private or unavailable. If it's on your PC, consider using encryption.
    Rick
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    herbalist,
    Encryption will be a part of my security, necessary or not, target or no target, it doesn't matter.
    In this thread I'm trying to find out, were encryption fails.
    I don't see any good arguments yet, except stories with 0.01% chance or less.
     
  14. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Erik, encryption fails when it's bad encryption. For that, you should only use reputable encryption programs that use algorithms known to be secure. Avoid at all costs anything that uses "secret" algorithms or that claims to be "impossible to break". Any algorithm can be broken (apart from One-Time Pads, which are unusable for almost every use in existence, and definitely for regular tasks); if the algorithm is strong it won't matter at all if the key is badly chosen, or if the program's implementation is faulty. However, a good program that uses a well known "secure" algorithm and a good key is certainly beyond the capability of even the most skilled hacker.
     
  15. herbalist

    herbalist Guest

    A number of factors can cause encryption to fail besides weak passwords and compromised systems. BTW, the number of systems compromised by keyloggers and trojans is far, far higher than 0.01%. Rootkits have to be counted here as many of them can steal passwords and evade detection by most security apps.
    Password being cached either in the app itself or in the OS.
    Backdoors designed into the application. In our post 9/11 society, don't discount this possibility. It's been claimed that the standard versions of PGP have one, which I can't prove or disprove.
    Weak or untested algorithms. There's a lot of these in use.
    Flaws or exploitable code in the application that allow bypassing of the password. The use of global hooks. Often easier than brute forcing a good password.

    Most of the good encryption apps themselves don't fail, save for NSA or CIA backdoors. The operating system is exploited or compromised more often than the encryption program, but it yields the same results. You said that you didn't want details or software names. That makes it difficult to be any more specific about when or how encryption will fail, or am I missing something in your question?
    Rick
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    So TrueCrypt is really a bad encryption program?
    If that is really true, what about this one :
    DriveCrypt Plus Pack
    http://www.securstar.com/products_drivecryptpp.php


    @herbalist,
    Why do you think I will use a weak password or key?
    If I encrypt I will do it right. I'm new, but not stupid.

    Another thing is that I'm working on a special system partition, that has never been ON-LINE.
    Each time, I want to work on that special system partition, I zero my harddisk first and disconnect myself from the internet and then I restore that special system partition on my harddisk.
    If I ever encrypt the first time, I will do it in this special system partition and do a backup, before I go ON-LINE.
    So whatever happens ON-LINE, I only need to restore that special system partition and everything is OK again.
    And yes I will write my password and key down on a sheet of paper and put it in my installation file.
     
  17. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I don't know about DriveCrypt (I heard the name though, and I never saw bad comments about it).

    TrueCrypt is a really good encryption program. I never said it was bad, why did you assume I said it? o_O
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I assumed this, because I already mentioned my encryption program : TrueCrypt and you were talking about a good encryption program, without mentioning TrueCrypt, so I thought TrueCrypt wasn't a good one.
    If it is a good enough, than I don't need to buy one.

    Isn't it normal, when I use TrueCrypt, that I will take a GOOD key and a GOOD password and all the rest will be good too? I only have to learn HOW. These are details and wasn't the goal of my thread. :)
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Erik

    One of the biggest weakness's you face are your own assumptions. In the discussion above you said IE wasn't a problem because you use Firefox. An assumption and possibly a bad one. You might not be using IE to browse, but you might be using some other program that in fact uses IE to display windows. I have 3 of them. An the reality is to say I won't use them doesn't work.

    As you add these layers of complexity you up the number of problems considerably. You are making the decisions backwards. You've decided on encryption and are diving in. What might be better is: 1st Do you have data that is really critical to protect. (You once said no). If no, forget encryption. If so, and the data is really critical, then store it on an external drive, and keep it off unless you need it. The kiss principle.

    Pete
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I can't handle all things together. What has IE and keyloggers to do with encryption anyway? This thread is about encryption only.
    My entire encryption will be done off-line with a clean system partition without IE, without keyloggers and without any other threat.

    Why do I have to do special actions to safe my critical data. Everything will be encrypted, including critical data.
    I don't go backwards either, encryption is a step forward. Maybe not for you, but that is just an opinion.

    No, I need better arguments than this, nothing in this thread indicates that encryption fails, except when the encryption has been done badly.
    Well EVERYTHING that has been done badly, will fail sooner or later, just do it right. That's not an argument for not using encryption.

    Once my encryption is done WELL, I don't need to worry anymore about what is on my system or data partition.
    My backup of my system and data partition have exactly the same procedure, only the partition letters and backup file names are different and I have only TWO backups.
    I stick to my original plan and encryption will be a part of it. :)
     
  21. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Eric,

    I think you misunderstand one thing.

    You wrote:
    "So why would I care if my personal data is stolen, directly by a hacker or indirectly by a malware."

    If your encrypted volumes are open and in use, they are vulnerable. If someone can get to it - they can read it. When a volume is opened, it is decrypted on-the-fly.

    If you are counting on your data somehow not being readable because it's encrypted, remember, that's while you have your encrypted volumes closed. As long as they are open - they are decrypted on the fly from your computer. Your data is only safe while they reside encrypted on your data partition and you cannot see it, manipulate it or use it in any way. As soon as you open a volume to read and look at the data, it is vulnerable to being read by anyone - including online snoops who could then steal your data - and it would very much matter if they "stole your data."

    It's not an "I can see it - but they can't" sort of thing. If I have remote control over your PC and steal the data while a volume is open - it's mine. The magic of encryption is hiding the data while you're not working with it. I get the feeling by reading the above that you think you are safe from anybody "stealing your data" because it's in an encrypted volume. That's only true when the volume is closed. (While you are not online or closed while online)

    If they get a volume file, container, whatever you would like to call it, they aren't going to get a thing; not with good software (and TrueCrypt is good) and a good password policy. It would take an adversary years. But when YOU open that volume - and you're connected to the net - a single Word file (for example) could be stolen and read. The fact it resides - when you are offline in an encrypted volume - won't make a bit of difference. With that said, with all your other security measures, the chances of someone snooping around and stealing data is remote. But, as long as those volumes are OPEN, it is theoretically possible. If YOU can see it and read it - so can an attacker if they're in your computer via hacking or malware.

    By the way, you asked what keyloggers had to do with encryption. The answer is everything. They can't brute force a well-encrypted volume or partition. So, what's the easiest way to get it? A keylogger that captures your key strokes as you open a volume. That's why, with encryption, security against keyloggers is a must.

    All the best.......Gerard
     
  22. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    Not sure about reading the RAM, but what about swap files? Temp files?
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Gerard Morentzy,
    Thanks alot for explaining how encryption really works.

    This encryption software however, seems to work smarter and only decrypts a part of an open file, while the rest remains encrypted on the harddisk.

    DriveCrypt Plus Pack (DCPP)
    http://www.securstar.com/products_drivecryptpp.php
    Concerning keyloggers :
    Keyloggers are ALWAYS capturing your keystrokes with or without encryption, so they have nothing to do with encryption.
    You need a security against keyloggers anyway with or without encryption.
     
    Last edited: May 19, 2006
  24. herbalist

    herbalist Guest

    I didn't say anything close to that. How did you get that from my post? The "general questions" you've asked have been answered by several people. If they aren't what you want to hear, ask a more specific question.
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK guys, I explain it better.

    1. Why would I waste my time on bad or mediocre encryption programs, if there are good ones ?
    A good encryption program has everything to make a good encryption possible. All the rest isn't worth to talk about. Problem solved, I will choose a GOOD encryption program.

    2. Why would I spoil a good encryption program with a bad password or bad key or bad algorithm ?
    It seems very clear and logical to me that you don't do that, but these are details for later.

    3. What have malwares (keyloggers, trojans, whatever) to do with encryption ?
    Of course malwares can compromise legitimate softwares, including encryption softwares, but this can happen to any software, from A to Z.
    These malwares require another solution and that's another chapter for me.

    4. Why do I need encryption? Privacy, like anybody else.
    I don't like to pay attention to what I type in personal files, that would make me paranoid.
    If I mention my name and full address in a letter, including my bank-account and visa card data, I like to do this without thinking about security, because one day I will forget it anyway.
    To solve this problem once and for all : TOTAL ENCRYPTION and I don't have to think about it anymore
    and I can keep these files on my data partition, like any other file.

    1. The only weakness of encryption seems to me OPEN encrypted files. They are vulnerable, because they are NOT encrypted anymore.
    2. Other problems can be RAM, SWAP area, Clipbook, Clipboard, that require cleaning. That's what I learned from this thread so far.

    What can we do about that ?
     
    Last edited: May 19, 2006
Loading...
Thread Status:
Not open for further replies.