hi i'm still using truecrypt to encrypt can you help me to select the strongest truecrypt format settings? i'm talking about encryption algorithm & hash algorithm ,what should i select to have to strongest settings i google a lot and i got lots of conflicting opinions https://i.imgur.com/Kmj3SNj.png https://i.imgur.com/ALufQLL.png https://i.imgur.com/dNYrYUC.png and about veracrypt , i use only because it's updated and still developed ,and i use to encrypt partitions and i want to encrypt a new laptop https://i.imgur.com/VZgzYMh.png https://i.imgur.com/kwVO9VE.png thanks
hi for many users AES-Twofish-Serpent with SHA-512 should be the best but it 's slow ,it's not good for encrypt an entire laptop (operation system ) thanks
What on earth are you trying to protect. There used to be a truecrypt support thread. Go back and look at it. Count the number of posts by people saying how they were protected from something, and then count the number of posts of people asking for help getting back into their machines.
hi yes i have used the search engine well , my girlfriend's laptop she is a lawyer ,and she own an external hard disk ,with a partition with client data but i want to encrypt a new laptop (a lenovo) , truecrypt doesn't support UEFI , veracrypt yes 1) i would like to know the strongest settings to encrypt a partition 2) and a good balance of speed for the laptop thanks
We're talking about lawyer/client privileged data. I would suggest Bitlocker. Bitlocker offers many features that protect the lawyer as well as the client. If you are using windows, that is your biggest security risk not the encryption algorithm. There are so many backdoors into Windows. If the FBI wants the data, they will find a way to capture the password as it is typed in. It won't matter if it is TrueCrypt of Bitlocker.
Usually if it's something that needs protecting the law firm will have the computer set up. Her IT department should handle it. If you do it and there is a problem it could cause problems for either of you.
hi she's young , she have not important clients but she want to protect hes work and their privacy so you suggest to use bitlocker and avoid truecrypt and veracrypt , do you? i have always tought truecrypt and veracrypt are better and more secure then bitlocker thanks
I suggest using 7zip & a long password but remember-able [like: GivethebirdaCadillac.]. And give each client their own folder so it doesn't take 10 minutes to open or becomes corrupt. I'd keep the same password rather 100's of passwords. Course have backup offline copies.
Mantra I am going to say something and I know it may sound harsh. You are trying to advise a young professional person, about something which clearly you know nothing about. If you knew enough you wouldn't be here asking questions. This to me is highly questionable ethics. She doesn't need any encryption, she needs to know how to protect her computer. Do you have any idea of the risks of what you are thinking of recommending. Does she. Why isn't she here at this forum herself. You are putting her and actually yourself at risk. Pete
Hi Pete do you mean to encrypt an entire laptop , can be a very risk? in case of password lost or veracrypt bug? she just asked me some advises ,what came soon in my mind it's to encrypt her data to keep secure ,for secure i mean nobody can read them do you mean log-in password is enough? her laptop came with w10 hi Pete i know you were always kind , i know you don't want to be rude , it's just that english is not my native language just because she knows nothing about computer and security outside installing an antivirus , i have used truecrypt in the past ,it was my first advise thanks Pete , apprecite it
I use both Bitlocker and Truecrypt, in different circumstances. I don't think you're talking about protecting against nation state stuff here. For a lot of reasons, assuming Windows, I'd recommend using system disk encryption using Bitlocker on a laptop that has a TPM chip. That way, on the many times one tends to boot-up/resume the laptop, you don't need to enter a long strong password. I take it you know the requirements for at-rest encryption password strength? Entering that every time is a pain. If you have any additional disks that are connected for client data or backup, those too can be automatically unlocked from the user account without consuming additional drive letters with Bitlocker, and without having to enter passwords every time (which are potentially vulnerable to keystroke loggers). In addition, if we're talking about something like W10, that can use the TPM to help protect against boot-level malware. I would also protect the account login, for example with a Yubikey HMAC dongle which supports Windows login. That means that the disk can't be accessed by accessing a weak user account. Then, on top of that, you can use Truecrypt/Veracrypt, to suit. I'd also recommend equipping the laptop with lots of memory and ssd so that you can run one or more virtual machines to do browsing and email and social media. Doing so greatly reduces the risk of your "real" filesystem (and data) becoming vulnerable to exfiltration or ransomware. Disk encryption is only part of the risk. If this is "too much", then by all means, get a technically inclined friend to help.
Hi Mantra. The only way any one can read plain text on her laptop is if she is careless with it, ie where she leaves it etc/ The problem with encryption is if something goes wrong every thing is lost. That's bad. In terms of her knowledge she should be here reading asking questions etc. That way she can learn. I realize she may be worried about her English. She shouldn't be. That we understand. Pete
no way ,just a lawyer can't release any information about his/her clients , even a leak could be the end of a career (even she/he is very young) she wants nobody can read all client data ,even her boyfriend , the clients data (docoments,voice recording anything must be "Sealed" well i will suggest Bitlocker maybe with the password in a usbstick or Yubikey HMAC or that's is a very good point , lost everything could be even worse @Peter2150 & @deBoetie thank you so much i will pass your advises
@mantra check if her laptop and hdd/ssd support hardware encryption. If they do, enable hardware encryption in the bios. It is much easier for most users. ps.password in a usb stick is not a good idea; if it gets lost she will be locked out from her data. Panagiotis
I like my solution the best. Legally & morally she has CYA herself. After all she's not a 3letter, a nation state nor a 419er type. What more can be asked of her? My solution is simple to teach & use.
One of the obvious other issues is that one is communicating sensitive stuff with other people. While you can't mandate the security practices of others, you can at least ensure you have a couple of options for secure encrypted communications and collaboration that keep different client's material distinct. There are a number of collaboration platforms, file-sharing systems and instant messaging platforms that are more or less secure. If one is into a CYA type scenario, one of the more important things is to at least attempt to articulate some kind of policy that you are operating, and being able to demonstrate that you are following it. This has to include things like responsibility (difficult when it's a small operation), incident response, retention and so on. There are jurisdiction and industry dependent requirements on these things, and they may require registration.
