Discussion in 'privacy technology' started by axemmiw905, Mar 8, 2012.
which is stronger??
I wish I could answer the question you asked.
I am in a position to tell you that TC is rock solid and cannot be broken by any means I am aware of. Assuming you follow the security precautions and use long solid passwords you are very safe using TC. There are tons of court cases and federal agencies that have "come up empty" when trying to break TC encryption.
I am a long time user and study TC at length. Its rock solid.
Do you realise that OpenBSD is an operating system?
"The PC's BIOS among many other functions also provides a simple routine to read data in from the keyboard. Information about the keys pressed are stored in a ring buffer that provides space for about 16 characters. As Jonathan Brossard has shown in a paper and presented at DEFCON 16, the buffer's contents may be availlable for a while after it has been read by the BIOS. Chances are that passwords of the BIOS or disk encryption software can be recovered."
TrueCrypt with Pre-Boot Authentication and you need more than 16 characters.
You make a valid point. Although by shear brute force 16 Char. Random password is infeasible to crack. I would still suggest longer to help future proof the data, as 5 years from now 16 chars, may be doable and if an attacker as a static copy of the cipher text they can wait and brute force it than.
I think that when HTTPS mentioned 16 characters, what he meant was that, because the buffer can hold up to 16 characters, your password should be longer than that so that the values in the buffer get overwritten.
So basically we would arrive at a simple formula where your password's "practical" character count is PCC=C-16 (where PCC is the number of characters in our password that the attacker would actually need to brute force, and C is the total number of characters in your password). So if you wanted an ASCII 131bit password (PCC=20 characters), then the value of C would be PCC+16 = 20+16 = 36 characters.
This way even if the attacker manages to get to the buffer, he will have only obtained 16 out of the 36 characters, and he would still need to brute force the remaining 20 (or find another method to obtain them).
Is that more or less what you mean HTTPS?
Makes sense. Thanks!
Right. In OpenBSD, vnconfig and mount_vnd can encrypt disk images using Blowfish. -http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8 I don't see that it can do full system encryption, however.
In Linux, of course, there's encrypted LVM (based on dm-crypt and LUKS) which handles full system encryption, with everything encrypted but boot partition. It's part of the alternative install CD in Debian, Ubuntu, etc.
In FreeBSD, geli handles full system encryption, and everything can be encrypted but boot partition. -http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8 I've never used it, but it seems analogous to encrypted LVM in Linux.
Truecrypt encrypts disk images in all operating systems that will run it, but only does full system encryption in Windows (as far as I know).
The OP asks: "which is stronger??"
If I wanted full system encryption (with everything encrypted but boot partition) in a BSD system, I'd choose FreeBSD with geli
For disk image encryption on OpenBSD, I'd probably pick Truecrypt over vnconfig/mount_vnd, because I'm familiar with it, and because I could easily access encrypted volumes on machines running other operating systems. I'm not qualified to say which is "stronger", however.
Below is a nice list to look through for TC alternatives. I use TC myself, but there are some other good options out there. Hell, you could encrypt something with TC, and then encrypt the TC container with another encryption algorithm using different software. I don't think its necessary, but I know of some users that do this. One alternative to TC is DiskCrytor. I use it also, and it is a Nice open source alternative for full disk Encryption! You can find it here -http://en.wikipedia.org/wiki/DiskCryptor
Here is the list of encryption options, but it is not complete -http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
Separate names with a comma.