Truecrypt vs OpenBSD ENCRYPTION

Discussion in 'privacy technology' started by axemmiw905, Mar 8, 2012.

Thread Status:
Not open for further replies.
  1. axemmiw905

    axemmiw905 Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    35
    which is stronger??
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I wish I could answer the question you asked.

    I am in a position to tell you that TC is rock solid and cannot be broken by any means I am aware of. Assuming you follow the security precautions and use long solid passwords you are very safe using TC. There are tons of court cases and federal agencies that have "come up empty" when trying to break TC encryption.

    I am a long time user and study TC at length. Its rock solid.
     
  3. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    Do you realise that OpenBSD is an operating system? o_O
     
  4. HTTPS

    HTTPS Registered Member

    Joined:
    Apr 4, 2012
    Posts:
    12
    o_O

    https://en.wikipedia.org/wiki/Keyboard_buffer

    http://computer.forensikblog.de/en/2009/04/reading-passwords-from-the-keyboard-buffer.html

    "The PC's BIOS among many other functions also provides a simple routine to read data in from the keyboard. Information about the keys pressed are stored in a ring buffer that provides space for about 16 characters. As Jonathan Brossard has shown in a paper and presented at DEFCON 16, the buffer's contents may be availlable for a while after it has been read by the BIOS. Chances are that passwords of the BIOS or disk encryption software can be recovered."

    TrueCrypt with Pre-Boot Authentication and you need more than 16 characters.
     
  5. x942

    x942 Guest

    You make a valid point. Although by shear brute force 16 Char. Random password is infeasible to crack. I would still suggest longer to help future proof the data, as 5 years from now 16 chars, may be doable and if an attacker as a static copy of the cipher text they can wait and brute force it than.
     
  6. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    I think that when HTTPS mentioned 16 characters, what he meant was that, because the buffer can hold up to 16 characters, your password should be longer than that so that the values in the buffer get overwritten.

    So basically we would arrive at a simple formula where your password's "practical" character count is PCC=C-16 (where PCC is the number of characters in our password that the attacker would actually need to brute force, and C is the total number of characters in your password). So if you wanted an ASCII 131bit password (PCC=20 characters), then the value of C would be PCC+16 = 20+16 = 36 characters.

    This way even if the attacker manages to get to the buffer, he will have only obtained 16 out of the 36 characters, and he would still need to brute force the remaining 20 (or find another method to obtain them).

    Is that more or less what you mean HTTPS?
     
    Last edited: Apr 7, 2012
  7. x942

    x942 Guest

    :thumb: Makes sense. Thanks!
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Right. In OpenBSD, vnconfig and mount_vnd can encrypt disk images using Blowfish. -http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8 I don't see that it can do full system encryption, however.

    In Linux, of course, there's encrypted LVM (based on dm-crypt and LUKS) which handles full system encryption, with everything encrypted but boot partition. It's part of the alternative install CD in Debian, Ubuntu, etc.

    In FreeBSD, geli handles full system encryption, and everything can be encrypted but boot partition. -http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8 I've never used it, but it seems analogous to encrypted LVM in Linux.

    Truecrypt encrypts disk images in all operating systems that will run it, but only does full system encryption in Windows (as far as I know).

    The OP asks: "which is stronger??"

    If I wanted full system encryption (with everything encrypted but boot partition) in a BSD system, I'd choose FreeBSD with geli

    For disk image encryption on OpenBSD, I'd probably pick Truecrypt over vnconfig/mount_vnd, because I'm familiar with it, and because I could easily access encrypted volumes on machines running other operating systems. I'm not qualified to say which is "stronger", however.
     
  9. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    :thumb:
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Below is a nice list to look through for TC alternatives. I use TC myself, but there are some other good options out there. Hell, you could encrypt something with TC, and then encrypt the TC container with another encryption algorithm using different software. I don't think its necessary, but I know of some users that do this. One alternative to TC is DiskCrytor. I use it also, and it is a Nice open source alternative for full disk Encryption! You can find it here -http://en.wikipedia.org/wiki/DiskCryptor

    Here is the list of encryption options, but it is not complete -http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
     
    Last edited: Apr 7, 2012
Loading...
Thread Status:
Not open for further replies.