way for unusable files on another computer

Discussion in 'encryption problems' started by Fiberlight, Jan 2, 2016.

  1. Fiberlight

    Fiberlight Registered Member

    Joined:
    Jan 2, 2016
    Posts:
    3
    hello

    Is there any way that stolen files from a computer can not be used on another computer

    And only be used on the main computer?

    i have veraCrypt and encrypt my files with it but when i open veraCrypt and show veraCrypt mount drive

    data are transferable by malware. is there a way for this problem?

    I'm sorry if my English is not good
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    You could also encrypt individual files. For example, KeePass database (.kdbx) files are encrypted. Or you can use GnuPG with symmetric passphrases.
     
  3. Fiberlight

    Fiberlight Registered Member

    Joined:
    Jan 2, 2016
    Posts:
    3
    please explain more

    There is another application for this job?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Well, KeePass is a password management app. And GnuPG is a encryption app.

    Encrypting stuff won't keep malware or adversaries from stealing your stuff. But it will be useless.

    My point is that full-disk encryption and file-level encryption complement each other.
     
  5. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    Applications like keepass only offer encryption at rest which is a lot like a lock box. You can put stuff in, but the moment you unlock the lock box, anyone that has access to your computer physically or remotely could access/steal the contents. There are a number of different solutions available for file encryption that could benefit you if your interested, but keep in mind the limitation. The environmental conditions (states) or variables of your system and network could theoretically be used to determine if a file should be eligible for decryption. Bruce Schneier discusses something along these for usage by a clueless agent system, but i'm not aware of any really decent encryption or file management solutions that offer this type solution. Largely because most applications and services follow the (PKI) model for using keys and other credentials to authenticate. Only advise that I can give is use database/file encryption and try to store sensitive or confidential data externally off of your local system. It's better to access it on-demand.


    https://www.schneier.com/cryptography/archives/1998/06/environmental_key_ge.html
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Yes, it's a hard problem. FDE only protects when the system is off. File-based encryption only protects when files are encrypted. The most secure approach, as Techwiz says, is keeping sensitive stuff offline. That, and keeping adversaries and malware out of your systems :)
     
  7. Fiberlight

    Fiberlight Registered Member

    Joined:
    Jan 2, 2016
    Posts:
    3
    thanks Techwiz and mirimir
     
Loading...