Why I don't recommend people using full disk encryption

Discussion in 'privacy technology' started by DesuMaiden, Jul 6, 2015.

  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    The reason I don't recommend people using full-disk encryption (FDE) is because FDE is risky. I used to encrypt the current laptop I'm using. But the Windows 7 OS crashed and was buggy. So I wasn't able to properly boot up my Windows 7 OS from FDE. I wasn't able to reinstall Windows 7 from FDE because FDE prevented me from reinstalling Windows 7. So the only thing I could do was replace the previous HDD on my laptop with a new HDD. It cost me 125 dollars to replace the old HDD with a new HDD.

    If you have sensitive documents on your computer that you don't want someone to see, I recommend you saving them on an encrypted external storage device (like an encrypted thumbdrive or encrypted external HDD). There is no way an encrypted external storage device will malfunction like a Window's OS. Windows is a very unstable OS, and it may be possible for your Windows OS to crash or unable to boot at any time.

    If you have highly sensitive documents that you wouldn't want a three-letter agency from accessing, use hidden volumes on an external storage device. For example, store whatever sketchy documents an external encrypted thumbdrive or HDD with hidden volumes. If you really don't want a three-letter agency from accessing your documents, USE HIDDEN VOLUMES. Please do because otherwise they will sue your ass to hell.

    That's just my suggestion. Just avoid using FDE. Use hidden volumes if you truly have something to hide from someone.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Permit me to disagree, but as a friend not a jerk!! I have been using FDE for years and I could replace my system (even on a brand new disk if there was a hardware failure that required it) with a few clicks of buttons. With proper backups and great software tools maintaining a "restore" protocol is not too tough. My entire system disk can be restored in far under an hour on usb3 hardware. I do it all the time.

    Also, as security advice of sorts, let me remind you that the unencrypted operating system (in your model) will provide huge details about the files on your hidden encrypted volumes. The forensic trail produced by those operating systems while accessing the encrypted volumes will trash the value of trying to hide any data. These are not hollow words they are fact.

    Most good encryption software (lets pick on TrueCrypt since many here use it) allows you to open a system disk using simple tools in RAM, where you can effect some repairs avoiding the need for a complete re-write in many cases.

    All my thoughts on this. You are welcome to disagree!
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,045
    Location:
    USA
    You say that but I have had it happen. Had an external drive with TrueCrypt and lost everything on the drive. Don't know why. I was able to format it and use it again, but there was no possibility of recovering any of the files. As the stuff wasn't really sensitive to begin with, I just don't bother anymore. If it wasn't encrypted it either wouldn't have happened or some of the files may have been recoverable. If a three letter agency is looking at your stuff, you already have bigger problems.
     
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,511
    Location:
    USA - Back in a real State in time for a real Pres
    Why not pw protect individual files?
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Years ago, my files became corrupted while using PGP, I've never used file encryption since then, I also don't really need it.
     
  6. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Good point.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    I agree with Palancar that FDE is essential. Or at least, it is if you're using a system with persistent storage. Access to encrypted eternal drives will be logged, so you need to either wipe the logs, or hide them. Hiding the logs in a FDE system is one approach. Another approach is using a LiveCD, with no persistent storage. You could even keep your encrypted data online, and access it only via Tor using Tails.
     
  8. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    You could have done other things, you don't need to replace a $125 HDD unless the HDD is physically damaged. You could put a windows CD in and install windows over the FDE, the installer gives you the option to reformat and partition the HDD first therefore wiping the FDE and everything. If for some reason that wouldn't work you could get on another computer, download a live OS put it on a thumb drive, put it in your computers USB to boot off that and use a disk manager on it to wipe the HDD, delete the partitions reformat it etc and then install windows from the windows CD.
     
    Last edited: Jul 7, 2015
  9. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    I don't understand what prevented you from removing the existing partition and starting from scratch with the first drive? What am I missing?
     
  10. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    To chip in on disagreeing with the original proposition - the most important thing being that it's generally a bad idea to give general advice to people, because their threats and context may be quite different from yours. Not having FDE on a corporate laptop is a spectacularly bad idea, and may actually be illegal in some applications.

    Replacement of your HDD is not necessitated by FDE as noted by others. What's more, use of FDE actually makes disposal of failed hard drives more secure - and again, may be required by law.

    Again, echoing what's been said above, selective encryption without FDE still offers lots of forensic evidence (various traces and swap files), and this includes evidence that you've been using a hidden volume. Depending on your adversary, including those with a wrench, this will give you no protection. If you only open the hidden volume from a LiveCD, then that's different of course.

    There's nothing to stop you using FDE plus other forms of selective encryption - there are many reasons to do so. The FDE is like a starter for 10, which keeps out normal commercial threats. Of course, it does necessitate sound key and data management and backup processes, but then that's needed for many reasons if your data is important.

    As for "why not protect individual files" - let me enumerate the reasons! Unless you choose a very solid encryption utility (by this, I do not mean the ones built into the applications!), the protection is limited. Second, you need a long strong password for each file, and ideally this would be different for each file. You will have to recall and enter this every time. Third, normally, the filenames themselves are not encrypted, and frequently leak information. Fourth, passwords are vulnerable to KSL, so presuming your machine is under attack, then the attacker can simply wait till you've used your passwords, then come along and open them - and this could be done remotely. By contrast, password entry for FDE (with or without support for TPM) is done at a much earlier stage of boot, so there is less exposure to malicious processes.

    I am interested in an encrypted file system (possibly an external smart box), which requires a second factor (like a Yubikey), individually encrypts files, and optionally requires a key press to verify file opening. This would protect against remote attacks and KSL.
     
  11. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    I'm getting the feeling that this is much more of an issue with Windows being junk rather than FDE. I've never had an Ubuntu install corrupt itself so badly that it won't even boot, or heard of it happening to somebody else. Even if Ubuntu didn't boot, I could quite simply boot into a live Linux system, type in my disk password and recover my files from there. While I can't say I've ever had it happen with Windows 7 either, I'm guessing it's far more common.

    Regardless, the only logical takeaway from this is to do backups, NOT to condemn FDE. If your hard drive outright failed it would be largely irrelevant whether you used FDE or not.
     
  12. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    The encryption key is held in RAM, so sophisticated malware could read the RAM and get the key that way. And putting a keylogger into the boot loader is a known weakness.
     
  13. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    This is another variant on security vs. convenience. If you need real data security, FDE is the way to go. If you don't need that level of security, it is inconvenient and can potentially lock you out of your own data.

    I once found a corporate laptop from a major financial institution abandoned in a recycling center. No encryption whatsoever. It was locked down so the employee couldn't do much with the laptop that wasn't related to work but it had full access to the corporate network.

    Individual encrypted files are a pain. Folders and volumes are a better approach. I'm not worried about keeping the fact that I have encrypted files secret. It's like a safety deposit box. It's public knowledge that you have one, but what's inside is a private mater.
     
    Last edited: Jul 7, 2015
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    I did say less exposure! Beware the Evil Maid! And there are mitigations with various forms of secure boot, and by powering off the computer.

    The thing that worries me far more than this level of attack (your computer and probably you personally! are completely compromised at that point), is that with both FDE and container based encryption, or file-level encryption supported by the file system (such as EFS and that in the 4.1 Linux kernel), once the account or container is open, all files are completely open to any process, absent other protections (Firejail, Sandboxie, AppArmor etc). IOW, any remotely applied user-space malware can access the now-unencrypted files and exflitrate them without any escalation of privileges.
     
  15. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    That's the bottom line. The premise of this thread is like saying "Don't ever install a security system in your house because I installed one and due to unrelated faulty wiring there was a fire and my important stuff burned because I couldn't get inside quick enough."

    And then you went and bought a new house even though there was nothing wrong with the old one and you could have just filled it with new stuff.
     
  16. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    100% agree, backup backup backup

    yes FDE may have its flaws or issues when it comes to system repair I hear even some windows KB updates won't install ! but think of the situation in reverse if you have confidential files like bank statements, pin numbers which are openly revealed to every tom dick n harry!
     
  17. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    Just dban the drive and reinstall.
     
  18. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    Encryption isn't a defense against malware; if you have malware, it has access to unencrypted data anyway. Encryption is for when physical security fails (device got stolen but the information on it didn't).

    It isn't and your supporting statements don't point to this conclusion. Some advice to help you to not have difficulty henceforth:

    Correlation does not imply causation, if you're saying your Win7 "crashed and was buggy" because of FDE, that isn't shown. Can't troubleshoot "crashed" and "buggy"; if you had a BSOD, then you should have followed the information given in the memory dump. Until diagnostics/troubleshooting points at something, there is no information here.

    You were trying to access encrypted data without decrypting it first--sounds like FDE was doing its job. You didn't mention which FDE you were using and there are procedures to follow to do an in-place upgrade/reinstall over top: for TrueCrypt, you have to decrypt the drive first (did you try your recovery disc it had you make on encryption?); for BitLocker, you have to temporarily disable it or you could use your recovery key.

    This is by far not the only thing you could have done--unless your HDD died, in which case, encryption had nothing to do with that. You could have just deleted the partitions and run a diskpart clean during Windows installation. The problem was that you were telling Windows to repair your installation without decrypting it first--again, FDE doing its job properly.

    You could do that but now you have two pieces of hardware to physically secure.

    Apples and oranges. I don't agree that Windows is unstable but conceding that point, run linux if it's that bad of a problem. Or, make backups as no OS and no hardware is 100% fail-proof. Know that things fail/break/quit working and plan for it. Let's say Windows is 50% unreliable and Ubuntu is 90% reliable--you only got 40% more longevity (forgetting that averages converge, not fixed) and will still have failures. Backups fail too, but having both fail simultaneously is highly, highly, highly improbable. That's what cloud backups are for then. If your computer and your backup and the datacentre where you have your cloud backup all fail, you just really weren't meant to have those documents!

    Any year-1 nerd can find your hidden volumes not to mention No Such Agency. Obfuscation is not security.
     
  19. pencarrow

    pencarrow Registered Member

    Joined:
    Sep 23, 2014
    Posts:
    5
    Location:
    New Orleans, LA
    A question related to your comment... Is there some cleanup tool (I regularly use CCleaner for example) that can erase those details/forensic trails/logs after using a hidden encrypted volume? Or can the various trails be identified and erased using a product like Eraser and listing the files/logs etc.?

    Also, as no one has posted about it yet... If you use an SSDrive to house the Win7 operating system, and do an FDE on a hard drive that contains the sensitive files et al, does that resolve any of the problems noted in the previous comments?
     
  20. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,958
    Location:
    Brasil
    Hmmm..... yes, there is. A simple curruption at the device's MBR or partition header and you're pretty much out of luck, having to use forensic tools to properly recover them. If the header of a TC partition is damaged then you lost your data because IIRC they're pretty much random data that can't be distinguished from the encryption posed on the data itself.

    That's useless if you live in the US. Oh, and if you use Windows? Too bad too, Microsoft is a US based company ;) The NSA can do anything it wants with M$ and nobody would ever know about. Not to mention that all Windows from 95 and on have a universal backdoor that grants M$ full acess to your OS.
     
  21. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,958
    Location:
    Brasil
    Your Operating System is constantly moving files around, and that means the /tmp folder, the swap, etc. Even if you encrypt the file, the OS will leave traces of it at unencrypted places such as said above, sometimes even the full file can be found, making a secure-wipe needed everytime you use your PC. Thus, FDE is the best offline security against people reading your files. Just store your /boot partition at some place safe to avoid Evil Maid attacks, like on a thumbdrive that is actually inside a safe.
     
Loading...