Results 1 to 8 of 8

Thread: Truecrypt

  1. #1

    Default Truecrypt

    No one seems to be able to give me a straight ******* answer. In Truecrypt, is Serpent-Twofish-AES/Whirlpool the most secure encryption method? People are saying "Totally overkill." and not answering the damn question.

    I don't care if it's overkill; you can kill a guy with a .22 to the head, so why not go all in and just shoot him with a .44 magnum? AES is not secure enough, I want as good as I can possibly get it. And yes, my password is secure.

  2. #2

    Default

    XKCD put it best:



    Bruce Schneier also put it pretty well at a defcon talk (they do still occasionally have a good presentation there!) and I'm paraphrasing from memory so apologies if I get this wrong:

    Arguing about the security of modern cryptographic functions is like putting a stick in the ground and then arguing about how high it is. An attacker is just going to go around it. The algorithm is going to be next to impossible to break unless you've got serious tools... and there are much simpler and effective means of attack. It's going to be the implementation of the algorithm that's gonna kill you.. not the strength of it.

    So yes, another no-answer answer..

  3. #3

  4. #4

    Default

    I meant implementation by whatever encryption tool(s) you are using (truecrypt in this case).

    Thing with encryption at this level, is that everything is 100% secure until it's not. All the algorithms are generally in the "more computing power than available on the planet to brute force" arena.

    For all we know, all the algorithms could be completely broken by say, the NSA, and we just haven't been told.

    What are dubbed "side channel attacks" are considerably more likely imo than an algorithm actually having a cryptographic flaw. A very short list of possible attacks:

    - Timing attacks (this works due to the implementation of the algorithm revealing details based on how long certain operations take).
    - Cold booting a running system (this is where you essentially apply power to ram to keep it running, power off the machine, then dump the data in ram (which will contain the encryption key).
    - Leaky programs. There are tools out there that basically skim a hard drive for all plaintext, then try everything it finds as a key. This can be effective because a lot of programs (especially windows) are messy on the memory management side. You may have a great password, but if it ends up getting tailed into the data area of a Microsoft word document (or more likely, those silly cache files that get created when opening a document).. doesn't do you much good. This is less an issue in the case of full disk encryption.
    - Known data attacks.

    And then there's just plain good ol` soft attacks. Key loggers, tempest (hey, we're up against someone who can break AES.. ya never know), etc..

    EDIT: Another thing to note... video cards are _notorious_ for keeping around data long after a reboot. Point is unless you are operating in a faraday cage with specialized tamper resistant hardware and controlled (or eliminated) communication with outside utilities (net, power, etc) ... encryption is the least of your concerns.
    Last edited by BoundCoder; 20-Feb-2011 at 23:02. Reason: Additional details

  5. #5

    Default

    To answer the actual question, yes, that is the most secure, but also slowest method, and really is overkill unless you're trying to protect something that needs the highest security clearance possible to read it.

    Unless you really need that level of security I would personally recommend using the Serpent-Twofish/Whirlpool combo instead. Adding AES to the mix slows things down without any real added benefit.

  6. #6

    Default

    So whole disk (AES, 1TB drives take for-effing-ever otherwise) encryption, Linux with home dir encrypted, VPN (run from the router to everything in the house through it) to a country who isn't friendly with the US (i.e. Netherlands or Sweden). Sound easy enough.

    Now for hard drive security. Say I hear "FBI, open up". Would lighting thermite on top of my hard drive release deadly gasses and get me a terrorism charge? I was arguing with people on IRC about that. It'd work even though my house would be gone.

  7. #7

    Default



    Quote Originally Posted by Grizzy View Post
    So whole disk (AES, 1TB drives take for-effing-ever otherwise) encryption, Linux with home dir encrypted, VPN (run from the router to everything in the house through it) to a country who isn't friendly with the US (i.e. Netherlands or Sweden). Sound easy enough.

    Now for hard drive security. Say I hear "FBI, open up". Would lighting thermite on top of my hard drive release deadly gasses and get me a terrorism charge? I was arguing with people on IRC about that. It'd work even though my house would be gone.
    It would get you an obstruction charge, a charge for tampering with evidence, a probable "explosives without a permit" charge. Of course, if any agents were burned or otherwise harmed by your actions, you'd also get a charge for that.

  8. #8

    Default

    You'd have to be doing some pretty insane stuff to justify that. As has been said.. you'd get in a _lot_ more trouble for destroying the "evidence".

    For that matter... if they get a court order to compel you to reveal your key, and you refuse, you'd also probably be in more trouble then whatever was on your machine would get you into.

    The whole "self destruct button" thing is pure Hollywood. Especially using explosives... just having something rigged up like that would get you into all kinds of trouble, even if you never used it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
ADISC.org - the Adult Baby / Diaper Lover / Incontinence Support Community.
ADISC.org is designed to be viewed in Firefox, with a resolution of at least 1280 x 1024.