Free drive encryption
-
@BRRABill Yes, and Yes
-
Veracrypt seems to be the way to go.
-
-
@scottalanmiller said:
What would a fake one be?
A program that says it is the "next generation" of True Crypt, but isn't the logical resumption of the programming.
-
I've read quite a bit about various tools available, that can decrypt Bitlocker. I found an article from elcomsoft and a few others. They are paid programs, but I can't find the articles I read a while back about Bitlocker not being extremely safe anymore. Is there any truth in that or am I just blowing smoke when I don't recommend Bitlocker right out of the gate for a highly secure Windows PC? I know "highly secure" and "Windows PC" shouldn't be in the same sentence... nonetheless.
-
@BBigford LVM works well =P
-
I'm using self-encrypting drives on mobile workstations if/when they can be implemented. Otherwise I use Veracrypt.
-
I mean... You could always just bipass encryption altogether and rig your drives with thermite, a biometric lock, and a remote trigger.
-
@RamblingBiped said:
I mean... You could always just bipass encryption altogether and rig your drives with thermite, a biometric lock, and a remote trigger.
I like that idea. I'm still curious to hear thoughts on Bitlocker, if it is indeed secure anymore... Because I know it was vulnerable to cold boot attacks, but there have been some articles stirring around about various tools that have been released to decrypt Bitlocker volumes.
-
@BBigford said:
I've read quite a bit about various tools available, that can decrypt Bitlocker. I found an article from elcomsoft and a few others. They are paid programs, but I can't find the articles I read a while back about Bitlocker not being extremely safe anymore. Is there any truth in that or am I just blowing smoke when I don't recommend Bitlocker right out of the gate for a highly secure Windows PC? I know "highly secure" and "Windows PC" shouldn't be in the same sentence... nonetheless.
well you already said the Windows and highly secure.. so moving on....
Some might say you can't use BitLocker because it's no open source and you have no idea if MS has installed an extra key in every instance that they can use to decrypt your data. that said, I don't think they have.
Personally, for the standard things we need to be concerned about - a stolen laptop that had HIPAA data or some such, Bitlocker is totally acceptable. If you're worried about the NSA, then no, you can't use it.
-
@RamblingBiped said:
I'm using self-encrypting drives on mobile workstations if/when they can be implemented. Otherwise I use Veracrypt.
There are reports that the drive manufacturers can unlock those self-encrypting drives.
-
@Dashrender said:
Personally, for the standard things we need to be concerned about - a stolen laptop that had HIPAA data or some such, Bitlocker is totally acceptable. If you're worried about the NSA, then no, you can't use it.
It's more of a search for the "gotcha" in Bitlocker. There's so much controversy behind it, I'm just curious if there is a "see... it's crackable with <method x> or <software x>." I haven't found any solid evidence throughout the years aside from the cold boot vulnerabilities, so that's why I turned to the community.
-
@BBigford said:
@Dashrender said:
Personally, for the standard things we need to be concerned about - a stolen laptop that had HIPAA data or some such, Bitlocker is totally acceptable. If you're worried about the NSA, then no, you can't use it.
It's more of a search for the "gotcha" in Bitlocker. There's so much controversy behind it, I'm just curious if there is a "see... it's crackable with <method x> or <software x>." I haven't found any solid evidence throughout the years aside from the cold boot vulnerabilities, so that's why I turned to the community.
Exactly - and I'm betting you won't find any either. It's like this FBI thing and the bomber's phone. I'm not sure I believe that anyone actually cracked the encryption on the phone. Personally I think that's a lie so they could drop a case they felt they were losing and didn't want to have a precedent set against them.
-
@Dashrender said:
@BBigford said:
@Dashrender said:
Personally, for the standard things we need to be concerned about - a stolen laptop that had HIPAA data or some such, Bitlocker is totally acceptable. If you're worried about the NSA, then no, you can't use it.
It's more of a search for the "gotcha" in Bitlocker. There's so much controversy behind it, I'm just curious if there is a "see... it's crackable with <method x> or <software x>." I haven't found any solid evidence throughout the years aside from the cold boot vulnerabilities, so that's why I turned to the community.
Exactly - and I'm betting you won't find any either. It's like this FBI thing and the bomber's phone. I'm not sure I believe that anyone actually cracked the encryption on the phone. Personally I think that's a lie so they could drop a case they felt they were losing and didn't want to have a precedent set against them.
So you're speculating that Bitlocker is ultra secure, or any material on it is just being smothered?
-
@Dashrender said:
Exactly - and I'm betting you won't find any either. It's like this FBI thing and the bomber's phone. I'm not sure I believe that anyone actually cracked the encryption on the phone. Personally I think that's a lie so they could drop a case they felt they were losing and didn't want to have a precedent set against them.
I actually believe it.
It was for an older model, and only applicable under certain circumstances.
It like we always say, if they have the device, they'll eventually have the data.
-
@Dashrender said:
There are reports that the drive manufacturers can unlock those self-encrypting drives.
I've had Wave (who makes the software that locks the Samung SSDs I use) enable an unlocked drive.
I forget exactly what we did, and data was basically wiped clean, but if they have access to do that, who knows what they can really do...
-
@BBigford said:
@Dashrender said:
@BBigford said:
@Dashrender said:
Personally, for the standard things we need to be concerned about - a stolen laptop that had HIPAA data or some such, Bitlocker is totally acceptable. If you're worried about the NSA, then no, you can't use it.
It's more of a search for the "gotcha" in Bitlocker. There's so much controversy behind it, I'm just curious if there is a "see... it's crackable with <method x> or <software x>." I haven't found any solid evidence throughout the years aside from the cold boot vulnerabilities, so that's why I turned to the community.
Exactly - and I'm betting you won't find any either. It's like this FBI thing and the bomber's phone. I'm not sure I believe that anyone actually cracked the encryption on the phone. Personally I think that's a lie so they could drop a case they felt they were losing and didn't want to have a precedent set against them.
So you're speculating that Bitlocker is ultra secure,
ultra? who's to say - but I do consider it secure enough for the common man to use. Again, Healthcare worker trying to keep their PHI (personal health information) away from prying eyes on a stolen laptop, it's more than likely fine, the average thug on the street will just format it if able and reinstall Windows and move on. But if you're talking about a targeted attack, say the FBI is trying - then I have no idea how good it is against them trying to crack into it.
or any material on it is just being smothered?
No idea what you mean here.
-
I'll say this another more direct way.
If you are not a criminal, and are just trying to keep you data away from someone who steals your stuff, like a laptop or phone - then Bitlocker is mostly likely plenty to keep you safe.
But if you are a criminal and are looking to secure your crimes away from the NSA, FBI, InterPol, etc - then no, you should probably go with something other than Bitlocker.
-
@BRRABill said:
@Dashrender said:
Exactly - and I'm betting you won't find any either. It's like this FBI thing and the bomber's phone. I'm not sure I believe that anyone actually cracked the encryption on the phone. Personally I think that's a lie so they could drop a case they felt they were losing and didn't want to have a precedent set against them.
I actually believe it.
It was for an older model, and only applicable under certain circumstances.
It like we always say, if they have the device, they'll eventually have the data.
yeah - this is what I'm not really sure of. The iPhone 5 (or was it the 5s?) didn't have a secure enclave. If the security company found a way to hack into whatever chip held the security key - then who knows.. it's possible they found a way to get the key out.
-
@Dashrender said:
yeah - this is what I'm not really sure of. The iPhone 5 (or was it the 5s?) didn't have a secure enclave. If the security company found a way to hack into whatever chip held the security key - then who knows.. it's possible they found a way to get the key out.
I mean at some level, someONE knows someTHING, right?
Ultimately security rests in keeping the secret service dedicated, and people like Snowden from saying anything. If someone with the "keys to the kingdom" decides to go rogue ... who knows what could happen?
