It's sad we need encryption mostly for protection from not criminals, but our own government for even trivial data.
What freaks me out most these days is how easily people fall into the belief that "oh well traveling is not a right so you have to give up rights when you fly or drive anywhere".
No, if you are a citizen of the United States and unless you are actually crossing a border, you should have the unqualified protection against unreasonable searches, especially without warrants.
I also don't accept the "well it's worse in other countries, be happy you are not there" argument. This country is not even 250 years old. The laws we made are pretty fundamental and not old at all. It's not some kind of game where they should be allowed to dance around the edges to break them.
To be honest, I don't see why national borders are so strongly part of the equation. I suppose that depends on your worldview. I live within the Schengen Area, and to me it seem patently obvious that most 'bad things' in the world are hardly affected by national borders. They're typically supra-national (climate change, credit crunch, cracking, etc) or intra-national (most crime, etc. I don't mean to argue for more checks / security measures, overall, but why do you want them to be focused at the border?
My understanding is World War I. Apparently passports and visas were an innovation inspired by the militarism and nationalism that swept Europe at the beginning of the twentieth century.
However governments rarely divest themselves of power once acquired, and so although many, many more folk are internationalist these years, there exists this relict of national control.
/stills rant about how in the United States, the Social Security was promised never to be used as a universal identifier.
Apparently passports and visas were an innovation inspired by the militarism and nationalism that swept Europe at the beginning of the twentieth century.
Although if you mean the systematic use of passports, rather than their invention, yes - Wikipedia Says:
*During World War I, European governments introduced border passport requirements for security reasons (to keep out spies) and to control the emigration of citizens with useful skills, retaining potential manpower. These controls remained in place after the war, and became standard procedure, though not without controversy. British tourists of the 1920s complained, especially about attached photographs and physical descriptions, which they considered led to a "nasty dehumanisation"
I often still marvel when reading the biographies of enlightenment-era people, who often travelled and worked extensively in all sorts of cities and countries. There are often tales of going to Rome for a year or two, then returning to Scotland, then off to Germany for a while, or wherever.
While the modern-EU person can do this without any trouble, anyone from outside the EU (or the US), this is just a pipedream without serious legal money to throw at the visa manufacturing industry.
Nationalism is still heavily with us, and even more so than in earlier times.
drug trafficking, illegal immigration don't serve as counterpoints; you're putting the cart before the horse
The drugs trade is the flow of narcotics from source to sink. Stopping them at a national border is one approach; stopping them elsewhere in transit (as it leaves the source, on the open sea, at the destination by local police, etc) is another. And then you have one more: tackling the existence of a source and a sink. In other words, you look at supply (i.e. creation/generation of stock) and demand. I believe that this is perhaps the best approach, and it is definitely one to which borders are irrelevant. So I don't really accept that as a counterpoint to what I was saying. In some ways, the fact you thought it was illustrates my point: our focus on borders is simplistic and maybe distracting us from finding more effective approaches that might be inspired by a thorough analysis of the system dynamics.
People trafficking is to some extent the same thing: source, sink, and a flow over many miles from one to the other (maybe across a border, maybe not).
As for illegal immigration, you have a flow that exists because of inequality (i.e. it's a flow down a gradient) - a difference in living standards, job opportunities, safety, etc. This inequality makes the recipient country a sink and the donor country a source. But of course, once again we shouldn't be talking about countries. Some regions are more attractive than others, and people have always moved between them, generally to the gain of one region and the detriment of another. Population flows can be cross-border, or not, despite the similarity in causes. Once again; should borders really be the focal point at which destabilising migrations are addressed by modern, globalised societies?
Without getting into an argument that is very far off the topic: Especially those two things are only made into problems. The first is easily solved by partial legalization and the second is just protectionism.
Human trafficking is the new drugs. Apparently it's enormously more profitable to import sex workers and keep them in a kind of narcotic/whatever assisted slavery, because of the reuse of the person vs. the consuming nature of the drug.
We're getting way off topic but I'd be interested to see a source for that claim. I imagine that the costs associated with a prostitute (food, shelter) would be significantly higher than those associated with a stock of inert crystalline powder, pills, or resin. Even if nominally borne by the prostitute, those greater costs still reduce the profitability of the overall enterprise.
I read a scholarly article on the subject that I unfortunately can't find at the moment but I recall that plausible deniability was one of the big advantages of that enterprise.
The latest example I know of happening is the seizing of the laptops of a blogger who runs a climate-science related website. His blog was one of the handful that the 'climategate' links were posted on.
So the outcome was that a warrant was given to search his house, 6 armed officers entered, took two laptops and left (to my knowledge, they still haven't been returned). He wasn't charged with a crime or wasn't a suspect in a crime, he merely had a link posted in a wordpress-hosted blog that he runs by the person that distributed the zip file containing the emails.
It's pretty bad that you can lose hardware and have it inspected by unknown persons for unknown reasons simply because you had an anonymous poster put something on your blog.
This story, to me, really brought it home that the biggest threat to computer privacy probably isn't theft but rather falling foul of a political position.
No, if you are a citizen of the United States and unless you are actually crossing a border, you should have the unqualified protection against unreasonable searches, especially without warrants.
I agree. Practically speaking, the government can only search what you're physically carrying over the border. That means if you boot from something like a live CD and store all your data in the cloud, you're safe from search. To search a US-based cloud provider, the government needs warrants and for those they need probable cause, which means you are relatively protected against unreasonable searches.
I encrypt my laptop because I don't want to rely on the cloud, but this is hardly the path of least resistance. If you want to be secure in your papers, don't have any papers.
I'm not sure the cloud is as difficult to access as you may think. Many cloud services have built-in law enforcement interfaces (LEI) to make searching the data self-service and easier for law enforcement as well as the cloud providers.
I use Wuala. I think their software is pretty nice; don't know how it compares to SpiderOak since I've never used it. They encrypt client-side. Employees can't access data. Or so they say, since the client isn't open source, which is my main hangup.
If I understand correctly, it's not as secure/confidential as Spider Oak: the encryption key for file A is Hash(A) and your own key is only used to gain access to Hash(A) in order to decrypt the files. This lets them deduplicate more efficiently on their end, but it also means they can determine if two users have the same file. It also has some other repercussions (there is a HN story about it). It's still a lot better than DropBox, though.
https://www.dropbox.com/features claims "Secure Sockets Layer (SSL) and AES-256 bit encryption," and I truly do believe they encrypt.
However, I also know that since their website allows me to access data and reset my password, their key management doesn't prevent Dropbox employees from viewing my stuff.
"they encrypt" can mean several different things. It's understandable that a naive ordinary internet user may get confused about the differences between "We use SSL" vs "We use client-side encryption and never see your passphrase" vs "we promise to encrypt your data before it's stored on third party servers". However, there's no excuse for any technically inclined person to confuse those things.
Dropbox had said that they encrypt data before storing it at Amazon, but their systems see all of your raw data because they do deduplication, and because they could reset your passphrase, and because client-side encryption of stored data would make web access very complicated if not impossible.
If all that weren't enough, the dropbox forums, long before the early 2011 PR problem, had threads about using truecrypt containers on dropbox shares to ensure security. It also had feature requests to add client-side encryption to the dropbox client. If some people didn't get the message that dropbox has access to raw data, after all of that evidence, they have only themselves to blame.
This was always the case, Phil Zimmermann was very open about it, even back in 1991. Sun fellows know the same. There were even case stories from Romania around the nineties, a country which is not even 250 years old.
I am much more concerned about criminals or foreign governments seizing my data (from a lost or stolen machine) than I am about the US Government. If USG wanted the data for legal reasons, it would be pretty easy to detain and get a court order. If the USG illegally wanted data from me, it would be easy to just black bag and monitor the endpoints.
Disk encryption means not having to apologize profusely to everyone when/if your laptop is stolen. That's the real low hanging fruit.
Of course, the only sensitive data I have is authentication credentials (easily revoked), commercially sensitive stuff, and personal privacy (which has much higher value to me in keeping secret than to anyone else in publishing), so I feel pretty safe.
I'm not an expert on security, but I do know a bit about human nature. I'd suggest a 2-level encryption scheme. Perhaps FDE and a BIOS password as level 1, and then a futher encrypted area of your HD as level 2.
Why? Because this allows you to appear to be cooperating with any request to look at your computer. Simply type in the level 1 stuff and demonstrate the system booting up. I bet 9 times out of 10 whoever is checking you over will stop right there: it looks a lot like compliance. If they keep pushing for total access to your data simply say "no" Whereas if you say "no" to begin with, you're likely to attract more attention than if it appears you have nothing to hide. In many cases people are working jobs where they only have so much time to check things -- unless there appears to a be a person with a problem, in which case they can take all day with you. So help them out. Give them something to ask you for that you can produce. Then everybody can move along and it's not a problem for anybody.
Not if your secondary partition isn't mounted automatically. It's not a stretch to assume that customs agents (or whomever) aren't going to look for unmounted partitions when the computer is booting and running normally.
If you go full disk encryption with TrueCrypt, make sure you look into their Hidden OS feature as well. A judge may be able to order you to give up the decryption key to the OS when accessing the drive prompts for one (last I checked the precedent is still somewhat shaky), because while they can't know what's being encrypted they can infer something readable is. They can't prove the existence of a Hidden OS, though, so your 'real' encrypted area is just noise and can't be legally proved anything else so a second key can't be demanded.
Might look odd if none of the files on the decoy have been modified in the last 6 months - logging in to do this regularly and in a believably meaningful way seems like a burden. The good news is unless you're an international crime lord, it seems unlikely there will be anyone on hand in the court to make this kind of leap (not a lawyer so that guess could be way off though).
Not sure exactly how this would be implemented, but it sounds like a bad idea, since they would just wait for your automated updater to decrypt the decoy. Even if it was in some limited fashion, the encryption key would be in RAM, so it would be as vulnerable as any running system.
(BTW, if you're worried about a state-level adversary, that means you should always turn off your computer when not using it, and wait a few minutes before physically leaving it to prevent a cold boot attack)
The point of a hidden OS is plausible deniability. When used correctly, there shouldn't be any evidence that another OS exists. For instance: what if there wasn't a hidden OS, and you do keep random data in your unused HD space? They'd be jailing you for refusing to give something that doesn't exist.
My dad was the security officer in a major department of UK gov, and he asked this very question to legal. The response was that if the key doesn't exist, you must prove its non-existence. His protest on that fell on deaf ears. Furthermore, if the key is controlled under the Official Secrets Act, you will brake the law both when you hand them over you and when you don't.
Basically, laws that don't make absolute logical sense are fine, they'll just decide who to prosecute. Totally fine, nothing to see here.
That's pretty damn messed up. Basically they're saying: "we're accusing you of having X, we didn't find it on your encrypted drive, but maybe you have a hidden OS where it's at! Give the key!" And suppose you did give up your hidden OS key and they still find nothing? Do they say "Aha! Well, we didn't find it on this device, but we found this innocent picture of Jesus--give us the key you used to steg the information inside!"? And suppose you actually had some steg'd info inside, but it's not the information they wanted, it's nothing illegal. Do they then say "Clearly you dumped the incriminating hard drive in a landfill--tell us where!"?
Something mentioned at the beginning of the paper "I've Got Nothing to Hide" and Other Misunderstandings of Privacy, is Friedrich Dürrenmatt's Traps, from 1956. It involves a seemingly innocent man put on trial by a group of retired lawyers for a mock trial game, the man inquires what his crime shall be. "An altogether minor matter," the prosecutor replied … "A crime can always be found."
Like the non-terrorists subject to extraordinary rendition to Guantanomo bay so they could give the information about terrorism that they didn't have because they were not terrorists?
Actually it works the other way around, and is considered to be a problem by many security experts. If you don't have a Hidden OS partition, and the court requests the password, it's impossible for you to prove you DON'T have one. Just like it's impossible to prove you just forgot your password.
So you're better off making a hidden OS partition and not using it, just so you can access it.
The feds and other serious folks are pretty careful these days not to turn off anything until they've had forensics evaluate the situation. And not just because of FDE, memory analysis very frequently yields the best evidence due to it's timely and overlooked nature. Since most encryption systems retain their keys during lock and sleep, unless you usually leave your system powered off I wouldn't count on being afforded much privacy if you're interesting enough to bother.
That said I still use it on both of mine and definitely suggest it, it's a very small performance penalty for what will be a godsend if your laptop turns up lost or stolen.
If you're worried about a state-level adversary, then yes, you should always turn off your computer when not using it. They could still be spying on you and wait until you turn it on to kick down the door. There are people who have thought about these things, too. One suggestion is a dead man's trap, like a pad that you sit on, so if the door gets kicked down (or they snipe you from outside the window), as soon as you stand up (or fall off the stool) it scrambles RAM and shuts down the system. That's a super high level of paranoia, but still makes encryption useful.
Okay, then you can set up your system to do a force shutdown if the power button is hit. If you're on a desktop, have a power strip near your foot so you can kick the toggle switch if the door comes down. (Or have a big red kill switch wired into the power supply on the front of the case.)
The latter option probably won't earn you any favors with the judge or the jury.
Microsoft BitLocker in its most secure mode is the gold standard because it protects against more attack modes than other software. Unfortunately, Microsoft has only made it available with certain versions of Microsoft Windows.
Though MS says that BitLocker doesn't have back doors [1], I wonder how true this actually is...
Exactly. Trusting proprietary, closed source software (in other words, a third party) for encryption is missing the point of encryption so hard, it's not even funny.
I'm pretty sure everything has a back door. I was a consultant writing test code for software that managed the license creation process for my state's DMV and we had two separate doors for the FBI and CIA.
They could just type any information in they wanted to, upload a picture, hit print, and the process would mail them a drivers license like everyone else.
To be fair, I trust TrueCrypt because it's "libre" and "open", but I've never looked at the source code myself. I trust that other people more knowledgable than me have taken a look at it, but if there is indeed a backdoor in it, then it will look on the surface like the most innocuous bug in the world.
Don't get me wrong: I understand and appreciate your point, but I honestly don't know how most of us using TrueCrypt (e.g. me) are any better off than those who use a proprietary solution. The only difference I can see is any backdoors in TrueCrypt or PGP must be better hidden.
While you are basically correct, the mere ability to check the source yourself and possibly be able to find (or even fix) said bugs-which-could-or-could-not-be-cleverly-hidden-backdoors puts it leagues ahead of any proprietary solution, where there is never any way to be sure there isn't just something like a void force_decrypt(string company_master_password)[1] in there.
And to be perfectly honest, I'd rather trust the FLOSS crowd who checked TrueCrypt and other more or less popular encryption tools probably hundreds, if not thousands of times than trust the development team of a company refusing to release the source of their software.
[1] Yes, I am kidding, but I hope you catch my drift.
Doesn't that prove that people do check it? Isn't the point of open source that you can have problems for a time, but eventually you'll be ok? Certainly better than you could write yourself or trust in a closed source system.
Yes, it is certainly easier to audit than binaries, but one of the main axioms in cryptography is, that it should ensure security for the timeframe until the information protected is still valuable (one can assume, that eventually all crypto is cracked -- the question is when, and how to delay this to ensure functionality).
This bug was injected for two years: the damage has been done, with literally over a million of weak keys that pollute the internet. That said, I acknowledge, that the ssl system has (perhaps even more) serious weaknesses beyond the keys themselves. It should have been caught days after commit, and never should have made it into debian stable (and debian has a very slow, thorough release cycle). But telnetd comes to mind, etc. Perhaps only OpenBSD shows consistent true efforts in open source auditing.
> Trusting proprietary, closed source software (in other words, a third party) for encryption is missing the point of encryption so hard, it's not even funny.
I don't have the experience, knowledge, and time (+ effort) to review every source-code line and every theorem used by an encryption application ... to make sure it's not doing something it shouldn't.
And (chances are) you don't either.
So it's not about closed-source or open-source, but rather it's about trust.
>So it's not about closed-source or open-source, but rather it's about trust.
And that's my point. How can I trust someone who's unwilling to show me the source of their software and denies me my basic freedoms?
What I am not saying is that Free Software should be blindly trusted - that would be stupid and reckless. What I am saying is that for security[1], proprietary software cannot and must not be trusted, under any circumstances. You cannot even verify what the program you are using does? It's not secure, full stop.
And again, it's a massive difference between hiding a backdoor in a binary blob as opposed to essentially trying to hide it in plain sight. It's possible, but highly unlikely to go unnoticed for a prolonged amount of time. And if it is found, it will probably be fixed pretty much instantly as per Linus' Law.
Finally, corporations and businesses are bound to law for the most part. If they are required (or ordered) to include a backdoor for the FBI or NSA, they will most likely have to oblige. Not so much for Free Software. You essentially cannot force such a backdoor since even if the original maintainers include it, the project will just be forked, and law enforcement - to put it bluntly - can't do shit against it.
[1] And arguably everywhere else, too, but I'd prefer to stay on topic.
Have you noticed crashes and general instability on OS X Lion + Filevault 2?
We've tried it on a Core2Duo Macbook Pro (early 2007) and MacBook (Mid 2010). We've seen lots of OS crashes (Macbook) and general performance issues when running XCode (Macbook Pro).
We're also running virtualization software on the Macs (Parallels and VMWare) - I'm not sure if they're interacting with Filevault 2 (shouldn't be).
I use Lion's Filevault 2 on an early 2009 MBP and have not had any crashes or stability problems at all. FV2 on Lion is light years ahead of the broken Filevault 1 (Snow Leopard) implementation.
no i have no problems. macbook air 2010 w/ lion + file vault active - no crashes or instability. i do time machine backups on a regular basis and work with Xcode, photoshop, iWork, vmware fusion - never had any problem.
Yeah, it's much cleaner vs. the old FileVault. The decryption happens at boot-time, as far as most of the OS is concerned (incl. TimeMachine) there's no encryption at all.
Filevault isn't supported by the major media editing apps. I travel a lot and rely on having a 'fake' account on my drive that I can login to if asked that has pretty much nothing on it.
you must be thinking of the original filevault that encrypted each user's home directory separately.
filevault 2 in lion is true full-disk encryption, and the passphrase must be entered at boot. once it is decrypted, no application should even be able to detect (or rather, care about) the presence of encryption.
> Our calculations confirm that a relatively short series of truly randomly chosen English dictionary words is secure; many people find these somewhat more memorable. Above we used "In the jungle! The mighty Jungle, the lion sleeps tonight!" The important thing is to choose enough words and to choose them in a random un-guessable way, such as by changing the spacing, punctuation, spelling, or capitalization.
The problem with this example is that the 10 words are not chosen independently. Type "in the j" into a google search box and the whole phrase will appear in the drop-down box. So the entropy for the choice of that phrase is about lg2(37^8) or about 42 bits.
So an approximation of the total entropy is:
Choice of source phrase = lg2(37^8) ~= 41.7 bits
Choose one of the 10 suggestions from the drop-down box = lg2(10) ~= 3.3 bits
Permutation of words = lg2(10! / 2! / 3!) ~= 18.2 bits
Spacing (assume each word may independently be precedeed by a space with probability 0.5)
=10 bits
Punctuation (each word may be independently followed by '!') = 10 bits
Capitalization: independently choose one of {lowercase, camelcase, uppercase) for each word = lg2(3^10) ~= 15.8 bits
Total so far: 98 bits.
Now consider the third option: a mixture of 16 independently-chosen letters, numbers and symbols. Assume most ASCII characters are available (lets eliminate single quote, backslash and $ which cause problems for some web apps) and we have
The point is that "In the jungle" etc can actually be reliably remembered by a large portion of the population, whereas 16 independently chosen letters/numbers/symbols usually can not.
Humans are great at remembering phrases, quotes, etc. Think about how widespread referential humor is, where the joke is just a reference to/quote from another work. That's something the brain is great at. Random or semi-random jumbles of letters? Not so much.
Unfortunately, full-disk encryption absolutely kills SSD performance because it makes the data look random (i.e. incompressible). It will wear out the SSD much faster than using it without would, because the hardware compression unit in the controller can sometimes achieve 8:1, and therefore have to rewrite only 1/8th of the NAND cells that it otherwise would.
I think you're right on the effect but wrong on the implied grave magnitudes "absolutely kills" and "much faster", because:
• not all SSDs even have hardware compression
• modern workloads have less highly compressible data than in the past: large-media formats include their own compression, and bulk data processing often does its own application-level compress/decompress on store/load
I'd be interested to see any benchmarks that quantify the speed/lifetime hit that whole-disk encryption might cause for SSDs, but my hunch is that the effect would be slight in normal scenarios.
Anand benchmarked FileVault(1) and his conclusion was "Overall the hit on pure I/O performance is in the 20 - 30% range. It's noticeable but not big enough to outweigh the benefits of full disk encryption."
Yes, but that result is most likely on a Sandforce-powered SSD, which sports different transfer speeds based on the payload (compressible/incompressible). Like the GP notes, this is not a problem with SSDs in general.
That benchmark is with a stock Apple SSD, which IIRC are not Sandforce-based. To be clear, I'm actually in agreement with Anand and OP - the benefits of FDE far outweigh the consequential I/O hit.
Encryption is great but won't save you if they ask for your password (honestly, I'd prefer to give them the password and circumvent using online storage.)
With that in mind - what advice would all you security buffs have on the best way to back up your hard drive to an online disk? Specifically using a basic hosting account as opposed to SAAS or cloud service?
Looks very interesting, as services go. For this kind of thing, I'm strangely less inclined to trust a slick-looking, well-designed and heavily-marketed backup "solution"..
If I do fork out for a service, I would probably rather go with the kind of company that has as their tagline: "Online backups for the truly paranoid", like them.
The reason I trust (to the extend I trust anything on this planet) Tarsnap is that Colin Percival (the creator) is a cryptographer and the FreeBSD security officer. Leading to me have a higher confidence in him than most of the other "secure" backup services I have seen.
Yeah that's what I mean - it looks more trustworthy than something over-designed with 5 carefully-crafted price plans. Think I'll give it a shot soon. Thanks!
Simple answer : no. Even at massive scale where everyone did it, the tiny, tiny differences in power consumption wouldn't be a rounding error in power generation.
Power stations are built to supply x amount of energy for y time. They aren't like a car engine where switching off the air-con makes a noticeable difference.
This kind of meme gets going because of the campaign to switch appliances off at the wall, thinking it is going to make some type of differences. Every analysis I have ever seen is that (1) the difference is so small it makes no difference and (2) whatever minute drop in demand is found will quickly be used up in industrial users expanding consumption into the lower demand period. Just running one arc-furnace or aluminium smelter for 1 hour longer is going to negate most domestic level fine shavings like switching the TV off at the wall.
Mostly this stuff is promoted to make people feel like they personally are involved and making a difference.
An idling CPU and a slightly loaded CPU use about the same amount of energy. I think my Q6600 quad used 190W @ idle and running full tilt cpu (ray tracing) it was using 220W. For FDE it depends on how much IO you are doing. I doubt it will make even a 0.01 difference in your daily power consumption.
I don't think so. On my laptop, fully loading the CPU takes it from silent to screaming fans in about two minutes. That's clearly a big change in heat production and therefore power consumption.
You should use a kill-a-watt and measure it. Probably less than you think. Laptops already on the edge of their thermal envelopes, anything above their low steady state (browsing, listening to music) will cause the fans to spin.
The battery time remaining will also drop by a factor of 4 or more. This is large enough that I don't think a more precise instrument is needed to determine that the effect is significant.
If I have time this weekend I will pop the battery on my macbook and do an erlang compile on an encrypted sparse image both on the rotational drive and the ssd. I'll report back on how much energy was consumed for (encrypted,non-encrypted) x (ssd,rotational)
batteries derate rapidly as the current draw goes up. They are not linear. For my own edification it would be nice to know what kind of energy hit encryption takes on both storage mediums.
I would definitely be interested in hearing. I don't expect that the overhead of encryption will cause much additional power draw, simply because encryption doesn't require all that much CPU power. The stuff about fully loaded CPUs was wandering off into the theoretical realm about CPU power consumption variance in general.
For whatever it may be worth, I couldn't find idle power consumption for my notebook's CPU, but it is possible to come up with a worst-case estimate by taking the battery capacity and dividing by the runtime. Apple specifies "up to" 7 hours. While that is of course hard to achieve, I think it's fair to use that figure when looking at idle power use. The battery is 50Wh, so we can figure that the computer as a whole is using at most about 7W when idle. The i7-2677M CPU is specced to use up to 17W all by its lonesome when running flat out, so that's a substantial increase, especially when you take into account the fact that the base 7W idle-ish consumption is for everything in the computer, not just the CPU.
Android ICS and Honeycomb allows for your data to be encrypted.
Don't use gmail and don't use dropbox for unencrypted files ;)
But seriously, the risk of your laptop being stolen or lost is a huge incentive for encrypting it. I feel much better knowing that the worst that could happen with my laptop is that i loose it (stolen/lost/dropped). I wouldn't wan't to be uncertain whether anyone had access to my personal files if it got lost and the data I have on it is more valuable than the hardware (and I'm still a student...).
For anyone that is tech savvy I see no reason not to do FDE.
Okay, two exceptions. Loosing TRIM support on SSD-drives and travelling to/from countries that feel they have the right to inspect the content of my laptop and that might frown upon the fact that it is encrypted.
iPhone data is encrypted by default - remote wipe works by destroying the key. Unfortunately, the key is obviously only protected by a user's passcode, if they've even set one. The 4-digit pin codes have been shown to be broken, but I've not seen (maybe I missed it?) evidence of those with alphanumeric passcodes being compromised.
The issue is that I can conduct an unlimited-attempts brute force attack against the passcode. I can do about 10 per second on an iPhone 4S, but I do need access to the machine, unless I'm willing to crack open the iPhone and do a destructive hardware attack.
At 10 per second, I feel ok with an 8-10 character numeric passphrase, or a 7-8 character lowercase-only passcode.
I just wish the iPhone had some intelligence about adaptive locking -- lock faster when it's outside my home/car, don't go from unlocked to locked very fast, if at all, if docked in secure places inches from a 9mm. Or pairing with an RF device attached to me, like the Blackberry CAC reader.
One thing that worries me is how difficult it makes it if you get some data corruption. For example, I had a hardrive that had full disk encryption start to fail, and found pulling the data off much more difficult because I had to decrypt the whole lvm to get any access. I'm actually not confident how exactly corruption maps from cyphertext to plaintext in various modern crypto systems. I would guess that you would get out gibberish though.
Pretty minimal. If you have TrueCrypt installed you can run a benchmarks of various algorithms. It's especially fast if you have a modern processor with AES-NI (hardware AES instructions) -- I get around 1GB/s Encrypt/Decrypt using AES on a Core i5.
I got myself an SSD for Christmas and that is why I moved off full disk encryption on home computer and instead encrypt almost everything except the system. However I've turned off the page file and I'm trying to set up pre boot authentication for non system volumes.
On another note, I plan to slowly switch to Ubuntu and I wonder how secure the home folder encryption is?
That's not what I've seen, at least for FileVault 2 under OS X Lion. I'm using a 2010 iMac with a third-party SSD, and a 2011 MacBook Air with Apple's stock SSD. Both computers are blazing fast at disk access, even with full-disk encryption enabled.
If you're confident you're encrypting all your data, then you're still way above average. The nice thing about FDE is that I can "set it and forget it." I don't have to think about which files belong on which partition anymore. It's all safe.
As far as I can tell, the only problem is that the encryption layer won't forward TRIM commands to the SSD by default because that can reveal some information about the data layout. I've been using full disk encryption on an SSD for a year and while the write speed got somewhat slower over time, it's still better than a hard drive, and overall the system feels responsive. At the rate the cost/GB drops, I was intending from start to replace it after two years or less.
But here's the thing: If you use Linux with dm-crypt, you can set it to pass TRIM commands to the disk. It seems pretty safe, it's only that it will leak information about which blocks are actually used.
there's some scenarios where it may not be too bad. From what I've read I'd agree that truecrypt on an SSD doesn't sound like a good option. Bitlocker seems possible if you're running Win7 (ultimate or enterprise).
One other thing to watch out for with SSDs is the "native" AES encryption. From what I've read in many cases it's only there to provide a fast wipe facility and doesn't actually provide protection for data on a lost laptop. Some SSDs (eg Intel 320) provide password protection for the encryption keys via the ATA password, but a bit of reading didn't make me feel too comfortable with how they've implemented it.
I encrypted my SSD using BitLocker, and for me, the performance hit is not really noticable in my day-to-day work (programming + running a virtual machine). Your SSD will still be A LOT faster than a regular, unencrypted HDD. But YMMV.
This case is only relevant to SSDs with a sandforce controller, however -- as (only) the sandforce controller compresses data for increased speed, which cannot be done with encrypted data.
Not enough information to verify the usefulness of your benchmark. Were the volumes/partitions aligned? What technology/cipher/keysize did you use for the FDE? Does your CPU have the AES-NI instructions? Does the encryption tech that you're using take advantage of those instructions?
FDE on any type of media causes no slow down if the CPU can encrypt/decrypt at least as fast as the disk can transfer data. It's not correct to say that FDE always causes slow downs.
It's nice that computers are now powerful enough that full disk encryption is almost performance-neutral. But realistically, if they want your data then they can get it.
Spear phishing works very well and if not, there's always indefinite detention.
Technology is only a small part of the solution to warrantless border searches.
What encryption gives you is choice. If you don't use it, then you never have the choice of whether or not to give up data. The choice is taken for you. If you use encryption there are many attackers that you will be able to prevent being able to access the data.
I'm concerned about privacy too but none of the worrisome areas would be improved by FDE. Facebook/Google, tracking, keyloggers etc is where the main problem lies.
Can anyone comment on the speed/performance of TrueCrypt, EncFS, and similar on older systems, e.g. a 5 - 7 year old laptop? I'm considering carrying a "sacrificial" machine in case it is, um, "indefinitely detained", but I'm uncertain what kind of a performance hit full disk (or partition -- though I'm inclined to encrypt the entire disk) encryption will incur. (I currently have Core Duo and P4 candidates for the job.)
Truecrypt has a simple benchmark that you can try (and I think it has a portable installation option so you don't even have to install it on the system to try it out).
My core duo 1.6 GHz laptop gets about 60 MB/s of AES encryption/decryption speeds on battery (which I think reduces the clock to 1 GHz).
I consider the impact negligible.
However if you have an SSD in your system and do full-disk-encryption you will loose potential TRIM-support which can have a significant performance penalty depending on drive.
Thank you for the response. These are both "spinning plates" machines. Part of what would keep their loss a minor financial hit.
I wonder whether the dual cores help significantly. (As I'm more inclined to make the P4 the sacrifice.) However, if your observation is that the perceived impact is "negligible", this encourages me that it will be acceptable, if more significant, on the P4.
I hadn't noticed the benchmark utility you describe. I'll have a look for/at it. Thanks!
My system triple boots into OS X, Windows and Ubuntu. I have a home partition, formatted in HFS+.
What would be the best strategy for me to use? Should I just encrypt the home volume using something cross-platform like TrueCrypt, or is it practical (an maintainable) to do full-disk encryption in such an environment?
My home partition has very sensitive data and I've been putting off creating a TrueCrypt container for this data.
This is probably not answering your question but a possible solution is to switch to using OSX 100% of the time and then use Parallels/VMWare/VirtualBox to virtualize Windows and Ubuntu. It's much more practical than having to worry about partitions / boot volumes and general sharing problems. This way you can even encrypt your entire OS X volume and not use encryption on the VMs.
I'm also dual booting OS X and Ubuntu with a shared home partition formatted as HFS+. Getting the encryption to work nicely in Linux sounded pretty easy, but I couldn't figure out how to do it in OS X. My current solution is to store anything particularly sensitive in a TrueCrypt file...obviously not the best solution.
Out of personal interest: Did you get Linux to mount the HFS+ partition with R/W access with journaling enabled? I am also curious if you make any progress with encrypting the entire partition.
I just use two RAIDed NAS boxes, one as a long term, large file media/data store and another for small files on SSD RAID. All my comps are now dumb terminals, booting an OS and software. Works well and was surprisingly cheap for what is essentially a complete, hassle free system.
I did this over a year ago and am very happy. I use TrueCrypt. I have not noticed any slow downs (even for gaming)... That said, you should probably not do this if your drives are failing (or you tend to suffer a lot of disk failures).
None of my current computers is powerful enough for that without it being a serious hassle. And I'm pretty sure it will drain my laptop battery much faster...
It looks like many people assume this to be so but haven't done the benchmarks. FDE is going to be a much smaller hit than say anti-virus software. Encryption routines have been highly optimized into the multi gigabytes per second range.
> FDE is going to be a much smaller hit than say anti-virus software.
But I don't run any anti-virus, this is even one of the good reasons why I stopped using windows aeons ago. I tried LUKS with AES a few years ago, and though the performance was good it comes with a really significant hit.
I'm running Linux everywhere, and Snow Leopard on my MacBook. I find the MacBook a bit slow at time (mostly because of the 2GB RAM I guess). I still use an ancient Athlon64 single core with 1GB as my main desktop, though :)
I have tested Windows 7 with both Bitlocker and Truecrypt, and Arch Linux with with LUKS, on my four year old Dell e520 (a 1.8ghz Core 2 Duo 6300 PC with 4GB of RAM). I didn't notice any real performance difference with FDE enabled, although I am sure a proper benchmark tool would have shown something.
So how do you encrypt a home server? Any device that has to be bootable without human intervention will have to store the encryption keys on the device somewhere making the encryption merely obfuscation.
It is possible for "swap" RAM to be encrypted on Linux and it could generate a random per boot key, also being a form of obfuscation. https://lkml.org/lkml/2011/12/28/69
Unfortunately, the amount of time I spend running/breaking the development version of Ubuntu prohibits full disk encryption, but I do have /home encrypted. Is that "good enough"?
Well, I use /home with luks on some machines and user directory (encfs) on others, but have all of them with swap encrypted or no swap partition at all.
Since the keys/other private info might leak there, you are not doing it right, unless you have sysctl swappness level set to 0.
Not only that, /tmp and other temporary directories might also be another leaky place...
It's not reliable. Think /tmp (deleted temp file data can be recovered), hibernate/swap, log files, and so on. And OS can be more easily tampered with undetected (rootkits/keyloggers etc).
Considering my habit of re-installing the entire OS every few weeks (I tinker a lot with no safety nets), I think I'm ok. I agree that for anyone else though, it isn't enough.
A good backup, e.g. Time machine, lets you restore feom before the corruption. A backup on an encrypted disk risks the entire backup volume being corrupted and unusable in one go, thus making it a very brittle backup.
I'm assuming that a corrupted encrypted file is totally unusable here, and now that I think more about it I'm not sure - encryption with chained blocks would mean errors have a larger affect than just at the error site, wouldn't it?
Why isn't your offsite backup encrypted too? Yes, if your data is corrupted, and your backups are corrupted, then you lose your data. That's the case regardless of whether or not you're using encryption.
I use FDE on my laptop. My backups are also encrypted. I use duplicity which basically tars up the files and then encrypts using GnuPG. It only tars up the changes between each run, so I have incremental backups, and version history of every single file on my system. All encrypted - https://grepular.com/Secure_Free_Incremental_and_Instant_Bac...
depends what you consider private. for me, everything is private as long as i don't put it online consciously. yes, even that photo of me sitting on a chair.
"I have always thought that the only reason you would need full disk encryption on a computer is if you was doing something illegal."
Did you even read the article? It mentions several legitimate reasons why you would need to use encryption for perfectly legal reasons.
It still surprises me hear people who are intelligent enough to use the Internet come out with the, "if you've nothing to hide" argument.
EDIT: The information I claimed was in the linked article, was actually in the whitepaper, linked to from the article. I will quote the relevant passage below. It amazes me that anyone would not be able to come to this conclusion independently though:
"For doctors, lawyers, and many business
professionals, these border searches can compromise the privacy of sensitive professional
information, including trade secrets, attorney-
client and doctor-patient communications,
research and business strategies, some of
which a traveler has legal and contractual obligations to protect. For the rest of us, searches
that can reach our personal correspondence,
health information, and financial records are
reasonably viewed as an affront to privacy and
dignity and inconsistent with the values of a
free society."
Not to argue with your points (business data is sensitive stuff), but another link from the article leads to this:
> For maximum security make sure you are alone and close the curtains. Write on a hard surface - not on a pad of paper. After you memorize your passphrase, burn your notes, pulverize the ashes and flush them down the toilet.
That is quite a paranoid's hell. =)
Full-disk encryption may just provide false sense of safety, as we store lots of data in the cloud, where even strong passwords do not guarantee that nobody will get access to the data.
IMO for one to be 100% sure that nothing could go wrong one should not store anything anywhere.
Full-disk encryption may just provide false sense of safety, as we store lots of data in the cloud, where even strong passwords do not guarantee that nobody will get access to the data.
You can store an encrypted file "in the cloud", though. A truecrypt volume with a keyfile should be essentially uncrackable. Of course, then you can only use the service as a dumb data storage.
I imagine in many cases that's exactly what they do, assuming they even bother to format if they want to get rid quickly.
A more enterprising thief however might wonder if there's something else there, even if he's just after naughty pictures.
Assuming you haven't used encryption it's very easy to get data off a computer if you are even a little bit technical.
Simply take the disk out and insert it into another computer or just reboot the same computer using a Linux live CD, all the files and everything from the NTFS partition will just be displayed and available. No need for the administrator password at all, regardless of what file permissions were set.
I use FDE and then encrypted vaults for each project. Even if my computer is lost/stolen when it's on or asleep and the FDE does nothing, I can be assured that the vast majority of the sensitive data is safe.
I think we would all be a little amazed and horrified at the actual amount of sensitive identify information is floating around on thumb drives and usb hard drives.
What freaks me out most these days is how easily people fall into the belief that "oh well traveling is not a right so you have to give up rights when you fly or drive anywhere".
No, if you are a citizen of the United States and unless you are actually crossing a border, you should have the unqualified protection against unreasonable searches, especially without warrants.
I also don't accept the "well it's worse in other countries, be happy you are not there" argument. This country is not even 250 years old. The laws we made are pretty fundamental and not old at all. It's not some kind of game where they should be allowed to dance around the edges to break them.