Paranoia

[BouncyNinja]

Hello

Can anyone recommend software to encrypt my laptop / desktop , so that in the event it gets stolen, my info is safe,

Even if they take the drive out, it must be useless

 

[HavocXphere]

Truecrypt - easy for making a say 10gb encrypted file, but can also encrypt entire data drive.

Windows has something similar built in (some editions), called bitlocker.

EDIT: Personally I'd go for Truecrypt over the windows one.

NB you need backups - encrypted files are much more prone to corruption than normal files.

 

[Frikkenator]

Just use Windows Bitlocker if you've got it, right click on drive then Turn On Bitlocker. No additional software needed, tried and tested and secure enough for your needs.

I have encrypted my external with BitLocker and it works like a charm.

 

[the_nomad]

Axcrypt may work for you. Best thing its open source.

 

[nkawit]

If your plan is to protect your data from theft, you may want to look at this http://www.youtube.com/watch?v=JDaicPIgn9U .

In very many cases disk encryption can be bypassed in a matter of minutes and your data decrypted without the password or passphrase.

 

[HavocXphere]

If your plan is to protect your data from theft, you may want to look at this http://www.youtube.com/watch?v=JDaicPIgn9U .

In very many cases disk encryption can be bypassed in a matter of minutes and your data decrypted without the password or passphrase.

NB said video glosses over a number of facts & is not nearly as simply as suggested.

e.g. They suggest using a common aerosol to cool the mem. It isn't - cooling something rapidly causes condensation - condensation causes short-circuits. Good luck recovering encrypted info off a short-circuited module.

Furthermore they suggest than an image loaded into memory & fading is as accurate representation of what happens. It isn't - with encryption you either have 100% or 0%, while with an image 98% is often good enough.

Their entire video also assumes nothing is salted.

tl;dr Their technique is vaguely accurate, but requires vast more skill & luck than the youtube vid suggests.

 

[nkawit]

NB said video glosses over a number of facts & is not nearly as simply as suggested.
e.g. They suggest using a common aerosol to cool the mem. It isn't - cooling something rapidly causes condensation - condensation causes short-circuits. Good luck recovering encrypted info off a short-circuited module.

The condensation is forming on the outside, you can see ice .... keep it cold enough and the RAM won't get wet. You are more than welcome to use an old notebook that I have to try for yourself.

I did this with an old laptop today. I then showed my staff. You get the compressed air in a can in PC cleaning kits.

I must admit I did kill 2 RAM chips in the process, its not as easy as it looks and it does take practise.

Furthermore they suggest than an image loaded into memory & fading is as accurate representation of what happens. It isn't - with encryption you either have 100% or 0%, while with an image 98% is often good enough.

The image was not encrypted. It was a bitmap demonstrating how RAM degrades.

Their entire video also assumes nothing is salted.

They are not getting the password from RAM, they are getting the unencrypted decryption key. The password is used to decrypt this and it is stored i plain text in RAM in all cases. The entire method they are using has absolutely nothing to do with passwords.

I have only managed to reproduce it using under Linux using an encrypted LVM, and yes. It you know what you are doing it takes a few minutes. My first attempt took around 2-3 hours. My demo to my engineering team took 5 minutes.

 

[Frikkenator]

In very many cases disk encryption can be bypassed in a matter of minutes and your data decrypted without the password or passphrase.

You have to consider who will be stealing your hard drive/notebook. Unless you work for someone who requires encryption (in which case you'll have much better software than the ones listed here) the guy will plug in the hard drive, see it's not working and chuck it away.

For the vast majority of people there really is no need for hardcore encryption.

 

[nkawit]

You have to consider who will be stealing your hard drive/notebook. Unless you work for someone who requires encryption (in which case you'll have much better software than the ones listed here) the guy will plug in the hard drive, see it's not working and chuck it away.

For the vast majority of people there really is no need for hardcore encryption.

Totally agreed.

It is however very scarey what people store on their pc's these days, and even more scary what they tell their browsers to remember or even whats in their history or cache!

A stolen phone or laptop can lead to enough information for criminals to devise a social engineering attack, while they normally target people in powerful positions they also target joe soap.

 

[Frikkenator]

Totally agreed.

It is however very scarey what people store on their pc's these days, and even more scary what they tell their browsers to remember or even whats in their history or cache!

A stolen phone or laptop can lead to enough information for criminals to devise a social engineering attack, while they normally target people in powerful positions they also target joe soap.

That is true, however for me personally the chances of that happening is and catering for it is just not worth my time and effort.

The point you touched on now, the mobile phone security, that, I think is a much greater threat and one that most people don't even think about!