Bitlocker No Real Threat To Decryption?

An anonymous reader writes "The Register is running a story called 'Vista encryption 'no threat' to computer forensics'. The article explains that despite some initial concerns that lawbreakers would benefit from built-in strong encryption, it's unlikely the Bitlocker technology will slow down most digital forensic analysts. What kind of measures does one need to take to make sure no one but yourself has access to your data? Is Bitlocker just good enough (keeping out your siblings) or does it miss the whole purpose of the encryption entirely?" One would hope an international criminal mastermind could do better than the encryption built into Vista.

Re:Well for one

[DimGeo]

There is a way to implement secure backdoors. Like encrypt the encryption key with the public key of NSA and store it on the drive itself. There you go, now only NSA can read your drive.

Re:Makes you feel good about Vista encryption

[Anonymous Coward]

Well, if you read the article you wouldn't fall for a sensationalist headline like that.

The article basically says that if law enforcement can get the encryption key, or get the password to log on to a running machine with an encrypted hard drive, they can access the contents.

Wow...what an insight.

*sigh*

Re:PGP?

[heroofhyr]

It's not legislation, it's based on court ruling.

http://news.com.com/Minnesota+court+takes+dim+view +of+encryption/2100-1030_3-5718978.html [com.com]

A brief excerpt:

Ari David Levie, who was convicted of taking illegal photographs of a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif.

But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict.

And here's the relevant paragraph from the appeals court decision itself [minnlawyer.com]:

Evidence of appellant's computer usage and the presence of an encryption program on his computer was relevant to the state's case. We affirm the district court's evidentiary rulings.

I would say "encryption deemed criminal intent" is more of an interpretation by Internet journalists of the ruling than what was actually said. But it is true that if you are on trial for a crime in Minnesota, there's a precedent for the mere fact that you have PGP software on your computer to be used against you as evidence for the prosecution--despite the prosecutor's witness himself saying that PGP capable software is already available in OSX.

Linux Unified Key Setup

[alexandre]

Want to encrypt your disk securely?
Take a look at LUKS [endorphin.org].
It now comes standard in the latest Debian Etch installer :)

Re:I use TrueCrypt

[nmb3000]

I use TrueCrypt

TrueCrypt [truecrypt.org] is pretty cool. In addition to making an encrypted partition/drive, you can create a file that gets mounted as a drive once you've accessed it. This is what I usually do and it's handy for using it on a USB key or if you need to send some files via email/FTP. You can also have it use one or more files for the decryption key for the volume instead of the standard text passphrase.

The GUI is quite good, lots of choices on encryption algorithms, and there's nothing cooler than using sol.exe as your decryption key :)

Re:I use TrueCrypt

[Anonymous Coward]

Seconded. There's a sort of chain mail floating around on piracy sites regarding truecrypt, the covers some of what has already been mentioned here. I wonder if someones up to a viral marketing campaign or something.

FWIW here it is:

Peace for the paranoid.

If you have files on your computer that are very personal, embarrassing or plain illegal, you probably want to use encryption. There are a number of solutions out there, both free and commercial. My recommendation goes to truecrypt ( http://www.truecrypt.org/ [truecrypt.org] ) which is free, open-source and very easy to use.

Truecrypt can create a file on your computer that has to be "mounted" to a drive letter (like F:) before it can be read. It then shows up under 'my computer' much like a CD player or something, ready for use.

The file itself can be named anything and placed anywhere on your hard drive, or a CD, USB key etc. And if you analyze it without having the pass-phrase it will look like a random sting of numbers.

The default algorithm for truecrypt is AES, which the US department of defense deems strong enough even for 'top secret' documents.

How to use truecrypt is well enough described on the website. Go to http://www.truecrypt.org/docs/ [truecrypt.org] and click 'Beginner's Tutorial'.

I'd like to add some notes though:

Pick a strong password. You have up to 64 characters so use a whole sentence. A quote from a movie or a line of a song works well. If you want something shorter go for something purely random.

You can strengthen it further by using keyfiles. Any file that never changes can work as a key file. Now you adversary not only have to crack your password, but also has to know which files on your HD to give as key files.

It's overkill for most situations, but if you keep some home made MP3-files on a USB drive and use these for keys you have the dual protection of something you must have (USB key) plus something you must know (pass phrase).

If you live in a country where use of encryption is in itself illegal, or considered suspect do the following:

* Use the hidden volume feature of truecrypt. This creates two volumes baked into one, with different passwords. If you are forced to reveal the password you can give out the one to the wrong volume.

(Where you have conveniently stored some embarrassing but perfectly legal Pr0n. What if you were to die suddenly and your mom got your computer! Plausible deniability).

Another similar option, is to simply create another encrypted volume with some non-critical stuff in it. This gives you an easy out if someone asks why you are using an encryption program.

* Hide the volume file itself. Give it a name and location that is similar to a TMP or system file like 'WINDOWS/Temp/~GH7876.tmp'. Given that the file itself doesn't advertise what it is finding it becomes very very hard. Many applications dump random stuff in tmp dirs. Another nice place is hidden folders beginning with $ in the WINDOWS dir. These are uninstallers for windows update, but they are almost never used. Be creative.

I think this is better than keeping it on a separate medium like as CD (why did you burn a block of random numbers to CD, huh?). especially if you need to work on the files.

* You can use TrueCrypt in 'traveler mode' which means you don't have to install the program itself. You can keep it on a CD or something. I find this awkward though.

Most of the above is overkill to me though. How far to take it is a trade-off between convenience and paranoia. But it's not illegal to use encryption in most of the world so there is no particular reason to obfuscate it. Better to be prepare with a good answer if someone asks. Either way, unless you have NSA on your ass, your adversaries will never get into your files without your pass-phrase.

Help out by copying this text and spreading it around. Help people protect their privacy.

Re:Well for one

[Anonymous Coward]

One key to rule them all. Brilliant idea. And no one will ever, ever, ever steal that key. And technology will never progress to the point where that key becomes crackable.

And the guarding of the "secure" back door will always be much much better than I could possibly guard the "front door," so it's no problem for my security. And of course I can still implement defense-in-depth with a back door that I can confidently rely on will never open.

Sorry, secure back doors are possible in theory. The difference between theory and practice, of course, is that in theory they are the same, but in practice, they aren't.

Re:I use TrueCrypt

[AusIV]

So it would seem. It's been a long day.

NSAKEY

[Anonymous Coward]

http://www.google.com/search?q=nsakey [google.com]