{"id":193,"date":"2015-12-22T22:22:35","date_gmt":"2015-12-22T22:22:35","guid":{"rendered":"http:\/\/blog.paranoidprofessor.com\/?p=193"},"modified":"2017-07-27T16:17:27","modified_gmt":"2017-07-27T16:17:27","slug":"safe-computing-encryption","status":"publish","type":"post","link":"https:\/\/blog.paranoidprofessor.com\/index.php\/2015\/12\/22\/safe-computing-encryption\/","title":{"rendered":"safe computing – encryption"},"content":{"rendered":"

“Those who do not learn history are doomed to repeat it.”<\/p>\n

George Santayana<\/div>\n<\/blockquote>\n

Recently a friend of mine had an old computer that had a lot of personal photographs on it but it stopped working.\u00a0 To be honest, he really is quite content with his tablet.\u00a0 It fits in your lap, has fabulous battery life and you can put it into your briefcase or backpack.\u00a0 He just wanted his old pictures back.<\/p>\n

The request was simple, can I copy this information from the computer to a USB stick.\u00a0 I simply took the computer home and took out the hard disk.\u00a0 I connected it up to another computer and proceeded to copy all the files to a USB stick.<\/p>\n

Windows didn’t stop me because I never gave it the chance, I booted up a different operating system.\u00a0 It is not really a defect in windows, it was a case of simply working around the existing security, not terribly different than the Maginot line defense in world war II.<\/p>\n

The Maginot line was a 200 mile long strategic defense<\/a> in France to prevent an invasion from Germany.\u00a0 It turned out to be a very good defense for direct attacks but essentially ineffective as the Germans simply invaded through Belgium.\u00a0 They simply worked around the existing defenses.<\/p>\n

The format of the filesystem has changed since the old days of Microsoft DOS but nevertheless it is a standard and well known.\u00a0 Due to the size of the install base of Microsoft Windows and the file systems that they use, makes it inevitable that non-Microsoft utilities and operating systems would ensure that they would support this large user base.<\/p>\n

The entire reason that I was able to get this data is because of how common everything is and how unprotected this drive was.\u00a0 The data was not encrypted so any person, utility or operating system has a free hand in accessing it.<\/p>\n

Encryption, or the controlled scrambling of the hard disk contents, is the solution.\u00a0 The good news is that encrypting your disk with keep prying eyes from using such a simple work around.\u00a0 The bad news is that if your computer breaks the same encrypted hard disk will be impossible to read unless you have saved your key.<\/p>\n

If you are using BitLocker, from Microsoft, when setting up the encryption you need to either save the key to a USB stick or print it out.\u00a0 Failing that, your data is 100% secure, even from you.<\/p>\n

This is exactly the same situation for Truecrypt<\/a>, Veracrypt<\/a>, Zulucrypt<\/a>, or any other full disk solution.\u00a0 Besides isn’t Truecrypt unsafe?\u00a0 Well, Truecrypt did pass its security audit<\/a>, and although it is not perfect it is secure<\/a>. The project which was abandoned has been forked to a new life.<\/p>\n

Even if any of these solutions was compromised by any government or private organization, there is a minimum level of security.\u00a0 If the laptop is lost or stolen your bank records, tax records and other private information is fairly safe from prying eyes.\u00a0 My mentor Ivan has reminded me that if the authorities want your information they will get it one way or the other.<\/p>\n

If the government is not able to brute force the password it probably wasn’t very well protected or otherwise they will take other things from you like liberty<\/a> until you do supply the information that they want.<\/p>\n

Encryption is a great idea if you are protecting national secrets but it is an equally good idea if you are not.\u00a0 In this day and age, people have a lot of personal information stored on their personal computer.\u00a0 This data may be a tax details, bank account details, pictures from your last holidays or even an especially embarrassing selfie.<\/p>\n

Encrypting a file, partition or even the whole disk is a good idea but as always there is a downside.\u00a0 When using a software based solution you are securing the data but taking the CPU away from its main tasks so it can encrypt and decrypt the reading and writing of data.\u00a0 You may not see the speed degradation depending on the number and size of the files you process.<\/p>\n

A solution for the speed problem is to purchase a disk that does the encryption in hardware.\u00a0 Such a drive is referred to as a self encrypting drive – SED. The drive itself will have the necessary hardware to deal with the encryption.<\/p>\n

You simply provide a authorization key (password)\u00a0 when powering up the computer and the drive will be unlocked until it is powered off.\u00a0 This is convenient but the downside is that locking the computer or hibernating the computer will not re-lock the hard disk.\u00a0 Also, it is not possible to simply purchase a SED and put it into all of your computers as it is important that the motherboard has the ability to pass the authorization key to the drive.<\/p>\n

I personally like having software do my encryption as I have a little bit more control over how much of the hard disk is encrypted and when it is locked or unlocked.<\/p>\n

For more information about self encrypting drives, there is a very detailed article from pugetsystems.com.<\/p>\n

https:\/\/www.pugetsystems.com\/labs\/articles\/Introduction-to-Self-Encrypting-Drives-SED-557\/<\/a><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

“Those who do not learn history are doomed to repeat it.” George Santayana Recently a friend of mine had an old computer that had a lot of personal photographs on it but it stopped working.\u00a0 To be honest, he really … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[89],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/193"}],"collection":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/comments?post=193"}],"version-history":[{"count":14,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/193\/revisions"}],"predecessor-version":[{"id":408,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/193\/revisions\/408"}],"wp:attachment":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/media?parent=193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/categories?post=193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/tags?post=193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}