A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

encrypt folder, recommendations?



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old April 22nd 18, 02:23 PM posted to alt.windows7.general
Stan Brown
external usenet poster
 
Posts: 2,904
Default encrypt folder, recommendations?

Thanks, Vanguard, for posting corrections to the F.U.D. from a
previous poster about VeraCrypt versus TrueCrypt.


--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...
Ads
  #17  
Old April 22nd 18, 02:34 PM posted to alt.windows7.general
Stan Brown
external usenet poster
 
Posts: 2,904
Default encrypt folder, recommendations?

On Sun, 22 Apr 2018 10:23:14 +0100, J. P. Gilliver (John) wrote:
Plus what (ITIW) VanguardLH said about buffers, pagefiles,
etcetera.


I think Vanguard is right about that.

Here's my take. There is no such thing as absolute safety. Given
time, any encryption can be broken.

Even though pagefiles etc. are a potential security leak, they're a
lot less of one than just having the files sitting around unencrypted
and in regular Windows folders. It's like locking your car or your
house: it won't keep out a determined intruder, but it will slow them
down, and maybe even make them move on to an easier target.

The pagefile vulnerability can be avoided by installing extra RAM and
turning off virtual memory. If I'm not mistaken, shutting down the
computer clears RAM, if not instantly then in a few seconds.

I don't know what if anything can be done in general about buffers
created when files are open, but individual programs have some
mechanisms. Vim lets you designate where temp files should go. Excel
puts the working copy in the same folder as the original, so if the
original is in an encrypted volume the temp copy will be too. You can
always redirect %TEMP% to the encrypted volume if you really want to,
but there must be some programs that don't use %TEMP%.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...
  #18  
Old April 22nd 18, 04:19 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default encrypt folder, recommendations?

Stan Brown wrote:
On Sun, 22 Apr 2018 10:23:14 +0100, J. P. Gilliver (John) wrote:
Plus what (ITIW) VanguardLH said about buffers, pagefiles,
etcetera.


I think Vanguard is right about that.

Here's my take. There is no such thing as absolute safety. Given
time, any encryption can be broken.

Even though pagefiles etc. are a potential security leak, they're a
lot less of one than just having the files sitting around unencrypted
and in regular Windows folders. It's like locking your car or your
house: it won't keep out a determined intruder, but it will slow them
down, and maybe even make them move on to an easier target.

The pagefile vulnerability can be avoided by installing extra RAM and
turning off virtual memory. If I'm not mistaken, shutting down the
computer clears RAM, if not instantly then in a few seconds.

I don't know what if anything can be done in general about buffers
created when files are open, but individual programs have some
mechanisms. Vim lets you designate where temp files should go. Excel
puts the working copy in the same folder as the original, so if the
original is in an encrypted volume the temp copy will be too. You can
always redirect %TEMP% to the encrypted volume if you really want to,
but there must be some programs that don't use %TEMP%.


If you want to encrypt, you'd want to boot a LiveCD that uses
only RAM for buffering. When you shutdown afterwards, only the
encrypted output you copied to the Windows hard drive would remain,
and any temporary files would be lost when the RAM loses power.

For example, maybe I could use some tool that does AES128.
AES128 may be marginally more secure than AES256, so don't
judge a book by its cover. (I'm still trying to track down
why a 2^99 number is associated with AES256. And I'd seen
a claim somewhere, that AES256 might be easier to crack because
of whatever that number means.)

And Windows has EFS, Bitlocker with Elephant Diffuser (Win7)
and Bitlocker without Elephant Diffuser (Win10). As examples
of available in-system crypto.

*******

Here's an example of a jokey reference to cracking AES128 on a PDF.

https://security.stackexchange.com/q...ing-the-key-is

Real tools seem to place an emphasis on poorly prepared passwords.

https://www.elcomsoft.com/apdfpr.html

The software doesn't use the password directly, and some processing
to generate a key is used.

https://crypto.stackexchange.com/que...-secure-at-all

*******

Your biggest exposure is probably storing your .TXT crib notes,
with all the steps you used to prepare the file. What slip of paper
did you write the password on again ? How many examples of "how I
think about passwords" did you leave around the house ? For example,
I like punctuation, even if sometimes I end up with a password
that's very hard to get right on the first entry.

And if you want to "collect entropy" on a computer, you have to
keep the interface active. As that's how some OSes collect their
"random events".

https://stackoverflow.com/questions/...ble-on-windows

Paul
  #19  
Old April 22nd 18, 04:35 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default encrypt folder, recommendations?

Stan Brown wrote:

On Sun, 22 Apr 2018 10:23:14 +0100, J. P. Gilliver (John) wrote:
Plus what (ITIW) VanguardLH said about buffers, pagefiles,
etcetera.


I think Vanguard is right about that.

Here's my take. There is no such thing as absolute safety. Given
time, any encryption can be broken.

Even though pagefiles etc. are a potential security leak, they're a
lot less of one than just having the files sitting around unencrypted
and in regular Windows folders. It's like locking your car or your
house: it won't keep out a determined intruder, but it will slow them
down, and maybe even make them move on to an easier target.


Also, when editing the files, word processors often will save a
temporary backup. For example, when I use Word on a .doc file on my
desktop, I see the dimmed backup copies also on my desktop. Some will
put the temp file in the temp folder. That's a much bigger exposure
than pieces of the file sitting in the pagefile blocks that haven't yet
been reused or small pieces of the file in buffers in memory. After
opening a file, and to be sure no temp files got left behind or got
deleted but obviously their sectors could expose the contents until
reused, you could close the TC container and then wipe all free space on
the drive. The option to clear the paging file (not just deallocated
but written with zeros) on Windows shutdown and clearing out the old
system memory blocks still not reused which requires a power off is why
you seizure of computers must be quick, ensuring power cannot be lost,
and getting to the computers before the suspects can shutdown and power
off.

While you could create a RAM drive and designate it as the location for
the temp folder, that doesn't obviate programs that store temp files in
the same location as the file or in a location of their own choosing.
If the program uses the default temp folder but you've configured the
registry to point at a RAM drive then its contents are lost on a power
loss. If the program wrote the same path as the original file, the temp
file would be inside the TC container. Alas, some programs use the
Roaming, ProgramData, or other folders of the drive.

The files are secure inside the TC container. Whether they remain
secreted when opened and read from there can take a lot of work to keep
all those fragments hidden, encrypted, or inaccessible. For uber
paranoids, that's probably why they look at whole-disk encryption and
perform power cycling after touching highly-sensitive files, or they put
their computers into locked rooms. Thermal explosives would work, too,
by frying anything due to unauthorized access. Just hope you don't
retry that password too many times.

The pagefile vulnerability can be avoided by installing extra RAM and
turning off virtual memory.


The problem with that is some programs, even Windows, will demand paging
space at times. If the program coded to use the paging file gets a
status back that there is no available free space then the program will
misbehave, crash, or error exit. For example, many video games will
preload their textures into the pagefile to allow quick access despite
it is still retrieved from disk rather than memory. Loading all the
textures into memory instead of just those in the immediate level map
results in wasting a lot of system memory and severely ups the memory
requirement of the game.
  #20  
Old April 22nd 18, 10:21 PM posted to alt.windows7.general
Stan Brown
external usenet poster
 
Posts: 2,904
Default encrypt folder, recommendations?

On Sun, 22 Apr 2018 11:19:35 -0400, Paul wrote:
Your biggest exposure is probably storing your .TXT crib notes,
with all the steps you used to prepare the file. What slip of paper
did you write the password on again ? How many examples of "how I
think about passwords" did you leave around the house ?


Well, the end stage of that is writing the password on a sticky note
stuck to the monitor. :-)

But surely you use a password manager? Then all your passwords are
encrypted and you have to remember only one, to unlock the password
manager. Mine is a long phrase, so I can remember it easily but it's
hard to decode by brute force. And of course I have LOTS of backups
of the password file

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...
  #21  
Old April 24th 18, 10:30 PM posted to alt.windows7.general
Mike S[_4_]
external usenet poster
 
Posts: 496
Default encrypt folder, recommendations?

On 4/22/2018 2:21 PM, Stan Brown wrote:
On Sun, 22 Apr 2018 11:19:35 -0400, Paul wrote:
Your biggest exposure is probably storing your .TXT crib notes,
with all the steps you used to prepare the file. What slip of paper
did you write the password on again ? How many examples of "how I
think about passwords" did you leave around the house ?


Well, the end stage of that is writing the password on a sticky note
stuck to the monitor. :-)

But surely you use a password manager? Then all your passwords are
encrypted and you have to remember only one, to unlock the password
manager. Mine is a long phrase, so I can remember it easily but it's
hard to decode by brute force. And of course I have LOTS of backups
of the password file


Thanks again for the replies and discussion, I settled on Veracrypt,
they have good documentation, it's easy to create an encrypted volume if
any size; and to mount, use, and un-mount it quickly. Discussion of the
pagefile issues was appreciated and noted.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 09:37 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.