If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
encrypt folder, recommendations?
Thanks, Vanguard, for posting corrections to the F.U.D. from a
previous poster about VeraCrypt versus TrueCrypt. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
Ads |
#17
|
|||
|
|||
encrypt folder, recommendations?
On Sun, 22 Apr 2018 10:23:14 +0100, J. P. Gilliver (John) wrote:
Plus what (ITIW) VanguardLH said about buffers, pagefiles, etcetera. I think Vanguard is right about that. Here's my take. There is no such thing as absolute safety. Given time, any encryption can be broken. Even though pagefiles etc. are a potential security leak, they're a lot less of one than just having the files sitting around unencrypted and in regular Windows folders. It's like locking your car or your house: it won't keep out a determined intruder, but it will slow them down, and maybe even make them move on to an easier target. The pagefile vulnerability can be avoided by installing extra RAM and turning off virtual memory. If I'm not mistaken, shutting down the computer clears RAM, if not instantly then in a few seconds. I don't know what if anything can be done in general about buffers created when files are open, but individual programs have some mechanisms. Vim lets you designate where temp files should go. Excel puts the working copy in the same folder as the original, so if the original is in an encrypted volume the temp copy will be too. You can always redirect %TEMP% to the encrypted volume if you really want to, but there must be some programs that don't use %TEMP%. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#18
|
|||
|
|||
encrypt folder, recommendations?
Stan Brown wrote:
On Sun, 22 Apr 2018 10:23:14 +0100, J. P. Gilliver (John) wrote: Plus what (ITIW) VanguardLH said about buffers, pagefiles, etcetera. I think Vanguard is right about that. Here's my take. There is no such thing as absolute safety. Given time, any encryption can be broken. Even though pagefiles etc. are a potential security leak, they're a lot less of one than just having the files sitting around unencrypted and in regular Windows folders. It's like locking your car or your house: it won't keep out a determined intruder, but it will slow them down, and maybe even make them move on to an easier target. The pagefile vulnerability can be avoided by installing extra RAM and turning off virtual memory. If I'm not mistaken, shutting down the computer clears RAM, if not instantly then in a few seconds. I don't know what if anything can be done in general about buffers created when files are open, but individual programs have some mechanisms. Vim lets you designate where temp files should go. Excel puts the working copy in the same folder as the original, so if the original is in an encrypted volume the temp copy will be too. You can always redirect %TEMP% to the encrypted volume if you really want to, but there must be some programs that don't use %TEMP%. If you want to encrypt, you'd want to boot a LiveCD that uses only RAM for buffering. When you shutdown afterwards, only the encrypted output you copied to the Windows hard drive would remain, and any temporary files would be lost when the RAM loses power. For example, maybe I could use some tool that does AES128. AES128 may be marginally more secure than AES256, so don't judge a book by its cover. (I'm still trying to track down why a 2^99 number is associated with AES256. And I'd seen a claim somewhere, that AES256 might be easier to crack because of whatever that number means.) And Windows has EFS, Bitlocker with Elephant Diffuser (Win7) and Bitlocker without Elephant Diffuser (Win10). As examples of available in-system crypto. ******* Here's an example of a jokey reference to cracking AES128 on a PDF. https://security.stackexchange.com/q...ing-the-key-is Real tools seem to place an emphasis on poorly prepared passwords. https://www.elcomsoft.com/apdfpr.html The software doesn't use the password directly, and some processing to generate a key is used. https://crypto.stackexchange.com/que...-secure-at-all ******* Your biggest exposure is probably storing your .TXT crib notes, with all the steps you used to prepare the file. What slip of paper did you write the password on again ? How many examples of "how I think about passwords" did you leave around the house ? For example, I like punctuation, even if sometimes I end up with a password that's very hard to get right on the first entry. And if you want to "collect entropy" on a computer, you have to keep the interface active. As that's how some OSes collect their "random events". https://stackoverflow.com/questions/...ble-on-windows Paul |
#19
|
|||
|
|||
encrypt folder, recommendations?
Stan Brown wrote:
On Sun, 22 Apr 2018 10:23:14 +0100, J. P. Gilliver (John) wrote: Plus what (ITIW) VanguardLH said about buffers, pagefiles, etcetera. I think Vanguard is right about that. Here's my take. There is no such thing as absolute safety. Given time, any encryption can be broken. Even though pagefiles etc. are a potential security leak, they're a lot less of one than just having the files sitting around unencrypted and in regular Windows folders. It's like locking your car or your house: it won't keep out a determined intruder, but it will slow them down, and maybe even make them move on to an easier target. Also, when editing the files, word processors often will save a temporary backup. For example, when I use Word on a .doc file on my desktop, I see the dimmed backup copies also on my desktop. Some will put the temp file in the temp folder. That's a much bigger exposure than pieces of the file sitting in the pagefile blocks that haven't yet been reused or small pieces of the file in buffers in memory. After opening a file, and to be sure no temp files got left behind or got deleted but obviously their sectors could expose the contents until reused, you could close the TC container and then wipe all free space on the drive. The option to clear the paging file (not just deallocated but written with zeros) on Windows shutdown and clearing out the old system memory blocks still not reused which requires a power off is why you seizure of computers must be quick, ensuring power cannot be lost, and getting to the computers before the suspects can shutdown and power off. While you could create a RAM drive and designate it as the location for the temp folder, that doesn't obviate programs that store temp files in the same location as the file or in a location of their own choosing. If the program uses the default temp folder but you've configured the registry to point at a RAM drive then its contents are lost on a power loss. If the program wrote the same path as the original file, the temp file would be inside the TC container. Alas, some programs use the Roaming, ProgramData, or other folders of the drive. The files are secure inside the TC container. Whether they remain secreted when opened and read from there can take a lot of work to keep all those fragments hidden, encrypted, or inaccessible. For uber paranoids, that's probably why they look at whole-disk encryption and perform power cycling after touching highly-sensitive files, or they put their computers into locked rooms. Thermal explosives would work, too, by frying anything due to unauthorized access. Just hope you don't retry that password too many times. The pagefile vulnerability can be avoided by installing extra RAM and turning off virtual memory. The problem with that is some programs, even Windows, will demand paging space at times. If the program coded to use the paging file gets a status back that there is no available free space then the program will misbehave, crash, or error exit. For example, many video games will preload their textures into the pagefile to allow quick access despite it is still retrieved from disk rather than memory. Loading all the textures into memory instead of just those in the immediate level map results in wasting a lot of system memory and severely ups the memory requirement of the game. |
#20
|
|||
|
|||
encrypt folder, recommendations?
On Sun, 22 Apr 2018 11:19:35 -0400, Paul wrote:
Your biggest exposure is probably storing your .TXT crib notes, with all the steps you used to prepare the file. What slip of paper did you write the password on again ? How many examples of "how I think about passwords" did you leave around the house ? Well, the end stage of that is writing the password on a sticky note stuck to the monitor. :-) But surely you use a password manager? Then all your passwords are encrypted and you have to remember only one, to unlock the password manager. Mine is a long phrase, so I can remember it easily but it's hard to decode by brute force. And of course I have LOTS of backups of the password file -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#21
|
|||
|
|||
encrypt folder, recommendations?
On 4/22/2018 2:21 PM, Stan Brown wrote:
On Sun, 22 Apr 2018 11:19:35 -0400, Paul wrote: Your biggest exposure is probably storing your .TXT crib notes, with all the steps you used to prepare the file. What slip of paper did you write the password on again ? How many examples of "how I think about passwords" did you leave around the house ? Well, the end stage of that is writing the password on a sticky note stuck to the monitor. :-) But surely you use a password manager? Then all your passwords are encrypted and you have to remember only one, to unlock the password manager. Mine is a long phrase, so I can remember it easily but it's hard to decode by brute force. And of course I have LOTS of backups of the password file Thanks again for the replies and discussion, I settled on Veracrypt, they have good documentation, it's easy to create an encrypted volume if any size; and to mount, use, and un-mount it quickly. Discussion of the pagefile issues was appreciated and noted. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|