NovaTC

Your experience with file/disk encryption

Recommended Posts

Due to some legal issues that arise with the ongoing lobbying of certain hell-bound industry branches, I consider some serious large scale file/disk encryption solution.

I am not talking about a few hundred megabytes of word files and family pictures, but more in the hundreds of gigabytes ranges. So if someone ever came looking on my computing for something that might put my head at risk, they would be out of luck without the proper encryption key. Since torture is still not legal in most parts of the so-called civilized world when it comes to extracting encryption keys/phrases from suspects, such a solution could save quite a few butts and bucks out there.

Target platform is primarily Windows, but I might consider building a Linux file server some day.

My most important requirements are:

1) reliability

2) security

3) moderate performance hit in day-to-day operation

4) seamless integration into the OS, ideally the solution should ask me for the volume password once after startup and make the data available until the system is shut down, or perhaps after a certain (adjustable) time of user inactivity

5) (hard to satisfy): accessing the encrypted volume from Windows and Linux, of course using a both worlds file system, i.e. FAT32)

I checked truecrypt (http://www.truecrypt.tk/), which is an open source Win2k/XP software. It offers several encryption algorithms (Blowfish, Triple-DES, AES, CAST), can work on container files as well as use an entire (empty, unformated) partition or device as container. I did a coarse test of performance on my notebook. Copying a 700MB file from the notebook's HDD (HGST 7K60) to another directory on the same drive takes about 75 seconds, with CPU usage in the <5% area all the time (yeah, not that fast, but remember, same disk, quite full and somewhat fragmented). Copying it to a 1GB container file residing on the same disk took exactly the same time. CPU usage was however about 30%, so playing media files from an encrypted drive could be a problem. I plan to do more thorough testing, but the first results regarding performance are promising. Having both the container file and the source file residing on the same disk might however be an ideal situation, since drive speed is definitely the limit. The target machine will have a faster CPU, but hopefully MUCH faster drives (RAID5?) as well, so CPU usage might become an issue. If anyone has any real world measurements, I will be happy to hear them.

Testing security is not my expertise however, I will have to rely on experts regarding the principal security of the supported algorithms. The writers of Truecrypt claim that their implementation is safe, e.g. they do not store passphrases in swapable memory. The containers do not even contain magic bytes that might give away that they are actual encrypted data, they say they appear as completely random data. (termed "plausible deniability")

All kinds of file systems available to windows are supported, the volumes are mounted as drives that appear "physical" to common tools, i.e. they can be formated, defragmented, recovery tools should work as well. Donwsides: no boot support (and finding a software named "TrueCrypt" on a windows install will ruin the "plausible deniablity" somewhat...), but that is not much of an issue. for my purposes, as it is data not apps or the OS I am concerned about.

Seems perfect so far, still it can't satisfy 5), nor can I give any estimates regarding 1). I believe an encrypted volume is much more succeptible to damage from a few bad (physical) sectors, perhaps killing ALL files in the volume ("avalanche effect", anyone?)

I plan to put it to the test by using a truecrypt "drive" as temp space for a certain software.

I would like to hear some suggestions for drive encryption software, especially experience regarding Truecrypt.

Greetings

Nova

Share this post


Link to post
Share on other sites

As important as this sounds, I'd hire a consultant. I have used Bestcrypt on W98-2K-XP. It works VERY well. I was surprised on how reliable this piece of software turned out.

Share this post


Link to post
Share on other sites

What's wrong with using EFS? It's built right into NTFS, and has full domain wide key management support?

AFAIK SAMBA 3.0 does have some limited support for it. :unsure:

Just to let you know, implementation of a secure encryption system is very, very, very difficult.

Share this post


Link to post
Share on other sites
What's wrong with using EFS? It's built right into NTFS, and has full domain wide key management support?
Because anybody with physical access to the server can recover the EFS encryption key. Not good.
Just to let you know, implementation of a secure encryption system is very, very, very difficult.
Uh Huh.

Check out SecurStor for protection from the boot prompt. Otherwise there are many vendors (including freebies) that provide container level encryption. You'll probably want to look at a "personal" encryption solution because most "enterprise" solutions have a back door. Keep in mind if you lose the password on a "personal" encrypted drive you're screwed. PGPDisk is a good one for container level encryption.

Share this post


Link to post
Share on other sites

How about this. Is ther eany software out there that just password protects LAN users from shared folders?

If someone is browsing the network and sees a drive they want to search and they click on it I would like a password to pop up. If you know the password great, if not then you dont get it.

Is there any way to do that?

Share this post


Link to post
Share on other sites
How about this. Is ther eany software out there that just password protects LAN users from shared folders?

If someone is browsing the network and sees a drive they want to search and they click on it I would like a password to pop up. If you know the password great, if not then you dont get it.

Is there any way to do that?

Absolutely! It is bundled with your networking OS.

Share this post


Link to post
Share on other sites

I use the linux crypto loopback driver for encrypted file systems. You have a choice of a number of encryption algorithms to use. I use blowfish-256. Performance is decent (22MB/sec sequential transfer) on a 2.8GHz P4 to a 15K SCSI disk. You have freedom about what you encrypt too. You can encrypt an entire drive, a partition, or a file (that is mounted in a loopback fashion as a "fake" filesystem). Heck, I've even encrypted a USB thumb drive so I can take confidential data with me and not worry about the drive getting lost/stolen. It's works fine on large volumes (> 100GB), but the setup can take awhile because you first overwrite the device with random data several times over which is slow on a large disk (technically it's optional to do this, but if you want security, you'll do it). Setting up crypto after the random data has been written is quite fast and painless.

You need to give the passphrase to mount the drive/partition/file, but once that's done, it operates just like any other file system. Also, you can share it via samba so windows clients can use it.

Note, however, that you'll obviously need to encrypt your backup too (otherwise, you don't have security). You might want to use two different passphrases for primary and backup. Automating the backup is a pain because you need to provide the passphrase whenever you mount the backup device. You can't change the passphrase once you've set it up.

Of course, if you ever forget your passphrase, you're really SOL. No amount of local access to the hardware is going to bring that data back.

Share this post


Link to post
Share on other sites

@Coco I didn't want to exagerate, it is all a private issue, so hiring a consultant is not an option. :-)

<hint>Just think about guys from RIAA (or a similar mafia^H^H^H^H^H organisation, that's what I meant with "hell-bound industries") visiting your home and you don't wanna give them any evidence that might screw you big time. Paying several thousand bucks in fines and/or compensation for some _private_ copies of certain... media files... is not my understanding of justice, but the result of some serious lobbying (i.e. bribery) with government representatives, like MPs.</hint>

@Jeff

I read about loopback encryption in a magazine article. I will use it, if I decide to set up a Linux based file server. Since I don't have Gigabit Ethernet right now (which would not only require me to buy new network cards but also new Mobos/CPUs to avoid the PCI-bus bottleneck), for the moment I need the data directly on a Windows machine. The ~8MB/s of fast ethernet just won't cut it.

Share this post


Link to post
Share on other sites

Encryption is a nice idea - but using it for what you want to do is plain silly. If the RIAA or any other agency has sufficient grounds to suspect you, they simply file a lawsuit to get a search warrant for your place. The police then arrive at 7:00AM, and confiscate your drives. They examine them, find them encrypted, and then LO AND BEHOLD - they file ANOTHER lawsuit to compell you to supply the encryption key. You can't erase them - they have the drives in their labs. Failure to comply with a judge's order for your encryption key is contempt of court in all 50 states. At that point, say in a few days or weeks of waiting (depending upon how good your expensive lawyer is), you will either voluntarily supply the encryption key, or be jailed and possibly fined for contempt of court. At that point, you either supply the key, or you will be sitting in a cell in a state prison (or at least a holding cell) wondering why the the HELL you bothered with encryption...

With cause (such as monitoring network traffic for filesharing), they will certainly get the search warrant. Your encryption alone is probably enough grounds to get a judge's order to have the key released - it is almost tantamount to an admission of guilt - "if he ISN'T doing something illegal, then why does he have 500Gigs of encrypted files???".

Your call, and if you don't believe me you should find a friend who is a lawyer and ask for some free advice...IANAL of course, so take any advice above with that caveat...

Future Shock

Share this post


Link to post
Share on other sites

@ Future Shock: You MUST be kidding! Is this really possible in US law? :o

I am no US resident, in my country, no one can be forced to incriminate himself or his family members. So they can not force me to reveal the key.

If such a thing is really possible in the US, they should stop calling the US a democracy. Being forced to incriminate oneself by threat of a prison sentence is in no way better than forcing the same through torture. Could someone please tell me that this isn't true?!

BTW: the Truecrypt software claims "plausbile deinability" (see my first post), that means it is impossible to tell whether a file/device contains an encrypted volume or just random data. So even if what you state is true, it should still offer some protection. I mean, what if they _did_ find Truecrypt on your system, and if they did find a partition or file full of random data. They would force you to reveal the key, put you in jail, whatever. But what if it actually only IS random data, perhaps created when the disc was securely erased by its previous owner? You simply could not reveal the key, since there is none. But they would not believe you and keep you locked up forever?!

Despite some bad developments regarding civil rights in recent years (thank you again, Osama... :-/), I doubt this is really possible in the USA, as this would be "Inquisition Reloaded": "Confess, witch or we torture you to death." - "And if I confess?" -"Then we will burn you alive!"

Of course they will get a search warrant if they monitored P2P traffic of "their" content, but if they only find encrypted stuff, they can not use it against the acused. They would have to rely on the logs alone (which IMO can be taken appart by a good lawyer, since anything on a computer can be forged).

"In dubio, pro reo"!

Or did they get rid of that basic rule of any good justice system as well?

Share this post


Link to post
Share on other sites
"if he ISN'T doing something illegal, then why does he have 500Gigs of encrypted files???"

I agree with FS's assesment, but sadly it's a pretty classic rationale for invasion of privacy. If police requested a search warrant only because they noticed some guy's house had 5 padlocks on the door, the judge would throw the book at him. Involve technology however, and it's like starting all over again because the courts don't understand it.

Of course using that same analogy, if the police also happened to notice a stream of guys in vans carrying suspicous looking boxes in and out of the house all day, that's a different matter.

-Chris

Share this post


Link to post
Share on other sites

I just want to point out that in the US, it is HIGHLY unlikely that they could ask you for your encryption key without some supporing evidence that you were doing something illegal - such as having your IP found listed as a supernode for Kaaza, or massive file traffic from your IP, or questionable website links to your IP.

But if you are not worried about such supporing evidence (you're either doing NOTHING wrong, or there is no way for anyone to know at all), then you don't need encryption, because they wouldn't get the search warrant in the first place. I'm just pointing out that once they HAVE the search warrant, then you can be compelled to open your "residence" to search, and that includes your harddrives.

For an analogy, if I have the police come to my house with a valid search warrant, and I have a LOCKED ROOM, they can ask me to open that room. If I say no, I am in violation of the search warrant, obviously. And I can be arrested and/or held in contempt. An encrypted drive is the equivalent of a locked room, plain and simple. And they can compell you to open it, the same as if it was a locked room. You can put the strongest lock on that room that you want, but the police can still order you to open it - after all, the search warrant says your whole house is (usually) open to search. Similarly, you can put the stongest lock on your files - but the police with a warrant can compell you to open it.

In my mind, this is NOT a violation of civil liberties in any respect. A search warrant is a search warrant, and they had to prove to a judge that something was probably illegal at that residence to get it. A locked room, a locked car trunk, or an encrypted file is, and should be, equivalent. So far, I have been impressed with the willingness of the US courts to apply that rule to not only filesharers, but mafia bosses with encrypted books, and corporate criminals with encrypted emails. It's not a "screw the little guy" law, it seems to work it's magic across spectrum, as long as it's fairly applied in the initial search warrant phase...

Future Shock

Share this post


Link to post
Share on other sites

@ Future Shock

While the comparison between a locked room and an encrypted drive is intriguing, a search warrant, at least to my understanding, allows them to search your house. It does not allow them to force you to do what they please, i.e. you do not have to help them or actively cooperate in any way. Especially if helping them would only incriminate yourself. Of course, you should not resist actively either.

I only read some sources about house searches in my country, perhaps it is different in the US.

The practise is as follows: They can ask you to open a locked door. You can say, "fine, better I open it myself, because otherwise they will break it open, costing me more in the end". Or you decide not to help them (perhaps because what you did will bring you in jail for years anyway, so a torn out door is your least concern). Then they will force the door open and find all evidence anyway. But if your locked door was impenetrable (i.e. a hard disk ecnrypted with a save encryption algorithm), they can not force you to open it. Not in a constitutional state, at least to my understanding of the word, as helping to open the (theoretically of course) impenetrable door is essentially the same as incriminating one self.

Impenetrable real world doors do not exist, while there are certainly encryption algorithms that are impenetrable by today's knowledge. So you cannot compare a door and an encrypted drive.

I did some coarse research regarding self-incrimination and the US constitution:

http://www.columbia.edu/itc/tc/bolotin/res...oliceprior.html

appears to confirm that you do not have to incriminate yourself, but it doesn't cover the search warranty & password issue.

However, although obviously concerned with New Zealand law,

http://www.chapmantripp.com/resource_libra...cle.asp?id=2604

appears to refer to a change in law that (probably under the "anti-terrorist" hood), that confirms what you said:

"Subsection 1 of the new section says that the police, when executing a search warrant, can make a specified person:

'provide information or assistance that is reasonable and necessary to allow the constable to access data held in a computer that is on premises named in the warrant.' "

"subsection 4 says that subsection 3 does not stop the police from making a person provide assistance in accessing a computer, even if that computer 'contains or may contain information tending to incriminate the person'."

Well, if this is true, I am truely horrified. I didn't expect that cutting down civil rights has already progressed that far. A balance has to be found between the rights of the individual and the safety of a nation. This balance has obviously long since been tipped over. *me removes new zealand from list of potential vacation targets*

I will do further research on that topic, especially about how this situation is handled in the US and in my country.

Share this post


Link to post
Share on other sites

Guys, download a copy of the 4th amendment to the U.S. constitution and read it a couple of times. Power to subpeona your data is actually pretty limited. And, as for encryption, there are ways to make it non-obvious (put it on an external HD, do not script anything for mounting/unmounting, do not log activity to the drive, use encrypted wireless so there are no wires leading to the off-site disk, etc....). If you encrypt the whole disk (without partitioning, which is possible in linux), you can claim it's simply a blank disk.

Most likely, though, the police or any other govt official will not be involved if all you're doing is file sharing. Now, if you're a drug dealer, child pornographer, have terrorist ties, etc... then you're out of luck. What FS described is pretty likely to happen in that case and your only recourse may be to file a civil rights lawsuit after the fact.

Certainly, I'm not advocating or encouraging you to do something illegal. However, everyone has a right to privacy and there is nothing wrong with keeping your information secure.

Share this post


Link to post
Share on other sites

My point was/is when whenever the 4th ammendment is applied to a new context, the courts are typically slow to "get with it". For example a judge who would never even consider issuing a warrent for something involving a locked door might consider it for an encrypted computer, merely because he doesn't yet understand that they're the same thing.

-Chris

Share this post


Link to post
Share on other sites

Nowadays the RIAA could simply come up with some way of using the Patriot Act etc to do a secret sneak and peek search of your house, perhaps placing a spy cam or other device to capture your passphrase. And they wouldn't have to tell you they had searched your house for quite a while afterwards. Perhaps after the indictment :)

I think it was on Ars Technica that some guy had all his file sharing computers hooked up to some kind of pyrotechnics, he just had to hit a button and all his hard drives turned into slag. He could get away with piracy, perhaps only to spend life in jail for burning down his dorm complex with his fellow students inside......

Share this post


Link to post
Share on other sites

Unfortunately, you are right. The justice system or the government as a whole is always slow to react and adapt to new developments. And often the reaction is devastating. For most governments (even the so called democratic ones!) the internet is a very dangerous thing. People can gather information from sources that are not under governmental or corporate control. People can discuss their opinions freely. So they cut down the freedom provided by this technology piece by piece, to secure the benefices.

And they cover it up by claiming it is all to "protect national security", or to "protect the youth". Pradeep's RIAA&Patriot Act example describes exactly this. We have to be wathcful, or sooner than we think we will end up in a GDR- or Gestapo-style police state, where everybody spies on everyone else. It has "happened" twice in my country (or parts of it) in the last century, but judging from the current development it could happen again, here or in any other western democracy. People just don't take their history lessons seriously.

Share this post


Link to post
Share on other sites

Interesting, one thing they cannot do is spy your Brain ;). Some times I think that the only place to keep knowledge safe is in your Brain. Since there are no real possible methods to read the chemicals and staticly saved information on your brain.

Share this post


Link to post
Share on other sites

Jeff Poulin has a very good point on how to keep things under secret. What if they tell you to do a Low Level Format on it? :o:o:o .

Share this post


Link to post
Share on other sites
What if they tell you to do a Low Level Format on it?

They wouldn't. First, that would be illegal, and second that would destroy the "evidence" limiting any chance for prosecution.

What they would do if they suspected there was illegal data on the drive is confisgate it, make an image copy, compute a 256-bit hash to verify the image is the same, make a 2nd "working" copy of the image and verify the 256-bit hash. Put the first copy away to protect the "chain of evidence" and bring the 2nd copy to a forensics lab for analysis. If they can crack the encryption or get the key (passphrase), then they'll use that to build their case.

Remember though, that if you're ever involved in this kind of investigation, computer evidence is just one piece of the puzzle. It's unlikely they would build their whole case on that because there's the big issue of "binding" (your hard drive != you, so how do they prove it was you who put that stuff there?). What's more likely is they would interview your friends/family/contacts, surveil your activities, and build a largely "old fashioned" case with computer evidence thrown in for good measure.

Share this post


Link to post
Share on other sites

"I am no US resident, in my country, no one can be forced to incriminate himself or his family members. So they can not force me to reveal the key."

It's not just the US that has such laws. Many of the free countries have.

Legal systems are never fair. If they where there would be no diffrence between a $1/hour or a $1000/hours lawyer.

"BTW: the Truecrypt software claims "plausbile deinability" (see my first post), that means it is impossible to tell whether a file/device contains an encrypted volume or just random data."

Computer files are never random. A trained eye (easily) spots teh diffrence between left over file traces or real random (encryption data)

"I mean, what if they _did_ find Truecrypt on your system"

They have proof you hide the warez they busted you for in the first place.

They don't raid your house because they just guessed you have an encrypted HD.

They already have enough evidence to get a search warrant.

An encrypted partition isn't good enough. They will find all kind of traces on your PC (registry). CDRs. Pieces of paper etc etc.

They may even find 2 or 3 illegal files. They just give you max jailtime for that.

Take a look at www.strongdisk.com By far the encryption program with most options. For example boot your PC and pull out the USB lock. When they take your PC away there is no way they can access the containers. Not even if they raid your place when you are gone.

But it does not encrypt the OS which hold all kind of traces. You need drivecypt Plus pack for that. (with rumored links to .gov)

Another (slow) solution is you put your storage disks in a secret place. In teh ceiling :-) And put it on a Wireless lan.

So many solutions so little chance.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now