“The most severe finding relates to the use of the Windows API to generate random numbers for master encryption key material among other things. Section1.3 Findings and Summary indicates some problems relating to the random number generator : It shows that open source project work and can be audited.īut, there are some concerns. This audit is good news and a somewhat of a relief. No way to detect it unless you regularly strip down you keyboard or laptop. And that is on advanced amateur-level, not professional level. With todays microcontrollers I could build one in a weekend and miniaturize it with a week of time or so. For example, an attacker with access several times can just install a hardware keylogger. The scenarios where disk encryption is useful assume that you notice when an attacker had access once (laptop stolen). That is why on Linux, I use LUKS on the data-partitions and on Windows (where I do not trust the MS-supplied crypto) I use TrueCrypt for the Windows System partition as as it doubles in many senses as a data-partition, unlike what you can do on Linux.īut in the end, if a reasonably competent attacker has access to your hardware several times, you are screwed anyways and no amount of disk encryption will help. It is a bit harder to attack than a kernel+root partition setup, but not much so. There still is an initial boot-loader and that is basically just as easy to attack as a full kernel+initrd setup. On the other hand, Full Disk Encryption rarely is Full Disk Encryption, and it is not for Mint either, or for TrueCrypt at that. Requiring defaults is pretty clearly a limitation of the Mint initrd, and not any limitation of LUKS. Sure, it can be used for encrypting a full disk, but then you need LVM to get partitioning again (with all the problems that brings in), and you have to use an encryption method that the initrd can handle. LUKS is not aimed ad FDE, it is aimed at partition encryption. Who is responsible for locking the vast majority of LUKS – LVM users into the particular defaults by not giving them easy alternatives?Īp4:15 and LUKS are seperate projects. Wouldn’t it be relatively easy for the maintainers of the system installer to install a drop down menu to allow you to choose the encryption options you want, the way TrueCrypt does? (Hint: in such a case they could even allow an option to dispense with the SWAP file for those with adequate RAM.) It seems to be technically possible to partition the disk using LUKS – LVM with the options of your choice and then to do the install on top of that–but it is to say the least confusingly complicated and no one has ever published a straightforward cookbook how to do it. The problem with LUKS is that if you want to do an FDE using the systems installer at system install time in say Mint you are restricted to the AES defaults. Select the mounted drive and click “ Dismount.Given the first-out-of-the-blocks comments by Anonymous1 & Anonymous2, Truecrypt must be good enough for certain parties to want to restrict its use as much as possible by trashing it (trolling) online.The device will be mounted on your selected drive.You may also need to enter your system password to authorize. Next enter your device password or provide the keyfile or both.Select a free slot and click on “ Mount” button to mount the encrypted volume.Plug in your flash drive and run TrueCrypt.The time taken will depend upon your drive size. The drive will now be formatted for use.In the Volume Format option, select FAT filesystem if you want cross-platform support. Note: If you loose the keyfile, all the files you encrypt will be lost for ever so store the keyfile used safely. Keyfile can be any type of file you want or else you can create a new keyfile too.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |