Posted on 05/29/2014 8:06:55 PM PDT by aMorePerfectUnion
The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.
(Excerpt) Read more at boingboing.net ...
Don't worry, I just need another 20 minutes.
If I lose or someone steals my laptop whoever has it will be unable to access any of my personal or client data. In my profession, I am ethically obligated to secure client data. I keep all of my data on a separate partition and encrypt that entire partition with DiskCryptor. I have set it up so the Diskcryptor password is required after any shutdown or reboot. It provides great peace of mind. Using a boot password rather than encryption provides some protection, but the disk can be pulled and used as a slave in another computer to gain access to the data. When encrypted the data is totally unavailable to prying eyes.
Thanks for the ping.
Right, it’s not your data, it’s client data, and it’s on your laptop.
That makes complete sense, your laptop could get stolen, you want to throw up that security barrier for that situation.
Listening to Steve Gibson on the DTNS podcast for May 29 now.
Correct. It can also be used to protect data on flash cards and flash drives which can easily be lost or stolen.
“Check out DiskCryptor. I have been using to encrypt my data partition for quite a while and love it.”
Thanks dude. :) We can’t not have an alternative...
Ok, ok, ok...I see Neo and the Agent, but where in the heck is the woman in the red dress?
Makes no sense that I can see. If that was the case why do anything at all? Just shut up about it. After all, Truecrypt is mature, how much more work on it was likely to be done anyway? They'd be better off to just quietly use the back door for now.
Because the first time another vulnerability is listed in their algorithm (happens more often than you think), they’d have to explain why they’re not releasing an update.
There’s also disinformation.
If there is something that is hard for NSA to decrypt, they’ll do what they can to get it to fall into disuse.
A public declaration that it’s got a backdoor is a great way to get many people to stop using it, problem solved.
It bears repeating that encryption of data on disk protects the data in case the machine is physically compromised, e.g., stolen, lost, etc.
Once again, malware is what is used to get at most people’s PCs/phones/etc.
Encrypting data stored on disk protects the data for when your OS is NOT running.
Like if your laptop is stolen, or the NSA comes barging into your house at 4am and confiscates your laptop because it has something on it that’s a national security issue. Maybe the FBI thinks you’re a child porn distributor and they come confiscate your laptop. Etc.
Encrypting disk data make a lot of sense for corporate IT departments for the computers that their employees carry around with them.
Encrypting disk data does nothing to keep a hacker from snooping on you while your OS is running and you can see your files in the clear.
If you can see files in the clear, so can a hacker.
Hackers are much more of a problem for the average American than law enforcement / national security confiscating their PC and going through their data. After all, if national security people see everything that comes out of and into your PC over the internet - they really don’t need to look at your hard drive !
Login passwords, account numbers, credit card info, etc., if none of that is stored on your laptop, then none of that can be stolen when your laptop is stolen. It don’t have to be encrypted if it just ain’t there.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.