truecrypt...
Posted: Mon Apr 18, 2011 9:43 pm
Est. 1995 - Copyright © 1995-2019 (see FAQ for details)
https://www.thinkpads.com/forum/
On the bright side, it does not use the fingerprint reader, so you won't be tempted to rely on anything other than a strong passphrase.blackomegax wrote:only downside is that the thinkpad TPM and finger reader do not support it at all, so you're stuck doing everything in software, with passwords.
but you can bind your finger to any length of actual password behind it. just dont lose your finger.ThinkRob wrote:only downside is that the thinkpad TPM and finger reader do not support it at all, so you're stuck doing everything in software, with passwords.
On the bright side, it does not use the fingerprint reader, so you won't be tempted to rely on anything other than a strong passphrase.
Yes, and provided that malicious parties never get their hands on gummie bears, fingerprint readers will remain secure.blackomegax wrote: but you can bind your finger to any length of actual password behind it. just dont lose your finger.
Oh come on... let's be fair... the dock lock isn't exactly... uh...ajkula66 wrote:The very last thing I'd ever rely upon when it comes to security on ThinkPads would be the fingerprint reader...and that's all I'm going to say...
The net-security.org article is nothing new, nor is it specific to TrueCrypt. Any machine with FireWire (or some other DMA-enabled port) is susceptible to this sort of attack whether they're using TrueCrypt, FileVault, LUKS, Bitlocker, or something else. This is why you should always shut your computer down completely before passing through US customs or TSA security checkpoints. (Also, the software and hardware necessary to perform this sort of attack is not something that only the "good guys" possess. A number of options are available for both LEOs and crooks alike.)Puppy wrote:I don't use it but these two articles are probably worth to read:
http://www.net-security.org/secworld.php?id=9077
http://www.ghacks.net/2009/11/26/bitloc ... rformance/
The performance loss seems to be too high. I rather use NTFS encryption.
How does it crack TrueCrypt encryption using Firewire? Can it also crack TrueCrypt on the backup DVD's I make?ThinkRob wrote:The net-security.org article is nothing new, nor is it specific to TrueCrypt. Any machine with FireWire (or some other DMA-enabled port) is susceptible to this sort of attack whether they're using TrueCrypt, FileVault, LUKS, Bitlocker, or something else. This is why you should always shut your computer down completely before passing through US customs or TSA security checkpoints.
Read the article. It accesses the memory of a powered-on but locked computer through the firewire port.Tõnis wrote: How does it crack TrueCrypt encryption using Firewire? Can it also crack TrueCrypt on the backup DVD's I make?
Yea, I read it and got that part. I didn't understand what accesses/reads the memory means or how it does that if there's a password. But okay, thanks for your helpful reply.jdrou wrote:Read the article. It accesses the memory of a powered-on but locked computer through the firewire port.
If you shut the computer down completely with an encrypted disk it can't be booted without the password so that method won't work.
The encryption key has to be stored in memory when an encrypted partition is unlocked (how else would it decrypt the data?)Tõnis wrote: Yea, I read it and got that part. I didn't understand what accesses/reads the memory means or how it does that if there's a password. But okay, thanks for your helpful reply.
Makes sense. That whole part about the computer being on made me start to wonder if my TrueCrypt protected dvd's could be cracked/hacked so long as they are in a computer that's on. I suppose if I had just accessed the disc and the password was still in the RAM it might be possible. Therefore, for encryption to be effective, the machine should be off so that the memory's clear.ThinkRob wrote:The encryption key has to be stored in memory when an encrypted partition is unlocked (how else would it decrypt the data?)
Any DMA-capable device (such as Firewire) can access (most) any part of memory. Therefore... well... you know the rest.
I thought the BlackBerry's lock password is actually pretty well-implemented... IIRC, it's not really trivial to circumvent *if* you have disabled mass storage access.Tõnis wrote: I guess it's one of those things like with my BlackBerry: encryption is still important. The BlackBerry's password isn't so difficult to circumvent for someone who plugs the device into a computer and uses the right utilities. But the BlackBerry deletes the copy of the private key each time the device is locked. Then, even if someone successfully circumvents the device password, all he'll end up with is a bunch of encrypted files.
Well, that performance test was on an Atom-based netbook, not a recent or current Thinkpad. On my X60 Core 2 Duo, I don't notice much of a performance hit at all. And more recent benchmarking tests on TrueCrypt 7.0a seem to bear that out:Puppy wrote:I don't use it but these two articles are probably worth to read:
[...]
http://www.ghacks.net/2009/11/26/bitloc ... rformance/
The performance loss seems to be too high. I rather use NTFS encryption.
Source: http://www.tomshardware.com/reviews/tru ... 899-7.htmlIts versatility enabled even the previous TrueCrypt version 6.1 to stand out from competitors, such as BitLocker. It only lacked AES-NI support. This has now been taken care of in TrueCrypt 7.0a, finally making it our encryption tool of choice. We're even extending that recommendation to computers without hardware acceleration of AES. Compared to an unencrypted system, TrueCrypt encryption does affect system performance (as expected). But it in no way interferes with the user, and it doesn't demonstrate a performance impact that would be noticeable on a mainstream PC.
However, you should not install TrueCrypt by default if you are running a system that relies heavily on I/O (a database server, for example). Even if it can handle real-time encryption, the program cannot match the I/O performance and data throughput of an unencrypted system yet.
Well, the good thing about it is the user can set a limit for wrong password attempts (maximum of ten). If the limit is exceeded, the device wipes itself.ThinkRob wrote:I thought the BlackBerry's lock password is actually pretty well-implemented... IIRC, it's not really trivial to circumvent *if* you have disabled mass storage access.
Are you syncing with a remote storage provider (I refuse to use more nebulous terms) for backup purposes or collaboration? If the former, I'd recommend something like Duplicity (or whatever the Windows equivalent is.) If the latter, you might want to consider using both FDE and individual file encryption.hyde wrote:I was hoping I can just let the fingerprint authenticate and enable the partition. Unless anyone else has other suggestions on keeping the data encrypted before it is synced to the cloud.
I am thinking of doing an encrypted Partition the next time I reinstall.pinkymadam wrote:I've used it as a secure partition for a a couple of years, and it works perfectly fine - like an ordinary partition. It has numerous encryption options and other settings you can tweak. It's also pretty *****Expletives removed by Moderator***** easy to use.
I use KeePass (LastPass or whatever would be the same), so a long, long key is no issue at all. To get to the TrueCrypt partition, I press the shortcut, click "mount", press the KeePass autotype shortcut and I'm in - takes about 2 seconds.
You can use it to encrypt your system partition, but I've never tried that. There are guides available online - I know Lifehacker are fans and have done a couple.