Comments on: Protecting your information with hard disk encryption – what you need to know

By: Rev. Dr. David Strickler

Rev. Dr. David Strickler — Fri, 01 Jul 2016 02:18:00 +0000

Currently, I use WINMAGIC SecureDoc for my SED’s

By: Sokrates

Sokrates — Wed, 01 Jun 2016 07:59:00 +0000

Not really much: if your encrypted files have an extension unrecognized by the ransomware and they are not open during the attack, they won’t get affected. Else if you have your whole system disk encrypted, the ransomware can only strike when everything is open, up and running, thus you are as helpless as the next unencrypted victim.

The safest defense is actually backing up everything valuable as often as it goes: like using pitons while climbing, it guarantees that if something goes wrong you only fall so much rather than all the way down.
And if your backup files are encrypted and have an uncommon extension, then they will survive the attack even if you keep them on the system disk.

By: nestoribio1

nestoribio1 — Tue, 31 May 2016 16:06:00 +0000

Will disc encryption protect against ransom-ware?

By: FirstSpear

FirstSpear — Tue, 31 May 2016 10:15:00 +0000

Veracrypt has an interface identical to that of Truecrypt, and is supposed to be its successor. It’s also free. Not used it yet except to try to open existing Truecrypt containers, which it wouldn’t. For everyday use without the need for high security Truecrypt is still OK to use – it does password protect those containers, after all.

By: Sokrates

Sokrates — Tue, 31 May 2016 09:47:00 +0000

I cannot help finding the notion of TPM a little humorous. Let’s recap: concerned about a possible break-in you’ve had just installed a $10,000 safe-like, reinforced steel-titanium front door with 256-bit Rijndael security. Now you look nonplussed at the long meaningless string of letters and numbers you’re to type in any time you want to go home (“am I really supposed to memorize THAT???”) until a bright light bulb pops up over your head, and with a witty smile you write down that impossible combination on a slip of paper and hide it under the doormat.
Actually the only thing you haven’t done to help the thieves (short of leaving the front door open) is replacing the good old “WELCOME” doormat with a new “TURN ME OVER” one :-[)

OK, enough kidding. I concur with Franziska: encryption is a damn important and necessary thing, in particular lately when virtually anyone who is someone seems to be interested in your personal and private facts. Thus let me add my two cents of caution:

– DISCONNECT THE WEB before typing in your passphrase: in principle what you type on your keyboard is not much more private than what you say on a bus – 99.9% of the times it gets unheard, but once is enough. Better safe than sorry.

– CHOOSE YOUR ENCRYPTION SOFTWARE WISELY: no matter how complicated the lock, a master key will open it – that’s what a master key is for. In particular distrust encryption software coming from companies that show interest in your private habits and things, or that try to let you agree to their snooping by means of fine print and inconspicuous opt-outs.

– CHOOSE YOUR PASSPHRASE CAREFULLY: NOT your date of birth, NOT your puppy’s name, NOT your mother’s maiden surname, NOT the first seven terms of the Fibonacci sequence, NOT anything that can be found on a dictionary.
Just a hint: open your favorite book on a page you won’t forget and write down the last three letters of each page for the next 16 pages. Perhaps not the safest passphrase one would dream of, but better than many.

By: Tom

Tom — Mon, 30 May 2016 23:13:00 +0000

Sorry, but I am a bit confused with respect to the TPM. If that chip ever has a technical issue, I suppose you have lost your data? Also, the statement regarding “an attacker who steals your computer while it’s fully powered off can simply power it on in order to extract the key.” is interesting. So by itself TPM does not really provide much better security, does it?

Finally, how does encryption affect imaging? If I use an image to restore a dead harddrive and have a new PC, does that mean the TPM being different will prevent my image to actually work?