File encryption software

[Deleted User]

There's stuff on my computer that I really don't want to get leaked. Passport scans, social security numbers, assignments (I've heard stories of people leaving a USB stick behind then getting accused of plagiarism). Storing it in unencrypted format is a disaster waiting to happen. Before this disaster happens I'm going to secure it.

But I've never used file encryption software before and don't want to make a stupid mistake which leaves my data compromised, or maybe I'm just going paranoid.

My worries include

• The files will only be secure while they are stored and not when they are open. If Windows 10 crashes and sends an error report to Microsoft this error report may include part of the file stored on the RAM in unencrypted format.
  
  
• The program I use to view and edit the file might upload parts of the decrypted file to it's developer's servers.
  
  
• The file encryption program or the program used to view and edit the file might include a back door which could be discovered by a hacker.
  
  
• Windows is a very buggy operating system and a virus may leak the files and key to a hacker.
  
  
• Programs like Microsoft Word create draft copies of documents as they're written. The draft copy could be stored on a hard drive in unencrypted format and not get securely deleted after use.
  
  
• There's probably something else which I haven't thought of yet.

Of course technology is a tool and is only as good as the person who uses it. Private data should not be accessed in public because there could be someone behind you on their phone recording you type in your password or viewing a file and HD CCTV is the norm these days.

Side channel attacks are another thing. The heat, EMF emissions and sounds from a CPU can all be used to gain access to data from a distance. I'm not too worried about these because I don't see anyone with the equipment and expertise giving me their time and attention.

Right now I think that the best way to go is to store encrypted assignments on my laptop so I can work on them in public. Everything else should be stored encrypted on a USB stick. The encryption key used for my assignments should be different to the encryption key used on my USB stick. All the free space on my hard drives should be securely deleted. This means overwriting the free space once on an SSD and six times on magnetic disk drives.

 

[Dust2dust]

I sense as little bit of paranoia, but I might be wrong. Anyway, if you want to improve security, I would drop the use of Windows for something like Linux instead. There are several ways to encrypt sensitive data. Personnally, I use Veracrypt. File container or the whole hard disk partition. It's open source, so the likeliness of a backdoor is limited.

 

[linuxares]

Use Veracrypt or hell, bitlocker is enough for you. Paranoia isn't good for you and most people will not care about your information.

EDIT: Also, you can't "overwrite" data on a SSD. You need to "reset" it to get it really gone.

 

[Originality]

Bitlocker is good for drive level encryption. For file encryption or removable drive encryption there are plenty of options, like Veracrypt, Truecrypt, Opencrypt, or even Bitlocker To Go.

Any of these options will make your data protected from casual opportunists, and only the determined will be able to break it should they really want whatever it is you’re hiding. You can also sandbox your device, cutting it from the internet and blocking access to external connections or devices except those you whitelist (like your encrypted external drive).

But you’ll never be completely safe. If someone has physical access to your device, given enough time, money, and motivation, they’ll find a way to brute force your device. You can only make it harder and take exponentially longer to make it not worth their while.

Edit: oh, and remember not to log into your device as an admin. User accounts are many times safer than admin accounts from attack.

 

[Deleted User]

I've downloaded veracrypt and started experimenting with it

But you’ll never be completely safe. If someone has physical access to your device, given enough time, money, and motivation, they’ll find a way to brute force your device. You can only make it harder and take exponentially longer to make it not worth their while.

This part confuses me. according to this website the password d&nw4Z&ep9Sl2$jg?f!h will take 4 sextillion years to bruteforce. Somehow I doubt this is completely correct. The keys used in DNSSEC are replaced annually to prevent cache poisoning when they can probably last way longer.

I'm assuming that a computer with a good GPU by today's standards would take 4 sextillion years to crack the password above. But a computer released 10 years from now with a good GPU would be able to crack the password a lot more quickly. If 100 computers were used simultaneously to crack the password then it would get cracked 100 times more quickly. Is this correct?

 

[Originality]

That site doesn't give its metric for calculating it, but it does give a rough idea. If it were simply a matter of brute forcing a password on a device, then it would take roughly that long to brute force a 20 digit randomized complex password. However the more money they have, the more options they have. The more skills they have, the more options they have (especially as new Spectre variants are being discovered, and you never know what other exploits will be found). The more motivated they are (if they know there's treasure, they'll keep trying), the more options they'll use to find a way in.

To give an example, they could clone your device a hundred times, using a hundred devices to crack the password, whilst also attempting to exploit one of the many hardware or software based exploits that exist, to turn 7 sextillion years into maybe 7 years. You'll never be 100% safe, but if it were me then anything that takes longer than a week to crack wouldn't be worth cracking and I'd go looking for easier targets.

The best defence is to look ordinary (no shiny treasure or company secrets here), with a good long complex password, on a machine that regularly checks for security updates, and has a decent AV installed, and try not to lose the device in the first place (e.g. keeping it at home).

 

[steelseth]

I've downloaded veracrypt and started experimenting with it

This part confuses me. according to this website the password d&nw4Z&ep9Sl2$jg?f!h will take 4 sextillion years to bruteforce. Somehow I doubt this is completely correct. The keys used in DNSSEC are replaced annually to prevent cache poisoning when they can probably last way longer.

I'm assuming that a computer with a good GPU by today's standards would take 4 sextillion years to crack the password above. But a computer released 10 years from now with a good GPU would be able to crack the password a lot more quickly. If 100 computers were used simultaneously to crack the password then it would get cracked 100 times more quickly. Is this correct?

Search coldboot attack and evil maid attach.
I use this https://www.broadcom.com/products/storage/raid-controllers/megaraid-safestore-software
For this level of paranoia you must be prepared to pay some $$$$.

 

[kuwanger]

I wouldn't trust drive level encryption. Simply put, there's no reasonable way to verify the encryption is actually taking place, the algorithm isn't backdoored, or there aren't hardware/software bugs that greatly reduce the password strength.

The keys used in DNSSEC are replaced annually to prevent cache poisoning when they can probably last way longer.

But not as long as a good symmetric key. Public/private keys as they're derived from a mathematical formula that is hard to solve. In theory a good symmetric key would require substantial knowledge of contained files to engage in a differential attack which should be harder to mount.

To give an example, they could clone your device a hundred times, using a hundred devices to crack the password, whilst also attempting to exploit one of the many hardware or software based exploits that exist, to turn 7 sextillion years into maybe 7 years.

Unless you mean cryptographic weakness in the cipher used, that's not going to happen. Having said that, the goal should be (if paranoid) to aim for a key that approaches the length of the cipher block. Use AES-128, that means a 49-50 character random string. At that point, through brute force a billion computers that could process a billion keys a second would take ~5 trillion years to crack the encryption.

More realistic figures put the figure at closer to maybe 100 million keys a second with a GPU based on the encryption speed which likes is pretty far off actually checking keys and we definitely don't have a billion of those GPUs floating around. Having said that, those numbers implies a random 20 character string would only hold up to a brute force for ~ 7 months worst case (or about 1 day with 211 GPUs). Add 10 more characters and it goes back into the near un-doable range again.

Having said all that, you're unlikely to be able to actually remember 30 random characters, so you'd probably be better off remember a few sentences (with spelling/grammar/punctuation errors).

Search coldboot attack and evil maid attach.

Yea, those are likely more probable attack vectors.

 

[Deleted User]

Search coldboot attack and evil maid attach.

Ouch. Haven't heard of this one before :/

Sounds like business people have a serious problem when dealing with confidential data. On top of keeping their software up to date and files encrypted they need to watch out for side-channel attacks and physical security.

The best defence is to look ordinary (no shiny treasure or company secrets here), with a good long complex password, on a machine that regularly checks for security updates, and has a decent AV installed, and try not to lose the device in the first place (e.g. keeping it at home).

Oh noez! My uncle works for Nintendo and keeps a backup copy of all the Switch's keys on my laptop. An army of pirates is going to raid my home and make me walk the plank

To give an example, they could clone your device a hundred times, using a hundred devices to crack the password, whilst also attempting to exploit one of the many hardware or software based exploits that exist, to turn 7 sextillion years into maybe 7 years. You'll never be 100% safe, but if it were me then anything that takes longer than a week to crack wouldn't be worth cracking and I'd go looking for easier targets.

Unless you mean cryptographic weakness in the cipher used, that's not going to happen. Having said that, the goal should be (if paranoid) to aim for a key that approaches the length of the cipher block. Use AES-128, that means a 49-50 character random string. At that point, through brute force a billion computers that could process a billion keys a second would take ~5 trillion years to crack the encryption.

Are you two talking about cryptanalytic attacks here? If a new version of Veracrypt which patches a cryptographic weakness is released then does all data encrypted in an older version suddenly become very fast for the casual opportunist to decrypt?

More realistic figures put the figure at closer to maybe 100 million keys a second with a GPU based on the encryption speed which likes is pretty far off actually checking keys and we definitely don't have a billion of those GPUs floating around. Having said that, those numbers implies a random 20 character string would only hold up to a brute force for ~ 7 months worst case (or about 1 day with 211 GPUs). Add 10 more characters and it goes back into the near un-doable range again.

Would an attacker make himself vulnerable trying to bruteforce a strong password? If I had a computer with 100 GPUs in it and kept it powered on at 100% usage day and night there would be a massive spike in my electricity usage. The police would probably raid my house under suspicion that I'm using a fuckload of electricity to power air conditioners and grow a shit-ton of cannabis.

Is this why we can't sign our own Switch firmware? The key is just too long to crack in the next decade.

@kuwanger @Originality You two seem quite knowledgeable. Are you two professionals?

 

[kuwanger]

Are you two talking about cryptanalytic attacks here? If a new version of Veracrypt which patches a cryptographic weakness is released then does all data encrypted in an older version suddenly become very fast for the casual opportunist to decrypt?

There's different types of cryptographic weaknesses. Weakness in an algorithm can't nominally be patched out--changing the algorithm would change the encryption/decryption. That's a major reason why when AES was considered a lot of effort was spent on potential weaknesses when decided which algorithm would be used.

Cryptoanalysis attacks rely instead on some knowledge of the potential decrypted output and using that knowledge to reduce the search space for keys. This is a lot harder to pull off as it requires some idea of how progressive permutations of various keys will play out and obviously it requires some knowledge of the decrypted output which itself might determine what sort of permutations they've likely considered. So, as an example, given most whole disk encryption contains a specific filesystem which is near identical in all cases, that knowledge is very useful in cryptoanalysis. Look at Seedminer as an example.

Would an attacker make himself vulnerable trying to bruteforce a strong password? If I had a computer with 100 GPUs in it and kept it powered on at 100% usage day and night there would be a massive spike in my electricity usage. The police would probably raid my house under suspicion that I'm using a fuckload of electricity to power air conditioners and grow a shit-ton of cannabis.

The presumption here is the nefarious attacker here may be a corporate or government agency, not necessarily of your home country. So, there likely wouldn't be anything that local authorities would view as suspicious. Regardless, there's a lot of potential scenarios you can imagine (GPUs get 100x more efficient in the next decade, the attacker uses bots to distribute the attack, the attack has friends who share in the work, etc) that

Is this why we can't sign our own Switch firmware? The key is just too long to crack in the next decade.

Signing keys are public/private key encryption which are really a different beast. But yes, they're designed to not be crackable for decades (if not longer), although depending on which public key algorithm is used they may be vulnerable to quantum computers which could radically change those numbers.

You two seem quite knowledgeable. Are you two professionals?

No, just pretty standard knowledge (or from reading) if you've had a Computer Science background.

 

[SomeGamer]

https://privacytools.io might interest you.

 

[Originality]

I work in IT with a range of technological partners, so we’re on a bunch of security/vulnerability based mailing lists. Most of it goes a little over my head, but reading and researching a little is enough to gain a general understanding.

That in turn helps us explain it to customers and clients who suddenly hear there’s a security vulnerability and raise a Priority 1 ticket with us panicking and asking us to patch everything. Meltdown and Spectre keeps us very busy with new variations being discovered every month.

Anyway, most of this doesn’t matter to me personally. I’ve nothing to hide, nothing of value to lose, I take the usual precautions with my devices and run regular virus scans and backups to my NAS. Bitlocker is enough for my needs as far as encryption goes, and nobody is going to pay any attention to the cat playing Stardew Valley on the Switch. I feel pretty safe.

 

[kuwanger]

Bitlocker is enough for my needs as far as encryption goes

The only reason I don't trust Bitlocker is the same reason I don't trust hardware encryption -- you're left at the mercy of the developer (Microsoft) writing the code correctly and not introducing backdoors (intentional or not*). It's not that I think open source is inherently safer, btw. But there have been actual third party audits of Truecrypt/Veracrypt and the like. I mean, look at Apple's APFS encryption for an example of doing things wrong.

* It seems on a regular basis we find out yet another device/router has a default password or debug mode left on, so people have to verify they don't have the device or if they do patch/set a password. I definitely see leaking keys accidentally in bug reports as part of a crash dump, as just one of many possibilities.

 

[Originality]

Doesn’t matter to me if there’s a back door or not. It’s enough to deter the casual opportunist, and I don’t have anything valuable to lose anyway.

If I did have something valuable (e.g customer data from a business) then I would use multiple tiers of encryption on a drive with hardware based lockout/SecureErase. Expensive, but when you need to get serious...

 

[DeadlyFoez]

Use Veracrypt or hell, bitlocker is enough for you. Paranoia isn't good for you and most people will not care about your information.

EDIT: Also, you can't "overwrite" data on a SSD. You need to "reset" it to get it really gone.

I am sure using killdisk would fully overwrite the data. And IIRC, it was shown before that just doing that "reset" still leaves it possible to get the bits from those blocks of flash memory. Things could have changed some since I read that, but I also know that with computers anything is possible.