Best encryption sw for home laptop

Sebastian Gottschalk <> writes:

> Zoltan wrote:
>> Sebastian Gottschalk wrote:
>>> wrote:
>>
>>>> 3) Ability to create and send encrypted files to people and they can
>>>> open them if I tell them the password or key
>>> TrueCrypt.
>>
>> Can Truecrypt do this?
>>
>> Or are you assuming that the recipient has Truecrypt installed?
>
> Definitely. Just create all your files in a TrueCrypt container mounted
> on a file, dismount and send the file.

So, they (the recipient) definitely need truecrypt installed?

Hadron Quark

Hadron Quark wrote:
> Sebastian Gottschalk <> writes:
>
>> Zoltan wrote:
>>> Sebastian Gottschalk wrote:
>>>> wrote:
>>>>> 3) Ability to create and send encrypted files to people and they can
>>>>> open them if I tell them the password or key
>>>> TrueCrypt.
>>> Can Truecrypt do this?
>>>
>>> Or are you assuming that the recipient has Truecrypt installed?
>> Definitely. Just create all your files in a TrueCrypt container mounted
>> on a file, dismount and send the file.
>
> So, they (the recipient) definitely need truecrypt installed?

Which is a requirement for every such scenario. I guess the only and not
very preferable solution of asynchronous encrypted data transfer with
Windows default programs would be an S/MIME encrypted eMail with Outlook
Express.

If you're daring for self-extracting executables: very bad idea!

Sebastian Gottschalk

Sebastian Gottschalk <> wrote:

> > So, they (the recipient) definitely need truecrypt installed?
>
> Which is a requirement for every such scenario. I guess the only and

Utter nonsense. PGP has SDA's and Truecrypt has "Traveller Mode".

> not very preferable solution of asynchronous encrypted data transfer
> with Windows default programs would be an S/MIME encrypted eMail with
> Outlook Express.
>
> If you're daring for self-extracting executables: very bad idea!

Total rubbish. There's no difference at all between the security of a
Truecrypt Traveller Mode volume and a "normal" one, or a symmetrically
encrypted PGP file that's decrypted with an existing PGP installation,
or the code that's included in that file.

TwistyCreek

TwistyCreek wrote:
> Sebastian Gottschalk <> wrote:
>
>>> So, they (the recipient) definitely need truecrypt installed?
>> Which is a requirement for every such scenario. I guess the only and
>
> Utter nonsense. PGP has SDA's and Truecrypt has "Traveller Mode".

And both require the installation of a device driver. And they both must
be present on the recipients system

> Total rubbish. There's no difference at all between the security of a
> Truecrypt Traveller Mode volume and a "normal" one, or a symmetrically
> encrypted PGP file that's decrypted with an existing PGP installation,
> or the code that's included in that file.

Except that the code can get modified by an attacker.

Sebastian Gottschalk

Hadron Quark <> wrote:

> Sebastian Gottschalk <> writes:
>
> > Zoltan wrote:
> >> Sebastian Gottschalk wrote:
> >>> wrote:
> >>
> >>>> 3) Ability to create and send encrypted files to people and
> >>>> they can open them if I tell them the password or key
> >>> TrueCrypt.
> >>
> >> Can Truecrypt do this?
> >>
> >> Or are you assuming that the recipient has Truecrypt installed?
> >
> > Definitely. Just create all your files in a TrueCrypt container
> > mounted on a file, dismount and send the file.
>
> So, they (the recipient) definitely need truecrypt installed?

No, they do not.

As is usually the case, Gottschalk has completely boogered up some basic
and important information.

http://www.truecrypt.org/user-guide/?s=traveller-mode

There is also, or use to be, a "self decrypting" option for PGP files
where the encrypted file also contains enough of the program to decrypt
the file when the password is entered. I haven't looked at PGP in ages
so it's up to you to hit their site. But this would also eliminate the
need for a permanent installation just like Truecrypt's "Traveller
Mode" does.

TwistyCreek

TwistyCreek wrote:

> http://www.truecrypt.org/user-guide/?s=traveller-mode

No, I didn't miss that. The users will still need to download it or get
is transfered through a secure channel, and install at least the device
driver. In any case, it is not pre-installed on Windows and the user
need to get it from somewhere - which was the obvious intent on that
question.

> There is also, or use to be, a "self decrypting" option for PGP files
> where the encrypted file also contains enough of the program to decrypt
> the file when the password is entered.

And this is a very stupid idea. The attacker can simply modify the
executable part to mail the password to him as well. Now verifying the
executable bogs down to already having a verifier program, which just
mirrors the initial situation...

Sebastian Gottschalk

Sebastian Gottschalk <> wrote:

> TwistyCreek wrote:
> > Sebastian Gottschalk <> wrote:
> >
> >>> So, they (the recipient) definitely need truecrypt installed?
> >> Which is a requirement for every such scenario. I guess the only
> >> and
> >
> > Utter nonsense. PGP has SDA's and Truecrypt has "Traveller Mode".
>
> And both require the installation of a device driver. And they both
> must be present on the recipients system

Nonsense. You have no clue what you're talking about. Neither one
requires any such thing. That is in fact why these modes exist; to
allow access to encrypted data on machines where NOTHING is installed.

> > Total rubbish. There's no difference at all between the security of
> > a Truecrypt Traveller Mode volume and a "normal" one, or a
> > symmetrically encrypted PGP file that's decrypted with an existing
> > PGP installation, or the code that's included in that file.
>
> Except that the code can get modified by an attacker.

Straw grabbing nonsense. The "code" for an installed version can be
modified by an attacker. And symmetrically encrypted data is vulnerable
to MITM attacks anyway because you're removing the PKI infrastructure
and what little authentication it provides.

There is no difference between SDA/Traveller and comprable "normal"
modes. Again, you have no clue and you're spreading FUD.

George Orwell

Sebastian Gottschalk <> wrote:

> TwistyCreek wrote:
>
> > http://www.truecrypt.org/user-guide/?s=traveller-mode
>
> No, I didn't miss that. The users will still need to download it or
> get is transfered through a secure channel, and install at least the
> device driver. In any case, it is not pre-installed on Windows and
> the user need to get it from somewhere - which was the obvious intent
> on that question.
>
> > There is also, or use to be, a "self decrypting" option for PGP
> > files where the encrypted file also contains enough of the program
> > to decrypt the file when the password is entered.
>
> And this is a very stupid idea. The attacker can simply modify the
> executable part to mail the password to him as well. Now verifying the
> executable bogs down to already having a verifier program, which just
> mirrors the initial situation...

It's painfully obvious you have no idea what so ever how any of this
stuff works. None.

TwistyCreek

TwistyCreek wrote:

>>> There is also, or use to be, a "self decrypting" option for PGP
>>> files where the encrypted file also contains enough of the program
>>> to decrypt the file when the password is entered.
>> And this is a very stupid idea. The attacker can simply modify the
>> executable part to mail the password to him as well. Now verifying the
>> executable bogs down to already having a verifier program, which just
>> mirrors the initial situation...
>
> It's painfully obvious you have no idea what so ever how any of this
> stuff works. None.

It's painfully obvious that you don't even have an argument, beside that
these are real-world facts.

And that your mail address is invalid as well, in strict violation of
RFC 1036 and 2822.

Sebastian Gottschalk

Sebastian Gottschalk <> writes:

> TwistyCreek wrote:
>> Sebastian Gottschalk <> wrote:
>>
>>>> So, they (the recipient) definitely need truecrypt installed?
>>> Which is a requirement for every such scenario. I guess the only and
>>
>> Utter nonsense. PGP has SDA's and Truecrypt has "Traveller Mode".
>
> And both require the installation of a device driver. And they both must
> be present on the recipients system

Not according to the traveller mode information : it includes the
encrypted file and necessary truecrype executables to open that file
up. No more or less secure that having truecrypt installed from what i
can see.

>
>> Total rubbish. There's no difference at all between the security of a
>> Truecrypt Traveller Mode volume and a "normal" one, or a symmetrically
>> encrypted PGP file that's decrypted with an existing PGP installation,
>> or the code that's included in that file.
>
> Except that the code can get modified by an attacker.

That sounds to be true : if an attacker could replace the travelling
code with his own he could prompt for passphrase and comprimise it.


--

Hadron Quark