Best encryption sw for home laptop

Discussion in 'Computer Security' started by emailchrisco, Jun 19, 2006.

  1. Yes, but the device driver must be installed on the system wrt.
    generating the relevant driver information. This requires administrator
    rights. Once the driver information is in there, nothing more is needed
    and the next time it will work directly.
    Same goes for self-decryption executables.
    Sebastian Gottschalk, Jun 21, 2006
    1. Advertisements

  2. emailchrisco

    Demosthenes Guest

    That's true of any encryption program.
    No, it doesn't.

    I cannot mail a truecrypt file to (or Bestcrypt or FreeOTFE or
    PGPdisk container) to a recipient who doesn't have those
    programs installed on his machine, and who doesn't have admin
    privilieges. That is the situation with most government and
    many industry computers.

    I CAN, however, create a self-executing encrypted ZIP file
    (WinZip10 has secure encryption) to such a recipient, so long as
    a I have an alternate means of transmitting the password.

    I haven't found any other secure means of sending encrypted data
    to such a recipient.
    Demosthenes, Jun 21, 2006
    1. Advertisements

  3. What about the attacker simply changing the executable part so it
    compromises that password?
    Sebastian Gottschalk, Jun 21, 2006
  4. emailchrisco

    Demosthenes Guest

    The attacker wouldn't have to bother if I sent the file in the

    That's the alternative.
    Demosthenes, Jun 22, 2006
  5. emailchrisco

    Demosthenes Guest

    I can tell you from experience that you must have administrator
    rights on the recipient's machine for traveller mode to work.

    And the documentation says so, although you have to look to find

    The same is true of FreeOTFE, PGPDisk, BestCrypt.
    Demosthenes, Jun 22, 2006
  6. But neither one requires the installation of a device driver. I can see
    where someone might make the mistake regarding Truecrypt, but believing
    this to be true for PGP SDA's is nothing but ignorance.

    It's hard to say for sure from the OP's description, but it sounded
    like admin rights weren't a barrier. That was Gobbleslop's red herring.
    Non scrivetemi, Jun 22, 2006
  7. No, just initially. Once the driver is set up, it works as a restricted
    Sebastian Gottschalk, Jun 22, 2006
  8. Ignorance is that you don't even understand the technical details: For
    mounting the new format as a file system, you need to install the new
    file system device driver. And only admins are allowed to do so.

    If no driver is needed, then you don't have a file system.
    Sebastian Gottschalk, Jun 22, 2006
  9. Essentially there's no difference.

    No, the alternative is telling the recipient where to find the software,
    transfer it through a secure channel or use a preinstalled software.
    Sebastian Gottschalk, Jun 22, 2006
  10. One way the data is securely encrypted in a container that *might* be
    vulnerable to a specific attack that can't go unnoticed even if it
    succeeds, and the other way your data is out in the clear so that
    anyone and their retarded cousin can get to it.

    Yeah, no difference at all.

    Borked Pseudo Mailed, Jun 22, 2006
  11. emailchrisco

    TwistyCreek Guest

    Yes, goofy, but that module is included in the container itself and is
    unloaded when the container is closed/unmounted. That's a simple fact no
    matter how many times you repeat the erroneous information that once a
    Truecrypt traveler mode volume has been mounted you no longer need
    admin rights to remount it or mount another (the driver is persistent).

    You're also pissing in the wind about modification of the executable
    portion of the self contained volume. Only a stub is left unencrypted,
    and the code that does volume integrity checking is "inside" the
    container itself. You might be able to modify the code to get a
    password, but the user would know it immediately. It's not possible to
    modify that portion of the code without having the password first.
    Duh! That's true no matter what. The part you're confused about is how
    that driver is transported and implemented. IOW, everything that
    counts. You're straw grabbing irrelevant bullshit trying to salvage
    something after making yourself look like a fool with your PGP SDA
    "driver" idiocy. It's pathetic.
    TwistyCreek, Jun 22, 2006
  12. Now that you're lacking argument, you're obfuscating the issues by
    repeating exactly what I told and claiming it against me.

    As you might or might not have understood by now, the discussion was
    about ever needing admin rights - yes, you do, to install it for the
    very first time. If you never had admin rights, you're pissed of.
    LOL? Simple break it! No need to keep its integrity.
    No. He would notice that the data is broken, and that's it. He doesn't
    know whether it was an intentional modification or just a transmission

    Well, the attacker could simple replace it with any executable of his
    choice with no data at all.

    Beside that, the protection is gone. Even if the user knows that it has
    been compromised, the data are compromised no matter what.
    Wait... assuming that PGP SDA is what I think it is and what we've been
    talking about (crypto file systems), then you need a driver for mount
    this non-standard file system.
    But I guess your Scrambled Disc Archiver is just a pretty uncommon
    written Self Decrypting Archive which is placed totally out of context
    and totally out of security. Thanks for fooling me with mixing subjects
    and uncommon terms.
    Sebastian Gottschalk, Jun 22, 2006
  13. emailchrisco

    Demosthenes Guest

    find so very difficult to understand?

    And the statement that that is true of almost all government and
    many corporate recipients?

    But they CAN receive self-executing .zip files.
    Demosthenes, Jun 23, 2006
  14. What you said you're repeating below, and it's completely incorrect.
    The discussion was about needing a "driver", where it came from, and
    how it's implemented. With the single exception of actually needing one
    for Truecrypt's traveler mode, you're so far out in left field you're
    not even in the game.

    The driver is in the file itself. It's loaded temporarily, and unloaded
    when the volume is unmounted. You're trying to say it's not by
    yammering on about "first time" nonsense. You need admin rights *every*
    time you mount the volume. Which as I've stated before doesn't appear
    to be a problem in the OP's scenario. It's something you dredged up to
    cover up the fact that you're mistaken about everything else.
    You're more than welcome to demonstrate exactly how you're going to
    decrypt the integrity checking code of an SDA without the password in
    order to "break" it.

    Somehow I doubt you're up to the task.
    Noticing it's been tampered with is enough. The file can be discarded.
    No harm, no foul as far as the end user is concerned, the attacker
    knows nothing. The data can be resent. That's the whole idea behind
    integrity checking.
    It doesn't matter. You're grasping at straws. If a PGP signature fails
    the integrity of the signed data is questioned. Why it's been modified
    is irrelevant at that point, the fact that it has or has not is the
    only important thing. You may troubleshoot the problem if you believe
    it's not an attack, but the data is discarded in any case.
    No they couldn't.
    Obviously not. None of the data has been compromised at all, you've
    spotted the attempt. Which will allow you to take steps to make sure
    the data *isn't* compromised.
    It's not. Like I and some others have been trying to tell you all
    along, you have absolutely no clue what you're talking about. You don't
    even know *what* you're talking about, let alone how it functions.
    Nobody is mixing anything up on you, you're simply ignorant of the
    facts and lack even a basic basic understanding. That's why you're
    spouting nonsense and FUD.
    Non scrivetemi, Jun 23, 2006
  15. To be fair, I didn't see this plainly stated until now. That would rule
    out Truecrypt and other "drive mapping" types of encrypted volumes. It
    would not rule out PGP SDA's, or of course Winzip which I believe used
    very strong encryption these days.
    George Orwell, Jun 23, 2006
  16. Shows what you know.
    There's no need to do so. Just shortcut it, remove it or put in there
    whatever you want.
    No. It violates the goal.
    The attacker has the encrypted archived and has succeeded in
    compromising the key. Now I'd call this a total loss!
    Oh, and does that restore privacy?
    Yes, he can. This is what an insecure channel is like.
    You're really too stupid to understand what encryption is about...
    I wonder who's the one who is ignorant of facts. See above.

    Anway, you've been mixing it. You called PGP SDA a crypto file system,
    and I gracefully assumed that you were actually refering to the crypto
    file system implemented by PGP.
    Sebastian Gottschalk, Jun 23, 2006
  17. None. Just that this is now the very first time this is brought into
    None. Just like above.
    Which is exactly zero security.
    Sebastian Gottschalk, Jun 23, 2006
  18. Shows what you know.
    There's no need to do so. Just remove it.
    Actually I even wonder why to have any relation to the original archive
    at all.

    No. It violates the goal.

    The attacker has the encrypted archive and has succeeded in
    compromising the key. Now I'd call this a total loss!

    Oh, and does that restore privacy?

    Yes, he can. This is what an insecure channel is like.

    You're really too stupid to understand the difference between encryption
    and authentication...

    I wonder who's the one who is ignorant of facts. See above.

    Anway, TwistyCreek has been mixing it. You named PGP SDA in the context
    of crypto file systems, and I gracefully assumed that he was actually
    refering to the crypto file system implemented by PGP. Exactly because
    self-decrypting archives are absolutely insecure by design and usually
    not even worth noticing.
    Sebastian Gottschalk, Jun 23, 2006
  19. emailchrisco

    Demosthenes Guest

    No, you don't, only the first time.

    From the Free OTFE documentation:

    Portable mode allows you to use FreeOTFE without first
    installing it on your computers hard drive.

    WARNING: Although no files are copied to your computers hard
    drive, because part of the manner in which MS Windows manages
    device drivers, when portable mode is started, Windows writes
    certain details of your portable mode drivers to the registry,
    specifically the full path and filename of the drivers used
    together with other basic information on the drivers (e.g. if
    they are started manually or automatically at system startup).

    It should be noted that the points raised here apply equally to
    other OTFE systems that support any kind of "portable mode".

    Note: Administrator rights may be required in order to use
    portable mode.

    On the other hand, anyone who suggests that sending plaintext is
    the equivalent of sending a self-extracting encrypted .zip file
    doesn't get much credence from me...
    Demosthenes, Jun 23, 2006
  20. emailchrisco

    TwistyCreek Guest


    So flustered you have to reply twice with slightly different wording?

    How pathetic.
    TwistyCreek, Jun 23, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.