Recommend FDE Software?

Viewing 10 reply threads
  • Author
    Posts
    • #8402
      TomTees
      Participant

      I am getting a new MacBook and would like to start using FDE.

      Which software-based FDE packages are the best?

      Any that I should stay away from?

      Even though I will be on a Mac, I am leaning towards using a non-Mac solution since I have some bad things about Apple’s File Vault…

      I suppose ease-of-installation and use are important for someone like me, too.

      Tom

    • #52792
      TomTees
      Participant

      The more I read, the more PARANOID I am becoming.

      Don’t know which direction to go, or who to trust?!

      People say TrueCrypt is insecure.

      Have read some very scary things about Apple’s FileVault 2.

      Going to Sophos, CheckPoint, and Symantec makes me nervous how they want to sign me up before I can even get a contact # or price…

      God, I feel safer with plain text…

      Tom

    • #52793
      dynamik
      Participant

      I personally use TrueCrypt, but I believe they only offer FDE of the system drive for Windows.

      I’m assuming a lot of the attacks you’re concerned about are things like this: http://nakedsecurity.sophos.com/2012/02/02/filevault-encryption-broken/

      If someone’s able to get a memory dump of your running memory, it’s not surprising that they’re able to extract the encryption keys. Someone correct me if I’m wrong, but I think the window for these attacks is fairly small. This is because it’s necessary for the passphrase/encryption key to be in memory, so if your laptop battery dies, the keys aren’t going to automatically be in memory upon reboot. I think you’re starting to see why we pack up our laptop and take it with us when using the restroom at a coffeeshop, etc.

      If you’re that concerned about it, epoxy your firewire port. Again, the random guy who steals your system to pawn/eBay probably isn’t going to have the knowledge or skills to pull something like that off. You just want the barrier to be high enough that it’s more convenient to format and reinstall.

    • #52794
      UKSecurityGuy
      Participant

      Like they always say – the more you know, the more paranoid you become…

      Someone correct me if I’m wrong, but I think the window for these attacks is fairly small.

      It depends on what you define as small. I’ve heard of a cold boot http://en.wikipedia.org/wiki/Cold_boot_attackattack  performed on live systems (super cool the RAM, then rip it out of the system, and transplant it into a live system) which lasts for long enough to scan for the encryption keys. Once you’ve got the keys, you can perform offline decryption of the HDD, or (depending on the encryption software) jsut re-type the password into the compromised machine.

      Tom, like we’ve all been saying for a while now, it all depends on who your threat actors are. In your case, the threat actor is mostly Joe Blogs from the street, so as long as you have some kind of FDE you’re probably safe.

    • #52795
      TomTees
      Participant

      @ajohnson wrote:

      I personally use TrueCrypt, but I believe they only offer FDE of the system drive for Windows.

      I’ve read some pretty crazy things about TrueCrypt from “It has backdoors built in it for Law Enforcement” to “You can’t do FDE on a Mac on it” to “The creators are nefarious because they don’t release code and won’t give out their address”

      Like most people, when I see “red flags” it just turns me off, whether they are true or now.

      I’m assuming a lot of the attacks you’re concerned about are things like this: http://nakedsecurity.sophos.com/2012/02/02/filevault-encryption-broken/

      No, I don’t see that as a flaw – just a reality of live machines.

      I was referring to this…

      FileVault 2’s Apple ID Backdoor
      http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-backdoor/

      The gist of the article is that FileVault2 automatically checks the option to use your Apple ID as another way to log in, and there is no easy way to uncheck that without encrypting and then decrypting your HDD.

      Just seems hokey.

      If someone’s able to get a memory dump of your running memory, it’s not surprising that they’re able to extract the encryption keys. Someone correct me if I’m wrong, but I think the window for these attacks is fairly small. This is because it’s necessary for the passphrase/encryption key to be in memory, so if your laptop battery dies, the keys aren’t going to automatically be in memory upon reboot. I think you’re starting to see why we pack up our laptop and take it with us when using the restroom at a coffeeshop, etc.

      Yes, you have a case!!

      If you’re that concerned about it, epoxy your firewire port. Again, the random guy who steals your system to pawn/eBay probably isn’t going to have the knowledge or skills to pull something like that off. You just want the barrier to be high enough that it’s more convenient to format and reinstall.

      I had the same idea, although you’d hate to mess up a pretty new MacBook?!

      Tom

    • #52796
      TomTees
      Participant

      @UKSecurityGuy wrote:

      Like they always say – the more you know, the more paranoid you become…

      That describes me!!!

      Someone correct me if I’m wrong, but I think the window for these attacks is fairly small.

      It depends on what you define as small. I’ve heard of a cold boot http://en.wikipedia.org/wiki/Cold_boot_attackattack  performed on live systems (super cool the RAM, then rip it out of the system, and transplant it into a live system) which lasts for long enough to scan for the encryption keys. Once you’ve got the keys, you can perform offline decryption of the HDD, or (depending on the encryption software) jsut re-type the password into the compromised machine.[/quote]

      There was something in the news – can’t find it – about this a few weeks ago.

      Tom, like we’ve all been saying for a while now, it all depends on who your threat actors are. In your case, the threat actor is mostly Joe Blogs from the street, so as long as you have some kind of FDE you’re probably safe.

      Well, any FDE is better than none, but I guess what has me worried is having a “false sense of security” about my security and privacy.

      As discussed in another thread, a lot of people assume if they use something like HideMyAss that they are “anonymous”, when it reality one hacker is doing jail time because HideMyAss ratted him out?!

      Well, I have come across a few sources online this weekend that talk hidden “backdoors” in FDE software, and that the Feds coerce manufacturers of FDE to write “backdoors” to allow them access.  (Sounds like a Dick Cheney kind of plot…)

      How in the hell can I trust TrueCrypt or Apple’s FileVault2 and not worry that if someone really wanted to get access (e.g. Law Enforcement or The Feds) that I wouldn’t be a dead duck like that HideMyAss privacy breach???  >:(

      That “conspiracy” combined with the link I provided above where FileVault2 was f***ing with you during install and stayed checked as “Use my AppleID for password recovery” bugs me to no end…

      Can any FDE be trusted?

      Tom

    • #52797
      dynamik
      Participant

      I don’t understand the TrueCrypt rumors. The source is available right here: http://www.truecrypt.org/downloads2

      And again, what’s the feasibility of a cold-boot attack? Look at the details of that attack; you can’t just stick a laptop in a freezer. If someone with those kinds of resources are after your data, they’ll probably sooner resort to a rubber hose attack.

    • #52798
      TomTees
      Participant

      @ajohnson wrote:

      I don’t understand the TrueCrypt rumors. The source is available right here: http://www.truecrypt.org/downloads2

      I didn’t take notes on everything I read from this weekend, but as a whole, everyone’s comments from across the Internet left me feeling not so confident with TrueCrypt – especially for Mac.

      And again, what’s the feasibility of a cold-boot attack? Look at the details of that attack; you can’t just stick a laptop in a freezer. If someone with those kinds of resources are after your data, they’ll probably sooner resort to a rubber hose attack.

      I agree.

      My biggest fear are undocumented “Back Doors” that would let in Law Enforcement, or in my case, Apple…

      I am also increasingly worried about trusting an FDE solution when in fact I am ignorant on the real issues and it turns out that whatever I chose has gaping holes in it.

      It is analogous to people who blindly trusted HideMyAss and then ended up in jail.  (Not that I am feeling sorry for hackers, but you see what I mean…)

      I find it funny that every day I learn more about security, the more INsecure I feel.

      You would think that after learning about Mobile Hotspots, Personal VPN’s and FDE, that I would be feeling much safer.

      But with every turn, I see how complicated these things really are, and all of the places where “one slip” could really screw you and your data up!!!  :-

      I have the Hotspot and Personal VPN issue taken care of, and if I can just find a bullet-proof choice for FDE, then I think I am much better off than I was before.

      But I don’t want to blindly adopt something because some punk in an Apple store says, “Trust me, this can never fail” when it turns out that he doesn’t know what in the hell he is talking about, and me and my data end up on the 6 O’clock news?!

      Since I will be buying a new MacBook, should I just use the native FileVault 2, or should I venture off and try something like Symantec’s PGP?? 

      (FileVault 2 would likely be less system intensive, but I don’t know if it is more secure…)

      Tom

    • #52799
      m0wgli
      Participant

      @ajohnson wrote:

      … they’ll probably sooner resort to a rubber hose attack.

      Reading that reminded me of this: http://xkcd.com/538/

    • #52800
      TomTees
      Participant

      @m0wgli wrote:

      @ajohnson wrote:

      … they’ll probably sooner resort to a rubber hose attack.

      Reading that reminded me of this: http://xkcd.com/538/

      Ha ha  (Yeah, I’ve seen that one before.)

      Tom

    • #52801
      hayabusa
      Participant

      @m0wgli wrote:

      @ajohnson wrote:

      … they’ll probably sooner resort to a rubber hose attack.

      Reading that reminded me of this: http://xkcd.com/538/

      LOL!

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?