.

HHD PGP Encryption

<<

Thegmandrive

Newbie
Newbie

Posts: 43

Joined: Tue Feb 17, 2009 8:34 pm

Post Mon Feb 23, 2009 3:54 pm

HHD PGP Encryption

I have a question on HHD encryption. I have a Mac and used it’s on board File Vault.
http://en.wikipedia.org/wiki/FileVault

I my HHD is pretty full, and found File Vault bogged down my system, not horribly noticeable, but It would lag on opening programs, where it did not do that before I enabled File Vault.  Also I found File Vault was not customizable. For example, say I wanted to just encrypt a folder. File Vault does not give that option.  So I opted to try PGP Whole Disk Encryption http://www.pgp.com/products/wholediskencryption/index.html

So far I found it to be very customizable, and it works very well with my mail client. My question is how secure do you think it is? I found this Wiki page http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software with comparisons to different software, and it looks like PGP whole disk encryption is pretty solid. My “pass phase” is between 15 – 25 words long with numbers and symbols… I know that is probably over kill, but nobody is going to use a brute force attack against that.

My question is, if someone took my HHD out, and connected it to there laptop/desktop they would see an encrypted section, I’m assuming with this PGP encryption, the data would just be jumbles, how long would it take to crack the PGP encryption?
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Mon Feb 23, 2009 10:52 pm

Re: HHD PGP Encryption

In your case there is no chance for side-channeling or a cold boot attack so there is no short cut. Attacking the encryption on your hard drive would be computationally infeasible. Maybe the NSA would be able to do it, but that is about it. There are two attack vectors for decrypting your hard drive.

The first attack would be on your pass phrase. Your pass phase probably uses English words and uses substitutions like a->@, e->3, etc. Not that attacking your pass phase is easy, but it probably contains less entropy (randomness) than the 256 bit AES key.

The other attack would be against the AES key. There are no short cuts here and you would have to try every possible key in order to find the right one. This is not an easy task. To put it into perspective there are around 2^256 atoms in the universe. That is essentially playing the lottery where you have to find one atom in the entire universe. You can keep trying, but it you would have to be [nearly] infinitely lucky. This is not going to happen.

Even if a quantum computers become a reality, the effective strength of the key is only change from 2^n to 2^(n/2), and a 128 bit key is still considered strong enough.

The quickest and most reliable method to crack this encryption is the rubber hose method.
Last edited by timmedin on Mon Feb 23, 2009 10:57 pm, edited 1 time in total.
twitter.com/timmedin | http://blog.securitywhole.com
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Tue Feb 24, 2009 4:34 pm

Re: HHD PGP Encryption

You might also want to check out truecrypt for the mac...
<<

Thegmandrive

Newbie
Newbie

Posts: 43

Joined: Tue Feb 17, 2009 8:34 pm

Post Tue Feb 24, 2009 4:53 pm

Re: HHD PGP Encryption

jason wrote:You might also want to check out truecrypt for the mac...


After doing further research it looks like the features are fairly comperable for the PGP Encryption software and Truecrypt.

Do you have an opinion on which one you think is better?
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sat Feb 28, 2009 11:17 pm

Re: HHD PGP Encryption

I've used PGP before for this, but only on Windows platforms. I've been using truecrypt for the last few years on both windows and linux and like it at least as well, if not better.
<<

Thegmandrive

Newbie
Newbie

Posts: 43

Joined: Tue Feb 17, 2009 8:34 pm

Post Sun Mar 01, 2009 12:14 am

Re: HHD PGP Encryption

I tried truecrypt, and I love it, I like it better than PGP, thank you for the suggestion.

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software