Secure encryption for removable hard drive?

Page 2 of 2 FirstFirst 12

  1. Posts : 5,209
    21H1 64 Bit Home
       #11

    For anyone else reading this thread:

    Veracrypt on USB requires admin rights if USB is subsequently plugged into another computer.

    @Mickmeister

    Storing a USB drive long term inside a car could be problematic unless it's well insulated and kept free of moisture.
      My Computer


  2. Posts : 161
    Windows 10
       #12

    Steve C said:
    Also consider Bitlocker
    There's a lot of speculation as to whether BitLocker is good enough. First it's a Windows product and Microsoft has a poor record of creating software that is not buggy and vulnerable as hell. They have also been in bed with many of the organizations and entities that have been challenging current standards on encryption and security as a whole for years. Make no bones about it they would remove security standards currently in place without much influencing. They currently work with the government to develop mission critical infrastructure that entire secure networks for government agencies (like the big alphabet agencies; CIA, FBI, NSA etc) will be running off. And if we presume the ultimate threat to privacy and security is the capabilities of government surveillance etc you're being double crossed from the get-go. So that's not a great start. There have been reports over the years about their encryption software having been backdoored. It would make sense because every company that offers a solid encryption package eventually gets a knock on the door by the authorities asking them to create a little hole in it in order to decrypt data. Apple is a prime example of this when the FBI (I believe) wanted them to backdoor it they apparently refused and so they went private and got in eventually. The point is these big corporations have to comply in most cases because they are so entwined with the higher powers and with high level political decisions. You are always better off going for indepedent projects which have no deliberate political affiliation nor any private agendas and are built a solid reputation from their hard work and dedication to making something that works. Plus many of these projects are community funded and are free and open source. With Microsoft there can be vulnerabilities in code that remains unchecked for months maybe even years and this is something you have to contend with everytime you use their software. You also are indirectly supporting them by using their software, especially if you are not completely aware of their direction and goals. These can and often do change at any moment, much like the privacy and content creation rules of YouTube which has historically gradually shut out more and more content producers whose content doesn't follow these ever-changing guidelines they set. Microsoft is no different. Given the chance they will pull rank. Microsoft has a herendous track record when it comes to their relationship with their customers. What makes you believe after all their legal issues and their relationship with government and profit driven aggressive marketing they are going to offer you something you can trust?
    Golden said:
    Another simpler alternative might be to use 7Zip instead - save to the .7z format and use AES256 encryption with a long & complex password.

    Attachment 284851
    Not advisable. The security for archives/compression software is not made for anything other than superficially preventing someone from accessing, modifying and/or deleting contents of an archive. It may say AES-256 but this makes no difference when the implementation of this encryption standard is not built for extensive security. It is quite similiar to adding a password for your Windows account and then expecting someone not to be able to access your account. There is a HUGE difference between VeraCrypt and integrated encryption for archive/compression software. One is a serious attempt at creating something which will prevent a very very high percentage of attacks, the other is a very trivial form of protection.
      My Computer


  3. Posts : 446
    Windows 10
       #13

    Callender said:
    Veracrypt on USB requires admin rights if USB is subsequently plugged into another computer.
    Yes, If VC is included in the UFD (portable mode). If itīs already installed in the computer, it can be used without administrator privileges, with some restrictions.

    Using VeraCrypt Without Administrator Privileges
      My Computer


  4. Posts : 1,244
    Windows 10 Pro x64 21H2 (Build: 19044.1415)
       #14

    supermammalego said:
    Apple is a prime example of this when the FBI (I believe) wanted them to backdoor it
    Did you know NSA asked Linus Torvalds to insert backdoor into linux?
    Linus Torvalds Was Approached By the NSA For Backdoor in Linux
      My Computer


  5. Posts : 5,209
    21H1 64 Bit Home
       #15

    Anibor said:
    Yes, If VC is included in the UFD (portable mode). If itīs already installed in the computer, it can be used without administrator privileges, with some restrictions.

    Using VeraCrypt Without Administrator Privileges
    In other words you cannot access your files on another computer that you do not own without admin rights.

    Say a machine in a public library, intenet cafe, workplace etc.,
      My Computer


  6. Posts : 1,652
    Windows 10 Pro x64
       #16

    supermammalego said:
    Not advisable. The security for archives/compression software is not made for anything other than superficially preventing someone from accessing, modifying and/or deleting contents of an archive. It may say AES-256 but this makes no difference when the implementation of this encryption standard is not built for extensive security.
    You're assuming the implementation is flawed. Lets be realistic here. What is "extensive security"? The user isn't protecting state secrets here.

    I spent quite some time searching for details of 7ZIPS implementation of AES256. There are a few discussions on Reddit and other forums on weaknesses in aspects of it's implementation (use Google to find them), but the consensus is that it whilst it isn't implemented to "industry standards", it doesn't pose a significant risk. I found a thesis on cryptography as implemented in 7ZIP which seems to back-up these views:

    https://dspace.cvut.cz/bitstream/han...-1&isAllowed=y

    In my opinion, for the average user, using 7ZIP is completely adequate.
      My Computers


  7. Posts : 161
    Windows 10
       #17

    Golden said:
    You're assuming the implementation is flawed. Lets be realistic here. What is "extensive security"? The user isn't protecting state secrets here.

    I spent quite some time searching for details of 7ZIPS implementation of AES256. There are a few discussions on Reddit and other forums on weaknesses in aspects of it's implementation (use Google to find them), but the consensus is that it whilst it isn't implemented to "industry standards", it doesn't pose a significant risk. I found a thesis on cryptography as implemented in 7ZIP which seems to back-up these views:

    https://dspace.cvut.cz/bitstream/han...-1&isAllowed=y

    In my opinion, for the average user, using 7ZIP is completely adequate.
    That's like saying you wouldn't invest in a solid home security solution just because you're not a billionaire with infinite amounts of wealth. So your kids TV, their Xbox, your partners precious metals, the car etc it all means nothing because you are not worth protecting. Fair enough. Enjoy getting your house broken into and having to explain to your family why there wasn't even a strand of protection there to reduce the chances of the house being robbed. Or like saying there's no point in having a password for this board because it's hardly like your account holds the secrets to the universe. Might as well tell everyone what your password is then because you're not God himself hiding behind a profile on the internet. Both solutions are justified regardless of whether your goals are to protect state secrets as you said, or just because you want to be secure.

    VeraCrypt = extensive security
    7zip = archiving program
    Several foot of reinforced concrete = extensive security
    Cheap internal wooden door = cheap internal wooden door

    You're entitled to enjoy the best level of protection you can get. You're worth as much as you believe you are worth. If that's very little then of course you don't have to use recommended standards. I mean, you can browse the web with IE5 if you want. Run your business on Windows 98. After all you're not protecting state secrets. Make your home network public and unencrypted. Leave the car keys in the ignition. Leave your wedding ring on a bus and test the morals of the general public in seeing whether they hand it in to the local police station, or wherever.

    You said it yourself in your reply and therefore you're only contradicting yourself. 7zip does not implement encryption to industry standards. There you go. Encryption HAS to be implemented to these standards because if this isn't the case there becomes NO point in encryption. Try running this website on out-dated and vulnerable encryption standards. Moreover, run SSH on a compromised version number. The ability to compromise anything these days is way higher than the ability to defend. There are way more attacks than there are defenses. And so we desperately need to use what works right now, otherwise we shouldn't really be using anything at all. We have standards for a reason and that's because they are the current BEST implementations right now. So in theory you're saying you don't mind using an outdated version of SSL, or you don't mind using an encryption algorithm which has been cracked. Your communications in your browser are as good as unencrypted at this point. If you're using an algorithm which has been cracked your data is as good as being unencrypted.

    Will there become a time when your flawed decisions result in some form of damage? Who knows. But just like investing in a great big scary dog, or several of them in fact, they immediately act as a deterrent before an attack even begins. If it seems like your hard drive is completely encrypted and would take serious effort to even begin to forensically analyze for potential vulnerabilities and attack points, isn't it easier just not to bother? Therefore isn't that form of protection more than perfect for any scenario? But if you use 7zip to encrypt your data you're throwing away any chances you had at having way better protection. And what is even more ridiculous is both are free and open source! What may take several hours in the long run could mean the difference between a hard drive that is useless to a dodgy character (like, say, you leave your laptop on the train but it is switched off and therefore needs to be decrypted before accessing it) and everything you cherish being in the hands of someone else. Likewise with a guard dog, who wants their leg chewed off? No-one is going to defend you in court for breaking into a home and being savaged by a pack of guard dogs. Just like people are going to say "I told you so!" the minute you tell them you took those risks. Again, regardless of whether you're protecting state secrets or just simply like practicing a reasonable level of operational security.

    You should ALWAYS practice the latter. It is becoming pivotal in todays world where our technology is advancing way faster than the mainstream, including many of us who believe we know our sh**, to be familiar with what works and what is going to work well into the future. To ignore this is insane when it's not rocket science and all it takes is several devoted weeks learning about this stuff in books, online courses, YouTube videos etc. I say this knowing all the security professionals I've come across over the years say the same thing and these guys are not expecting the world to start living in isolated underground nuclear bunkers hiding away from each and every threat whether minute or huge. There are people still using their lastname and their year of birth as passwords to their online banking accounts. There are still people running their home computers like they are protected in a bubble impervious to attack from the outside world - until it happens. Will it happen? Hopefully not. Does it happen? Absolutely. Like they teach in psychotherapy (I am partly trained as a therapist) your will to change must be greater than your will to stay the same.

    Keep practicing less than optimal habits and you'll always reap less than optimal results.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Đ Designer Media Ltd
All times are GMT -5. The time now is 08:26.
Find Us




Windows 10 Forums