Yes another encryption thread!!!!

notmymark

NSA and all that aside I have been encrypting all my devices for years now and like most on here I use TrueCrypt for laptops and PCs.

I have just been asked to do a bit of security focused IT maintenance for a family member. Unfortunately their laptop has a UEFI-based Windows system partitions / drivers which is not supported by TrueCrypt.

I would appreciate some advice on alternatives for full drive encryption. Unfortunately Bitlocker is out of the question as the machine is running Windows 7 Professional.

Thanks in advance.

notmymark

Think I may have answered my own question....
Anyone any experence with DiskCryptor?

CreepingDeath

notmymark wrote: »

Unfortunately their laptop has a UEFI-based Windows system partitions / drivers which is not supported by TrueCrypt.

Maybe Truecrypt doesn't support full drive encrypt under UEFI, but can you not create a Truecrypt file container for any sensitive files ?

Just means you have to open/mount it after you boot.

edanto

I also think that's the best option - at least it's using a technology that's familiar to you and known to be robust.

EDIT - wrote this before Bedlam contributed that nugget of 'watch-out'.

I'll sit back and learn from this one.

CreepingDeath

bedlam wrote: »

Opening most documents, even if they are stored in an encrypted container, will leave unencrypted temp files in various other locations on the hard drive defeating the purpose entirely.

Hmm... never thought of that, but there's still things you can do to limit that.

1. Most programs that create temp files do so in the directory of the original file, which in this case would be the truecrypt container. Eg. the Ms Office programs use the same directory.

2. Set the TEMP environment variable to a folder in your TrueCrypt container.

3. Disable windows swap file or set a flag to clear the Windows swap file on shutdown.

Mr Reese

edanto wrote: »

I also think that's the best option - at least it's using a technology that's familiar to you and known to be robust.

EDIT - wrote this before Bedlam contributed that nugget of 'watch-out'.

I'll sit back and learn from this one.

http://istruecryptauditedyet.com/


The NSA wrote Truecrypt.


























^May not be true.

edanto

While interesting, I don't think worries about the NSA would put your typical user off truecrypt. I would presume the NSA have the resources to penetrate almost any system, and also that the OP isn't too concerned about them in this case.

Mr Reese

Mr Reese wrote: »

http://istruecryptauditedyet.com/

Phase I of the audit is complete, and report is available.

Mr. G

edanto wrote: »

While interesting, I don't think worries about the NSA would put your typical user off truecrypt. I would presume the NSA have the resources to penetrate almost any system, and also that the OP isn't too concerned about them in this case.

I suppose they do. It's the fact that the NSA have supposedly a backdoor to software to worries me. Another hole to leaves something exposed to attack.

The heartbleed bug was there for 2 years. I wonder..

900913

Mr. G wrote: »

I suppose they do. It's the fact that the NSA have supposedly a backdoor to software to worries me. Another hole to leaves something exposed to attack.

I'd be more worried about the HDD firmware being backdoored.

http://www.legitreviews.com/nsa-replacing-hard-drive-firmware-wd-denies-working-us-government_131762

euser1984

bedlam wrote: »

Opening most documents, even if they are stored in an encrypted container, will leave unencrypted temp files in various other locations on the hard drive defeating the purpose entirely.

Does it not just load it into ram?

Gone West

OP, great question.
Truecrypt hasn't been updated in over 2 years.
The developers don't seem to be active on their forums, and are not responding to emails.
I do understand why, truecrypt is a unique tool.

900913

https://www.crypto-stick.com/


Encrypt...

...e-mails, files, hard disks and data stored in "the cloud". The secret keys used for this are securely stored in the Crypto Stick. Supported are Outlook, TrueCrypt, Thunderbird, Evolution, GnuPG and many more.