Dear mailing-list, I have found just recently that I'm not aware of actual situation of full HD encryption and container encryption after extinction of TrueCrypt. Is here somebody who was able to follow this topic during recent volatile and turbulent times after Truecrypt extinction? Links appreciated but some xplanation why this or that would be even better. Useful output of potential discussion will be added here https://brmlab.cz/project/crypto-anonymity_knowbase and tested. In case you have some feedback about this DIY notepad about crypto much appreciated, too. Regards, - Over -- “Borders I have never seen one. But I have heard they exist in the minds of some people.” ― Thor Heyerdahl Telegram...................@over23 facebook chat..............overdrive23@chat.facebook.com facebook...................facebook.com/overdrive23 projects...................https://brmlab.cz/user/overdrive twitter....................https://twitter.com/#!/over2393 last.fm....................http://www.last.fm/user/overdrive23 GnuPG key FingerPrint......08EA E4DC EF85 0F02 9267 5B48 2E58 6902 C5F8 794C Public key ................http://overdrive.dronezone.eu/overdrive.txt
For all platforms - VeraCrypt: *https://veracrypt.codeplex.com/ <https://veracrypt.codeplex.com/>* Open source. Based on TrueCrypt with many security patches and improvements. VeraCrypt can create crypto-containers and encrypt the whole OS/Hard disc. Tested it on Lynux and Windows. Works great. Highly recommended.
Before scouring the net to find whatever third party app you can install, review what comes native with your OS for applicability. Windows - bitlocker FreeBSD - geli Linux - dm-crypt MacOS - filevault etc... https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
Bitlocker for Win7 requires the Enterprise or Ultimate editions, as applicable. (https://en.wikipedia.org/wiki/Windows_7_editions) Bitlocker for Win8.1 requires the Pro or Enterprise edition (https://en.wikipedia.org/wiki/Windows_8_editions) Bitlocker for Win10 requires the Pro, Enterprise or Education edition, and it's unclear whether the Mobile, Mobile Enterprise or IoT Core editions support it. (https://en.wikipedia.org/wiki/Windows_10_editions) All versions Windows with editions less than Enterprise also don't support Applocker, though Software Restriction Policies can be used, even if they are not as easy to implement. For those wanting always on connectivity to their own mothership (businesses, mostly) will also require the Enterprise version of Windows for DirectAccess. It's extremely handy for those who need it, and can afford the infrastructure. Kurt On Wed, Nov 18, 2015 at 11:05 PM, grarpamp <grarpamp@gmail.com> wrote:
Before scouring the net to find whatever third party app you can install, review what comes native with your OS for applicability. Windows - bitlocker FreeBSD - geli Linux - dm-crypt MacOS - filevault etc...
https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
On Thu, 2015-11-19 at 02:05 -0500, grarpamp wrote:
Before scouring the net to find whatever third party app you can install, review what comes native with your OS for applicability. Windows - bitlocker FreeBSD - geli Linux - dm-crypt MacOS - filevault etc...
https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
Good points, though the main reason for using something like TrueCrypt/VeraCrypt is portability across operating systems. Unless I am missing something, it's well-nigh impossible to access a Bitlocker volume from GNU/Linux or *BSD, etc. -- Shawn K. Quinn <skquinn@rushpost.com>
Dnia czwartek, 19 listopada 2015 02:05:46 grarpamp pisze:
Before scouring the net to find whatever third party app you can install, review what comes native with your OS for applicability. Windows - bitlocker FreeBSD - geli Linux - dm-crypt
+1 on this. By the way, anybody has news on the pacthes that were to allow setting up a "KILL IT NOW" password for LUKS (i.e. a special password that would permanently cripple the container when provided)? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
I suspect Tomas' original concern was regarding lack of ongoing support; as we've all seen, things are moving at a fast peace in security, which might open it open to vulnerabilities down the line. I welcome all, and any alternatives, or forks. On Mon, Nov 23, 2015 at 1:04 PM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia czwartek, 19 listopada 2015 02:05:46 grarpamp pisze:
Before scouring the net to find whatever third party app you can install, review what comes native with your OS for applicability. Windows - bitlocker FreeBSD - geli Linux - dm-crypt
+1 on this.
By the way, anybody has news on the pacthes that were to allow setting up a "KILL IT NOW" password for LUKS (i.e. a special password that would permanently cripple the container when provided)?
-- Pozdrawiam, Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
Dnia poniedziałek, 23 listopada 2015 23:01:31 Silicon Dragon pisze:
I suspect Tomas' original concern was regarding lack of ongoing support; as we've all seen, things are moving at a fast peace in security, which might open it open to vulnerabilities down the line. I welcome all, and any alternatives, or forks.
That's why dm-crypt and LUKS (as long as you're using Linux) are a good choice -- they are widely used, well supported, and a crucial part of the Linux system. Highly unlikely to do a TrueCrypt on anybody. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, 23 Nov 2015 22:04:09 +0100 rysiek <rysiek@hackerspace.pl> wrote:
By the way, anybody has news on the pacthes that were to allow setting up a "KILL IT NOW" password for LUKS (i.e. a special password that would permanently cripple the container when provided)?
https://github.com/offensive-security/cryptsetup-nuke-keys This describes a decent use case: https://www.kali.org/tutorials/nuke-kali-linux-luks/ - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ If you don't like Perl that looks like line noise, don't write it that way. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWVK4bAAoJED1np1pUQ8RkgrMP/jFDoQbUsJ5nDrxoBRbVD/PZ ZsXsrqMjNX9oWn9cE0bqtcxsaaKKzQwbc5JqE/hSWwpZ+yjA4qiz9k5LG7KLn+te AuumrrioOU3wpk/T4Xb/WXVEZuSyomyn851lqBHFzudwrpeum1MQg4BDsiqC1YcT SMSTezSgxSycRcOG8HE/TqpUqf3QXiZdLMNAlfjOywD/eoE/ZK6GQQIFNNcZGli4 aYBa8a3C6Nw17mmJT3sjHbh+n48nG0GQDzrO+kMyTx2W/Hi0/mBC5/a3JziQXqZ1 mB6oFDpUefcOH3SsRWHkE8ZiozXRpXHfCtFVKw6Tjjihl1Et/8JBJ5knSZwG0DO2 DsDxJwKGgns4WOPUG6rY3Qo/01WSndOsU3hXrF+YQ+5P2J1bbEJ7K5cLOOZyw05p HF8xU5JbAIKdyUAwLOVRBh5VAzDxouWHN12tMJLXp6ayLLSCIEL3f8934ayVKsfs uXku2eGbO9vMRc97KbIlX/whhWrC1z14wXKAf0RsxP85AwExAIlM7FXBQ7StwjbH T0Mvj6KkNKnfNtR8f05NuXI5YQ+QoAtecABMv7Ce/GKij+ExknLEEIZws736xr9a X1PHPuezixPoezU10cWYSXW6/BDowPucxogLXWYdJmr8NgZHdQvnbdW+XcAmxj+T TPniQhsmyY4yL5EpuJ7I =nzxq -----END PGP SIGNATURE-----
Dnia wtorek, 24 listopada 2015 10:36:11 The Doctor pisze:
On Mon, 23 Nov 2015 22:04:09 +0100
rysiek <rysiek@hackerspace.pl> wrote:
By the way, anybody has news on the pacthes that were to allow setting up a "KILL IT NOW" password for LUKS (i.e. a special password that would permanently cripple the container when provided)?
https://github.com/offensive-security/cryptsetup-nuke-keys
This describes a decent use case:
Merci! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/18/2015 04:48 PM, Tomas Overdrive Petru wrote:
Dear mailing-list,
I have found just recently that I'm not aware of actual situation of full HD encryption and container encryption after extinction of TrueCrypt.
Truecrypt is not extinct. Before its developers decided to stop working on it, Truecrypt was considered adequately secure for practical applications. After its developers decided to stop working on it, Truecrypt is considered adequately secure for practical applications. Nothing changed, except that if you don't have a copy of Truecrypt you will have to find one can be verified as authentic via digital signatures made from known good packages. This is not hard, so if you can not do it you should not trust /any/ cryptographic tool until you have learned more about network security. A recent in-depth security audit of Truecrpt found room for improvement but no "show stoppers." A more recent report asserts that Truecrypt is "insecure" on Microsoft operating systems. Examination of that claim reveals that the Microsoft operating systems themselves, not Truecrypt, contain the security flaw in question. Where "security" is a major concern the use of Microsoft products is ruled out, due to the availability of much more secure alternatives; so this particular claim is not relevant. Truecrypt will eventually become obsolete due to changes in the operating systems is can be used with, as its predecessor Scramdisk eventually became obsolete after development stopped. It makes sense for Truecrypt users to start looking at alternative tools now, and plan for a smooth transition away from Truecrypt at their convenience. Other posts in this thread mention several candidates. But the sky has not fallen and there is no particular reason to be in a big hurry to dump Truecrypt right now. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWT1MGAAoJEDZ0Gg87KR0LfR8QAMDiTsILqfX4uGZXxMFOCW6/ 5wCzQh+y/u+IgPMxdL6FZ9JnSBILkWYTptfyFxZ0O0RMpp4PHrE0pyjZ+qazApWQ wXyI1cVo/0LmyQWaBr2N2K74vjya0lB0Z8Fs9XmNg6jjP/iYBPhV7qJsvLA9e0nw 4LhzKcQs9DCDg30wVaiwN4dC/8afFLMib7x9Bk7qxkA+dQQ/8iFdbwSulY2+3UJ1 baj5G7R1GehCOVCe5Ygkz+zlVw3/+SE/mr1tsUY5rZRHWXNmq7JCAz7LrxeKK6w5 ZJMeme5L6i1DlFKRIyUCuDPGLik7oik2S38spc/pJwgnvcUgvfdvvokci4apNfpK dhyuDN/Y2STMvGxrqnoDmyvXwM88Fj+WrM5xAOJLaOIpz4jaJcjDxE3Owb6J3cK2 6ScG/ON+E6Y6RhCRBXx2CO2DGd9fhs6iHNo/LBc24uY/vzQ7vEhd22c+OWtoLmmm PLnxyZlHkJ9k4HmX6kq00k26m0t4HkD6e1GR2p8+CEQMmSjV77+TaNeHqK8oUxKi 0EPA22fvvYGj0hpidjXigdThQW5no4beTlc1ivkLHMKkr1qDtCIyhKo3Jcjf9nMJ woQ4oh3jHAw4Q9ma8d/YhKvTAQMklQmJzgcSp9B64Oz6/UmQHKUbUCdpQmlcRArO P8xGBmpfMhbMh4+UNL2w =Jl8a -----END PGP SIGNATURE-----
participants (9)
-
grarpamp -
Kurt Buff -
rysiek -
Shawn K. Quinn -
Silicon Dragon -
Steve Kinney -
The Doctor -
Tomas Overdrive Petru -
Александр