Sunday, January 15, 2012

Physical Computer Security




In today's world technology is everything. It has uses in virtually everything we do and buy. But in all its glory comes a lot of danger. One of the most common one we face is theft on a physical and virtual way.

Today I will address some measures we all can implement to make our computers and removable media safe from those who wish to use them for their own gain. It may seem like overkill for some, or look like a sign of paranoia to another. But lets be honest, wouldn't you feel safer knowing your personal items and information were safer?  And what are you willing to pay for this feeling of safety? How about nothing. Because its all free. 

What is Truecrypt?

Truecrypt is a freeware program for anyone to download and use. It does not matter if you use Mac PC or Linux. They offer many download variations.

Truecrypt allows you to fully encrypt your hard drive requiring you to input a password before allowing your OS to boot up. Alternatively it allows you to encrypt any external hard drives, memory cards files partitions or internally or anything withing your main hard drive (if you don't want full disc encryption) The great thing about this is that it offers many options you wont find on some other encryption software. Such as having a hidden OS in case you are forced to decrypt your drive.

It offers the following forms of encryption:

  •     AES
  •     Serpant
  •     Twofish
  •     AES-Twofish
  •     AES-Twofish-Serpant
  •     Serpant-AES
  •     Serpant-Twofish-AES
  •     Twofish-Serpant

You can either go with single forms of encryption or go with a cascade encryption. A cascade encryption will take longer to encrypt your drive or file but will have much greater security against attacks. You can use the benchmark feature in Truecrypt to see how long it would take to encrypt using each of the option above based on your computers CPU power. Note though, once anything is encrypted, you are done. As soon as you put your password everything is loaded immediately. While the initial encryption may take a while depending on what your doing, reading and writing data and booting is all the same as if you didn't have any encryption.

Now how can this be used in the real world? How does it protect me?

Easy. Lets say you have your laptop encrypted, and it requires a password to boot up.  Well, if you went to a coffee shop and you happen to leave to the restroom or you get robbed in your own home or from a dorm in school etc, the thief will initial be happy, but soon after he gets away he will see that he has been locked out of the computer making it useless and worthless to him or anyone else for that matter. If you happen to write novels or be an inventor or just keep personal family photos or banking information, passwords or anything sensitive on your computer you can relax because no one is getting to that information.

You can even have a custom boot message that is displayed when you enter your password. You can have it say "This laptop is stolen" or something to that note. The limit is 24 characters.

That's great and all but, how effective is this? Is it legal? 

Good question. Read about encryption and any known ways to break AES Twofish or Serpant and you will see just how impenetrable it is. Even governments will not be able to break into it. There are those that will theorize that the government can break the encryption but just hide the fact that they can. But the general consensus is that cryptography is far more advanced then any method available used to break encryption. To date AES is the only one that have plausible methods but they are highly unlikely and far from being usable in actual breaking. If that's still not enough for you, consider this story where the FBI were called in to help Brazilian authorities break into hard drives. And that's just with the culprit using AES.

As for the legality, YES! Its completely legal to encrypt all of your information! And best yet your are not legally bound to reveal your password to ANYONE. Be it police or the government. For many reasons to. Mainly the 5th amendment. The only case I know of in my research where someone had to give up their password was a pedophile named Sebastien Boucher. A man coming from Canada into the United States. He was not using Truecrypt, but another software known as PGP that uses some of the same encryption offered by Truecrypt.

OK, I'm convinced. But how do I use it? Is it easy or complex?

Running Truecrypt for the first time may seem daunting but I assure its not as hard as it may seem. It is definitely worthwhile to spend a few minutes reading their main website. It is not as hard as it may sound. I assure you. Not to mention that everything is highly detailed in the actual program when doing the encryption.

Pro-tips

No matter how advance encryption gets, if your password is weak, then you start to cheat yourself on safety. Pick a nice long, yet easy to remember password. Your moms name or favorite sports team with your birthday after it will not cut it. Truecrypt will require a minimum of 20 characters and a maximum of 64. Make one as long as you can with upper and lower case letters, numbers and characters such as !@#$%^&*()_+

Summary

Whether or not the government can break encryption doesn't matter to most of us, but the fact still remains that most thieves will not have the power or resources to get into your system keeping your files safe.

If you want more tips on being safe online or in the physical world with your possessions or you need some help with Truecrypt drop a comment and I will do my best to help you out. Stay safe guys.

1 comment: