Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

encryption software

 
Monica Dark
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello all!

i'm new here so please be nice, my question is this:

i'm interested in DriveCrypt from SecurStar, specificaly in it's traveler mode feature. i have been looking for a ong time for a software that has this kind of feature and i finally found it in this DriveCrypt software.

my question is: has any of you used this software? i know that the SecurStar people offer a 30 days free trial for the software so you can test it yourself but it is after all an encryption soft and i am not very experimented with this kind of programs.

i appreciate any response, thanks!
 
Nicholas Jordan
Ranch Hand
Posts: 1282
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security is a difficult subject. We hava a forum for security, I have seen some very informed answers there.

To respond to the website's claims:
  •   Full Disk Encryption Necessary.
  •   Pre-Boot authentication Correct.
  •   Strong 256bit AES encryption Contemporary.
  •   USB-Token authentication at pre-boot level See comment below.


  • 256-bit AES is today's standard. Full-disk encipherment is needed so that the whole disk is protected. I don't know about USB - I am having problems with usb and there are issues.

    The problem is that if the password is lost, all the data on the drive is lost. People lose passwords or have to write them somewhere to remember them. Similarly, anyone who would have a need for system this secure needs to have a long acclimatization in the use of the software. If not, the results are not nice.

    I did not see the traveller mode feature. If you ask about that in our security forum there are professionals in that field. I personally believe that the normal human mind cannot remember a password of sufficient strength to provide the degree of protection this package provides, thus one is likely to store the password on the device.

    averyfiveatmydomain is not a password.

    This, is a password:

     
    Ulf Dittmer
    Rancher
    Posts: 42968
    73
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I personally believe that the normal human mind cannot remember a password of sufficient strength to provide the degree of protection this package provides, thus one is likely to store the password on the device.

    I disagree. Pass phrases are easily strong enough using ciphers of sufficient strength (of which AES-256 is one), so that should not be an impediment.
     
    Bear Bibeault
    Author and ninkuma
    Marshal
    Pie
    Posts: 65218
    95
    IntelliJ IDE Java jQuery Mac Mac OS X
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Originally posted by Nicholas Jordan:
    averyfiveatmydomain is not a password.
    Rubbish. See above.
     
    Nicholas Jordan
    Ranch Hand
    Posts: 1282
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Monica, as you can see some discussion happend now that we are in the security forum. I understand what Ulf and Bear are saying, and in normal settings what they say is totally true.

    In an arena where equipment of the strength you cite has utility, I respond that a pass phrase should be used for the 'secondary' system. AES-256 relies on 16, 24, or 32 bytes of information for the key. This has to be stored somewhere on the machine for symmetric ciphers. It is the protection of these keys that is at issue in their response to my post. Using a sentence buried deeply in a work you are fond of is likely memorable and will achieve effectiveness.

    For what it is worth, I suggest that acclimatizaton to the use of such equipment overrides whether I or my repondents have achieved effectiveness in assisting you. Mistakes such as encryption soft and i am not very experimented for "encryption software and I am not very experienced" will eventually obliterate any sensitive data you store on the machine.

    TrueCrypt Foundation.
    Keep in mind that most programs do not clear the memory area (buffers) in which they store unencrypted (portions of) files they load from a TrueCrypt volume. This means that after you exit such a program, unencrypted data it worked with may remain in memory (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off*).


    Every bit real protection arrives as a result of years of highly specialized work, do you have further questions?
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic