Slashdot Mirror

If you use Google's servers just as a means of getting something sent via SMTP and received via POP - you can configure your email client to use a digital certificate and encrypt all your correspondence.

Even if Google keeps everything in their archive, it is still encrypted.

Sounds like a good compromise to me. Before you say "getting a certificate from CA costs money", remember that you can set up your own CA, or get a certificate for free.

Here is a post that describes that approach in somewhat greater detail.

There is also this - Disk Firewall. The approach is different though - only trusted programs are allowed to access the data, all I/O requests coming from other processes are rejected. It seems better since there is no heuristics involved.

People already write their passwords and leave that on their desk, and leaving the physical usb key on the desk would be no better.

What could be really cool, however, is if the device doubled as your key-card to get into the office.

Check out Private Disk, it has a 'password quality meter', a built-in brute forcer, and a nifty feature called 'disk firewall' among other things. It is not open-source.

As for your original problem - TrueCrypt uses various command line parameters, you can write a script that generates strings that match the xxxxsomethingxxxx pattern and then calls TrueCrypt with the respective command line args. Such a script is easy to write, and your typing speed won't be the bottleneck anymore.

E.g. here at home I cannot verify any signatures that I can verify on the computer at my work, because I do not have an up to date certificate store.

having to log on twice (once to the OS, then again for Citrix)

Take a look at these:

• Logon for Windows
• Logon for Citrix ICA

having to log on twice (once to the OS, then again for Citrix)

Take a look at these:

• Logon for Windows
• Logon for Citrix ICA

• It supports any BioAPI or HA API compliant biometric scanner
• It is compatible with Active Directory and Novell eDirectory
• You can use multiple cards to logon to the same PC
• You can define what happens when an event occurs (ex: lock workstation on card removal)
• It can also use USB disks instead of smart cards or tokens, if you need a cheaper solution, though a USB flash drive is obviously less secure than a card

Hmm, looks like you're right. From http://www.dekart.com/howto/howto_disk_encryption/ howto_recover_lost_password/, I see that only a 7 character password (from 63 characters) takes 68 years to brute force on a P4 1.6 GHz with 512 MB of RAM. Throw in 2 more characters to cover things like improvements in processing power, and I guess a 9 character password isn't too bad security-wise. Still an awful lot to commit to memory, but if you "backup" your password in some secure location like a safety deposit box, in case you forget it, I guess that's reasonable (though still rather paranoid for the average laptop).

Are my numbers correct? Would a 9 character password really be reasonably safe against a brute-force attack where someone takes out the hard drive and puts it in their machine, barring a technological breakthrough on the order of true quantum computing?

Q: what happens if i cut my finger! i work in a sheetmetal shop and cut myself just about everyday, does the fingerprint being read flag as a 1 or 0? or is the geometry information actualy used in the encryption itself? i could live with finding a way to make the reader think my finger is there, but if it is used in the encryption that seems like a problem waiting to happen.

Yes, there is:
http://www.dekart.com/support/howto/encrypt-flash- drive-cd-dvd/

Yes, Private Disk or Truecrypt. But Private Disk (http://www.dekart.com/) also offers disk firewall feature - application level protection for the encrypted partitions.

You're right about the commercial software bit, check out his "blog", exclusively made up of links to http://www.dekart.com/ who make a product that is a direct competitor... someone's been suckling at the MS teat. Hmmmm FUD.

"The problem with computer programs and programmers is that the program does what the programmer wrote, not what he thought he wrote".

Security is good, but only as good as the weakest link in the chain. If you have humans working for you, they are the weakest link.

Well, unfortunately killing every human is not an option :-)

But you can minimize that effect. A number of banks from my country uses a tool called RSA Cryptographic Provider to store the certificates on smart cards or tokens. Now, the person only has to remember a PIN code, which is not a big deal (today PINs are on credit cards, mobiles, office-locks, etc), so remembering one is simple.

All you have to do is make sure they don't use '11111' or something just as weak. Now, people don't even realize that they use a certificate ;-) instead they just plug in the damn thing and enter a number. Thus you not only minimize the risks introduced by the human factor, but you also get two-factor authentication for free.

Then there's this other thing - the certificate is NOT stored on the computer, so you can use it from wherever you are, without leaving traces. A friend of mine got his certificate compromised back a few days; Windows stored them in its repository, and my friend made regularly snapshots of his system partition. Somebody got hold of one of those images, restored them on a different box and used his certificate to do some nasty stuff. Shit like this happens, so you gotta be careful.

That's what I felt like writing...

You can get a free certificate on this site, and there are others who issue free certificates; though they are only for testing purposes and expire fast (unlike the ones from Dekart).

Browsing signed emails is s-l-o-w, at least with exchange.

Yep, and also, mail clients usually make a copy of your outgoing messages, but it is encrypted NOT with the recepient's key (otherwise you wouldn't be able to read the stuff in your Sent Mail folder). So not only that it is slower, but it actually takes twice the space!

Try these

Private Disk (lots of features, highly customizeable)

Private Disk Multifactor (Comes with biometry and smart card authentication)

Private Disk Light (this is the free version)

I wrote about these tools in an earlier post. I am very satisfied with this thing, bought it for half the price - student discount :-)

Try these

Private Disk (lots of features, highly customizeable)

Private Disk Multifactor (Comes with biometry and smart card authentication)

Private Disk Light (this is the free version)

I wrote about these tools in an earlier post. I am very satisfied with this thing, bought it for half the price - student discount :-)

Try these

Private Disk (lots of features, highly customizeable)

Private Disk Multifactor (Comes with biometry and smart card authentication)

Private Disk Light (this is the free version)

I wrote about these tools in an earlier post. I am very satisfied with this thing, bought it for half the price - student discount :-)

Under Windows, you can use Private Disk (AES 256-bit, with certification from NIST; use multiple encrypted drives simultaneously), it comes with a lot of features, my favourite one being 'Disk Firewall'. This is an application-level filter that doesn't exist in programs like TrueCrypt or BestCrypt, etc. This thing allows you to control which application can access the drive, while the others (i.e. viruses, spyware and other #^!#$^!ware) are rejected.
The program runs off removable drives too (there are certain particularities.. but once you know what you're doing, it works).

Try this: How to encrypt a USB flash disk, and this: Why backups are important and how to make the process easier.

I like the second tutorial, as it is sort of generic and provides some basic ideas everyone should know.
The tool itself is Windows only, but they promised a version for OS X and Linux... Who knows?

Try this: How to encrypt a USB flash disk, and this: Why backups are important and how to make the process easier.

I like the second tutorial, as it is sort of generic and provides some basic ideas everyone should know.
The tool itself is Windows only, but they promised a version for OS X and Linux... Who knows?

A lot of people use encryption software. See TrueCrypt's forum. Or, for instance, this article http://en.wikipedia.org/wiki/Keydrive, it's a story about USB disks, but there's a section that describes encryption software such as TrueCrypt or Private Disk.

IMHO this attracts plenty of attention, because everyone thinks wikipedia rocks. A couple of days ago my dad told me to "check this cool site out" (and gave me a link to wikipedia) :-)

A couple of months ago I was working on a project, and a lot of reading material was needed... I searched thru Answers.com and Wikipedia, and then I've read my colleagues' projects -> they were all copy/pasted from either the first or the second site.

Wikipedia is a trend-setter, if encryption is mentioned there - then people will follow.

people do not like to haveto enter passphrases after they login to access their data.
Man, have you heard of 'multifactor authentication'? There are point-and-click tools that do that, so even grandmas can use them. Example

Personally I use yaps on a Palm Pilot, though I could see using another PDA-based one. The cool trick about YAPS is that you can drag your pen across their keyboard for multiple inputs, effectively allowing you to draw very, very long passwords quickly.

I would use either a PDA-based or a phone based system... something you carry with you at all times, no computer required. Mine has everything from password / logins to credit card information and bank numbers. You're not always near a computer when you need to know your checking account number.

For computer privacy, try dekart private disk. It's a pretty solid encrypter / decrypter that creates virtual drives under XP. Anything you put on a drive is protected, from passwords to applications. And it runs from removable disks. It does tie you to windows, though.

First mistake, having an IT policy that forces users to remember dozens of passwords. Second mistake, telling a user to put their passwords in a plaintext file on the desktop. Third mistake, posting that fact on /. without posting as AC.

It can work with biometry

it can store your key on almost anything (I use my Palm). A watch with a flash disk will do too :-)

some of my colleagues store their profile on the smart card they use to unlock the doors - this is very handy.

you can store a lot of 'profiles' on it, so you can use it for authentication on multiple computers and for different applications

works with Active Directory as well

If you switch to this - their password policy will no longer trouble you, even if they change the pass like 5 times a day %-) IMHO this does not make things more secure, but convincing directors\managers is tougher than just following their instructions...

Windows 2000/XP

The same computer (if i understand correctly, the info is encrypted with a sting taken from the user's account; i.e. you can decrypt only on the same machine you encrypted it on) + If Windows is re-installed - where will the account-data be taken from? Can anyone explain this?

Windows 2000/XP

The same computer (if i understand correctly, the info is encrypted with a sting taken from the user's account; i.e. you can decrypt only on the same machine you encrypted it on) + If Windows is re-installed - where will the account-data be taken from? Can anyone explain this?

Well, use Dekart Private Disk Or the Light version And read this guide

Well, use Dekart Private Disk Or the Light version And read this guide

Well, use Dekart Private Disk Or the Light version And read this guide

"firewalls create problems while performing daily business tasks on the server from home"

Not a well-configured software one. It's not as safe as a hardware firewall, but it is a heck of a lot safer than running around with your pants down, not knowing when your machine is connecting and what it is sending. It makes it difficult to connect *to* the machine, but your home winbox shouldn't be a remote server anyway.

Grab ZoneAlarm NOW, and put up with a few extra dialog boxes until it is trained.

Furthermore, good Antivirus software will detect many trojans. Get AVG if you have alredy abandoned your AV of choice.

This must sound like free windows security 101 by now, but get AdAware and / or Spybot, and schedule a regular download / check for once every week.

For encrypting sensitive or old data, you can either use windows built-in encryption (which uses your user password, enable this now if your machine is fast enough) and / or pick up a (non-free) copy of Dekart Private Disk, AKA The Bat! Private Disk, a simple encrypted virtual disk creator. Anything you really don't want people to see should go here... Just remember to shut it down when you're done.

Furthermore, don't use I.E. and don't use Outlook. What many people refer to as "computer" viruses or "windows" exploits are really just I.E. exploits or Outlook viruses. Firebird, I mean, Thun... Firefox is a powerful little internet surfer, which while not as flexible as my beloved Opera (ducks), does render pages faster, is more beginner friendly, and is free. Thunderbird is a good mail replacement, though pegasus mail, Opera's built in e-mail client, and the non-free The Bat! are all good choices. If you want the most security possible, try Secure Bat. At 140 dollars per copy, it isn't cheap, but it does encrypt all of your personal files and utilizes hardware token authentication to ensure that you really are who you say you are.

Finally, don't forget to regularly back up your disks to something not normally connected to the computer. For simplicity's sake, I'd attach an external USB drive and run Polder Backup once a week, removing the drive when done. For a more automated approach, get a PC controllable X10 unit, and have it turn on and off the external USB drive, so that backups can be completely automatic.