Why Not Use Full Disk Encryption on Laptops?

Saqib Ali asks: "According to the 2006 Security Breaches Matrix, a large number of the data leaks were caused due to stolen/missing laptops. Mobile devices will be stolen or lost, but one way to easily mitigate the harm is to use Full Disk Encryption (FDE) on all mobile devices. So, why don't we encrypt all our HDDs?" "Cost, and performance impact are the usual arguments.

Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performance noticeably when the virtual memory is being used more often.

Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!

Cost for Full Disk Encryption solutions ranges from $0-$300.

Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"

I'm confused

[Umbral+Blot]

If the summary answers its own questions why even bother posting comments? Except to be a smart-ass (like me).

Re:I'm confused

If the first post summarize the whole discussion, why even reply?

Re:I'm confused

[eric76]

You might have a point if the summary answered its own question.

It provided some usual answers, but left plenty of room for debate.

Re:I'm confused

Hamlet: To what base uses we may return, Horatio! Why may not imagination trace the noble dust of Alexander, till he find it stopping a bung-hole?
Horatio: Huh huh huh... He said 'bunghole'.

from Hamlet, Act V, sc. i.

Re:I'm confused

[Wilson_6500]

Maybe they're getting tired of the "yes, no, maybe" tags that always show up whenever they ask a yes/no question?

Re:I'm confused

[Jugalator]

We got his questions and answers, and now we're supposed to discuss whether his answers are good and if he asked all the right questions? :-)

Re:I'm confused

[wesborgmandvm]

If the summary answers its own questions why even bother posting comments?

I like the usual way were all of the questions are answered in the article and all the comments are RTFA.

Re:I'm confused

[Anml4ixoye]

Maybe.

Re:I'm confused

[WuphonsReach]

Maybe they're getting tired of the "yes, no, maybe" tags that always show up whenever they ask a yes/no question?

Maybe they need to start asking open-ended questions?

Because

[Morkano]

Because that would make WAY too much sense. Who wants that?

Oh yea, I can hear it now.

[AltGrendel]

What do you mean, you can't reset my password for my hard drive. I need the data NOW!

Really, we all know that people will forget/lose the password. Or they'll write it down and leave it in the laptop case.

Re:Oh yea, I can hear it now.

[dabraun]

Probably should make the password change prodedure for your organization automatically backup the keys to a server at the same time so that your IT department can recover them for you.

Re:Oh yea, I can hear it now.

[betterunixthanunix]

Or, you can use a fingerprint reader. I doubt that anybody will forget their fingerprints...

Re:Oh yea, I can hear it now.

[WolfWithoutAClause]

Or backup the data somewhere secure and verifiably accessible to the right people. I mean, it's a laptop and they never get lost or damaged right? :-)

Re:Oh yea, I can hear it now.

[Jugalator]

Or they'll be half-autistic introvert geeks that have absolutely no problem recalling 10 digit alphanumeric passwords at all!

I mean... A... friend of mine is like that! Yeah!

Re:Oh yea, I can hear it now.

[Freexe]

Why not have them write it down or email it to themselfs? It's a laptop, the problem is when they lose it while traveling. I doubt they care that someone at work can access the company data as they probably already have access!

It might not be ideal, but it's a massive step up.

Re:Oh yea, I can hear it now.

[Pharmboy]

Did you ever see the Myth Buster episode where they tried to spoof a finger print reader? No matter how hard they tried, everything they attempted worked. Yes, worked. It became a big joke and they had to keep making the method "dumber", but still it kept gaining access.

They lifted a finger print from a soda can of the "owner", then using common chemicals (like acetone), etched a copy out to a circuit board, used that as a reverse and simple ballistics gel to make a fake finger print cover that fit over their own thumb. Not something a petty thief would have, but it wasn't rocket science either. If I could get your laptop, I could get your fingerprint. Maybe even OFF the laptop. This is like writing your password down on a postit note you keep with the laptop.

Finger print readers are probably one of the worst biometric devices you can have for security. Oh, and the device they tested was a VERY expensive door lock system, not some $100 USB device.

Re:Oh yea, I can hear it now.

[sumdumass]

LoL.. Bottom line is that people with the needs to have a hardrive encrypted with just have to go thru training, be reminded and get used to it. I don't think that we are in a situation were every office clerk will be needing this although it could be a good idea.

It is the people using confidential information or secretes that need this type of security. As it stands, they probably already have a mirage of different passwords, security hashes and encrytpion keys. I doubt they write them down and keep it in an area close to were it would be used. It just makes sences that thier security clearance and training would suggest to protect against that. I'm betting that a company or government office could evaluate or add to thier existing evaluation something along the lines of how the person would keep a password, remeber it and possible let someone else know about it before giving them access to the information that needs encrypted. If they cannot, Then i believe they shouldn't be allowed to access the information in the first place. It isn't rocket science.

I have seen IT tech guys with less inteligence remeber the logon name and password for over 50 customers and thier email/isp information when only visiting the sites about once a week or month. It isn't an impossible expectation to belive someone in a posistion of accessing private, confidential, or secrete information to remeber a password or proceedure for doing something. And if they cannot, It isn't unreasonable to expect them to lose that position.

Re:Oh yea, I can hear it now.

[mikek3332002]

Even cheaper to break just grab owner's fingers.

Re:Oh yea, I can hear it now.

[bluephone]

The fingerprint door lock also opened with what was essentially a photocopy of the fingerprint too. A lot easier to store in your wallet and slip by security with than a gelatin finger. :)

Re: Oh yea, I can hear it now.

[Dolda2000]

I hate saying this (especially on Slashdot...), but this is actually an argument in favor of TPM.

Re:Oh yea, I can hear it now.

[oki900]

This is exactly why they should impliment it. It would force persons to learn responsibility. If they are caught writing a password down then terminate their employment. If they forget a password and lose data, terminate their employment. Sure it sounds hash, but would you rather the government be harsh about their security, or freely give out you personal information by allowing laptops to be stolen with such data unencrypted. Basicaly if a person is suposed to be responsible enough to have this data they should be responsible enough to remember a password to access it.

Re:Oh yea, I can hear it now.

[suv4x4]

Or, you can use a fingerprint reader. I doubt that anybody will forget their fingerprints...

Actually he will. All over the laptop, ready to be taken and duplicated.

Re:Oh yea, I can hear it now.

[Kent+Recal]

Does anyone know what the current state of "cheap" fingerprint scanners is?
I mean the kind that is built into laptops from lenovo and the like.

Are these things still as easily fooled as they used to be?

Re:Oh yea, I can hear it now.

[BVis]

Two reasons why that approach wouldn't work:

#1 The unions would never go for it. I've worked at governmental agencies that couldn't make basic computer literacy a condition of employment, because of the union.

#2 It attempts to solve a problem by demanding that people be responsible for their own idiocy. What happens when the Big Boss writes down his password? Trust me, the only guy getting fired for that is the IT guy who tries to enforce the policy.

Re:Oh yea, I can hear it now.

YEAH! cause it's way easy to back stuff up securely when a person's on the fucking road with their laptop.

Re:Oh yea, I can hear it now.

[Shawn+is+an+Asshole]

rsync+ssh?

Re:Oh yea, I can hear it now.

[tftp]

If they forget a password and lose data, terminate their employment.

You are not a manager, clearly. Termination of someone's employment will cost your company a lot of money, time and lost opportunity (unless you wanted to get rid of that employee anyway; then you have your excuse.) People are trained to do their jobs, and they are not as replaceable as an elevator operator might be. Some people train for years to do certain things, and they become really good in their area of expertise. They may be highly paid (and valued) engineers, leading designs and themselves managing projects. If such a person forgets the password what do you do, fire him and cancel the already announced release of a new product, which the customers already paid for and the delivery is due in weeks, and penalties for failure to deliver would be immense? If you fire the guy, you will be kicked out of your job so hard you will overtake him on your trajectory to the door.

What a real manager does is this. He tries to understand how this happened, and then does his best to prevent this from happening again. This may require a private chat with the person, or an official department-wide training. The data... the data is lost already, and it's foolish to make it worse by firing the guy who is best to recreate it. Your job, as a manager, is to get the job done. Firing people in a fit of rage is not the way to do it.

Re:Oh yea, I can hear it now.

[risk+one]

Not that I generally disagree with you, but a couple of points, just to be pedantic:
* They lifted the fingerprint off a cd jewelcase.
* The photocopy worked on the expensive system, but not on the simple USB device. In fact the reason they kept dumbing down (in contrast to their usual mode of operation to increase complexity as needed), was that the simple methods didn't work on the usb device. Only the second balistics model worked, which was cast from a manually improved version of the captured fingerprint. When they tried the actual doorlock, everything down to the photocopy turned out to work.

Re:Oh yea, I can hear it now.

[ELProphet]

Hey! Don't diss my girlfriend for being geekier than me!

Re:Oh yea, I can hear it now.

[TheNetAvenger]

Or, you can use a fingerprint reader. I doubt that anybody will forget their fingerprints...


Only if it is a removeable fingerprinter reader with a key in the device.

There are way to many ways to bypass the reader, even watch an old MacGyver episode where he uses sheet rock dust, it actually works.

Fingerprint readers are great for average users that want some security, but not for fool proof security.

Re:Oh yea, I can hear it now.

[grahammm]

What you do is make the user write down their password/phrase and seal it in an envelope. This envelope is then treated as being of at least as high (probably higher) security classification as the data it protects. It is then stored securely, eg in an always (apart from when items are being placed in it or accessed) locked safe whose key is kept in a key safe and require keys to signed for, for there to be 2 authorised people present when the key envelope is retrieved etc.

Re:Oh yea, I can hear it now.

[hearnz]

I've seen fingerprint readers defeated by Gummi Bears...

Re:Oh yea, I can hear it now.

[jimicus]

Not tried, but I recall the earlier ones were essentially a pad on which you placed your finger.

The newer ones are about 5mm long and you swipe your finger across it. So it won't be susceptible to the "blow on it to warm up the impression the last person left" attack, but I've no idea about others.

Re:Oh yea, I can hear it now.

[TheLink]

And almost everyone's fingerprints on the screen... ;)

Re:Oh yea, I can hear it now.

[TheLink]

That's crazy.

Most of the decent disk encryption schemes you'd want to use have features like "Corporate Key".

So even if the employee/person can't provide the password: forgot, in some deserted island, in a coma, dead, the Company still can access the data.

With key sharing schemes, one could also require M out of N keys to access stuff.

Re:Oh yea, I can hear it now.

[strider44]

Don't be silly. Just sticking a photocopy on it wouldn't get past this hugely complicated computerised system. No you had to lick it first. That was a hilarious episode.

Re:Oh yea, I can hear it now.

[Pharmboy]

I stand corrected, it was a cd jewel case. I knew it was something simple. My fear is still that you can just lift the print off the actual laptop itself, or off something in the laptop carry case, like a jewel case. Myth Busters have already proven this is very plausable.

The other issue is that if the person has the laptop and a print in their posession, they can keep hacking over and over until they get it right, time isn't as big of an issue when hacking a laptop as it is when hacking a door lock. It just a matter of time, which may be a small investment if you are the bad guy, and the laptop has 250k people's Social Security Numbers on it.

Re:Oh yea, I can hear it now.

[sumdumass]

Exactly, thats a great idea. Because we should be able to expect the type of people in charge of the information that needs protected to be capable enough to remeber complex passwords. And if some thing does happen, like having at another password and eventualy transposing the two together, they could look it up somewere. But like you said, make the storage of that password difficult for anyone to get to and obvious for the user to know someone has accessed it. Signing out a key out to get into the safe could be the first hint.

And it could go further by making some mark personable to the user (signiture) across the envelope's seal and maybe positioned in a way that it could be verified by others too (like starting so many mm from one side, being a certain size and ending a certain measure from the other side). Maybe even using some chemical laden ink that glows a certain color under different lights. to let them know it is time to change the passwords if someeone unauthorized has accessed it (even if they made it look like the user). Maybe having the user check key access logs once a day in addition to the witnesses to verify they were actualy the one who accessed the keysafe and not some Charlies Angels/Mission Impossible identity asuming stunt.

This may sound as if it is going to the extream but if the information is impoortant enough to protect then why half ass it?. And why expect anything less when it could be information that could allow some one to asume you finacial identity and completly ruin it.

I mean figgin sharks with lasors on thier head shouldn't be to far out there at this point.

Re:Oh yea, I can hear it now.

[gothzilla]

Fingerprint readers are more for convenience than security, especially for people that use easy to guess passwords anyway.

Re:Oh yea, I can hear it now.

Just like BIOS passwords on business laptops these days.

Re:Oh yea, I can hear it now.

[Achromatic1978]

even watch an old MacGyver episode where he uses sheet rock dust, it actually works

MacGyver?!? Next you'll be quoting "check out that episode of Gilligan's Island where he improvises a peer-to-peer cellular radio network using some seaweed, coconuts, some stale monkey urine and a few strands from Mary Ann's bikini"! ;)

Vista feature

[dabraun]

Doesn't Vista have a built-in feature for full disk (or all but system files) encryption? Can't you even just check off the 'encrypt' option on the properties sheet for your my docs folder (even on XP) ... or your entire user profile (to cover outlook OST etc, though that is already encrypted I believe, or can be configured to be in outlook).

Re:Vista feature

[Adam9]

That would be BitLocker.

Re:Vista feature

[mr100percent]

Mac OS X has had filevault for years now...

Hard Drive encryption on the fly, and "Company administrators can set up a computer-wide master password as a safeguard in the event someone forgets his or her login password. This can be useful for computer or system administrators whose users either forget their passwords or in corporate situations where an employee is no longer with the company and the data left behind needs to be recovered."

Re:Vista feature

[arminw]

......Mac OS X has had filevault [apple.com] for years now.......

Filevault only encrypts only the user's home files if that user turns it on. For a while I had some data which I did want to keep reasonably secure. I created a separate encrypted user account for this. Encryption does noticeably slow down the computer, so only encrypting the things that are really sensitive will minimize this performance hit. Encrypting music, video and pictures, such as would take place for whole disk encryption is a big waste, excepts perhaps for military grade secrets. Except for the performance, the encryption is not noticeable and is invisible to the user. Fast user switching makes it easy to go from the unecrypted main account to the special encrypted one.

Re:Vista feature

Mac OS X has had filevault for years now...

Does anybody know the details of the encryption mode used by filevault? I mean things such as does it use CBC, CFB, OFB, LRW or something else? And how does it generate IV and/or tweak? The only information I have seen on the net says it uses CTR mode, but that is not true. Which is a good thing, because CTR mode is terribly weak when used for storage encryption.

Security vs Convenience

[Retardican]

Most of the key management problems have actually been solved. PGP disk for a long time had the ability to encrypt using multiple keys, fraction keys (eg. 3 out of 5 must have their keys to open), key expiration, etc.

The real problem is convenience. People don't like to use secure passphrases each time they turn on their computer. How many people actually used the BIOS password feature? An easier thing would be to use some identification based (USB fob, fingerprint scanner) access, but the acceptance rate of those are very small.

Unless security is important to them personally, people just don't care. (checking under my keyboard for the root password for all the machines at work)

Re:Security vs Convenience

People don't like to use secure passphrases each time they turn on their computer. How many people actually used the BIOS password feature?


because BIOS passwords are extremely insecure. If were talking about mobile devices, and you have a BIOS password protecting valuable information, its as easy as removing the CMOS battery, waiting 15 seconds, and popping it back in.


An easier thing would be to use some identification based (USB fob, fingerprint scanner) access

Yes but these things are generaly expensive. When you have to buy 1000+ laptops (as I have to do) an extra $30-$40 per laptop quickly adds up, not to mention the added cost of Software (Unfortunaly, linux isnt always an option when dealing with custom propritary software required for bussiness)

The real problem normaly stems from over-zealous Managers who insist on changing passwords every 30 days, which leads to people (ie the common work drone) unable to remember ever-changing passwords. IMHO, it would be much more secure to have everyone figure out a strong SINGLE password for their important files, and not change it very often, say every 6 months. This gives them time to memorize it, and NOT write it down.

For example, i have two passwords I use everywhere, (and various modifications of such passwords for various purposes) my crap one I use for fourms, internet stuff, and my secure one I will probably take a good 10 minuites of torture to give up (low tolerance for pain ;) As of yet, the secure one has never been broken, and only through social engineering has the insecure one been broken. Ive done this for 16+ years now, and I can count on my hand the number of times its been broken.

Re:Security vs Convenience

[JustOK]

your secure one is 1 2 3 4 5, isn't it?

Re:Security vs Convenience

How many people actually used the BIOS password feature?

I have been for as long as I can remember.

Re:Security vs Convenience

Damn! Now I have to change my password on my Luggage, AND planetary shield! =(

Re:Security vs Convenience

[NuclearDog]

Just use the "DriveLock" feature most laptops should have to put a password on the hard-drive, rather than a power-on password. The drive will now only be readable in the original laptop and only if the user has the correct password (meaning no swapping drive to another machine to bypass the password). As an added benefit, the second you cut power to the laptop the drive is locked again, so there's no worrying about forgetting to lock it or anything...

So the only way to recover the data on your hard-drive is to pay some company a bunch of money to reset the password. This provides very little security against someone actively trying to gain access to your data, but given that probably every single case that's been in the news with regards to missing laptops with sensitive data on them had the laptop stolen by some punk with no technical skills, it's no big deal. They'll try and start it up, there'll be a password, they'll take it down to the local dealers and try and pawn it off, maybe get $20 for it or something and that'll be the end of it.

Or if they are someone technically competent and realize how to fix it, chances are they'll drop $100 to buy a new hard-drive before they drop $300 or something on recovering the current one.

ND

Re:Security vs Convenience

[Knetzar]

Where I work, every computer is required to have a power on password and a harddrive password. In addition, I was given a Lenovo T60p for work, and it has an integrated fingerprint scanner.

The only reason I won't encrypt my harddrive is since it will hurt my performance.

Re:Security vs Convenience

[suv4x4]

and only through social engineering has the insecure one been broken. Ive done this for 16+ years now, and I can count on my hand the number of times its been broken.

Can you please share more about this? you have lots of years experience, so I'm curious to know in what way a password may slip out in a practical situation (via social engineering or otherwise).

Re:Security vs Convenience

Who capitalizes Software? And Managers?

Are you a Manager?

Re:Security vs Convenience

[davidsyes]

How about a combination of:

-- RSA secure ID /one-time number generator
-- Pointsec

for laptops or certain mobile devices. If Pointsec or similar products don't/didn't cost a ton in licensing, then even sensitive desktops' hard drives could be encrypted and protected to prevent sleuths from easily accessing the content on the hardware (tho, MITM/packet sniffing might work until detected, monitored and the unauthorized perps apprehended...)

I've worked at a couple places where Pointsec was the preference. See:

Pointsec for Removable Media
http://www.eurokom.ie/servMainSite?inner=pointsec4 media

Pointsec Unveils New Version Of Encryption Software For Linux
http://www.managinginformation.com/news/content_sh ow_full.php?id=5153

(This answers a question which only a few days ago popped into my head...)

"The numbers don't lie - 60% of information theft results from lost or stolen equipment; only 25% from network intrusion. In short, every laptop, PC, PDA or smart phone is a potential weak point - unless you have Pointsec encryption software"
http://www.pointsec.com/

Re:Security vs Convenience

[toetagger1]

I once IMed my windows password to a friend.
I used to have a screen saver password, that I had just recently turned off. When I got back to my computer, my screens were on power save mode, and I was used to just moving my mouse, and typing in the password. Instead, I typed the password in an IM window, that happened to be in focus.

I have also seen some people in my high school steal the bios password, by swapping key boards between two adjacent PCs. While one was waiting for the password to be entered, the other one was already running, with notepad open. When the teacher came to type in the password, he just thought the computer was broke and assigned the student to a different computer. Needless to say that ALL the bios passwords were the same in the entier school. It didn't take long for someone to install remote controle devices on the teachers PCs, as well as set up servers to host games in the janator's closets.

During college, I did on site tech support. While I was working on probably over a thousand machines over that timeperiod, I've guessed a couple of windows passwords, and it's not like I was trying every time. Sometimes you can pick up quite a bit in a brief conversation and a couple of questions. (Do you have pets, when's your birthday, ...).

Re:Security vs Convenience

[Sartak]

How many people actually used the BIOS password feature?

My computer still has that BIOS password feature. I use it to deter my little brother from restarting the computer, since he won't be able to use it at all if he does.

Re:Security vs Convenience

When you have to buy 1000+ laptops (as I have to do) an extra $30-$40 per laptop quickly adds up

So who are you buying these laptops for?

If you buy 1000+ laptops for 1000+ employees who earn an average salary of $20,000 per year, then you have an annual salary expense $20,000,000+, so you'd better have an annual income of >M$20; in which case, is $40,000 amortized over 3 years really such a large expense?

Re:Security vs Convenience

[KZigurs]

Hmm, your last paragraph illumiates a problem that is of quite a big interest for me. I have a lot of resources I would give no shit to be accessed by other people, but - if my credidentals are compromised, my first (and only) priority would be to identify which ones and thru what channel - maybe not even bothering to change passwords afterwards.

Any ideas, suggestions?

Re:Security vs Convenience

[Achromatic1978]

When you have to buy 1000+ laptops (as I have to do) an extra $30-$40 per laptop quickly adds up

When you're paying $2,000,000+ for your infrastructure acquisition, that $30,000, while not trivial, is but 1.5%, and the difference between $2M and $2.03M.

We're too stupid

[Schraegstrichpunkt]

It's simple, really: We're too busy caring about when one politician calls another politician a "dog" to worry about real things like the environment or information security.

Re:We're too stupid

[Simon80]

hahaha, Canadian politics FTW!

Re:We're too stupid

Yeah, because sexism and violence against women are totally fake! Who cares if the Minister of Foreign Affairs thinks he's better than that stupid dog, him and the boys like you will back him up! That Belinda, she's just a cheating, man-stealing whore like all those other bitches anyway, right?

As if data encryption and "the environment" (evidently having a verbally abusive workspace isn't considered an important social and environmental issue) are more important than treating half the population like people instead of objects.

Asshole. May your penis wither and die a sad, sad death. If you haven't already beaten it into submission by yourself.

Re:We're too stupid

[Schraegstrichpunkt]

A little mudslinging, while not admirable, is something you can expect when you enter into politics. Expecting the average citizen to care much about it, just because you are a woman, is equally sexist.

While I'm not happy about it, I don't care much that Bill Clinton is a womanizer, that Peter McKay is sexist, or that the guys who shingle my roof aren't rocket scientists. What's important is that they get the job done that they were hired to do.

Furthermore, if you conclude that a person is sexist based on one soundbyte that you heard on the news, then you are the one who is being prejudiced.

And "violence against women"? WTF are you talking about?

Asshole. May your penis wither and die a sad, sad death. If you haven't already beaten it into submission by yourself.

What makes you think that I have a penis?

It should be done.

[woolio]

I for one, do use full encryption... Suits me just fine...

But then again, I use linux. Encryption is actually pretty simple under it for people who actually know how to admin a Linux system.

At one time, I even ran Win2k under VMware from an image on the encrypted disk. Which means the *ENTIRE* win2k "partition" was encrypted -- something that I understand to be impossible when run natively.

The real reasons why most don't do it?

1) Ignorance -- it is not a built-in feature in Windows
2) Hassle -- overtasked IT professionals aren't going to incur extra liability for encrypting a disk, handling lost passwods, etc. (It would be really bad to forget the password)
3) Performance -- Encrypted disks aren't good for high I/O apps... Fortunately, most apps aren't!

I sleep much better, knowing that my data is safe even if I loose possession of it. I have no qualms about storing tax returns, financial records, etc on my laptop.

Re:It should be done.

It's nice to hear that you have full disk encryption on your Linux system.

Sounds like this is a personally owned system, so you don't have to worry about:

- Key recovery mechanisms for your IT department
- Corporate standards

Re:It should be done.

1) Ignorance -- it is not a built-in feature in Windows

actually, the Encrypting File System is built into anything WinXP and after.

http://www.microsoft.com/technet/prodtechnol/winxp pro/deploy/cryptfs.mspx

But the technology sucks because they have no centralized key management that can be done easily for home users. Even in the enterprise its kinda tricky.

Re:It should be done.

EFS is not full disk encryption. It's per file encryption, which allows you to do things like see the names of files, who last modified them, when they were modified, and read files from swap.

Re:It should be done.

[Junta]

My link full disk encryption is a company laptop.

-Key recovery mechanism:
In my case (and most sane companies), the IT dept with respect to this will let you proceed at your own risk with respect to laptop protected data. With any desktop/laptop install, there is a ever present risk of catastrophic disk failure, so IT policies have to dictate how to cope with sudden loss of all data on a desktop or laptop anyway, if it's because the luser forgot their password or because a drive head started skipping across the platter surface, generally it's all the same. In my case we are provided network storage space, where they manage redundancy, backups, and the associated recovery and maintenance. If the data is so damned important, stick it out there.
I also laid out a strategy for this in another post if IT insists on key recovery. LUKS has multiple key slots and by extension can support multiple passwords. Use a key slot for the IT password unknown to the user, and one other for the user password unknown to IT. User can screw it up if they desire, but users can always screw it up if they want to, the goal is to keep a reasonable expectation of recovery, but can never win in the face of user who does not want the data recovered (unless said user is just too stupid to figure it out).

-Corporate standards.
The standards of the company just have to be intelligent. In my case, standards when first published required that all company data be protected, and they recommend ed gpg or windows folder encryption to start with, for linux and windows respectively. Auditors have examined my setup, and I showed them the indicators of the method I used and pointed out reference material for their review. At the end the auditors, (who were almost entirely windows people), concurred it went above and beyond the corporate standards and after my audit, future users who had a similar setup had a simple, straightforward audit.

Re:It should be done.

[Wilson_6500]

I have no qualms about storing tax returns, financial records, etc on my laptop.

See, I still wouldn't store this kind of info on my laptop if possible. Encrypted or not, if I lose the information, I lose the information; I might as well just work from the desktop- or paper-based copies, since I'd need to keep either or both of these as a back-up to my laptop. I'll admit that I'm not one who needs to work with this sensitive info on a portable basis, so there's no real need for me to use a laptop in the first place.

Re:It should be done.

Actually, depending on the encryption mechanism it generally doesn't have that much impact on I/O performance. For example, Win2K3 EFS, which, granted, isn't full disk encryption, can very easily be used to provide encryption-at-rest for databases. I've used it for both MS SQL Server and Oracle on DBs which are several hundreds of GB to a couple TB and the performance hit was negligable, maybe 3%.

Re:It should be done.

[PacoTaco]

But then again, I use linux. Encryption is actually pretty simple under it for people who actually know how to admin a Linux system.

Likewise, constructing plasma weapons is actually pretty simple for people who actually know how to build compact fusion reactors.

Re:It should be done.

[newt0311]

look up LUKS. Probably far above any reasonable corporate standards and allows features such as multiple keys through slots, retiring of passwords, etc. very effective.

Re:It should be done.

As a DARPA grant funded fusion engineer building plasma weapons that are powered by compact fusion reactors, I take offsense to that analogy!

-John D.

Re:It should be done.

[dogganos]

Information which one cannot do without should always have a twin brother somewhere. You say 'I still wouldn't store this kind of info on my laptop if possible' but why would you store this info on your desktop which has a disk that can die at any moment? When your laptop gets stolen, two different things happen: 1. You lose the information which was stored there in case you did not keep backups elsewhere, 2. the bad guys get this information, in case it was not encrypted. Two completely different things, and this topic is for the second...

Re:It should be done.

Its certainly nothing a normal home user could pull off, but its not that bad either. Any concerned company with Linux experience should have a IT guy who can pull it off. Using an initramfs I was able to make my computer boot off a small unencrypted /boot and then grab the key for / off a USB key. I was also able to have the entire disk encrypted and boot from a CD with the key on it. Unfortunately my system can't boot from USB or I am sure that would work as well.

Re:It should be done.

[larien]

We use Pointsec. That certainly works on Windows NT & XP, I'd be surprised if it didn't work for 2000 too.

Works pretty well, there's even a method of unlocking if you forget/lose the password to get into the box.

more RAM

[TheSHAD0W]

Boosting system memory is one good way to mitigate the problems of FDE. Eliminating the need for swap space and buffering commonly accessed files helps reduce the amount of disk throughput needed. Sticking browser caches and other temporary file space in a virtual drive would also greatly improve performance. It might even be worthwhile looking to produce slow but inexpensive RAM just so you could make volatile RAM drives for this purpose.

Re:more RAM

[kasperd]

It might even be worthwhile looking to produce slow but inexpensive RAM just so you could make volatile RAM drives for this purpose.

In many ways a good idea, but unfortunately it is likely that the most feasible approach would be to stick all that cheap RAM in a device which appears to the system as a harddisk. I think such devices already exists, but I don't think they are cheap enough or practical for a laptop. The problems with just sticking RAM of different speeds in a computer are at least the following:

• Not all boards allow RAM of multiple speeds, you may limit all RAM to the slow speed.
• Even if you did manage to get the RAM working at different speeds, you'd need to inform the OS about the difference, which adds complexity, and would slow down any OS unaware of the difference.
• You'd also need to copy data between the slow and the fast memory. A memcpy requires CPU time and will keep the CPU spending most of the time waiting for the slow memory. The solution for this would be seperate busses to the slow and fast memory, and a unit that could copy data using DMA. While this unit access the slow memory, everything else must be able to run at full speed in the fast memory. The harddisk like apperance will provide a DMA interface with these properties, but then it will be the only way to access the slow memory.

Re:more RAM

[TheSHAD0W]

Yes, I suppose I'm proposing RAM on a separate bus. Wouldn't matter if it were slower than main system memory, since it'd be taking the place of disk access even the slowest RAM would speed things up. HD emulation would be somewhat silly, so yes, I'd advocate a DMA-capable bus interface.

Hardware aided encryption anyone?

[faragon]

IBM have been providing encryption hardware for laptops for a while.

Re:Hardware aided encryption anyone?

[4alexnyc]

I hope you don't mean the hard drive password option that can be set in the BIOS? I thought that was somewhat secure until I found a guy on the net who could get around it in about 30 seconds...

Re:Hardware aided encryption anyone?

[Junta]

The hard disk password isn't encryption, it's just a handshake with the controller chip on the hard drive. I don't know what method they used, but generally speaking the data on the platters is unprotected and theoretically swapping the little controller board bit of the drive would bypass it.

Whatever hardware assisted encryption there is to be had in Thinkpads would be that stuff provided for 'trusted' computing. I have no insight on what it could actually do *for* the user as opposed to against it, but also based on my experience I don't think I need to offload the work as it isn't that intensive for a single user system anyway.

Re:Hardware aided encryption anyone?

[RobertLTux]

no hes talking about the TPM chip that (if setup for this) scrambles the harddrive (and if you yank the drive its a no go unless you are a TLA org tamper with the chip and it does a MI trick)

So, why don't we encrypt all our HDDs?"

[56ker]

Because it slows it down, laptops can have user authorisation anyway (fingerprint or username/password combo) - and short of physically taking the harddrive out and reading it or booting from a CD there's very little someone can do to access the info on it without that. The point is - people just shouldn't be putting confidential stuff on laptops in the first place because of the security risk not just from theft but from casual users finding something they shouldn't or the computer geek repairing it.

Re:So, why don't we encrypt all our HDDs?"

[dfgchgfxrjtdhgh.jjhv]

... short of physically taking the harddrive out and reading it or booting from a CD ...

its not hard to do either

Re:So, why don't we encrypt all our HDDs?"

[Extide]

So how is an on the road sales guy supposed to work? I would say in most cases ANY employees email inbox is considered confidential by default. In fact most of the stuff many on the road guys will have on their laptops IS confidential, and they NEED those laptops in order to do business. I dont think there is an excuse these days. We have plenty of CPU power available so doing the encryption/decryption in realtime shouldnt be that bad. I mean where I work everyone has a company laptop, and everyone is going to have confidential info on there. Theres no way to avoid that.

Re:So, why don't we encrypt all our HDDs?"

[eric76]

In many caes, the laptop MUST contain confidential information that people must have in order to work away from the office.

Requiring someone to provide a username and password is not there for the purpose of protecting the data. It is there to try to keep people from using the laptop without authorization.

Protecting confidential data pretty much requires encryption. You could hire a couple of former Navy Seals to travel with you to guard the laptop and limit the chance of losing it, but encrypting the contents is a whole lot less expensive.

Re:So, why don't we encrypt all our HDDs?"

Laptop hard drives in most Dell laptops are held in place with a single screw at the bottom of the laptop. Remove that screw and the hard drive falls into your hand. It takes less than 30 seconds to remove the drive. It might take you less time to remove the drive and read it in another PC than it takes for you to reboot Windows.

Re:So, why don't we encrypt all our HDDs?"

[56ker]

Requiring someone to provide a username and password is not there for the purpose of protecting the data. It is there to try to keep people from using the laptop without authorization.

Surely the two are related though?

Protecting confidential data pretty much requires encryption. Yes, and as most commonly used encryption schemes from password protecting a file to other methods have encryption that can be broken by readily available programs it's merely a variation on the username/password argument.

Re:So, why don't we encrypt all our HDDs?"

[56ker]

They could store all the information they need on a clipdrive. Most email accounts have webmail access. All they need is access to an internet connected computer which they can find in any public library. I fix computers as part of my job and have never seen the need to lug around a laptop with me as opposed to a clipdrive with what I need on it.

Re:So, why don't we encrypt all our HDDs?"

[eric76]

Surely the two are related though?

No.

Yes, and as most commonly used encryption schemes from password protecting a file to other methods have encryption that can be broken by readily available programs it's merely a variation on the username/password argument.

You are very mistaken.

Real encryption schemes are not easily broken by any program, readily available or not. You are talking about some serious computation that could take tens or hundreds of years for a large number of state of the art computers working at full capacity to break. And by that time, of course, the original hard drive would have completely quit working.

Re:So, why don't we encrypt all our HDDs?"

[56ker]

If you're referring to those based on the product of two large prime numbers I think you'll find that even 193 digit numbers can be factored and that estimates about brute force encryption don't take into account advances in processor technology or parallel processing or human ingenuity.

You can also use distributed computing over the internet to tackle computer problems on the scale of your "supercomputer will take 5-10 years" sort. There are many examples of those if you care to look.

Re:So, why don't we encrypt all our HDDs?"

[eric76]

I'm quite familiar with the RSA Challenge and that does not change anything I say.

What the RSA Challenge has shown so far is that weaker keys (product of two smaller farms) can be factored faster than stronger keys. The RSA Challenge just goes up to 2048 bit keys and it will likely be quite a while (many years) before they can be factored.

Distributed computing isn't going to make much of a difference. It will, at best, provide a linear improvement in factoring. That has little affect on the problem considering that there are no known polynomial time algorithms available.

But you are correct about human ingenuity. Quantum computing, if and when available, should make the problem quite tractable.

By the way, this all presupposes that you are using a public/private key method and the public key is available. It would be quite possible, for example, using PGP to have a PGP encrypted virtual disk and store the public and private keyrings stored on a removable media kept separate when not actually in use. Then, if someone steals the computer, but not the media with the keyrings, they wouldn't even have the public key to work from. I don't even know that a good quantum computer would be of much help then.

Re:So, why don't we encrypt all our HDDs?"

Well, why wouldn't you just encrypt a USB key/drive and put it there? Odds are that your laptop will get stolen before those do, and if you lose that stuff, no big deal! You can even hand it off to IT at the end of the day, because they'll back it up and wipe the drive. You'll then pick up a new drive the next day, freshly imaged and ready to go. That way, it doesn't even leave the building (on a normal basis). The big question is, "why do we put this data on laptops where non-technical users will inevitably contract viruses and spyware, knowingly practice unsafe Internet habits, and will someday go so far as to have the laptop stolen, causing a huge scandal for our company?" The technical answer is to put it on an encrypted file store on a organization's server, that can only be accessed via an encrypted network link, coupled with a policy that, if such data is ever found un-encrypted on your computer, you're asked to leave. There's no reason to store hundreds of thousands of records on a laptop, that's what we have databases for.

So, I guess my answer to 'Why not use full disk encryption on laptops' is that, frankly, that's not even the most common vector of attack. There's all kinds of talk about kids using the Internet and getting their parents sued for libel, or less-technical users falling victim to phishing attacks... why don't we, as a society, take responsibility for technology? I mean, all it takes is a 30-minute class twice a week. Why don't we have computing licenses? You'd think that, with all the money riding on it, we'd take it more seriously.

Someone posted way up that an employee should be fired if they lose the password. That's a good way to get people to try and circumvent password security, really, but why do we treat security as this 'pain'? Honestly, if you can't remember a different set of 8 characters a month... it's just ridiculous. It oughta be a job requirement, i.e.:

"This position requires handling secure company and customer data. To be qualified for this position, you must have an above-average understanding of computer security. This includes:

Knowledge and familiarity with the use of encryption, both of hard drive and network communications.
Ability to handle numerous, complicated, and frequently changing passphrases.
Experience with biometric security devices.
A commitment to safe general-computing practices."

Honestly, I've never worked somewhere where this shouldn't be required. I've always handled passwords, social-security numbers, credit-card numbers, etc. Only once was I ever required to use encryption, and that was for retrieving WEP keys for wireless networks... about the least sensitive 'secret info' I've ever worked with. Of course, that was so much of a pain in the ass that quite a few of my co-workers copied them from the encrypted filestore/machine and posted them in their cubes. Obviously they were let go, because that's fucking retarded.

Where I work now, you can get a paycheck advance if your hours aren't entered on time (it's usually not the employees fault, as hours go through several layers of approval). This process entails writing your SSN on a sticky-note and handing it to the secretary, who then proceeds to read it over the phone for all in her office and waiting room to hear. I've written down about 6 so far. It's insane, and encrypting our HDDs isn't going to help it at all.

Re:So, why don't we encrypt all our HDDs?"

[56ker]

Any usable quantum computer is still a long way off. Regarding your idea about having the keyrings stored on external media it's very easy for people to just forget and leave the external media (whether it be clipdrive, swipe card - whatever it is) permanently in the machine, or through just absent mindedness leave it behind.

I used the public/private key method because it is the most common in use currently. Yes there are other encryption methods and part of cryptography is figuring out first which method has been used to encrypt the data.

I can think of one reason...

[Fyz]

Though I'm not very crypto-savvy, there's one thing that I've learned from hard experience about mobile devices and hard drives: they have a very short life span.

Anything with moving parts is bound to break, and if you move it about it'll just break all the faster.

So can't it be a serious problem if your data is encrypted and bytes get knocked out here and there?

Also, mobile devices are usually much slower than stationary ones and will only get slower if it has to apply complex algorithms to all data that goes in and out. And that would probably also put a real big penalty on your battery life.

It boils down to one thing: You have to select a cost-effective level of paranoia. It would make your life infinitely complex to secure yourself against every possible scenario. How important is the secrecy of your data?

Is the juice worth the squeeze?

Re:I can think of one reason...

[Simon80]

In the context of stupid employers/empoyees losing laptops with sensitive databases on them, this isn't even a question - the data should never leave company premises unless it's encrypted, end of story. The fact that this isn't standard practice indicates widespread incompetence.

Re:I can think of one reason...

[raduf]

Also, when choosing a level of paranoia :) you have to keep in mind that the most likely security risk is from an internet exploit.. in which case all the encription in the world isn't worth a damn.

Re:I can think of one reason...

[kasperd]

there's one thing that I've learned from hard experience about mobile devices and hard drives: they have a very short life span.

My experience says the opposite. So far I have not yet had a problem with a mobile harddrive (laptop and external USB disks). But I have often had internal harddrives failing on me (good thing RAID and backups prevented me from losing data).

So can't it be a serious problem if your data is encrypted and bytes get knocked out here and there?

Hardware failing will be a problem whether your data is encrypted or not. The solution for this is a good backup strategy. The backup will help you in several cases: hardware fault, theft, forgotten password (assuming the backup is unencrypted but kept in a safe location).

Also, mobile devices are usually much slower than stationary ones and will only get slower if it has to apply complex algorithms to all data that goes in and out.

The main bottleneck on my laptop is harddisk I/O. Encrypting everything would require some amount of CPU time, but since in most cases the CPU is much faster than my needs, and the harddisk is slow, the encryption would not be any problem. The CPU would get more work to do, but it will have plenty of time to do so while waiting for the harddisk. Overall I wouldn't expect to see any slowdown for my everyday use. I don't want to spend lots of time benchmarking it though, I don't care if the meassurable slowdown is 1% or 10%

And that would probably also put a real big penalty on your battery life.

Possible. But the biggest energy consume in my laptop is the DVD drive.

Works fine on my laptop

[cos(x)]

Granted, I am not encrypting the *whole* thing, but /home should take care of most of the sensitive data. I am using GBDE on FreeBSD which is strong enough for the weakest point to be the password. Yes, if I do lose the password, the data is unrecoverable. However, a simple way around this problem is to regularly back up the entire partition. The backup should be unencrypted, of course, so that if I lose my password, I can still get back my data. With GBDE, this is easily done. The encrypted data on my machine resides in /dev/da0s1g and after I have typed in the password, the decrypted content appears under /dev/da0s1g.bde - all I need to do is dump that partition. Certainly, encrypting all other partitions would increase security, but I am feeling pretty safe as it is. Also, FreeBSD is probably obscure enough for most laptop thieves by itself :). One last thing to note is that because the file system on *NIX is well structured, there actually should not be any sensitive data anywhere in /usr anyway - just application binaries and source.

Re:Works fine on my laptop

[value_added]

increase security, but I am feeling pretty safe as it is. Also, FreeBSD is probably obscure enough for most laptop thieves by itself :).

Obscure. Nah ...

FreeBSD/i386 (foo.bar.org) (ttyv1)
 
login:

Then again, they may be right-clicking for some time ...

Re:Works fine on my laptop

[croddy]

It's also very important to encrypt your swap space -- just think of all the crypto keys, passwords, etc. that are stored in memory. It's much easier to be sure you've secured those if you know they're being swapped to a partition that's initialized with a new random key each time the system boots.

Really, though, it's not even that difficult to encrypt the root filesystem. The new Etch installer has this built in, and if I'm not mistaken, Vista will too.

I'm not sure what use all those software packages are that are linked on the submitter's home page.

Re:Works fine on my laptop

The backup should be unencrypted, of course, so that if I lose my password, I can still get back my data.

I disagree. Your backup should be encrypted - what happens if someone steals your backup? Your passphrase, on the other hand, should be written down. It should be written in a way as to not be obvious, and kept in a secure place - for example, your wallet. What I do is encrypt my backups with a symmetric passphrase with GPG to keep them secure - that way, if my hard drive dies and my PGP key is lost, I don't need my PGP key to restore my backup containing my PGP key!

Re:Works fine on my laptop

Unless your like me and don't run swap. I've never come close to running out of RAM except when I had a runaway app. The biggest legitament pig I have ever encountered is FreeCiv, at 300-some megs of ram.

Re:Works fine on my laptop

[jefu]

Couldn't you put a kernel module in place that would overwrite swap space from a process with random data when that process exits? Also, the same kind of thing for all of swap space when the machine shuts down and reboots? (The shut down would probably impose a rather annoying wait, but randomizing swap on reboot could probably be done in parallel with other startup tasks.)

I'd be just as worried about temporary files if the /home filesystem were encrypted but not /tmp, but I'd suspect that a userspace program that grabbed empty space in /tmp, wrote random data on it, released it... repeat would probably handle it reasonably (at least with high probability).

Re:Works fine on my laptop

[arminw]

.....Your backup should be encrypted - what happens if someone steals your backup?.......

Make sure the backup is in a place where it is extremely unlikely to get stolen or damaged. A remote server in a secure room or an external HD locked in a safe might be workable for most situations. If the backup is in a physically secure place, such as on a HD or DVD locked up securely, encryption is probably overkill. The link to the backup server must be encrypted, but the data on a physically secure server need not be. If the user of the laptop forgets the password needed to decrypt the sensitive data, at least the backup can then be used to restore.

The Real Problem...USERS

[PixieDust]

The real problem is the user is LAZY. The help-desk, is agitated. And the higher up big-wigs get upset because productivity suffers.

Besides, how many laptops would then have the password for FDE engraved into them, or with a nice post-it note on them? And what would this password be? Their mother's name? Their birthday? Their dog's name? The street they live on? Users are notorious for using horrendously uncomplicated passwords.

on the other hand, if someone were to use say MdLg25GvNtUp35
Then yea, it would be effective. Brute forcing that would take what, 50 years?

Of course if the password must rotate every so often, then users will be CONSTANTLY requesting resets (as someone mentioned a moment ago I believe), which will drive up help-desk costs and also drive productivity down.

The BEST solution is to EDUCATE the user, and have strict IA policies in place. Period.

Re:The Real Problem...USERS

[Propaganda13]

If this is just a password that is used only once per session why not use a passphrase instead? Song lyrics, easy to remember phrases, etc. make it easier to remember, but harder to bruteforce. Add into the haxor swapping numbers for letters(3 for E) or static replacement of letters(9 for N)for a little extra security and can be easy for non computer minded people. Passphrases lose their luster when it is a password that has to be entered very often though.
A lot of "bad passwords" aren't bad, they just sound bad. The laptop would probably be stolen by a stranger. They're not going to know your dog's name or your kid's birthdate especially if you combine them. Someone who is going to try hack an encrypted system will just use a software to do it anyways so commonly used passwords, single words, and short passwords are more of a problem. Even if I tried to hack a coworkers computer, I'd either use a program or call the help desk in the middle of the night complaining I got locked out (depending on policies and how much people actually follow those policies) than try to guess which kid or dog name and birhtdate they used in and in what order. Or I'd throw a keylogger on, watch them, ask them, etc.

Re:The Real Problem...USERS

[PixieDust]

That's my point though. you don't have to know their kids' names, or they birthdays, or whatever. if that's ALL the password is, then any brute forcing type software will pwn the face of that password quickly.

Combining them, however, as you said is very effective, and takes much longer.

OSX Makes it Easy

[Above]

System Preferences -> Security. Click "turn on file vault". A few minutes later, you're done.

Also check "Use secure virtual memory" (aka encrypt swap) on the same tab.

Now swap and your home directory (so all important data) is encrypted. The OS and applications are not. As a result performance degredation is minimal.

In the business enviornment the business can set a recovery password in case the user forgets, dies, whatever. The user's login password is the only password they need.

Free. Easy to use, you do nothing. Minimal performance impact. So the real reason most people aren't doing it? They are stuck with Windows bloatware or are ignorant.

Re:OSX Makes it Easy

[Hallow]

Damn skippy.

FileVault rocks. OSX even includes secure virtual memory (pretty big performance hit, but a real good idea on multi-user machines).

Re:OSX Makes it Easy

[beyonddeath]

filevault can lick my sweaty nat sack. it cant free space until you log out, and when you delete a few movies or iso's out of your home folder your system takes like 45 minutes to shutdown. Personally I'll store my personal info on my fileserver which is secure enough to not have to worry about, and just deal with the dataloss if my laptop is stolen or compromised.

Re:OSX Makes it Easy

[aegzorz]

Free. Easy to use, you do nothing. Minimal performance impact. So the real reason most people aren't doing it? They are stuck with Windows bloatware or are ignorant.

How exactly is it Free? Is it the same kind of Free as the cell phones you get when you subscribe to a cell operator?

Re:OSX Makes it Easy

[myowntrueself]

OSX Makes it Easy...Free. Easy to use, you do nothing.

Shit. I didn't know OSX was free. Where can I download an install set?

Thanks

Re:OSX Makes it Easy

No. Free as in a 1-800 phone call is free, regadless of whether the phone is yours or already covered at work.

Re:OSX Makes it Easy

[Henry+V+.009]

XP Pro has let you do the same since it was released. Right-click My Documents and tell it to encrypt the folder. Better than being stuck with Steve Job's zealot-ware.

Re:OSX Makes it Easy

XP Pro has let you do the same since it was released.

Windows 2000 lets you encrypt folders... right click, properties, advanced, encrypt contents to secure data

Re:OSX Makes it Easy

That's good for you, but not what the article is about. The article is about encrypting the full disk, a feature MacOS will not have any time soon, but Windows Vista will have. Encrypting directories has been in Windows since at least NT4.

Re:OSX Makes it Easy

Yeah, that's your personal opinion. Some find it useful enough to use anyway...

Re:OSX Makes it Easy

Now you know why people think your a moron.

Re:OSX Makes it Easy

[repetty]

> That's good for you, but not what the article is about. The article is about encrypting the full disk,
> a feature MacOS will not have any time soon, but Windows Vista will have. Encrypting directories has
> been in Windows since at least NT4.

An accurate observation but kind of irrelavent.

Re:OSX Makes it Easy

[Above]

One of the nice advantages of the zealot-ware is that (generally) the applications are much more well behavied about where they install the software, and where they put your data.

Encrypting my documents is cool and all, but all sorts of apps, including many Microsoft ones put bits of your sensitive data all over the place. So encrypting my documents on your Windows PC gets you about 75% effectiveness, where as doing your home directory on an OSX box gives you about 99% effectiveness.

Of course, one also has to be worried that the Windows passwords are easily crackable (http://elliottback.com/wp/archives/2006/04/26/cra cking-windows-passwords-with-ophcrack-and-rainbow- tables/). But I guess that's good when you forget your password.

Re:OSX Makes it Easy

Perhaps people aren't using OSX File Vault because, like me, when it came out as part of the OS
  there were dire warnings from burned users that it was buggy and might eat all of your data.

And from then until now, I have not seen a report that the bugs have been fixed. Have they?

Re:OSX Makes it Easy

[grouchomarxist]

The problem I ran into is that if there is a problem during that process, the image will get corrupted and you lose all your data. It is technology that isn't ready for primetime.

Re:OSX Makes it Easy

[Henry+V+.009]

Of course, one also has to be worried that the Windows passwords are easily crackable (http://elliottback.com/wp/archives/2006/04/26/cra cking-windows-passwords-with-ophcrack-and-rainbow- tables/). But I guess that's good when you forget your password.

I haven't clicked on the link, but he's talking about LMHASH passwords. Why don't you look up the last version of Windows that used LMHASH? I am often asked to recover forgotten Windows Admin passwords at work, and I haven't run into an LMHASH password for a long long time.

Re:OSX Makes it Easy

[ben+there...]

I'm trying to think of any program that stores its (personal/private) data anywhere besides Documents and Settings (which also contains My Documents)...nope, can't think of any.

Re:OSX Makes it Easy

[JoeCommodore]

Right here! Set File Vault up on my bosses' new laptop (then) and one day she booted all her stuff was gone, no errors just gone, the file was unrecoverable.

I might try it again but I want to have a good backup system in place first.

Though it is nice to see how unrecoverable it is (in a security sense).

Re:OSX Makes it Easy

Now you know why people think your a moron.

Says Anonymous Coward who has posted more stupid comments than any other slashdot user.

Re:OSX Makes it Easy

[jimicus]

Purely out of morbid curiosity, why on Earth do you not already have a good backup system in place? What would have happened had your bosses' new laptop been lost, stolen or otherwise damaged?

Re:OSX Makes it Easy

[UnxMully]

Do some apps still store work files in one of the temp directories?

Re:OSX Makes it Easy

[ben+there...]

The temp directory is C:\Documents and Settings\%user%\Local Settings\Temp.

Re:OSX Makes it Easy

[UnxMully]

Though for some reason the company I work for has moved my Temporary Internet Files directory out of my profile and into the Windows directory. Which seems an odd thing to do.

Password encryption is not very good

[anthony_dipierro]

Unless you plan on memorizing an extraordinarily long password, the encryption you're going to get is not going to be very good. Better than nothing if you don't have anything too important on your drive, but if you have anything important on the drive then you're gonna have to consider it leaked when your laptop goes missing.

Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues.

How would that work? I thought the key in the hardware token was constantly changing - not something that can be implemented in a standard hard drive.

Re:Password encryption is not very good

The token is used for the storage of a cryptographic credential (key) which is used to unlock the disk key. You need a token PIN to log in to the token. This provides two-factor authentication: Something you have (the token) and something you know (the token PIN).

Rolling SecurID codes aren't really suited for pre-boot authentication, as you need a working network to contact the ACE server to authenticate your current code (and laptop users are frequently disconnected from their corporate network).

Re:Password encryption is not very good

[anthony_dipierro]

The token is used for the storage of a cryptographic credential (key) which is used to unlock the disk key. You need a token PIN to log in to the token.

I guess that's slightly more secure than just carrying the key on a regular USB key - if the token is relatively tamper-resistant.

Re:Password encryption is not very good

[Archon-X]

How would that work? I thought the key in the hardware token was constantly changing - not something that can be implemented in a standard hard drive.

I'm no expert, but RSA tags basically boil down to simple 'random' number generators, seeded with a common file, and time synced. There are multiple 'soft' solutions for tags (to prevent actually having to carry real dongle.)

I'd take a stab at saying the major problem with this implementation would be keeping the clocks in sync, as it's my guestimation that the average pc that doesn't ust NTP drifts a hell of a lot.

Re:Password encryption is not very good

[Archon-X]

From what I've read, there are a few solutions to fake the ACE authentication / process.
http://en.wikipedia.org/wiki/RSA_SecurID has more info, I believe.

Re:Password encryption is not very good

[newt0311]

the password does not actually need to be that long. With hashing and low-entropy data algorithms, the problem can be elivated to a large degree. good passwords are still important but they no longer need to be 50 cars of random characters. LUKS implements such a scheme.

Re:Password encryption is not very good

[anthony_dipierro]

Hmm, looks like you're right. From http://www.dekart.com/howto/howto_disk_encryption/ howto_recover_lost_password/, I see that only a 7 character password (from 63 characters) takes 68 years to brute force on a P4 1.6 GHz with 512 MB of RAM. Throw in 2 more characters to cover things like improvements in processing power, and I guess a 9 character password isn't too bad security-wise. Still an awful lot to commit to memory, but if you "backup" your password in some secure location like a safety deposit box, in case you forget it, I guess that's reasonable (though still rather paranoid for the average laptop).

Are my numbers correct? Would a 9 character password really be reasonably safe against a brute-force attack where someone takes out the hard drive and puts it in their machine, barring a technological breakthrough on the order of true quantum computing?

Re:Password encryption is not very good

[newt0311]

from what I know, above about 10 chars and the password is pretty secure. in my case, I use phrases or sentences with all the spaces removed and then random substitutions for letters with numbers and signs (replace o with 0, s with $ etc.). Unless the someone is the NSA, it shouldn't be much of a problem. as for the remembering passwords problem, with LUKS, its possible to have multiple passwords so on in a safety deposit box and another in your head should work pretty well. at worst, place the key on a USB drive (LUKS also allows this) and carry the stuff around. encryption is pretty good now, unless the oponent has exorbitant resources.

Disclamer: I am not a security expert, just someone who reads this stuff for fun. better advice can be found with a little more digging.

This makes no sense

[sheldon]

What do you mean "Why don't we use full disk encryption?"

The company I work for(financial services) has been using this for over a year now. Not just on laptops, but also all desktops in the company.

Re:This makes no sense

Do we all work for the same company as you?

Re:This makes no sense

What do you mean "Do we all work for the same company as you?" I work for the same company as he does.

Re:This makes no sense

[4alexnyc]

Ditto for my company - very large company in FS, all 50,000 laptops are encrypted... Took a while to get senior management on board (come on, all of us in IT knew this was something that should have been done for a while) but once the decision was made, it was implemented quickly and properly (i.e.- force load on initial login).

Re:This makes no sense

Full-disk encryption requires an encryption-aware BIOS. Are you sure you're not encrypting only parts of the disk and leaving the partition table and some of the bootstrapping code unencrypted?

Re:This makes no sense

[hughk]

My last client turned on boot encryption on the laptops. As luck would have it, I was using mine remotely, in Chennai. I was locked out and it was about 3 in the morning for support. No worries, I gave my user id (very public) and the asset number (on the laptop) when I called support. They gave me the override password without problems. The point is that I believe that the override password was handed over without sufficiently verifying who I was. Not an issue for a dumb thief but a major one for someone involved in corporate espionage.

Re:This makes no sense

[4alexnyc]

Thats not a good implementation for a corporate deployment. In our system (PC Guardian), there's a self password reset that involves the user answering 3 person questions that they created during the initial installation. If they forget those passwords, then they can call the help desk. PC Guardian uses a public/private key system where the end user reads a unique public key, and the help desk then can identify a private key that only unlocks that laptop. This prevents the end user from obtaining the master password. PC Guardian also provides a facility to globally change all master passwords should it become compromised. While I did not want to make this sound like a product pitch, PC Guardian is an example of a good encryption deployment. sou I would hope that other systems have a similar system.

Re:This makes no sense

[hughk]

We were using SafeBoot. Not a wonderful system but we desperately needed HD encryption. My own laptop was full of interesting data about clients that was being picked up as part of an anti-money laundering project. Safeboot wasn't the worst option, but the implementation was very poor and I was shocked by how easy it was to get the support desk to override it.

Re:This makes no sense

[meme_police]

I work for a GE subsidiary and because of recent laptop losses that have garnered us lots of bad karma we have to install SafeBoot on all laptops. I hope the helpdesk aren't pushovers when receiving calls to reset keys.

At least one bank does

Posting anon for obvious reasons, but those of you banking at JPMC may rest assured that we already do use full disk encryption on laptops. Wouldn't be at all surprised to learn other banks do.

Forgetting the password

[dapyx]

A co-worker activated the (mandatory per IBM security policies) hard disk encryption and when asked for the password, he entered it wrongly (twice!) and he couldn't access it. He spent several hours trying all the permutation of his password, but he was lucky and eventually got the correct one. :-)

Why ?

[PainBot]

Because the people who steal laptops are often the type of people who won't know about this, so it won't protect you from being robbed...

Re:Why ?

[eric76]

The point is that whoever ends up with the computer can't access your hard drive and retrieve confidential data.

If someone steals the laptop and can't access the data, all you lost was the laptop, your access to it, and your modifications of the contents (you do have it backed up at the office, don't you)?

If someone steals the laptop and the data is available, you've lost the laptop and your access to it. But you might be able to retrieve your modifications of the contents when they are posted across the Internet for all to see.

Of course, that confidential information may make it into the hands of someone who can use it so you may also lose thye contents of your bank account, find your credit cards charged up, serious damage to your company's image to the public, possibly several millions of dollars in lawsuits, the wages of the people it takes to deal with the situation, etc.

It is, or at least, it should be, a no-brainer if you have any kind of confidential information at all.

Re:Why ?

[uber_geek9]

Do you understand what's being discussed here? It's NOT how to keep your laptop from being stolen. It's how to protect its contents in case it IS stolen. Not trying to prevent theft -- trying to make sure your data doesn't fall into the wrong hands.

Re:Why ?

[SeaFox]

Because the people who steal laptops are often the type of people who won't know about this, so it won't protect you from being robbed...

Yup, they'll still steal your laptop, the difference is you'll be just out a laptop, instead of having someone stealing your identity and ruining your credit or releasing confidential work information and getting you in trouble at work if you have the drive encrypted.

Encryption can also come in handy for getting around Windows limitations. I ran out of space on my internal drive on my home PC (running XP Home ed) and needed a way to add more storage space for myself. I had another HD installed in the machine, the probelm being this computer is shared with the rest of the family and that second HD would be easily accessable to everyone thanks to XP Home's lousy user account privacy (and yes, I'm aware even with account privacy in use your files are still accessable with enough digging). The solution was TrueCrypt. I encrypted the entire second HD and set the drive to auto-mount when I logged on. So when I log on I'm prompted for the password, and the drive is usable after that. As long as I'm not logged on at the same time as somebody else, they can't access it.

Re:Why ?

[MoriaOrc]

The point is that companies storing sensative data on laptops should do this. That way, when a criminal steals their laptop, they only get a laptop they can't access instead of a laptop with 1000s of peoples personal information on it. Of course, people with personal laptops that have sensitive information on them (maybe bank account related, or other financial stuff) would probably want to do this for the same reasons.

Re:Why ?

[nurb432]

its got nothing to do with protecting your laptop, its to protect your data.

The guy that is stealing your laptop for drug money doesnt care if he cant get data off or even what that data might be. He just going to sell it for a quick 50 bucks on the street corner and move on.

Now, the guy that buys it MIGHT care, and try to get your data off.

Why Encrypt Everything?

[DragonWriter]

Full Disk Encryption gives you the access overhead that comes with encryption/decryption for every access to the hard disk. Why not just encrypt the sensitive data if you want to avoid leaks of the sensitive data?

Plus, a lot of the recent newsworthy leaks would be avoided or minimized by using encrypted access to sensitive databases via an application on the laptop, rather than people copying large databases of sensitive data to their laptop to take it home and work on it, and then losing the laptop.

Re:Why Encrypt Everything?

[TubeSteak]

Why not just encrypt the sensitive data if you want to avoid leaks of the sensitive data?

Because it is not that simple.

Sensitive data gets dumped to the swap file, Your word/spreadsheet/e-mail/other client will dump backup/temp copies in unencrypted places, etc etc etc.

It isn't enough just to encrypt sensitive information, you have to make sure every application that touches the info will not compromise your efforts.

Re:Why Encrypt Everything?

[croddy]

You have to encrypt everything; otherwise they know which data is sensitive. Make them work for it!

Re:Why Encrypt Everything?

A good point, but I disagree.

"Full Disk Encryption gives you the access overhead that comes with encryption/decryption for every access to the hard disk."

Performance overhead shouldn't be that much, considering laptop cpu speeds vs laptop disk speeds.
I'd personally worry more about the power consumption overhead.

"Why not just encrypt the sensitive data if you want to avoid leaks of the sensitive data?"

Simplicity. You don't have to do a risk assessment every time you save something,
neither do the people who really shouldn't be allowed to touch a computer, yet your company gave them laptops.

Re:Why Encrypt Everything?

[Tchaik]

Don't forget automatic backups...

I put all my sensitive documents in an encrypted image (OS X sparse image) and it took me a while to realize Quicken was making historical backups of my data on my regulare drive! Luckily it's overridable in the preferences...

Re:Why Encrypt Everything?

[RobertLTux]

easy to fix (FSSVO "easy") you setup things so that swap is directed to its own partition and temp is redirected to c:\temp

1 encrypt the profile directory (and the system wide copy)
2 encrypt the temp directory
3 encrypt swap
4 audit the apps to find out any funky stuff
5 profit !!!!

Re:Why Encrypt Everything?

[splorq]

If you could guarantee that sensitive data would be encrypted, partial disk encryption would be fine. However, many programs write sensitive data to temporary files. Those files might not be encrypted and it's very unlikely that the data in those temporary files would be properly deleted. Same thing holds for system swap files. Yes, a system could be properly configured to avoid these pitfalls, but it depends on the computer owner, the OS people, and the application people. Using full disk encryption eliminates all of these pitfalls.

Re:Why Encrypt Everything?

[cjmnews]

Which is why the original question was regargin encrypting the entire hard drive, then the swap file and temp copies are also encrypted. No worries there.

Personally I have all of my "real" work stuff on encrypted drives, and my financial data at home on an encrypted drive.

Key management is the big issue. You need to have control over your private key. Auto expiration with poor key management lead to nightmares. Secret Agent is one of these nightmare systems where if you key is expiring on your encrypted drive, you have to add a friend to the drive, deactivate your old key, create a new key, your friend adds your new key and you eliminate your friend's access. For a 1 GB partition this is about 3 hours of time. Not good.

I use PGP Disk to get around this because you can still decrypt your expired keys and add a new key on. The process taking less than 30 minutes to accomplish for a 1 GB drive.

Re:Why Encrypt Everything?

Sensitive data gets dumped to the swap file
Start->Programs->Admin Tools->Local Security Policy, then under Local Policites/Security Options enable Shutdown:Clear virtual memory pagefile

Re:Why Encrypt Everything?

On a decent OS with a properly written application, backup and temp copies remain in the home directory, so all you have to encrypt is swap and home directory.

Re:Why Encrypt Everything?

[DragonWriter]

Yes, a system could be properly configured to avoid these pitfalls, but it depends on the computer owner, the OS people, and the application people. Using full disk encryption eliminates all of these pitfalls.

I would think all of these could be addressed by the people setting up the system (assuming a environment where the average user doesn't have admin access, but the system is set up by an IT shop that does): you know what software is installed, you should know where it stores data, and you control where the user can store data. So you ought to know what places can end up with sensitive data and what cannot.

It's the encrypting file system

and it has been around since Win 2000.

It's not really "full disk" encryption, as it applies to a single file or folder.

See http://www.microsoft.com/technet/prodtechnol/winxp pro/deploy/cryptfs.mspx for more

Re:It's the encrypting file system

[Crayon+Kid]

Ah, but would you entrust your machine to a TPM device... from Microsoft?

Re:It's the encrypting file system

Windows has had support for EFS since Win2k, but the BitLocker feature in Vista is different.

http://www.microsoft.com/technet/windowsvista/secu rity/bittech.mspx

Re:It's the encrypting file system

[duffbeer703]

EFS is pretty easy to break. Taliban and Al Queda types used it on all sorts of laptops in Afghanistan. According to to the papers, the feds were able to break the encryption within hours or minutes.

Never underestimate ...

[Youx]

Why Not Use Full Disk Encryption on Laptops?

Because a disk encrypted with password qwerty or abc123 won't be much more secure than an unencrypted disk? :)

NEVER underestimate people's stupidity/lazyness ...

Some data and personal perspective on that point.

[Junta]

This post written from a laptop with a LUKS-root filesystem. I catted a 280 MB file into dev null, it took 17.8 seconds. I copied that file to a filesystem on the exact same drive, umounted the filesystem, remounted it, and tested that, it took 12.5 seconds Top showed the crypt activity as taking about 50% of my cpu in the first case, my Pentium M at the time of measurement clocked only up to 800 MHz to accommodate the load. This test was repeated a few times with a small degree of variation.

Anyway, those metrics are actually more different than I would have expected. I was hoping to demonstrate that the difference isn't that much, but objectively it is disk io performance hit. In general use I don't notice it. I already had a crappy hard drive that was dog slow, and in the end adding encryption made it... still a crappy hard drive that is dog slow, and the extra slowness I didn't even bother perceiving until I tried to measure it. I used this laptop for a few weeks with no encryption, and on the next install did encryption from the get go on everything from /, and didn't notice a problem at all.

A better way to secure your data is to....

[zerofoo]

keep it off of portable devices. We grappled with this problem at the bank where I used to work. We opted for Citrix/Remote Desktop inside a VPN tunnel secured via RSA token and accessed via Verizon wireless broadband cards. This kept all non-public information off of laptops, securely stored in our datacenter.

-ted

Re:A better way to secure your data is to....

[theLOUDroom]

What did you do about swap files, temp files, caching, etc?

Did all these workstations have read-only physical disks or no physical disks at all?

Encryption enshmiption

[Angst+Badger]

I count on the contents of my thumb drive being easily readable to ensure its safe return if I lose it. I put everything in a directory tree that looks like this:

/nuclear_bomb_plans
/hamas_donations
/al_qaeda_c ontacts

That way, if I accidentally drop it somewhere, odds are that it will be returned to me by those nice boys at the FBI.

Simply

[goldcd]

because I trash laptops and have to recover data more often than I need to worry about it having been stolen.
If you do need to ensure something isn't stolen and you absolutely have to have it on your laptop without a net connection, then there are plenty of utilities that allow you to mount encrypted partitions.

We do

We do. At least all federal agencies do now, as a result of this fallout.

Just had mine encrypted a few months ago.

eCryptfs

[omnirealm]

A new addition to the 2.6.19 Linux kernel, eCryptfs, addresses many of these problems:

http://ecryptfs.sf.net/

eCryptfs is an actual filesystem operating at the VFS layer of the Linux kernel. It stacks on top of other filesystems like ext3 and encrypts files one at a time, with each file getting its own key.

Who cares about encrypting libc or the x.org libraries? People want to encrypt their financial, medical, and other such data. eCryptfs makes it easy to encrypt only what users want to encrypt.

Some ways that eCryptfs deals with the issues raised:

What happens when the user forgets his/her new FDE password?

The best answer is, ``You're screwed.'' That is the way it should be; without the secret, nobody -- not even you -- can get to the data.

Now, out here in reality, things can't be quite that convenient. Try telling the CEO that his third-quarter reports are lost forever. The next-best thing is intelligent key escrow. I tend to recommend (m,n)-threshold sharing, wherein a certain number of people in a group need to collude (say, 3 out of 5 people in the company) in order to reconstruct the secret value.

eCryptfs userspace tools have a pluggable key management infrastructure, and thus it can keep the secret value in any token device for which a module exists. These hardware devices do not need to be expensive. In fact, Thinkpads come with TPM chips built-in, and a TPM key module already exists for eCryptfs:

http://trousers.sourceforge.net/tpm_keyring2/quick start.html

How to manage the encryption key backup files?> Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys?

All of these are addressed with something like (m,n)-threshold sharing:

http://en.wikipedia.org/wiki/Secret_sharing

Also, because eCryptfs encrypts on a per-file basis, an incremental backup utility can just access the encrypted files on the lower filesystem. All of the information needed to decrypt the files is right in the header of each file; all you need is the key.

Who can access the system and its encrypted files?

This is a semantic security problem that the tools should definitely address. eCryptfs, in its current form, provides fairly flexible key management options, but the design goals of eCryptfs are much more ambitious, and they seek to address these sorts of issues:

http://ecryptfs.sourceforge.net/ecryptfs.pdf

How frequently does the password need to be changed?

Ideally, one would use eCryptfs in public key mode, so that is largely a non-issue. The secret can remain locked in a TPM chip, and the key can be escrowed.

How to prevent the user from writing the passwords down?

There is nothing wrong with writing passwords down, as long as the paper on which the passwords are written is stored in a location that can be made at least as secure as is necessary to protect the data that the passwords are protecting. In any event, the secret value can depend on a password *and* something else, like a file. The OpenSSL key module can be used in that way.

Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!

Not really; many laptops shipped today have TPM chips built-in.

Oh, yeah, and all of eCryptfs -- both the kernel and userspace components -- are GPL. Give it a try.

Re:eCryptfs

[undertow3886]

How does this compare to dm-crypt and LUKS? Their page doesn't make any mention of either, and it seems like reinventing the wheel. dm-crypt is already in kernel and uses the idea of stacked block devices (/dev/hda1 is encrypted but /dev/mapper/hda1 is unencrypted). With LUKS, key information is stored in a standard format in the partition header. Things like multiple passwords, etc., are supported.

Re:eCryptfs

[omnirealm]

How does this compare to dm-crypt and LUKS?

dm-crypt is a block device encryption tool. eCryptfs is an actual cryptographic filesystem. Files can sit side-by-side in the same directory and be encrypted with entirely independent sets of keys. Incremental backup utilities can access the encrypted versions of the files. eCryptfs is an order of magnitude more complex and flexible than block device encryption tools.

it seems like reinventing the wheel.

Read the paper:

http://ecryptfs.sourceforge.net/ecryptfs.pdf

Re:eCryptfs

[Sancho]

Who cares about encrypting libc or the x.org libraries? People want to encrypt their financial, medical, and other such data. eCryptfs makes it easy to encrypt only what users want to encrypt.

Level of security. Ideally, we'd have FDE in hardware (using a TPM chip, perhaps) to prevent tampering of your libraries should you be out of control of the machine for some period of time. Even better is encrypting/signing the bootloader and every file along the way to the applications and data.

I mean, what good is your encrypted drive if covert ops sneak into your hotel room, steal your notebook, copy your drive, trojan your binaries, then wait for you to enter your password so their trojans can e-mail it to them and grab your data. Or say you are expected to surrender your notebook at the airport so they can "check it for explosives" (this allegedly happened to some guy--they took his notebook into a separate room to "examine"--who knows whether they imaged th drive, as he wasn't allowed to watch while they examined his property).

I say make it as hard as possible. Make them replace the TPM chip and jump through as many hoops as you can to prevent your data from being stolen.

Re:eCryptfs

[omnirealm]

Ideally, we'd have FDE in hardware (using a TPM chip, perhaps) to prevent tampering of your libraries should you be out of control of the machine for some period of time. Even better is encrypting/signing the bootloader and every file along the way to the applications and data.

Integrity enforcement is an entirely different problem. If someone had access to your hardware at any time, all bets are off. Never mind replacing your system libraries; just install a physical key logger.

If you care about integrity enforcement on your machine, you can use a solution like SLIM in conjunction with eCryptfs on your laptop (to provide confidentiality), and you still do not need to encrypt every one of your system libraries.

Re:eCryptfs

[TheNetAvenger]

Level of security. Ideally, we'd have FDE in hardware (using a TPM chip, perhaps) to prevent tampering of your libraries should you be out of control of the machine for some period of time. Even better is encrypting/signing the bootloader and every file along the way to the applications and data.

Wow, you mean use that new OS... What is it called again, oh ya Vista, and turn on Bitlocker. Easy enough for a home user and secure enough for the FBI and CIA.

(Oh, but wasn't TPM evil, I would even bet there are articles on SlashDot that called Vista DRM Ware because MS has TPM support, which turns out to be used for Bitlocker) :)

Re:eCryptfs

[man_of_mr_e]

What eCryptfs does not solve is the issue of system integrity, and secure temporary storage. What good is it to encrypt your files if they can just scan your swap partition looking for data? or /tmp? or, as someone else said, they trojan other files on your system?

Re:eCryptfs

[omnirealm]

What eCryptfs does not solve is the issue of system integrity, and secure temporary storage.

Right. eCryptfs currently only provides data confidentiality for persistent storage in the event of compromise of your physical media. There is other software available to provide integrity (SLIM) and secure swap space (dm-crypt with a random key on boot).

Re:eCryptfs

[undertow3886]

Thanks for the heads up, this definitely is something to look forward to.

I have a question, or rather just a comment, regarding the footnote on page 5 of the document, where they explain why they can't use extended attributes because they're not supported everywhere. It's just too bad. I personally have them enabled (so I can use ACL's) and whenever I use a system that doesn't have them enabled, I feel like I'm in the dark ages. rdiff-backup can already handle extended attributes, and it seems so much cleaner than storing them in the file contents. Of course, I'm sure the file format wasn't designed by monkeys. Still, it's too bad.

The footnote goes on to say that EA's are used for caching (when available), which seems to agree with my (mostly unfounded) assumption that EA's would be better for performance. I would not be so bold as to assume that using EA's exclusively on filesystems where they are supported was something that hadn't been considered, so I wonder what was the technical reason that it isn't done in this way?

Re:eCryptfs

[omnirealm]

One of the many work items on the queue is to allow the metadata to be stored in the file header or in the extended attributes at the user's request; for now, the metadata resides only in the file header for maximum compatibility. Furthermore, extended attribute storage space is very limited in most filesystems (e.g., 512 bytes). In most cases, this is not a problem, but then number of keys that can be associated with any given file is arbitrarily limited. Also, extended attributes are somewhat of an afterthought for filesystems like ext2/3; the performance is abysmal. Lastly, common userspace tools like tar are not extended attribute-aware; users have to know to use star, for instance. eCryptfs will probably support EA's eventually, but due to the many problems with EA's, there are many higher-priority work items ahead of that at the moment.

Re:eCryptfs

[Sancho]

TPM is evil like Bittorrent is evil: both are tools which can be used for good (assurance that binaries haven't been tampered with; mass distribution of copyleft materials) or evil (locking away your legitimately purchased copyrighted media; mass copyright infringement).

I look forward to the day that I can trust that my binaries haven't been tampered with, as long as I can sign my own binaries to my key in the TPM chip.

Re:eCryptfs

[SuiteSisterMary]

Who cares about encrypting libc or the x.org libraries? People want to encrypt their financial, medical, and other such data. eCryptfs makes it easy to encrypt only what users want to encrypt.

Probably the people who don't want hacked versions slipped onto their machines to log all of their keystrokes, or something equally nasty.

Encryption serves a whole lot of purposes other than keeping your data unreadable, such as guaranteeing integrety, besides the obvious point that there's no point installing a deadbolt on your door if the hinges just pop right off.

Re:eCryptfs

[omnirealm]

Encryption serves a whole lot of purposes other than keeping your data unreadable, such as guaranteeing integrety

Encryption does not provide integrity; it provides confidentiality.

Hidden Root Key

All the FDE drives being marketed will have a hidden root key that allows the bearer of the key to decrypt any data on the drive. I suppose if you forget your key you could ask the drive maker nicely if they would share the root key, but I don't know if they would.

incremental/differential backups

[buckles]

I thought that encrypting just the home directory was a great security idea on my group's laptops. It is very effective in limiting liability against laptop theft.
Except that every day's incremental backup becomes a de facto full backup. So you have to start the backup as soon as you get to the office if you want to leave on time.

Physical Security...

[evilviper]

This is slightly off the topic, but in the same vein...

I continue to wonder, after every major laptop theft, why NOBODY is working on physical security.

Notebook hard drives are easily pocket-sized, and the only thing keeping the hard drive from sliding out of most laptops is the thin plastic shell of the unit. Build laptops with a very simple hinging door over the drive would be absolutely trivial. You probably also want to add thin aluminum shell around the drive to protect it from static discharge and other abuse.

Then, you tell employees to keep the drive in their pockets when they go into public. If it's really critical data, attaching a retractable cable (as seen attached to your janitor's keyring) between your belt and the drive will stop all but the most skilled, equiped and determined theives.

It's as if everyone in IT has forgotten the lessons learned from the past several thousand years of (physical) security developments.

Re:Physical Security...

[splorq]

If you're going that way, why not use a thumb drive for your data? Since 1 or 2 GB drives are (relatively) dirt cheap, unless you have insane amounts of sensitive data, a thumb drive should provide more than enough storage. They're small and light and very compact.

Re:Physical Security...

[evilviper]

IMHO:

A USB device may be cumbersomely slow, depending on the use of the data.

It's ALL sensative data. Getting a copy of $TEMP/%TEMP%, or perhaps the registry, may reveal some of the information on the USB device.

Still, it depends on the application, and is certainly better than the current trend of nothing at all.

Re:Physical Security...

[couchslug]

I also use a CF card in a PCMCIA adapter. No protrusion, no problem, and it cost about ten bucks.
They fit neatly into the laptop so they are protected better than a USB key.
While I have a PCMCIA adapter in my destop, I use a USB/CF adapter too.

For someone who needed a solution that wouldn't leave tracks, a "frugal install" to hard disk of a bootable CD image would allow any saved data to be kept to removable flash.

Re:Physical Security...

People already get mugged for their wallets, cellphones, iProducts, and site security badges. Once word gets around, they'll be getting mugged for their USB keys and the removable laptop hard drives you suggest as well.

Re:Physical Security...

[nzhavok]

What you suggest is a double edged sword.

If someone steals the laptop to reformat and resell your data is unlikely to become public anyway. In your scenario you most likely get to keep your data since it was in your pocket, which is good.

If someone targets the laptop because of data then it could make their job easier since they only need physical access to the laptop for a moment and they can slip out the drive, (say they are in front of you at the scanners in the airport, or a cleaner at your office place) and you may not even notice it, which is very bad.

IMO the best device is a combo of a keylock when you are off site, and an alarm when mobile. The alarms usually lock into the keylock slot of the laptop, then you get a second part for your belt. When they are seperated by some distance they both start emitting the sounds. I would personally prefer this to a removable hard drive, although this is best combined with disk encryption and regular offsite backups.

Re:Physical Security...

[Nick_Psyko]

Briefcase combination locks on the lid?

All screws under the keyboard. ;-)

Obligatory I'm more Old School than you post

[dave562]

The first time I used full disk encryption was KoH on my 386/25 laptop that ran G2 & G3 to clone those pesky flip and brick Motorola's. As for modern day FDE, the best implementation that I have seen was a friend of mine's laptop who worked for Morgan Stanley in their International Banking division. The OS was Windows XP, the hardware was a ThinkPad and the authentication mechanism was a PC-Card. Without the card, the laptop wouldn't even boot.

Free on Mac OS X...

[jpellino]

File Vault is included with ther OS to encrypt your home folder.

Re:Free on Mac OS X...

[acadiel]

Yep, it'll encrypt your home directory in an encrypted disc image that is automatically mounted when you log in. Pretty transparent to the users. I feel comfortable having it enabled on my MacBook, since it's AES 128 encrypted.

Stupid idea.

[kosmosik]

To encrypt entire disk it is a stupid idea. Few points:

- Performance - encrypting everything (cache, program files and so on) is a serious hit on performance, now you can say that hardware/performance it is not a problem. But don't say it to me when I see brand new laptop booting long time since you can login and launching MS Office in *few* seconds.

- Anyway why encrypt everything when it is the data (and not all of it) that you want to encrypt?

- Hassle - I mean when it is an option to just tick "encrypt my harddrive" checkbox it is paradoxically way to easy. You can imagine every clueless marketing staff member just ticking it to encrypt their worthless data. It is good that hard encryption is bit "hard" (like you need to provide a password and a key and have a clue what is going on) so people will use it only when they need it, so they will probably remember their passwords.

My boss asked me for this feature. I've just installed TrueCrypt for this. Told him to click on this icon and *remember* his password (probably he wrote it down and locked in a safe - perfectly normal and wise) so he can get his "special safe disk" for his important documents.

Re:Stupid idea.

[Cygnus78]

Anyway why encrypt everything when it is the data (and not all of it) that you want to encrypt?

Because you can not trust your system to never write this data on another location on the disk.

Re:Stupid idea.

re: Perfomance

99% users won't notice and I don't care if my user does experiance a slight performance hit if it enhances the security of my customers data (in our tests it was 5 to 10% on IO intensive operations)

re: Anyway why encrypt everything

Your laptop may contain confidential and public data. Your laptop should be secured to the highest classified data on your laptop. In addition - most users are lazy. If i have the choice (and I do) of encrypting the entire laptop or just one or two directories and "trust" that the user will do the right thing - I will encrypt the entire laptop. It eliminates my need to trust that user. And for users who write their password and paste it on the laptop - our solution is simple - we fire em.

re: hassle

I don't get this point at all. Its easier just to enforce whole disk encryption than rely on the user to make sure the data is encrypted.

You are doing your boss a disfavor if this how you approve solving a security problem.

Re:Stupid idea.

I'm encrypting my entire drive using a LUKSish approach (not LUKS, something I designed myself, but close enough to use for comparison).

Anyway, I really don't notice performance issues at all. It's certainly not as fast as it would be without encryption, but as a user it makes no difference to me. Linux's AES implementation is optimized pretty well and I have a relatively fast CPU.

There are, of course, cases where you can't take the performance hit, but for me, on a desktop computer, it makes no difference.

Re:Stupid idea.

[Bender0x7D1]

Performance - encrypting everything (cache, program files and so on) is a serious hit on performance, now you can say that hardware/performance it is not a problem. But don't say it to me when I see brand new laptop booting long time since you can login and launching MS Office in *few* seconds.

Performance doesn't have to be bad. A lot depends on the algorithm you use. Also, if you push the work to a trusted module, (which could reside in the hard drive), then you won't really lose time at all. Triple-DES is still secure, even if it has been superseded by AES. DES is incredibly fast in hardware. You just need to load the key into the hardware which is trivial.

Anyway why encrypt everything when it is the data (and not all of it) that you want to encrypt?

You can never be sure where applications are storing temp files or other information.

Hassle - I mean when it is an option to just tick "encrypt my harddrive" checkbox it is paradoxically way to easy. You can imagine every clueless marketing staff member just ticking it to encrypt their worthless data. It is good that hard encryption is bit "hard" (like you need to provide a password and a key and have a clue what is going on) so people will use it only when they need it, so they will probably remember their passwords.

It is far better from a security standpoint to encrypt non-essential information than it is to not encrypt important information. Also, security systems are supposed to be simple. Far too many systems were made overly complex and resulted in problems later on.

I don't think that FDE is stupid. I think it is an excellent idea - probably the best (and simplest) way to increase the privacy of our information. Yes, it means there is another set of passwords to manage but you could easily use an encryption system that has a "master" key that can be set once. So each company could set a master password for the drive and get at the data even if the user forgets their password. Once done, however, there is no risk from a stolen laptop, second-hand hardware or any other problems that have appeared on /. over the last few months.

Re:Stupid idea.

[physicsphairy]

"- Anyway why encrypt everything when it is the data (and not all of it) that you want to encrypt?"
In addition to what has already been mentioned:
*Because you probably cannot have computer X with you at *all* times. Who needs to break your encryption key if they can gain temporary physical access to your computer? Just compromise the system itself and listen for the password you type.

Encrypting the whole system (except for /boot on your USB dongle which you *do* have with you at all times) prevents any third party from every intercepting the computer and compromising the software. (If you connect to unsecured networks, of course, you are still vulnerable to remote exploits.)

*Because with a fully encrypted disk, there are less forensic hints to clue an attacker into what decryption strategies to try.

*Because simply knowing what you did and did not encrypt is a lot of information.

MOST IMPORTANTLY
*If you have classified information, or perhaps a million dollar program being tranported in a laptop, why take a chance?

For a corporate environment...

[Junta]

I'm going to use LUKS as my example, since the classic cryptoloop and older dm-crypt stuff can't do this.

The solution is for IT to have a person perform the install (already was going to be hard not to do so with the current state of installers). The IT person makes a master copy of the key using the company's chosen password, and uses a different key slot for the employee-known password. When password changes occur, IT people have to go and change the IT-friendly key slot to the new password, but leave the employee's alone. Then IT can recover data from laptops at user requests. This doesn't guarantee data recovery from a system if the user who can change the password on their own key slot doesn't want them to, but if the user wants to play nice to keep IT able to assist them it can work. If the user botches the IT key slot and needs recovery, tough. Data on a laptop in that circumstance should be relatively transient if remotely important, with the real copies on file servers where IT can manage backup and recovery as they see fit.

At work the mandate for Windows laptops is to use the built in encrypted folders mechanism, which is a lot like encfs. If they loose their user password for the account the data is gone, and this is just a fact of life they have to live with. One person went further and put some third-party whole disk encryption on their Windows laptop, a la dm-crypt, but I don't know if it is like classic dm-crypt setups where the key itself is simply a hash of the password, or if it is LUKS style, where the key is random (or at least psuedo-random) and itself is encrypted using the hash of passwords, allowing for trivial password changes and multiple valid passwords.

Re:For a corporate environment...

Does it bother anyone else that these types of systems with a master password as well don't use the password to decrypt the disk, they only are used to decrypt the real password that is used to decrypt the disk? That password may never be changed and once its broken, the entire disk is decrypted.

Re:For a corporate environment...

[Beryllium+Sphere(tm)]

>the mandate for Windows laptops is to use the built in encrypted folders mechanism, which is a lot like encfs. If they loose their user password for the account the data is gone,

Why not set up a recovery agent? It's under "Public Key Policies", though the documentation doesn't answer my questions about it.

Bah...

[Junta]

Encrypted swap and encrypted / the way to go in linux. In Windows there exists third party software that encrypts more widely Basically at the earliest screen before the XP logo is even displayed, someone has to blind type the password for it to boot. Guy at work uses it, I know no more details than that.

Try out TrueKrypt

[viking80]

TrueKrypt Foundation has a good stable and open source package.

Not a good defense

[Junta]

All the fingerprint and user authentication in the world is a poor defense against someone ripping out the drive, which is easy if the laptop is stolen. That's why it is generally a larger issue on laptops than desktops. Desktops tied to your desk at work have whatever physical security the company has invested in protecting it, leaving it open only to the possiblity of remote attackers (well, within reason, the physical security can be bypassed, but assume a perfect company for discussion). The whole threat of a laptop is physical security breaches, otherwise the discussion wouldn't be laptop-centered. As to not putting confidential stuff on laptops, it is a good idea, but that is a policy rooted in trusting the user to always be vigilant about the confidentiality of the data set they are working, trusting their judgment, and expecting them not to take convenient short cuts at 5pm on a Friday so they can get it done on the weekend without staying late or looking bad on Monday. I use full disk encryption so I don't have to even think about it. I'm fairly sure I have nothing on my laptop remotely of interest to anyone, but I never have to think too hard about it.

Re:Not a good defense

[56ker]

(well, within reason, the physical security can be bypassed, but assume a perfect company for discussion).

Yep, have you heard of a Keyghost SX hardware logger? Any person with physical access to the desktop could easily install one of those in seconds, leave it there for a week, retreive it and they have every single keystroke entered by the users who used the computer. Then they would know the correct username/passwords and no-one would be any the wiser. That method can't be used for laptops because the keyboard is built in.

Hackers who would remotely exploit a computer leave an audit trail of an IP address somewhere - this doesn't.

To be perfectly honest a company that cares about the confidentiality of the data they hold wouldn't expect an employee to take data home with them.

If you want an example of how someone can embarrass someone else with the contents of their hard drive you have no further to look than this link.

slashvertisment

and you can buy now while stocks last !

(please dont search google for not only free but better alternative products to reccomend to your enterprise)

I do.

[zojas]

my corporate-owned laptop runs ubuntu only. I encrypt swap, and the partitions where the stuff I work on for my company is kept. I've never noticed any performance problems.

now as to why other people don't, I have no idea.

Re:performance

I use FileVault on my MacBook and it's not slow at all.

Because there are more effective ways

[mikaelhg]

Why not encrypt your disk? Because there are more effective ways of protecting data and mitigating liabilities.

You don't really need to carry the data around. http://www.tadpole.com/products/notebooks/comet15. asp

Of course I can't!

[Junta]

I need my /boot unencrypted or else grub can't load my kernel, and of course the initrd with dmsetup and cryptsetup in it.

As for / and every other persistent storage, you're good encrypting it.

Apple's FileVault

[CmdrPorno]

I had Apple's FileVault enabled on my Powerbook. I decided that I no longer needed it and tried to disable it. I moved all the large files out of my personal folder first, so it would take less time to decrypt. I had plenty of free disk space, and the dumb thing still wouldn't decrypt! I ended up wiping out that install of OS X to get the encryption turned off.

FDE is in use in my workplace

[jahurska]

I work as a SW consultant for the mobile sector and all laptops in our firm have encrypted hard drives. The system is so that username and password is asked right when the laptop is booted kinda like bios password and after windows is loaded it automatically logins you to windows with those credentials. It's easy to use, no need to remember any additional passwords and also added benefit is that the administrators can login into it with their credentials if a user forgets his password.

The performance hit is real and noticeable though, but mostly affects hard drive related tasks, so that does not hinder my working too much.

Also all firms that I have been dealing with use encrypted laptops, so in my perspective the FDE is pretty widely used already :).

Travelling

[StarfishOne]

And then there's the "You're at the airport and some people want to inspect what's on your computer" situation. Having a fully (perhaps even partially) encrypted system might generate some unwanted and unneeded suspicion.

Re:Travelling

[Sigma+7]

And then there's the "You're at the airport and some people want to inspect what's on your computer" situation

In this situation, having a bootable Win9x partition has the same effect. Say that you need it for "compatability reasons", and install games such as Diablo. A LILO bootloader will help -- unless you configure it to display a menu, the security team will just consider it to be yet another power-on password.

Nowadays, laptop manufacturers do not expect you to use W9x, since it is outside of Microsoft's product lifecycle. Driver availablility may be limited - but at least your data won't be scanned.

As long as encryption is invisible (or has invisible stages), the guards won't be any wiser.

FDE Rocks!

[kittenjoy]

I'm posting this from a laptop with FDE right now and I think it's great (I do have 2GB of RAM though).

Re:performance

[Eideewt]

If they can't write the data that quickly anyway, where's the harm in providing it more slowly?

I already did...

[rickb928]

...for a 7 week gig at a semiconductor maker. IBM (yeah, now Lenovo) Thinkpad, and I had to enter a password at boot. No sweat, they asked me to give the password to the tech who received the equipment when I turned it in, but it could have been reformatted since I kept nothing on the local drive worth saving.

For what it's worth, this gig was all wireless on campus too, with VPN inside and outside the firewalls. I'm doing a long-term gig with a major financial firm now, and they don't use FDE. And they have NO, repeat NO NO NO wireless. The security team trolls constantly for unauthorized wireless and anything that transmits is confiscated as soon as they find it - cut out and trashed.

Both these firms suffer the same risks for their data. Either would suffer financially and risk complete failure if a critical breach ocurred. Just different ways of doing things.

Re:I already did...

are you a musician? you keep saying "gig" a lot and i'm not talking about gigabytes either. you must rock.

Because it's a pain on Linux

[IO+ERROR]

Encrypting your whole disk on Linux is somewhere between a minor pain and a complete nightmare. Support for it doesn't even exist on certain high-profile commercial distros (Red Hat) which you would THINK would have had it long ago because it's something their customers would want.

I had to put together my own unofficial packages to get an encrypted root filesystem on Fedora Core 5. (And then it broke on FC6, so no upgrading yet...) In theory, the support will officially be in Fedora Core 7, but there's still a bunch of code to be written between now and then.

Re:Because it's a pain on Linux

[man_of_mr_e]

Encrypted filesystems are not the same thing as full disk encryption. FDE also encrypts partition tables, boot sectors, etc... everything, and typically requires some kind of hardware assistance like a TPM chip. There is also "mostly" full disk encryption which has an unecrypted boot record but has everything else encrypted.

The point of a FDE is that your encryption keys are locked in a TPM chip of some sort, and you can't retrieve them with software. Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.

Re:Because it's a pain on Linux

[rts008]

Thanks for the work and the link! :-)

n00b question:
How does this compare/work with truecrypt?
(hdd failure- I'm just now formatting new hdd to install FC5)

I was planning on partioning the drive (200GB) with a main part. of 30 GB (FC5), 2GB swap, then divide the remainder in half: fat32 for SAMBA share, the other in ext3 for my FC5 storage.

I'm tempted to use truecrypt and encrypt my home dir and tmp dir's only on the main (30GB) part., then encrypt the swap part., and then use the ext3 part. as encrypted storage...leaving the fat 32 alone (just used for transfer on home net, the storage would be commonly used app's and files that I don't care if anyone looks at).

Would I be better off using your method or true crypt?
(mostly just use this PC for web, email, etc.-light weight stuff- and it's a decent system:
p4 prescott w/ hyperthreading @3.0 GhZ, 1 GB 333 RAM, and ugh-ATI 9600 pro 256 MB vid card)

For my use, I don't mind a *small* performance hit, but being a n00b, I have to ask: am I dreaming, or is this possible?

Thanks for any info.

Re:Because it's a pain on Linux

[IWannaBeAnAC]

Why bother encrypting the whole disk anyway? My instinct (as a programmer, but knowing not much about security) would be to just encrypt /home, /tmp, maybe /etc and /var, and I guess /swap if I was really paranoid.

What does encrypting the whole disk give you?

Re:Because it's a pain on Linux

[MobileTatsu-NJG]

Question: Suppose you use FDE to encrypt your disk, then your laptop dies. Is it possible to hook it up to another machine via USB enclosure and recover the data?

(I apologize for my ignorance, I've never looked into disk encryption before.)

Re:Because it's a pain on Linux

[tftp]

It depends on what has died in your laptop, and how.

Re:Because it's a pain on Linux

[MobileTatsu-NJG]

Something un-HD related. :P

This came up for me because I have a TabletPC that doesn't have an optical drive. I needed to reinstall Windows so I took the drive out, hooked it up via USB, and copied the install files over.

Re:Because it's a pain on Linux

Why should be the keys stored in the boot partition? If you have encrypted filesystem, you can only gain acces by entering the password at boot time, that is the whole point. The password must not be stored in the computer! To atack this, you need to gain the acces to the computer, install some kind of sniffer or keylog device, and then return the computer to its owner, which is one step more difficult that just stealing it.

Re:Because it's a pain on Linux

[acaspis]

encryption keys are locked in a TPM chip of some sort, and you can't retrieve them with software

And how do you unlock that TPM when you need to access your files ? I suppose you enter a passphrase or plug a USB dongle at some point during the boot process.

Encrypted filesystems require your boot partition have the encryption keys unencrypted

No. Just set up an unencrypted kernel+initrd which will prompt you for a passphrase or read a key from a USB dongle.

You don't need TCPA to protect your data against physical theft. Actually, a TPM is not even required to resist physical attacks (just read the specs). TCPA mostly aims to protect against software attacks (i.e. malware and unsophisticated users).

AC

Re:Because it's a pain on Linux

[tftp]

I have a laptop here which had a failure of the +5V power supply. The input was +16V (one of IBM Thinkpads), and when applied to a 5V-rated circuits it fried /everything/ in the notebook. I tested the drive - it's dead like a doornail.

There are several ways to encrypt the data on the HDD, and everything depends on how it is done. If you used a 3rd party s/w with a key that is generated from your passphrase then you are good. Just use the same s/w on the replacement computer, and it ought to recognize the drive.

Unfortunately, MS encrypted folders use a key that is uniquely generated for your account, and once you lose the account (on the dead computer) you can't decrypt anything. There are ways to add corporate keys to the system, so that in a company setting it's possible to recover the data; however this is /way/ beyond abilities of a typical user.

Finally, if the TCA is used then the TCA engine and the HDD controller can negotiate crypto keys, and the HDD can encrypt and decrypt data as it writes or reads the platters. This method is very secure because it ties several identities together (the TCA core, the internal HDD key data, the user's password, the account's GUID etc.) and I don't think it's worth trying to break. The good news is that I don't know of any computers today that can do this; maybe Vista will offer this.

Re:Because it's a pain on Linux

[lky]

Why use an external application when you can use DM-Crypt and LUKS that are already built into the kernel?

Re:Because it's a pain on Linux

[usrusr]

someone bad might find out how much swap you are useing.

something along that line. even if your paranoid, it does not mean there can't be someone more paranoid behind you.

one real advantage could be that it might be easier to implement in hardware, the cryptochip would not have to know anything about partitions etc.

Re:Because it's a pain on Linux

[TheRaven64]

There are ways to add corporate keys to the system, so that in a company setting it's possible to recover the data; however this is /way/ beyond abilities of a typical user.

Actually, it's trivial to export the keys so you can decrypt the files from a different machine. The problem is that this functionality is not mentioned the first time you encrypt a folder, so you only find out about it when you lose days.

Re:Because it's a pain on Linux

Everything is a pain on Linux, period.

Re:Because it's a pain on Linux

[kasperd]

Why should be the keys stored in the boot partition? If you have encrypted filesystem, you can only gain acces by entering the password at boot time, that is the whole point.

It is not a good idea to use the password directly to encrypt/decrypt the data on disk. It is more secure to only use the password to decrypt a key, which is then used for encryption/decryption of the rest of the data on the disk.

One reason for this is, that the key can be choosen at random, which means that even if two disks are encrypted under the same password, they will use different keys. The password will only be in memory for a short time while decrypting the key, once the key is decrypted the password is wiped from memory. Thus if somebody grab a copy of your memory through a firewire port, they may be able to decrypt the harddisk on this laptop, but they will not be able to decrypt the other one they stole while it was turned off, eventhough it was using the same password.

Also you may be better protected against some combinations of brute force and slight weaknesses in the encryption. Some attacks simply work better, if the adversary have access to a significant amount of ciphertext. There will be a significant amount of ciphertext encrypted under the key, and maybe the adversary even know some of the cleartext. But that key will be entirely random. Only a small amount of data is encrypted under the password (namely the key), and the adversary will not be able to make a good guess about the cleartext, as it is entirely random. Finally the encryption used to encrypt the key under the password does not need to make any shortcuts, and could thus be much more secure. It does not need high performance, spending one second decrypting the key at bootup is perfectly acceptable, spending one second decrypting a sector would be completely unacceptable.

Re:Because it's a pain on Linux

[kasperd]

Just set up an unencrypted kernel+initrd which will prompt you for a passphrase or read a key from a USB dongle.

I haven't actually set up a system like that yet, but I have no doubt, that it would be possible with Linux. From what I have read this is something that would be very difficult (if at all possible) to do with Windows. This is one great thing about Linux, the unencrypted kernel+initrd approach will work with any storage encryption. (And since the kernel and initrd does not contain any of your confidential data, it is no problem leaving it unencrypted). It does sound like on Windows the implementor of each individual storage encryption have to jump through hoops to even make it possible.

Re:Because it's a pain on Linux

[kasperd]

Why bother encrypting the whole disk anyway?

If you are using a hardware solution, encryption the whole disk may be the only option. Otherwise, you only need to encrypt those partitions containing sensitive data.

My instinct would be to just encrypt /home, /tmp,

Your instinct is not all bad :-)

maybe /etc and /var,

You really should encrypt /var, it does contain a tmp directory, and also some spools such as mail spool and printer spool. /etc is not the most important to encrypt, but still I would encrypt it. /usr I wouldn't encrypt unless it just happened to be on the same file system as something I wanted to encrypt. Encrypting just some directories on a file system is less practical. It requires support from the file system, and such encryptions are more complicated and thus more prone to have weaknesses because of bad design or implementation. I'd either encrypt everything but /boot, or maybe put /usr on a seperate unencrypted partition.

and I guess /swap if I was really paranoid.

In fact swap was the first thing I decided to encrypt on my laptop. Encrypting swap is simpler and less intrusive than everything else. Thus there is really not much reason not to encrypt swap. No need for complicated key management, just generate a new random key on every boot.

Re:Because it's a pain on Linux

[TheNetAvenger]

Question: Suppose you use FDE to encrypt your disk, then your laptop dies. Is it possible to hook it up to another machine via USB enclosure and recover the data?

(I apologize for my ignorance, I've never looked into disk encryption before

A USB or passcode can be used to access the volume with most of the full volume technologies.

Using the newest one in town as an example, Vista's BitLocker, you can use a USB device to backup your key. Bitlocker also will allow a non TP computer to encrypt a volume as long as the computer has a USB drive and the system is capable of seeing it at boot, and then uses the USB device in place of the TP mechanisms.

Most technologies have passkey or other methods that are user accessible, so that a volume will never be lost due to any hardware failures except if the drive itself fails.

Re:Because it's a pain on Linux

[TheNetAvenger]

Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.


For the most part you are correct. However there are file level encryption technologies that DON'T leave the keys unprotected even if they are store on an non-protected volume.

NTFS for example has file level encryption, but unless you logging into the system to access the keys or have the key backup, the encrypted files are visible in the MFT but not readable.

Full volume encryption is the most secure obviously, but doesn't mean that you can't make use of file level encryption for sensitive data as well.

Re:Because it's a pain on Linux

[TheNetAvenger]

Unfortunately, MS encrypted folders use a key that is uniquely generated for your account, and once you lose the account (on the dead computer) you can't decrypt anything. There are ways to add corporate keys to the system, so that in a company setting it's possible to recover the data; however this is /way/ beyond abilities of a typical user.



Actually it is quite easy to back up the key, MS doesn't educate the users on this enough though and users are stupid enough to believe that a big key fairy in the sky will help them recover their files.

PS Anyone using encryption on Windows2K,XP,Vista - GO BACK UP YOUR Key now if you have not done so.

Even on a home system, you can turn on an administrator level key so the admin key is combined with the user's key, that way little billie can't encrypt his porn without mommy being able to bypass it.

The tools are there and work good, but part of it is the education of users.

One thing good about BitLocker, Vista won't even let you turn it on, until you have the backup device and takes you through an education process.

Re:Because it's a pain on Linux

[man_of_mr_e]

Yes, but this ignores one point. If you're encrypting your root filesystem, and you don't want to have to enter a password to simply boot the computer (as opposed to logging in) then the system has to be able to decrypt the boot record, and all the OS system files to boot the OS to the login prompt (thus not having to enter a password twice, or give a single password to multiple users of the computer, or allow multiple passwords to decrypt the volume).

Using only encrypted filesystems, then the decryption keys for the public areas have to be available unencrypted, because you need to be able to boot enough of the OS to be able to read the filesystem and decode everything.

Re:Because it's a pain on Linux

[man_of_mr_e]

Entering a password at boot time is not a viable solution. The computer has to be able to boot the OS to a login prompt, which will allow the user to enter their password to decrypt their personal files.

Requiring a password at boot time has a number of problems. First, you either have to give everyone that uses the computer the same password to boot the system, or you need to use a multi-key encryption routine, which might difficult to maintain as you add or remove new users. Then there's the issue of users having to enter two different passwords (for security, you wouldn't want them to be the same) just to log in.

What you want is for the machine to boot and automatically decrypt the public filesystem information (the OS, and various other directories) securely (ie, it is tied to the machine via a TPM chip of some sort) without the need to identify the user, since you need a valid username and password to login this shouldn't be a security risk over and above any other security risk of someone stealing your laptop and having as much time as they need to fiddle with it.

Re:Because it's a pain on Linux

[man_of_mr_e]

That's just it, by using an unencrypted initrd, you are giving the attacker nearly all the information they need to crack the system. You're giving them the algorithm used (easily figured out from the code in the initrd).

However, that's not even the real issue. Suppose I worked for the CIA or FBI or NSA. I could easily install a keylogger or data dumper in that initrd and the next time you boot your system capture any data you enter, such as that pesky passphrase. You have an insecure boot channel, which provides plenty of opportunity for attack.

The TPM chip provides a secure path to the startup files by using, among other techniques, a two-phase handshake that requires the boot record to match the encrypted hash in the chip, and vice versa. If the boot files have been altered, the TPM chip won't allow the OS to boot.

But, even beyond all that, as i've said in other messages... requiring a passphrase to boot the computer simply isn't workable for a variety of reasons. The OS has to be able to boot without the user entering anything. And that is why your scenario really doesnt work.

Re:Because it's a pain on Linux

[majest!k]

Unfortunately, MS encrypted folders use a key that is uniquely generated for your account, and once you lose the account (on the dead computer) you can't decrypt anything. There are ways to add corporate keys to the system, so that in a company setting it's possible to recover the data; however this is /way/ beyond abilities of a typical user.

If you have an encrypted file from a Windows XP computer, as long as you know the logon password for the account that encrypted the file, you can decrypt the file. Check out EFS Key.

Re:Because it's a pain on Linux

[ISayWeOnlyToBePolite]

Encrypted filesystems are not the same thing as full disk encryption. FDE also encrypts partition tables, boot sectors, etc... everything, and typically requires some kind of hardware assistance like a TPM chip. There is also "mostly" full disk encryption which has an unecrypted boot record but has everything else encrypted. The point of a FDE is that your encryption keys are locked in a TPM chip of some sort, and you can't retrieve them with software. Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.

The technique the parent is refering to (luks+dm-crypt) boots from an unencrypted partition holding the initrd then promts you for a passfrase which combined with a stored hash calculates the key (only stored in ram). The upside of this is that you can use any bootloader, non-patched linux kernel and you're not locked to a particular filesystem (the encryption works on the block device level), the luks header also facilitates the management and use of several passfrases without re-encrypting the whole partition and is stored on the encrypted partition so it can be copied and opened from any luks supported system (including win32).

Re:Because it's a pain on Linux

[netpixie]

>> Yes, but this ignores one point. If you're encrypting your root filesystem, and you don't want to have to enter a password to simply boot the computer

WTF? You want security but you don't want to enter a password? You want to go swimming without getting wet?

Re:Because it's a pain on Linux

[man_of_mr_e]

Having just read his links, I see that he didn't exactly phrase his comments correctly. He wasn't merely getting an encrypted root filesystem.

However, be that as it may, this technique is still vulnerable to several man-in-the-middle style attacks, such as installing a trojan in the initrd, something that cannot be done with a trusted computing platform encryption. Further, the use of hashes creates a collision attack vector. One need only generate a passphrase that creates the same hash, which depending on the hashing used may be easier than others. Obviously, the original hash has to be unencrypted, so you know what the has value is, which is half (if not more) of the battle.

The question is, how badly does the guy that stole your laptop want that info? It's certainly better than nothing and will likely deter all but the targeted industrial (or governmental) espionage attacks. Then again, i'd rather use the best solution, rather than a "good enough" one. Isn't that why people use Linux instead of Windows in the first place?

Re:Because it's a pain on Linux

[man_of_mr_e]

Nice of you to ignore the rest of my message.

You boot your computer, and it's sitting at a login prompt. How is this any less secure than sitting at a password prompt to boot the computer? Especially when you have a trusted boot path like the Trusted Computer Platform provides. you can't run programs, you can't do anything short of using a logic probe to try to decode the binary signals in-memory.

If you have a sufficiently strong login process, a boot password is just superfluous.

Re:Because it's a pain on Linux

[mennucc1]

I do encrypt only /home (that is in its own partition) ; I do not care for /etc , /var (/var/mail is always empty in my laptop ) . I am not encrypting swap, and I know it is not a good idea.
My 2cents: if you do not encrypt the whole root fs, do remember to move /root/.ssh into an encrypted volume. In my case,

mkdir /home/root
chmod og-rwx /home/root
mv /root/.ssh /home/root/.ssh
ln -s /home/root/.ssh /root/.ssh

and similarly for /root/.gnupg .

Re:Because it's a pain on Linux

[TheNetAvenger]

Yes, but this ignores one point. If you're encrypting your root filesystem, and you don't want to have to enter a password to simply boot the computer (as opposed to logging in) then the system has to be able to decrypt the boot record, and all the OS system files to boot the OS to the login prompt (thus not having to enter a password twice, or give a single password to multiple users of the computer, or allow multiple passwords to decrypt the volume).

Using only encrypted filesystems, then the decryption keys for the public areas have to be available unencrypted, because you need to be able to boot enough of the OS to be able to read the filesystem and decode everything.


I'm not sure which part you are confusing. Are you suggesting using FS level encryption for a volume's boot record, or do you not understand that volume level encryption is below the FS level encryption?

Let me try to shed light in both directions...

You wouldn't or shouldn't use a filesystem level encryption in this instance. File System level protection is not a viable choice for volume protection, it is only viable for select files or folders on the volume.

This is why for example NTFS's encryption (Filesystem level) is not meant to encrypt the entire volume, and why Vista's Bitlocker IS DESIGNED to encrypt the Volume. (I know these are MS analogies, but go look up NTFS encryption and then lookup BitLocker.) They give a good pro and con of each concept.

Trying to protect a volume with FS level encryption won't work without a two key stategy, pre-user authorization and user authorization. In contrast, bitlocker being below the FS, has a single integrated key concept, but yet lies underneath the FS for the volume. This allows the volume to boot, yet leaves it encrypted even while showing the Windows Login Screen.

What you suggest is not possible as it is circular in reasoning. If you want the to encrypt the boot record, then you want to encrypt the volume and not just the file system on the volume.

There is no way to encrypt a boot record at the FS level without needing a key or password to access it. So you are right that the volume key would have to be issued prior to boot, and why FS level encryption is not a good option for an entire volume.

I don't think I disagree with you, but I disagree that a FS encryption concept is securely viable for boot record/volume level encryption.

Does this make sense?

Re:Because it's a pain on Linux

[ISayWeOnlyToBePolite]

However, be that as it may, this technique is still vulnerable to several man-in-the-middle style attacks, such as installing a trojan in the initrd, something that cannot be done with a trusted computing platform encryption. Further, the use of hashes creates a collision attack vector. One need only generate a passphrase that creates the same hash, which depending on the hashing used may be easier than others. Obviously, the original hash has to be unencrypted, so you know what the has value is, which is half (if not more) of the battle.

The hash is generated by random not calculated from the passfrase. The passfrase + hash generates the key. To install a trojan on the initrd you need physical access to the drive then return it without the person being attacked noting it. This could be worked around by booting from an usb stick carried with you at all times. I don't see how tpc adds security in this scenario.

Re:Because it's a pain on Linux

[acaspis]

You're giving them the algorithm used

Obviously you need to learn about Kerckhoffs' principle.

I could easily install a keylogger or data dumper in that initrd

You'd have to borrow my laptop, get access to the disk (i.e. reboot from a CD or disconnect the disk), install the keylogger, and return the laptop without me noticing. If you can do that, you could as well disable the secure booting code in the BIOS or hack the TPM itself.

Or you could exploit a security hole in my OS to install the keylogger with e.g. a virus. But if your virus has enough privileges to alter the boot partition, why bother installing a keylogger ? Just steal all the files you need. And this would work against a TCPA system too if its OS is unsafe.

The OS has to be able to boot without the user entering anything.

So you would like your computer to boot without requiring any authentication while the thief is sitting in front of it ?? No, I suppose you actually expect the user to enter a password on some kind of login screen. How is this different from entering it earlier in the boot process ?

AC

Re:Because it's a pain on Linux

[Cyberax]

Actually, you CAN decrypt it if you know your password and can access the system keystore. Just use this program: http://www.crackpassword.com/products/prs/mswin/ef s/?r1=rus_eng&r2=aefsdr

Re:Because it's a pain on Linux

[IWannaBeAnAC]

Why not put root's home directory on the encrypted partion to begin with? IIUC the only reason root's home dir is not /home/root is that if you can't mount /home for some reason, root can still function. Security would override that.

Re:Because it's a pain on Linux

[LordNightwalker]

Entering a password at boot time is not a viable solution. The computer has to be able to boot the OS to a login prompt, which will allow the user to enter their password to decrypt their personal files.

And since it's you saying that, it must be true! Who the hell are all these arrogant people who actually want to see proof, or at least some sort of reasoning behind your statements? Arrogant pricks! You say it's not viable, you have a slashdot account, you are absolutely correct in, and let me emphasize this: every fucking thing you ever say, even in your sleep!!!

Anyway, me being an arrogant prick n' all... Why exactly do you reckon entering a password at boot time is not a viable solution? Remember, we're talking about people with sensitive data on their company laptops, which must be unaccessible under any circumstances should the laptop ever be stolen, so if your whole argument hinges on the "but they're elderly morons who can barely use Windows" line of reasoning, don't waste our time replying.

Requiring a password at boot time has a number of problems. First, you either have to give everyone that uses the computer the same password to boot the system, or you need to use a multi-key encryption routine, which might difficult to maintain as you add or remove new users.

Which quickly becomes a logistical nightmare in the context of the original question: "Why not use FDE on mobile devices?"... Imagine each and every user of my personal company laptop needing his own personal password to boot the device... Or the trust issues raised by sharing the single password (in case we don't want to go the multi-password route) with all the other users of my personal company laptop. It basically boils down to one of two choices:

• I create a new password for... let me count them... not a single soul on this planet...
• I share my password with, and thus must evaluate the trustworthyness of... let me count them again... nobody!

It's not like I haven't got anything else to do, you know? My shedule is pretty hectic already without all this extra hassle...

What you want is for the machine to boot and automatically decrypt the public filesystem information (the OS, and various other directories) securely (ie, it is tied to the machine via a TPM chip of some sort) without the need to identify the user, since you need a valid username and password to login this shouldn't be a security risk over and above any other security risk of someone stealing your laptop and having as much time as they need to fiddle with it.

Because we all know the contents of /tmp, or the logfiles on the computer are utterly worthless without the data in your home directory... The whole friggin' point behind encryption is you leave no possible attack vector uncovered for potential attackers to exploit! You want to make it as hard as possible to get to any data on the harddrive at all, except for a well chosen subset of files on a separate partition needed to boot the computer into the "query for decryption password" stage. On Linux, that means the only partition you don't encrypt is /boot; all the rest, even swap, should be encrypted if security means anything to you.

If, however, "security" means nothing to you, like in your case, why bother with encryption at all? Do us all a favor, and leave this topic to those who actually know something about it, instead of spreading your dim witted halftruths as the holy gospel, ok? There's enough misinformed morons in this world already without you having to dumb them down even more.

Re:Because it's a pain on Linux

[LordNightwalker]

In fact swap was the first thing I decided to encrypt on my laptop. Encrypting swap is simpler and less intrusive than everything else. Thus there is really not much reason not to encrypt swap. No need for complicated key management, just generate a new random key on every boot.

I wouldn't exactly call it less intrusive; it has one big downside: suspend to disk doesn't work with encrypted swap...

Well, that's not entirely correct; suspend to disk still works fine. It's just the resume after the reboot that stops working...

It all boils down to what you need most: security or convenience. You can have both with some sort of hardware encryption with a passphrase and/or dongle, something like those SecureIDE encryption devices you place between your IDE interface and your harddrive. But from what I've heard (don't know if this is true, so take with a grain of salt), most consumer encryption hardware solutions use weak encryption anyway.

Re:Because it's a pain on Linux

[Mr_Perl]

Gentoo makes encryption of your home partition + swap dead simple. Set up your tmp directories with tmpfs (like you should anyhow on a laptop)

1. Modprobe dm-crypt
2. emerge cryptsetup, run it once after losetup to initialize your device.
3. edit /etc/cryptfs based on the examples

You can do the root fs with a little more effort but most people won't store anything sensitive outside of their home directory anyway.

Re:Because it's a pain on Linux

[acaspis]

It's certainly better than nothing and will likely deter all but the targeted industrial (or governmental) espionage attacks. Then again, i'd rather use the best solution, rather than a "good enough" one.

If you are really concerned about industrial/governmental attacks, you should definitely read the "Maintenance" section in the TPM standard. It specifies an optional backdoor which allows the manufacturer to extract your keys from the TPM. Of course it's not called a "backdoor", it's just a convenient way to retrieve the so-called "non-migratable" keys when your motherboard dies, but you can imagine other uses.

I'd rather use a "good enough" solution with no known weaknesses against my threat model, than one which gives a false sense of absolute security. The key should not be in the laptop, even in a TPM, period.

AC

Re:Because it's a pain on Linux

[netpixie]

>> Nice of you to ignore the rest of my message.

As it is built on the fallacy I pointed out it is, by definition, fallacious.

Read the post by TheNetAvenger above if you want to work out what you are talking about.

Re:Because it's a pain on Linux

[jdbear]

I personally use Truecrypt on entire partitions. I don't lock up my whole /home file system, but mount the encrypted volumes after logging in. I use two encrypted partitions(entire disks) that are perminently installed in my computer, as well as two "portable" disks in USB enclosures.

The main reason I use truecrypt is that I share the portables with my work laptop, so that I can have access to sensitive data on the exteral drive securely when at home, or when travelling. It seems like a good compromise. Also, if my computer goes belly up, I can boot with a live-cd, and run truecrypt in traveller mode to access the data.

I can also take my external drive to anyone's computer, use truecrypt in traveller mode, and transfer files into/out of my encrypted drive to their machine. When I disconnect, everything is encrypted on my end.

Re:Because it's a pain on Linux

[Mr.Ned]

A month or so ago Debian added support for almost-full disk encryption (need to leave /boot unencrypted so the kernel can load); it's fantastically easy to set up and the installer presents you with an option during the partitioning phase to set all of it up for you.

Re:Because it's a pain on Linux

On Windows it's actually easy and no, You do not need specialized hardware. The best and cheapest whole disk encryption solution is http://www.jetico.com/bcve.htm. Works like a charm without any significant changes in performance. Install, set the boot password (and a USB token if You want) and there You go -- without the keys, nobody will ever know what's on Your hard drive.

Re:Because it's a pain on Linux

[Eunuchswear]

Seems a lot easier on Debian: http://www.hermann-uwe.de/blog/towards-a-moderatel y-paranoid-debian-laptop-setup--part-1-base-system

• Insert the installer CD and boot in expert-mode (don't hit ENTER when you boot, but rather type "expert").
  
• Partitioning:
  
  • Select manual partitioning. Remove all partitions (if any). Create a 100 MB /boot (ext3) as primary partition, and make the rest of the hard drive one huge partition which has "Use as:" set to "physical volume for encryption".
    
  • The standard options for cipher, key size, IV mode etc. should be fine (AES, 256 bit, CBC-ESSIV-SHA256, dm-crypt).
    
  • After the erasing is done (this is important!), use the whole encrypted space as "physical volume for LVM". Then select "Configure the Logical Volume Manager". Create one big volume group and a bunch of logical volumes for the various partitions we'll use (lv-root, lv-usr, lv-var, lv-tmp, lv-swap, lv-home).
    
  • It is extremely important that your swap space is encrypted (in this case it is, as all partitions except for /boot reside on a dm-crypt device)! Never set up unencrypted swap!
    
  
  

Re:Because it's a pain on Linux

[Fishbulb]

which sort of mitigates the whole point.

http://www.thefreedictionary.com/mitigate

OB The Princess Bride quote:
"You keep using that word. I do not think it means what you think it means."

Re:Because it's a pain on Linux

[kasperd]

suspend to disk doesn't work with encrypted swap...

True if you do it the way I suggested, suspend to disk will not work. Suspend to disk and disk encryption are not good friends, but it can be done correctly. Though any correct implementation would require you to type a password when waking up.

Well, that's not entirely correct; suspend to disk still works fine. It's just the resume after the reboot that stops working...

Of course if you setup a system in a way that would cause resume to fail, it would be a quite good idea to disable the possibility of suspending in the first place.

You can have both with some sort of hardware encryption with a passphrase and/or dongle, something like those SecureIDE encryption devices you place between your IDE interface and your harddrive.

Can you use SecureIDE on a laptop? Not that I would want to use any encryption that says 40-bit DES in the specs.

But from what I've heard (don't know if this is true, so take with a grain of salt), most consumer encryption hardware solutions use weak encryption anyway.

I think it is true, but I can't know for sure either. SecureIDE looks like the worst one based on the fact that it only uses 40 bit of key. But one thing they all seem to have in common is that they are not well documented and leaves no possibility for third parties to review the security of the implementation. Saying AES-256 is not what I consider documentation, I have seen more flawed ways to apply it than I have seen sound ways to apply it. So if they don't give more documentation, I will have to assume that most likely they used AES in the wrong way.

Re:Because it's a pain on Linux

[duffbeer703]

It saves your company public exposure and alot of expense in the event of a loss.

If you're a government agency, contractor or banking institution and you lose a laptop that may contain customer data, state & federal laws force you to publicly disclose the loss and be liable for damages.

However, if you can prove that the data is encrypted, you don't need to disclose the loss. The easiest way to ensure this is to simply encrypt the entire device. That way your organizations reputation is intact, and your liability is limited to the value of the laptop and any work.

Re:Because it's a pain on Linux

[LordNightwalker]

Can you use SecureIDE on a laptop?

Well, I haven't looked into mobile solutions, but my Abit IC7-MAX3 mainboard came with one of those for regular (3.5") IDE drives, and it's still in the box, unused... You certainly can't use that one inside a laptop since it's a little less than 2 by 2 inches, if I recall correctly... But maybe they have a module that can be embedded on a mobile mainboard, wouldn't surprise me.

Re:Because it's a pain on Linux

[Sloppy]

Encrypting your whole disk on Linux is somewhere between a minor pain and a complete nightmare.

Fortunately, encrypting your whole disk is also unnecessary. As long as you're not trying to encrypt /boot and / (root), the booting nightmares and custom initrd issues go away. Encrypting the places where important stuff gets stored (/home and swap) on Linux is incredibly easy.

Re:Because it's a pain on Linux

[Rosonowski]

I tried encrypting my porn once, but my mom found the large file and presumed it was porn and deleted it.

Re:Because it's a pain on Linux

[ocbwilg]

Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.

Not necessarily. The boot partition can keep a copy of your encryption keys stored in an encrypted format, which then requires a second set of keys to decrypt. So this way your system starts to boot, then tries to mount the encrypted filesystem, but first requires a passphrase to decrypt the keys. Of course, ideally you would want a token-based system, but there are some ways to make effective encryption of the filesystem.

In today's modern environment where just about everything will have two or more CPU cores available, the actual encryption/decryption overhead isn't that big of a concern. Our biggest concern with implementing a FDE solution for our mobile devices was key recovery in the event that someone lost their keys/passphrase. We're using PGPs Whole Disk Encryption, and it allows us to specify a second "account" or passphrase that has access to the decryption keys, so even if our user loses his keys and/or passphrase we can still get in.

Re:Because it's a pain on Linux

[irw]

Who modded the parent interesting?

Entering a password at boot time is not a viable solution. The computer has to be able to boot the OS to a login prompt, which will allow the user to enter their password to decrypt their personal files.

Exactly how do you think FULL DISK encryption works?

I've seen one or two of these in use (older bank-owned laptops). They prompt for a boot password before the OS loads. I imagine the disk encrypter has a driver which sits between the physical disk driver and the VFS layer (to which the boot-time key is given), though I suspect getting this key from the boot loader to the driver under windows involves some contortions. The TPM chip in ThinkPads is a better solution (here's TPM working FOR the hardware owner).

First, you either have to give everyone that uses the computer the same password to boot the system, or you need to use a multi-key encryption routine, which might difficult to maintain as you add or remove new users.

As for multiple users, the mechanism for HDDVD demonstrates a principle which could be used; a disk or volume key (single key) is used for the encryption, but is stored itself encrypted on a special boot partition. Multiple copies are stored, one for each user, encrypted with a different password for each user. This also allows corporate recovery should the user forget the password. Recall that changing the underlying encryption key for a partition would require re-encrypting the entire partition contents (therefore the key is very unlikely to change).

Then there's the issue of users having to enter two different passwords (for security, you wouldn't want them to be the same) just to log in.

Oh pity the poor users unable to get to grip with the concept of multiple passwords [/sarcasm]

How many passwords do you think the average user has to remember? Do you think the people who need to have encrypted hard disks are idiots? (okay don't answer that last question ;)

Re:Because it's a pain on Linux

If you'd like to run an encrypted root filesystem (including /etc, /var and friends), and encrypted swap on top of an established distro, take a look at JayOS. Although it's built on Linux From Scratch, the author releases bootable livecd ISOs for x86 and Intel Macs quite often. I should know, I am he :)

The latest addition is a rudimentary, yet effective technique to store and retrieve hidden data in your encrypted filesystems (plausible deniability). Custom build scripts and source are available, so even if you choose not to use it as a distro, you might learn a new trick or two for your own setup.

There is also a project page on Freshmeat.

Jay

Re:Because it's a pain on Linux

[Captain+Slow]

Define 'Linux'.

I'm running Gentoo and would strongly assert that the task is on the far 'minor pain' end of the spectrum. I did it using losetup, basic steps:

1. dump/restore everything to another HDD.
2. chroot/boot new HDD.
3. dd if=/dev/urandom of=/dev/hda bs=8192
4. wait
5. losetup -e aes256 /dev/loop0 /dev/hda
6. mke2fs /dev/loop0
7. mount /dev/loop0 /mnt/tmp
8. restore onto /mnt/tmp


Niggly details in papers here http://tldp.org/HOWTO/Encrypted-Root-Filesystem-HO WTO/ and here http://www.remote-exploit.org/index.php/Encrypted_ EFS.

Granted, you speak of customers, but for those with middling to good Linux skills this shouldn't be too hard.

Keep Key on USB-Stick

There should be some software that automatically decrypts a partition using a key on an usb-stick whenever it is inserted. This removes the hassles and problems arising from remembering and managing passwords. One only needs to remember not to leave the usb-stick with the laptop.

Re:Keep Key on USB-Stick

[Spazmania]

Sure, but where will you keep the USB stick? In the case with the laptop of course.

PGP Whole Disk Encryption

[Simon+Garlick]

http://forums.pgpsupport.com/viewforum.php?f=54&si d=749efb5b59855bac7e1a06eda016e4a9

If you need a reason why people aren't encrypting their disks, visit the PGP Whole Disk Encryption forum and take your pick.

Re:Some data and personal perspective on that poin

I'm posting this from a laptop with the entire disk encrypted with LUKS. It's a pentium-M notebook I use for development and mail/web. I don't notice any slowness at all. As long as you have enough memory to not use swap, it's perfect. And with the new Debian installer, it's easy too.

Give it a try.

Another advantage for corporate types who have to dispose of old disks securely: If all the data that's ever touched a drive has been encrypted you can probably get rid of it without the DBAN hassle. (No offense to DBAN, it's great)

Crypto is mandaroty

[Vaakku]

Encrypted hard drives have been mandatory for last 5 years on laptops. Working for telco, Welcome to europe.

context

[pruss]

In a number of contexts, loss of data is a more serious concern than loss of confidentiality. For the vast majority of self-generated data on my hard drive, I would be seriously inconvenienced by the loss of the data, but would not at all mind the data becoming public. For a significantly smaller amount of data, I would seriously mind the data becoming public, but I would more mind losing the data. Only a very small fraction of data on my computer is such that I would mind the data becoming public more than I would losing it.

In such a context, given that FDE makes data recovery harder and more time-consuming, it can make sense to encrypt only that tiny fraction of data where one would more mind its becoming public than one's losing it. In other contexts, it will be different.

Re:context

[kasperd]

In such a context, given that FDE makes data recovery harder and more time-consuming

Data recovery is only relevant if you didn't do your homework. Have a backup strategy and you'll be safe. If you have important data and no backup, you will get in trouble whether it is encrypted or not.

Re:context

[pruss]

I was assuming that FDE of originals would be matched by encryption of backups, and similar issues apply to the backups. Moreover, I can have a decent chance of reading unencrypted .tar.gz (or some other very standard format), or better .tar, backups in thirty years or so. But encrypted backups add one more issue--to read the backups in the future, I would need to remember the key (a serious problem for me over such a long time, and an even more serious problem if someone else is trying to recover the data on my behalf after I'm dead), and would need to have compatible decryption software.

I suppose one solution to the compatible decryption software issue is to use file encryption on the backups and store uncompressed clear-text of the source code of all the backup/restore/crypt utilities. (A strong argument for using open source for backups.) But there is still the key memory issue.

My context may differ from yours. I'm an academic in the humanities, and in my field (philosophy) data can remain useful for centuries, indeed sometimes millenia.

Re:context

[kasperd]

I suppose one solution to the compatible decryption software issue is to use file encryption on the backups and store uncompressed clear-text of the source code of all the backup/restore/crypt utilities.

OK, now I see what you were trying to say. And I very much agree that it is a good idea to stick the unencrypted source with the backups. I wrote my own software for backup, and I do keep the source in many locations, including three public accessible http servers. Though I don't keep the source for tar and gpg in those locations, even though I do rely on them for restoring backups. Neither do I keep the gzip source even though the other sources are tared and gizped. (gpg also does some compression, I'm not sure which one, I think the ratio is slightly worse than zlib).

My context may differ from yours. I'm an academic in the humanities, and in my field (philosophy) data can remain useful for centuries, indeed sometimes millenia.

If you have data that should be available to other people also in the future, it might be a good idea to make it available to them already now. Even if the data are not encrypted, you can't be sure that anybody will be able to find it on your computer without your help, or that they will even try to do so.

Theres another question not being asked

[brunes69]

.. and that's "What happens if and when something goes wrong with the encryption solution and you lose all your data"?

When I was issued a company laptop, I jumped right on the encryption bandwagon. I used Linux, so I encrypted umy home directory sing loop-aes. Unfortunatly I was usin Gentoo at the time, and this was early in the 2.6 kernel series, before loopback encryption was standard in the kernel. So I was using some kind of third-party kernel AES crypto module (still not exactly sure what it wasusing, emerge took care of the details).

Anyways, months later, my OS install goes haywire. For what reason now I don't remember. No big deal I thought, I will just re-install.

Problem was, with the current Gentoo, I couldn't decrypt my drive.

Skip ahead 4 days later. I have tried *everything* to decrypt this data - posted in forums, talked to crypt developers, even tried writing an AES routine myself to get the raw volume at least. Nada. I ended up giving up and starting over - after all, nothing *important* was lost, but I did lose 2 years woth of archived emails I really would have liked to keep.

Oh, what about backups you say? Well security-consious as I was, I decided to back up the encrypted volume.

Needless to say I remain very wary of full-disk encryption in any form. And I always back up unencryupted. Secure? maybe not. But at least I know that if I have a filesystem crash I can use standard ext2 recoveryt ools to get my essential files back.

Re:Theres another question not being asked

Or you can backup unencrypted to a file, encrypt that with gpg and a symmetric passphrase, and have the best of both worlds. Make sure the file is encrypted before you move it off of your hard drive.

Re:Theres another question not being asked

How much have you got to hide? So save your personal documents and spreadsheets with file-level (client) encryption in a folder that gets compressed. Typing 10 hours a day for 10 years is still negligible space.

Re:Theres another question not being asked

You said that you were using some third party encryption module whos interface or implementatation apperently changed after you upgraded. It seems as this could have been solved by seeing what portage was installing at the time, or what kernel / modules you were using, and reproducing that setup. Am I missing something?

Re:Theres another question not being asked

[kasperd]

You said that you were using some third party encryption module whos interface or implementatation apperently changed after you upgraded.

That happens. Earlier cryptoloop implementations had bugs in the way they computed sector numbers, which were later used as IVs. Those bugs could lead to data loss. Later versions fixed the sector numbers, but were incompatible with previous versions. I think it took 3-4 tries to get it right. We probably haven't seen the last case of incompatibility, as there is still not consensus about what is the right compromise between security, speed, etc. In fact I'm pretty sure there is not one solution, which will suit everybody's needs. But maybe we will eventually see some implementation with a few knobs that can be turned without breaking the entire system.

It seems as this could have been solved by seeing what portage was installing at the time, or what kernel / modules you were using, and reproducing that setup.

In principle yes.

Am I missing something?

Could be that the data were originally encrypted with an incorrect IV based on the wrong sector numbers. In that case it would be slightly difficult to decrypt correctly, but not impossible. But then again, if the container was in the exact same location on the disk as when it was created, then it should be possible to read it with the version which had originally created it.

Re:Theres another question not being asked

[brunes69]

Yes, you're missing something I said...

You're forgetting from my point of view the OS was fried and I did a re-install. I never thought "oh I should back up my entire portage tree beforehanrd', because it never occured to me that the maintainers would do something like totally replace an ecryption method in portage without allowing for backwards compatability. SO I had totally wiped the OS partition and re-installed before I knew that I could not mount the encrypted home parition.

Re:Theres another question not being asked

[nzhavok]

That sucks :/

In the future I'd recommend doing your backups over the network (your lan probably) to an encrypted USB drive running on another computer which is running Knoppix or something similar. The reason being that if you store that drive somewhere else, even if your house is burgled or burned down you can still retrieve the data with any modern PC as long as you have the drive (stored off-site) and can download an ISO.

Solutions are lacking

I have a laptop owned by the US Government for my work. The three letter agency that I do work for requires that laptop to run Pointsec to encrypt the hard drive. Overall it is a lacking product that slows processing considerably and takes the battery runtime and effectively makes it 1/3 of what the manufacturer states. I understand the need to keep data private from meddling hands, but it is a really hard sell when you effectively make the user plug into the wall and make the laptop more prone to crashing.

Was it...

Was it the hard drive password that the system asks for before even trying to start the boot loader, or is this co-worker in Lenovo land where actual encryption is required by the government agreement?

IBM company wide policy requires the hard drive password, but that isn't encryption (you can tell because on a normal hard drive with data on it can have a password applied and no work has to be done that would have to be done with encryption. The hard drive password is just something on the drive controller's non-volatile storage that the drive's controller board has to validate before it will service requests from the motherboard's drive controller. I don't know details, but at the very worst all that is required is to swap out the drive controller board to defeat it, hence why the government required stricter standards that actually do encrypt for IBM employees in a building shared by Lenovo people.

No, It Isn't Worth It

[logicnazi]

Yes, there have been several high profile laptop losses but compare this to the millions of laptops out there. So long as it is troublesome to deal with these encryption issues, costs significant IT resources or requires difficult procedures for the end user it just isn't worth it.

It is tempting to think of companies as simple top down structures where the management sets policies and the workers follow them but I think we all know this isn't entierly true. It is important to keep your workers happy and if laptop passwords are annoying to use their will be strong pressure not to use them or otherwise get around them.

Additionally one needs to take into account the fact that it is often harder to recover from HD mishaps when the data is encrypted.

Before we start seeing widespread adoptiong of FDE encryption I think we need hardware level two key systems. That is the diskdrive itself should encrypt all data entering the HD and decrypt all data leaving it after being furnished with the correct key. This key would be required to be represented *only* after the laptop had been shut or powered off (alternatively it could only be required to represent after the laptop has been powered off and the OS could lock when the laptop is closed which would require a power off to avoid). Management or IT would have a master key which could not be changed by the user allowing them to read the HD should the user forget the password or otherwise screw things up.

Furthermore this encyrption system should have the property that anyone knowing the key, the location of a block on the HD and the contents of this block should be able to decrypt this block, i.e., the encryption of a block on the HD doesn't depend on the values of other blocks. This would make data recovery no more problematic than it is today since management would have the appropriate key.

Halfway

[chill]

There is absolutely no need to encrypt the main hard drive. What? You afraid of someone stealing C:\WINNT?

The simply solution is to use USB disks/keys with encryption and stick all sensitive data on those. You can get 4 Gb solid-state and larger if you use something like an iPod. How many people really need > 4 Gb of secure data available off-net? The vast majority would be fine with fast USB 2.0 memory sticks.

Key escrow solves the "I lost my password" as well as employees that leave without telling their boss/replacement the passwords.

For super-secure stuff, make them call home first to check a CRL and validate they still have permission.

For those that don't like the USB stick solution, then partition hard drives and just don't encrypt C:\.

  Charles

Re:Halfway

[Knackered]

How many people really need > 4 Gb of secure data available off-net?

I do, and so do many people in many different businesses. Some of us actually visit other company sites and other companies, and we need our source code, product documentation, product plans, etc., to be secure in case we lose our laptops, or have them stolen in transit. That's considerably more than 4Gb data.

Your comment is in the same category as "nobody will ever need more than 640Kb".

Re:Halfway

[chill]

Your comment is in the same category as "nobody will ever need more than 640Kb".

No, it isn't.

I didn't say "nobody", I said "how many", implying that the vast majority DON'T need that much, which I stand by. There are exceptions, to be sure, and something like a portable hard drive, iPod, Archos, etc. would be suitable. Then you can get 20, 40, 80 or more Gb and that'll be enough for anyone for the time being. As your storage needs grow, so does the portable storage.

Re:Halfway

[xenocide2]

What about the pagefile? And how do I know what is and isn't writing stupid temp files to somewhere that isn't encrypted?

Re:Halfway

[chill]

OpenBSD, FreeBSD, Linux, OS X (Tiger) WinXP and Win2003 can all encrypt swap without much effort.

http://wiki.noreply.org/noreply/TheOnionRouter/Ope rationalSecurity

You can move your temp folder to the encrypted partition if you are worried about it. You can also set up a scheduled task to secure-wipe all free space on a regular basis, if you are really paranoid.

Re:Halfway

[nzhavok]

There is absolutely no need to encrypt the main hard drive. What? You afraid of someone stealing C:\WINNT?>

Someone with physical access trojaning C:\WINNT to get your passphrase/keys?

Redundancy and Corruption

[delta2]

Here is why you don't want to encrypt everything on your laptop:

Redundancy:
Encrypting files who's contents are known, the operating system, for instance opens your encryption method to known plain-text attacks. This is a big reason WEP is so easy to break. Known attacks for WEP exploit the redundancy in TCI/IP packets. Practical Cryptography by Bruce Schneier has a fun read about WEP.
Corruption:
Encryption makes files susceptible to corruption. A bit wrong in plain-text ruins a character of a text file. A wrong bit in an encrypted file ruins not only it's self, but propagates errors elsewhere.

My company does

[whorfin]

It's mandatory policy where I work that all windows notebooks have hard-drive encryption on, and also run network backup software. They were pretty annoying about it, and I'm certain there are people who've avoided/evaded it, they pushed it on the whole company.

It doesn't really affect the devs on my team...they just remote in to the beefy tower under their desk to do builds...the notebook is essentially a terminal/email/comm client system for them.

Why keep sensitive data on the laptop at all?

[heisencat]

With USB flash drives up to 4GB, and 100GB+ USB hard drives that will fit in a pocket, why not just keep it on your person (encrypted if necessary)?

Re:Why keep sensitive data on the laptop at all?

[SirTalon42]

Then you have to encrypt the removable device... and the computers swap, so the data doesn't get written to swap... and all temp directories any app might use... and the caches... pretty much you're encrypting everything anyways.

EncryptionPlus Hard Disk

[DoomfrogBW]

My employer uses EncryptionPlus Hard Disk since a data theft from a laptop in 2004 that compromised a hundred or more Social Security Numbers. I don't know how robust EP Hard disk 7.1 is, but it is such a big deal that all 60,000 employee laptops use the software.

File Vault has free space issues

[bigtrike]

You can only reclaim space from deleted files in file vault by logging out of the user account. This can be quite annoying.

Not True for All Laptop BIOSs

[Inhibit]

"because BIOS passwords are extremely insecure. If were talking about mobile devices, and you have a BIOS password protecting valuable information, its as easy as removing the CMOS battery, waiting 15 seconds, and popping it back in."

I'll inform all the buyers of low cost paper weights on EBay that they're missing this important feature of the IBM laptops.

While yours is a true statement for some laptops, it isn't a blanket statement for all laptops. There are many exceptions to the rule that BIOS/HDD laptop passwords are easy to break.

Re:Not True for All Laptop BIOSs

[nzhavok]

Hi, I have a T41p with a bios password set. After disassembling this laptop for some reason (I think I spilt blackcurrent juice in the keyboard, and I needed to clean it) as instruced to in the IBM provided service manual, I disconnected the CMOS battery. After restarting the laptop was giving a lot of beeps warning that the battery had been removed, but I was able to use the laptop without entering a BIOS password.

Re:Not True for All Laptop BIOSs

[Bent+Mind]

I've let laptops sit for a month without any power (including the CMOS battery) and I'm still greeted by a password prompt. I asked IBM about it. They said that the password is stored on a flash memory chip that is write/read protected. They then offered to replace the motherboard on my laptop for a couple hundred dollars, claiming that was the only way to reset a BIOS password.

I did once come across a website that claimed they could do it for a small fee. It's at: www.ja.axxs.net/unlock. I've never tried their service though.

Re:Not True for All Laptop BIOSs

[Inhibit]

It probably depends on the model. I also remember that some of the IBMs have different "levels" of password protection. One of 'em is a HDD MBR based scheme, the others on a flash chip. Could be that there's a third that's just BIOS battery based.

Check out BestCrypt for Windows

[__aaijsn7246]

Jetico has a new piece of software in Beta which I am testing on an XP laptop and desktop. It works quite well! I would like to see a full third party review of the source though, as it is closed source.. but it is perfectly stable and I have not noticed any performance drops. Of course I am not much of a gamer and didn't do any benchmarks but it does work for me. It encrypts the entire hard drive so you even need a password to boot. (On Linux I use LUKS.) Check it out here.

Looks like...

[Junta]

Based on the readme, it looks like encfs (which uses fuse and openssl). It might obscure more detail (i.e. with encfs you know how many files and directories there are, and their timestamps). How does it differ from encfs (http://encfs.sourceforge.net/)?

encfs is of course per user, and a somewhat nifty thing there is the pam_encfs module which can optionally used to get the authentication token to unlock its key. The implementation (since it's obviously has to be since it's a fuse thing) is more userspace than ecryptfs, but functionally speaking, what's the difference?

I understand well the benefits compared with dm-crypt strategy based on the circumstances and requirements.
With block level strategies, you have to decide the total size of the block device for protected vs. non-protected data. If you don't understand your needs well, it's difficult to apply a finer-grained approach to security, particularly if you are required to codify it into a company standard for people who you definitely won't understand perfectly the needs of. Because of this, the only generally feasible approach is to encrypt everything save for /boot (which I do). This has benefit for protecting against physical threats and people trying to reboot your system using a live cd or other such attacks. However, the key is always available to the kernel and all the data is visible, so a remote or local attack that acheives root privileges means all the data is exposed since a very coarse grained attack was used. On the bright side, it is also appropriate as a codified standard because users can't generally be trusted to correctly perform risk assessments on every save or understand all the temporary places they may save to, and it's the only way to protect swap patitions. I use dm-crypt with LUKS partitions for / and swap on my laptop, with a small /boot for the kernel and luks-enabled initrd.

encfs and similar strategies feasibly allow finer grained policies to go into place without making the tough size decisions as is needed with block strategies. This provides all the protection from theft and such like dm-crypt does. And if the policies are fine grained and the directories are only mounted as needed, a remote attacker achieving root access will only be able to get to file systems currently mounted, which may be a smaller set than the whole. The difficulty here is that when defining a finer-grained policy, you have to know which directories could ever hold sensitive data, If you are to protect swap you can't use a swap partition, but a swapfile in a directory protected by such a scheme, and in the end on a single user system (almost all laptops), effectively no matter what all the encrypted filesystems will be mounted anyway most all the time, so it's really not ultimately much of a functional difference. I make encfs available on a couple of multi-user systems, and generally have pam_encfs there to make their home directories encrypted. /tmp is always exposed and swap is still dm-crypt protected on that system.

Re:Looks like...

[omnirealm]

How does it differ from encfs (http://encfs.sourceforge.net/)?

eCryptfs is kernel-native; EncFS is userspace. Since EncFS is userspace and depends on FUSE, shared memory mappings are not possible. Furthermore, FUSE incurs tremendous overhead with context switching between kernel and userspace; keeping everything native in the kernel during the page reads and writes is a big performance boost.

eCryptfs has an entire infrastructure that is geared toward complex cryptographic policies. This work has yet to be done, but for now, eCryptfs is at least as functional as EncFS when it comes to providing data confidentiality, but eCryptfs can provide full POSIX compliance and it does not incur the overhead of continually bouncing between kernel and userspace.

Blame the applications

[erroneus]

Encrypted data is great. It's annoying but it's great for the security it can offer. But what is it we want encrypted? The entire OS? Hell no! Just the data we're working with... just the data that needs to be protected. And in the applications that use this critical data, there's invariably a username and login or some means of authentication into these critical applications. Hey! What a great time to introduce a little encryption based on some keys + username + password hash action you know?

Hell, for that matter, make sure critical data isn't stored on the system's drive! Make it link to a database online! Make the LINK encrypted.

The real solution is to identify the critical data and be careful with it.

You can't make safe cars no matter how you try... you can only make safer drivers.

Desktop Encryption

[algf2004]

I know this is slightly off-topic since we're talking about laptops, but for encrypting desktops I recommend:

http://siig.com/product.asp?catid=106&pid=474
or
http://siig.com/product.asp?catid=106&pid=475

It's 56-bit DES, but it's better than nothing and would stop most thieves.

Because users . . .

[Bagheera]

. . . don't like it.

I deal with some highly confidential data with my job. On my Linux laptop, I keep all the secure data in truecrypt partitions that I mount as needed. Under Windows I used PGPDisk and they were both more then adequate for my needs. Recently, the organization started implementing HDE across all the laptops. Their solution, while quite secure, is slow and annoying. NONE of the users like it. It adds time to the boot sequence, it puts a vulnerable (and easily lost) dongle on the laptop every time it's in use, and it adversly affects system performance on a laptop that's already straining under a corporate mandated software load.

Is my data safer? Not much, in my case (my important stuff's already encrypted). But for the average user? Yes. A lot safer. Are the users happy with this situation? No. Not at all. HDE's unpopular mostly for user inconvenience issues. We won't even go into the cost issues for administration and implementation.

The real reason we don't see more of it is because for most organizations, the security benefits don't outweigh the costs and user resistance.

Re:performance

[davepermen]

mainly for notebooks, battery power.

I would, but...

[kula.shinoda]

... I have my laptop turn itself on every day in the morning, and five minutes after that amarok starts playing my favourite songs on a low volumn, slowly turning it up over the next 10 minutes, to wake me up. Having to input a password would sorta ruin that :)

Re:I would, but...

[daverabbitz]

You could do what I plan to do (when I get round to it ;) and only encrypt swap, /home, and any other places you keep important data, and leave /usr, /opt, /music, /movies and any other places which hold unimportant data unencrypted (I could go either way on /etc and /var).

But I guess you'd have to do your amorak trick slightly differently...

Re:I would, but...

[kula.shinoda]

Interesting... at the moment my music is under /home, but it could be moved easily enough I guess. I'll have to have a play and see how much I can lock down before amarok gets annoyed/system won't boot far enough :)

Re:I would, but...

Hey cool, how do you make your computer turn itself on at a predetermined time ?

Re:I would, but...

[Dr.+Sp0ng]

You could do what I do, and have it store the key on a USB thumb drive that gets automatically read by the boot scripts. Then just leave the keydrive plugged into the laptop overnight.

Sure, the initial install is a huge pain in the ass, but once it's set up you don't even notice it anymore, aside from the fact that you need your keys to boot it up. More convenient than having to type a password every time.

Re:I would, but...

[kula.shinoda]

Sounds like a good idea also, I see I shall have to take some time to explore the options. I especially like the idea of actually needing something else to unlock the disk. What happens in the case that your thumb drive gets corrupted?

Re:I would, but...

[Dr.+Sp0ng]

What happens in the case that your thumb drive gets corrupted?

Heh. Back up your keyfile somewhere :) It's only 32 bytes (for a 256 bit AES key), so you could even print out a hex dump of it and store it somewhere safe.

Re:I would, but...

[kula.shinoda]

I had a fly at getting this going last night with pam_usb. I managed to get it working OK for login and kdm, but it doesn't work for xscreensaver, which is a major bummer as most of the time my laptop is on hibernate. I guess I'll have to look around for a newer solution, pam_usb is getting old now. Thanks for your suggestions :)

Re:I would, but...

[Dr.+Sp0ng]

I don't know how this would play together with hibernate mode (I use it on a desktop machine, and I've heard rumblings that hibernate may not work properly with encrypted filesystems for some reason). If I had to guess, I'd say that the kernel writes the memory dump to the encrypted filesystem, but the wake up code doesn't know how to read it back correctly.

In any case, pam_usb happens later in the process than you need for this. You can use it for login purposes as well, but I'm talking about entirely encrypting the root filesystem with a key on the drive. PAM stuff lives inside this encrypted partition, and the key needs to be found before the root partition is mounted.

When I set this up, I had to write custom scripts that work with mkinitramfs (i.e. the scripts that put together the initial ramdisk for booting) that loop through /dev/sd*, mount everything there and look for the key, pass it to LUKS/cryptoloop if it finds it and using it to mount the root partition, and then unmount everything and continue booting from there.

If you DON'T want the root partition to be encrypted, it is much easier to accomplish - you can do it all through /etc/crypttab and /etc/fstab, but I suppose you'd need a small script which runs on boot and mounts the USB drive, since this will all happen before the automounter stuff is running.

Like I said, it was a huge pain in the ass. If you'd like, feel free to email me and I'll give you more details on how I got it all working. What I should really do, though, is make a custom Ubuntu installer that does all this automatically. It wouldn't be too difficult.

Re:I would, but...

[kula.shinoda]

Heh, it all sounds as you say, a lot of effort :). And as it would be even harder to get working with hibernate, perhaps I'd better not bother risking my machine. In any event, now even if someone steals my laptop and knows (or guesses) my password, they won't get anywhere since they'd need my shuffle too :) (sure, anyone with more than a passing knowledge could still get in, but the barrier is a little higher now.

Flawed encryption schemes

[bongk]

There is an inherent flaw with many of the commercial laptop full-disk encryption solutions out there. I have the most experience with Utimaco's Safeguard Easy, but I know many of the other big players have the same fault -

The software has a feature called "Pre-boot Authentication", by which the encryption software is loaded after the bios, but before the (generally Windows) operating system. The user's password is used to generate the decryption key, so theorhetically not even the NSA could decrypt the laptop without the user's password.

Here's the flaw - the software has a checkbox to disable Pre-boot authentication. What this does is generate a default user with a random password, and then store this random password obfuscated but in clear-text in the same disk area decryption software. When you talk to the sales-people, they sell this as a feature, in fact about half of Utimaco's customers (so I'm told) run it in this mode because the encryption becomes transparent and it is much less intrusive on the user. (Basically the disk is automatically decrypted each time the laptop is booted, but you have to have a valid Windows login to get in.) Buried in the help documentation are warnings "For security reasons, you should Never disable pre-boot authentication". So the engineers and the company know the weakness of disabling pre-boot authentication, but they don't tell their customers when they sell the software.

Today it seems to break into these laptops with pre-boot authentication disabled you would need somewhat sophisticated tools and techniques, basically the same tools and techniques people commonly use to "crack" commercial software today. But I'm guessing that it won't be very long before someone takes the time to build this crack and releases it, rendering the laptop encryption useless to anyone who can Google for "Utimaco Crack", etc. Basically all the crack would need to do is grab the default user's password off the disk and use or duplicate the decryption algorithms that are also in clear-text on the disk.

I've talked to a number of IT security folks, and basically it seems like most people trust the sales folks and don't understand that its basically impossible to have strong encryption without having the decryption key stored off the disk (like on a smart card, or in the brain of the user.)

C:\Pr0n

[quakeroatz]

There is absolutely no need to encrypt the main hard drive. What? You afraid of someone stealing C:\WINNT?
No, but I'm sure no one wants people going through their C:\Pr0n directory.
Try fitting that sucker on a USB flash drive!

PointSec

[certain+death]

The company I work for uses pointsec on our laptops. There is integrated login (we use a novell client on winderz) that works just dandy, it does add about 5 seconds to bootup, but there is really no overhead to speak of when using the laptop (IBM T-41) and I am fully with using the encryption. I know someone above mentioned using encryption with Linux, but we don't use Linux on the desktop, we are about 15,000 employees, and use XP on the desktop/laptop with the exception of security guys (ME) we use a second partition or we use whopix or knopix and boot to a cd for pen/vuln testing. What I am trying to say is... I have never noticed any slowdown or issues with using it, and password reset can be handled with a one time pad, or by calling the helpdesk for a password reset.

Nonsense

[suv4x4]

Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time.

And who requested that analysis, if I may ask? The owners of laptops with very sensitive company data, who ALSO wanna get high framerate on Doom3?

Lower I/O performance is not an excuse for low or no security, is it? Not to mention that most of not all of the business/enterprise apps out there just aren't I/O intensive to begin with (and if they are, can't you wait, say a couple of seconds more to open that DB).

Re:Nonsense

[kasperd]

Lower I/O performance is not an excuse for low or no security, is it?

Seems like many people see I/O performance as a valid excuse for lowering security. Of course I agree with you that the statement about fragmentation impact on performance is nonsense, in particular in this situation. Yes encryption does lower I/O performance, but CPU speed increase faster than disk bandwidth. A few years ago, there would be a noticable slowdown from encryption, but not so much anymore. And guess what, if the fragmentation does lower performance, it will just make the encryption less noticable. Because if the disk needs more time to do the I/O, you will in fact have more CPU time to spend on the encryption before the CPU become the bottleneck.

I think it would be those doing CPU intensive tasks rather than I/O intensive tasks, that would notice the most slowdown to storage encryption. But of course all of these statements only applies as long as the encryption use a 1:1 mapping between physical and logical sectors. But almost every storage encryption does have such a 1:1 mapping, with GBDE being the only exception I know of. With some more complicated schemes, the fragmentation causing extra seeks could actually cause the encryption to require extra CPU and I/O resources. The 1:1 mapping does not have such additional cost.

Deciding, that you will not pay the performance cost in more complicated storage encryption schemes and going with a 1:1 mapping is a valid decission. Of course it should be a decission every company (or user) make themselves, however it seems in most case the designer of the storage encryption has made the decission for us. However the best schemes with a 1:1 mapping are so secure, that the additional security you could get is less important that all the security you already got from using encryption in the first place.

However I do have at least one good reason for encryption not being enabled by default in most systems. And that is the fact, that few systems have a really secure implementation of password change. In fact I don't know any storage encryption with a secure password change. In most cases the password change just reencrypts the same key under a new password, thus knowing the default password and the key which was originally on the disk will enable you to decrypt data even without knowing the new password.

That means the safe way to use storage encryption is to choose a good password, and use that password when enabling storage encryption. You should never change the password. If you have any suspect that somebody got the password or parts of the encrypted version of your data, the safe approach is to create a new encrypted container with a new password and copy all data from the old one to the new one. Finally you destroy the old encryption by overwriting it once or twice. If you encrypted the full disk, that would mean you'd have to copy the data to another media and back again.

For temporary data such as swap I'd recommend generating a random key at startup, and don't use any password at all. It does require a hardware random number generator to be really secure, as during bootup you wouldn't have had enough time to collect enough entropy. And for swap you don't have to worry about the risk of losing data on a reboot. If carefully implemented in the swapping code itself, encryption of swap space can be made very secure and completely transparent to the user. I think this is something that should be in every file system.

The only actual storage encryption mentioned in this comment is GBDE. That does not mean I recommend it. In fact there is a known weakness in GBDE, which would allow an adversary to break the encryption faster than brute force. Besides that there is a minor risk of losing data because of partial writes.

Better question: why laptops at all?

Why isn't the computer full of Social Security numbers/credit card numbers/addresses of people in the Witness Protection Program bolted to the goddamn desk?

If the worker bees handling this data need to work overtime, they should do it at the damn office. And if they can't, it's a human resources problem (i.e. hire more people).

won't matter...

[tomstdenis]

AES-256 + disk encryption + password="mittens" == moot.

How about we train people who hold sensitive data on how to manage it?

There's a shocking cool idea...

Tom

Re:won't matter...

[Shadyman]

You mean kinda like wireless encryption when the router's password is 'admin'?

Re:won't matter...

[tomstdenis]

Actually what pisses me off more is that they leave wep/wpa off. Then my stupid windows laptop connects to it by default....

But yeah, same idea. Well sorta. I mean your home network is probably less sensitive then say a person who manipulates medical records or some such.

We force people to have minimum training to drive cars, own firearms, and the like. Yet any stupid MBA can store a million accounts with credit cards on their laptop by just copying the database to a laptop or something...

Tom

Security mantra

[j.leidner]

Here is another solution to the question about whether to encypt laptop HDDs: take a deep
breath and chant:

"Security is an illusion."
"Security is an illusion."
"Security is an illusion."
(repeat at least 7 more times)

After that you should be enlightened.

Field technicians

[tepples]

In the context of stupid employers/empoyees losing laptops with sensitive databases on them, this isn't even a question - the data should never leave company premises unless it's encrypted, end of story.

Should this apply as well to "field technicians," or people who travel to client sites to perform essential job functions?

Re:Field technicians

[newt0311]

quite possibly yes. encrypted file systems + encrypted swap + encrypted ssl/VPN net connection = total encryption of data regardless of location and its not that hard to do it. encrypted FS and swap can be taken care of by LUKS and VPN is trivial with openVPN and ethernet TAP bridging.

Re:Field technicians

[Simon80]

Sure - keep in mind that I'm talking about sensitive data, not just everything. In fact, I don't necessarily think it's necessary to encrypt the entire disk. But if a laptop contains data that a company would very much prefer not to be available to anyone outside the company, then I don't know why it should be allowed to leave the premises unencrypted. It shouldn't matter who is taking it out, the bottom line is that if it's being carried around, it could be lost or stolen, and if it is, it's nice to know that a few million credit card numbers didn't just get released to a thief.

Backup solutions for laptops?

[Acer500]

A little off-topic, but which is the laptop backup solution you people use (Windows if possible)???

I've tried Brightstor ArcServe for Laptops and Desktops, and it's awful.

I've heard there's a solution from Symantec but I never tested it.

An ideal solution would have the possibility to backup from the field (VPN? Encrypted traffic?). The Brightstor solution actually promised that it would send the data in packets so as not to interfere with normal usage but didn't work that way in practise.

My boss even asked for a solution that allows the possibility to restore from the field, but that seems very far-fetched.

Re:Backup solutions for laptops?

[dogganos]

I use BartPE to boot diskless windows, and Ghost the whole laptop's disk to an external USB disk.

Re:Backup solutions for laptops?

[Leareth]

We use Syncback from 2brightsparks and do a smart sync using FTP and SSH for all the user's data file to a backup server.

When they are back in the office, Syncback dumps all their data to a external disk on their desk.

Not a system backup option like ghost, but useful for keeping the data safe.

Re:Backup solutions for laptops?

[jimicus]

I don't backup user PCs. It's just not practical.

As regards field users who are away from the office, this works under XP. No idea about Win2K.

While connected to the network, right-click on a directory which is part of a drive mounted from the network. Select "Make available offline".

Bingo. You now have a directory which is always available on the laptop regardless of whether it's hooked to the network or not, will get automatically resync'd with the server next time it's connected and all you need to backup is the server. Best bit is you don't need any further software and it will work whether you're using a Windows server as the fileserver or Samba.

If the staff are so seldom connected to the network that this won't work, neither will any other form of network-based backup. Give them a CD or DVD writer, a cakebox of blank media and a swift grounding in "This is how you backup your data. Do it, or you'll get no sympathy when (not if) your laptop is lost or damaged".

Re:Backup solutions for laptops?

[Acer500]

Thanks for the replies. I guess FTP with SSH or some other secure metod sounds OK. There's no magical software yet :) (hey, business opportunity?).

what?

****Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.****

Unencrypted? Couldn't they just use a hash?

Re:what?

[man_of_mr_e]

No, because the keys have to be used to actually decrypt the data. Hashing the keys would not give you that ability.

Trade off...

[Junta]

The traditional method dm-crypt and cryptoloop used was basically what you say, a hash of the password was used to encrypt the entire disk. Of course, no one ever devised a way to change the password in place, and even if they did, it would require all data on the disk to be re-encrypted. The key used to actually encrypt the data would likely be cryptographically weaker to crack, in theory. If you ever ever write down the password (I don't but some do) and then lose the paper, you can never be sure about the security of your data again short of re-encrypting the whole thing. I think this is probably the single thing people not researching it thoroughly misunderstand, if the technology you see is definitely encryption of a large data set, and you can essentially instantly change the password protecting it, the key used to encrypt the actual data is certainly not the password itself, as it requires a huge amount of effort to change the key on large amounts of encryted data.

In the LUKS scheme the key material used for the very large data set will probably be more cryptographically sound. With a large data set, cryptographically weak keys could more likely be crackable than strong keys, in a large number of the type of attacks historically seen in cryptography. A small data set (data comprised only of the actual key) is generally more resistant to data analysis attacks, so a somewhat weaker password hash based key may be less exposed in that context. If you ever think a malicious user has had opportunity to get your password (the most likely thing in general for an attacker to get), you can change the password and the old key slot be shredded such that the knowledge obtained becomes useless. Sure, the 'master password' being compromised would mean the disk is irrevocably compromised, but that would be the case in the classical strategy anyway, since changing the password isn't feasible. Now if you want to actually re-encrypt data in the way a password change would require in the previous example, you can always reformat with a different key (or re-encrypt in place if implementation allowed), and have the same degree of 'changing the master password' as you put it.

Keep in mind the 'master password' (or rather the actual key) in this context is probably a random 256 bit value. To achieve a comparable level of randomness, a password consisting of typable characters would have to be about 40 characters long consisting of completely random keypresses. If a person is ever in a position to actually get that master key value, you've already lost the data because before they can get to that key they have to:
-Get root privilges while the volume is mounted to get dmsetup table output, but if it's mounted they could just grab the data anyway.
-Get low-level physical access to your hardware to begin to crack the LUKS header of the partition or the content itself. If they are in a position to do so, they could/would image your entire volume and return your drive. In which case no matter what you do to the copy you got back (re-encrypt, change password, whatever), they can continue whatever crypto-analysis they want on their image of the data as it was when they first took it. You may be able to protect newly written data, but whatever risk of breaking the encryption on existing data is permanently there once imaging is possible.
-Get low-level access to your system and somewhere along the chain insert something to dump the key material to them once available. Again, once this is in play, it's already over no matter what you do, if they can dump that table, they can dump the data directly. In this case, let's assume one of those keyboard bugs slashdot had an article a while back was discovered by you in your system. Knowing that your passphrase is potentially compromised, with the key not based directly on the password, but just encrypted by the password, you can re-encrypt the key once the bug is removed and shred the old slot, and their keylog data becomes useless for the purposes of defeating your filesystem encryption. If the master key is essentially whatever you typed, you are significantly more hosed.

Re:Trade off...

[dspisak]

Physical access to the disk while mounted is pretty much the only way to defated this encryption. All of the other methods mentioned are workable, but rely on brute force attacks that would take longer then the lifetime of the universe to crack. Unless you get lucky and can find evidence of the master password in the slack space on the disk

10 digit alphanumeric??

[Junta]

Wuss, my passwords are almost always inclusive of non-alpha/non-numerical values and are at least 10 characters long. My strategy is ofter to randomly hit buttons without looking, making generous use of the shift key on the number keys...
Example: cS#e(k5L@^
(note: not an actual password, but generated in the same way I generate passwords)
Maybe I'm >50% autistic then since I can remember these...

On some occasions I wuss out and if appropriate to the password parsing/entry technology, make a mostly coherent sentence 64 characters long or so, which I believe is still an order of magnitude more secure than a mere 10 characters of even complete garbage, but it is much quicker to type 10 garbage characters than a whole sentence...

Re:10 digit alphanumeric??

[Anne_Nonymous]

>> Example: cS#e(k5L@^

That's the name of your cat, isn't it.

Re:10 digit alphanumeric??

[Alcari]

My strategy is ofter to randomly hit buttons without looking, making generous use of the shift key on the number keys

I tried that once, apearently all I did was hit Shift-8.

FileVault

[Kadin2048]

Easy solution; don't keep stuff like movies in your home folder. I can't really imagine any reason why those would need to be encrypted, and as you discovered, doing so does carry a large performance penalty.

On my systems, I have symlinks set up between ~/Music and /Users/Shared/Music and ~/Movies and /Users/Shared/Movies; this keeps FileVault from encrypting my iTunes music library or my movie collection. It also means that on a multiuser system, other users can access the movies and music, without me having to enter my password or give them access to the rest of my files. (Actually I now have the movies and music on another drive.)

If you do it this way, FileVault doesn't carry too huge a performance hit. It also has the advantage of allowing you to back up your documents in a secure fashion pretty easily: you log in as a different user, and just back up the File Vault sparseimage as a single file.

The "do you want to recover space" logout screen is fairly obnoxious, agreed; I hate it just because it stops the shutdown process with a dialog that requires human interaction. I wish it had some sort of a 30-second-countdown-to-default timer, so that if I hit "shutdown" and walk away, the process doesn't get hung up and just sit there, unsecured, forever.

Re:FileVault

[phozz+bare]

don't keep stuff like movies in your home folder. I can't really imagine any reason why those would need to be encrypted

You must be new here.

-phozz

Its built into WIndows Vista - its called BitLocke

[Foredecker]

Full disk encryption is built into Windows Vista. It supports TPM 2.1

Re:Some data and personal perspective on that poin

[lky]

For anyone that wants to experiment with Debian, DM-Crypt and Luks, check out the howtos and/or the USB installer at http://feraga.com./

I've been running lately from a USB Flash Drive (1GB) with everything but /boot encrypted for over a year and haven't had a issue. I'm sure its a little slower but dont notice it much.

This also allows you to leave a full installation with no private or incriminating data on the hard drive so if they ask to see the laptop......just let them.

Locking Screen Savers are Already Inconvenient

[billstewart]

My corporate IT department decided a couple of years ago that we need to have locking screen savers on our laptops, with a timeout that they gradually cranked down to 10 minutes. On the one or two days a month that I go in to the office, that's fine if they want to play that game. But I work from home 90% of the time, or visit customers (in which case I'll have my laptop with me during a meeting), and it's really inconvenient to have the system lock itself up if I walk away for a few minutes, or if I'm talking on the phone, or if I'm watching some web-based slide show conference, or if I'm giving a presentation to a customer and we've reached a slide that leads to 15 minutes of discussion. And I normally don't have admin privileges, but when I do run some installer that gets me admin-for-a-day, that's still not enough privilege to override this annoyance.

So if I've got to put up with locking screensavers anyway, might as well have it lock the filesystem as well, especially since it demands a password when I wake the system up after closing the lid to sleep/hibernate it.

Re:Locking Screen Savers are Already Inconvenient

[htnprm]

Mate, if the most inconvenient thing you've got to deal with in your life is putting your password in after 10 minutes of inactivity on your machine, you must have a pretty sweet life. I hate it when people whine about this. You know there are people starving in Africa?

It is not a pain if you have FUSE

[Pausanias]

No. You should read up on a nifty module (included in the mainline kernel) called FUSE. It lets a you mount various devices/files as private file systems.

The most incredibly useful application of this is sshfs, which basically lets you mount a remote machine as a filesystem without being root (as long as the FUSE kernel module is loaded). This has caused a huge productivity increase for me.

There is also an encrypted file system that runs under FUSE

http://arg0.net/users/vgough/encfs

So, you basically can have a big encrypted file lying around which you mount as a file system when you need it. The keys are encrypted in a separate control file, so there are no unencrypted keys lying around. You need both the pass phrase and the encrypted key file to mount the big file as an FS.

Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.

Re:It is not a pain if you have FUSE

[man_of_mr_e]

You're still missing the point that the part that does the initial decryption has to be unencrypted, and in order to do that, it needs access to some form of unencrypted key or you face a number of obstacles, such as giving the boot password to any user that might use that computer, or allowing mulitple passphrases to decrypt the data (thus weakening the strength of the encryption).

It doesn't matter how many times and in how many different places you encrypt the data if the root encryption procedure is vulnerable, and if untrusted code can be booted, then that's precisely what it is...

Re:It is not a pain if you have FUSE

[DrSkwid]

If you like remote filesystems as part of your namespace, have you looked at plan9?

We've had sshfs for 15 years

Re:It is not a pain if you have FUSE

[TheLink]

"We've had sshfs for 15 years"

Sometimes I wonder what Douglas Engelbart thinks of the "progress" we've all made since the 1960s.

Re:It is not a pain if you have FUSE

[psyclone]

... or allowing mulitple passphrases to decrypt the data (thus weakening the strength of the encryption).

How does allowing multiple passphrases to decrypt / unlock the KEY weaking the "strength of the encryption"? As you said in your other posts, the passphrase[es] do[es] not encrypt the data, it [they] only unlock[s] the keys.

I don't see how multiple passphrases to the same set of keys hinders the strength of those keys. If one passphrase is somehow compromised (say, the post-it was found, but the laptop was away) you have to recreate all passphrases. This is the same as having only one passphrase to begin with - you'll still need to recreate the passphrase.

As long as you employ the same method of weak passphrase checking, it doesn't matter if you have one passphrase, or 10. (I guess it might matter if you have an order of magnatude more passphrases, as statistically, it might be easier to brute force one -- but really, how many people are sharing this one laptop?)

Re:performance

[Eideewt]

I was just pointing out that if a slow drive is your bottleneck, then providing data more slowly might not make an impact on your times in every instance.

Why not just password protection?

[dfsmith]

If it's just theft you're worried about, the regular disk password schemes should be fine.

1. You enter a password to access the drive.
2. No performance hit.
3. It's overridable with an admin password.
4. You can recover the data if you're willing to pay several times the cost of the drive (i.e., thieves won't bother, espionage agents might).
5. It's secure.
6. It's OS independent.
7. It's already built into your laptop (and maybe your desktop too).

Did I miss anything?

Encrypting Swap Space or Not

[billstewart]

The standard question in crypto is "what's your threat model?"

• If you're worried about the KGB stealing your laptop because they want the info in it, yes, you need to encrypt swap also.
• If you're worried about some junkie stealing your laptop to make some quick cash, you probably don't need crypto at all, but if fences have gotten smarter about the value of information for identity thieves, maybe you do.
• If you're worried about smarter thieves who will opportunistically use the information on the system if they can access it, then file system encryption is critical but swap space encryption probably isn't.

I'd guess that 95% of the threat model, for people who aren't keeping military secrets or unencrypted personnel files, is such that encrypting swap isn't that important - you're better off deploying a solution that doesn't do that than you are not deploying it at all.

Re:Encrypting Swap Space or Not

[karlm]

If you're worried about smarter thieves who will opportunistically use the information on the system if they can access it, then file system encryption is critical but swap space encryption probably isn't.

I once grepped my OS X Panther swap file for my password, and found 7-10 occurances. I was surprised (but obviously not too surprised, as I was looking for it). I'm glad that Tiger has an encrypted swap option. Under most schemes, once an attacker has your login password, they can decrypt your home directory.

In addition, once you start swapping, you're taking a huge performance hit. You may not notice the increased overhead of encrypted swap on your laptop.

Full-Disk vs. File System encryption

[billstewart]

Obviously you want to encrypt your user data directories or filesystems, and you may want to encrypt your swap (depending on your threat model.) On Unix, there's no particular need to encrypt most of the file systems that programs live in (e.g. /usr can be read-only unencrypted, though /var should be encrypted.)

The reason to encrypt the whole drive as opposed to the writable sections is simply convenience - if you've got hardware assistance, it's probably designed to encrypt the whole disk using some crypto chip in the disk controller, and administratively simpler to use, and if you don't have that, it's probably easier to encrypt individual partitions or filesystems, or sometimes directories, rather than hack up some CPU-based driver that encrypts the whole disk.

From a performance standpoint, it's probably faster *not* to encrypt your program filesystems, and as far as encrypting swap goes, you took the big hit when you started to swap anyway, and rotational+seek latency is usually more of a limitation than overall throughput, so if this bothers you, but some more RAM. Encryption chips on the disk controller are probably faster than CPU software drivers, but not necessarily - your mileage is extremely variable.

Re:Full-Disk vs. File System encryption

[theonetruekeebler]

If swap space is only written to when you're running out of RAM, then I agree that adding crypto is a no biggie in that the application being swapped is waiting on I/O to finish anyway. However, many Unixes, such as the BSD family, do preemptive swapping, constantly writing swap pages in the background so that when you finally do swap, there's no disk write -- you just free the corespace and keep going. This suggests to me that there will be a lot of CPU utilization if swapspace is encrypted, draining batteries and keeping the CPU from doing "real" work.

Preemptive swapping is probably a bad thing in general for laptops -- it keeps the disk spun up and active -- but I think adding encryption would send power consumption through the roof.

Re:Full-Disk vs. File System encryption

[theonetruekeebler]

Perhaps an easy compromise would be writing cleartext to the swap partition but overwriting it as part of system shutdown, and writing hibernate memory encrypted. That way you're only in trouble if the laptop is stolen while running.

Lotus Notes a Canonical Method

[Christopher+B.+Brown]

Lotus Notes has many things clumsy about it, but one thing it was pretty good at was storing encrypted replicable documents.

The notion here would be that your documents would get stored in Notes as "syncable" objects. Any time you connect to the central server, you can push/pull updates, which may be (optionally) stored in encrypted form.

If your laptop blows up due to bad batteries or gets ripped off at the airport, there are therefore two huge merits:

• You only lose the document updates since the last SYNC. Cleaning up is as easy as connecting up a new laptop and running the SYNC process.
• The documents are encrypted, which, if the password isn't particularly guessable, should make it at least somewhat challenging for thieves to steal data.

Re:Lotus Notes a Canonical Method

The downside being, of course, that it's Lotus fucking Notes.

Probably because...

[mzkhadir]

hard drives die.

Utimaco Safeguard Easy

I use Utimaco Safeguard Easy on my corporate laptop. I do not notice any performance degregation at all.

Modern processors have plenty of spare cycles to use for encryption while they wait for a hard drive to feed them data. Even a 10% decrease in performance will not be missed by the common laptop user.

I think all people storing sensitive data on a laptop should run software like this.

Why is the data on a laptop in the first place?

[nologin]

That's the question that needs to be answered... A security-minded entity (corporate, government, personal) has to ask that question and seriously look at the risk vs. reward of storing the data on a portable device. If the entity in question doesn't look at this perspective of the issue, they ultimately don't care about security in general or enforcing a data storage policy in particular.

When I do consulting work (especially with regards to security), I often compare putting sensitive data on a laptop to putting the company's main database directly accessible on the Internet and hoping that whoever attacks it can't exploit it or guess a username/password combination. That will usually scare a few people into thinking about what they are doing, and the others who think that it is alright probably deserve nothing less than getting hacked.

As for disk encryption, it works well IF it is transparent to the user and IF the overall security is indeed strengthened by such encryption, because a weak link like a poor password adds no actual security value where it is expected.

Solaris?

Does anybody know if there is any possibility to have full disk encryption, or even only the encryption a folder on a partition (transparently) on Solaris 10? I know that ZFS encryption is coming in the far future, but are there any other solutions or hacks, which are available right know?

Linux - encrypt swap

[Richard_J_N]

Under Linux, the easiest thing to do is to encrypt the swapfile. It's trivial - just modify /etc/fstab: /dev/hda6 swap swap defaults,loop=/dev/loop0,encryption=AES256 0 0
and requires no further user-intervention: a new key is automatically generated at boot, and discarded on shutdown.
The advantage of this is that *anything* could get swapped out, and would remain there for some time. This is true even if you deleted the original file (or it was in RAM, and never saved, such as, perhaps, a password/phrase). This is going after the low-hanging fruit, but it's a big improvement over nothing, and it does protect against bad luck and trivial forensic analysis of the filesystem.

A straight answer

[fluch]

From my point of few I do not see any reason why the hard drive of a cooperate laptop computer should not be encrypted as soon as the mobile computer contains sensitive data (and it usually does). In my opinion it is just irresponsible to carry any mobile device (laptop, USB stick, etc.) out of the company if the data is not secured there, and the series of data leaks known to us all proves this. It might be a bit more inconvenient, it might cause some overhead in computing, but in my opinion this measures needs to be done.

I have a Linux laptop (IBM T30, 2GHz Pentium 4) and I have not a full disc encryption, but /tmp, /var, /usr/local, /home, /root and the swap area are encrypted (256bit AES). With the 2.6 kernel series it has become easy to set up encrypted partitions with dm-crypt and recently with my new acquired external harddrive I started to use the Linux Unified Key Setup (LUKS) which makes it even more convenient to have encrypted drives (now I can give away my external harddrive to a friend and he can use it without knowing my key, the system allows up to 8 keys and each of them can be revoked easily). I have never noticed any lack in performance and nowadays computers are even faster than my Pentium 4.

Further, if it comes to data loss due to a lost key, then may I ask, where is the backup? I have a backup of my system, for sure encrypted (Dar is here for me a great help). In a cooperate setting backups should be standard as well (harddrive failures happen as happen that keys get forgotten). So loosing a key should not be a problem. One does not need to encrypt the backup either, after all the encryption should only prevent data from being read when the laptop gets stolen and into wrong hands. If the backup is secure in the cooperation than there is nothing (big) to fear if it is not encrypted.

So what point really justifies to take the risk of data leak in a cooperate setting??

what's needed...

[oohshiny]

What is needed is to put block-level, hardware encryption into IDE/SATA controllers. In fact, it should probably simply be a standard part of the protocol; even a "no encryption" version should still use a password and XOR the disk with it so that all system software has to deal with this.

An additional problem is that the devices for which this feature is most important, mobile devices, make it most difficult to install it as an add-on. For a desktop, you can easily buy add-ons that provide hardware encryption, but for laptops, you're stuck with software.

As long as SATA encryption remains a specialty item, it's not going to be well supported and it's not going to be widely used. And as long as it's not full disk encryption, people are going to forget encrypting their stuff.

Of course, one reason why this isn't happening is because neither the government nor the manufacturers have any interest to make it happen. The government is worried about impeding law enforcement, and manufacturers don't like the added cost and complexity (however slight). Between those two, it's not going to happen and we'll have to live with sluggish software solutions.

SUSE Howto for encrypted root

[Burz]

http://en.opensuse.org/Encrypted_Root_File_System_ with_SUSE_HOWTO

Thankfully not hard.

Re:SUSE Howto for encrypted root

[gripen40k]

Or for windows try Truecrypt (I think there is a linux version as well). It works like a dream, and there are some really niffty features (like addition of plausible deniability). It's pretty cool.

Re:SUSE Howto for encrypted root

[Burz]

Truecrypt is a good tool, but it doesn't handle encrypted boot partitions on Windows (although this could be made to work on Linux using a custom initrd).

HDD password instead?

[j741]

Don't all of today's hard disk drives have a drive password option that is physically part of the hard drive's firmware? And don't most of today's portable computers have a BIOS option to enable this hard drive password? And isn't it impossible to reset this password without knowing the original, even if the drive is physically moved to another computer?

Now this is certainly not data encryption, but it seems like a much easier method of securly protecting the hard drive in a portable computer. And it doesn't rely on any software to be installed, or any additional resources to be used during disk reads or writes. And it's damn near impossible to crack the hard drive's firmware password for the average (or even above average) computer thief.

It seems to me that this problem of "what if the notebook is stolen" already has a solution in place that simply need to be enabled by those who want the extra protection.

Comment removed

[account_deleted]

Comment removed based on user account deletion

It weakens the encryption

[MadDog+Bob-2]

Most of the OS on a machine is well-known, especially in the sort of environment in which you could mandate things like FDE. Given that, a determined attacker would have hundreds of megabytes of known plaintext to use as a crib in breaking the encryption.

Of course, you could put the OS on its own unencrypted partition, and encrypt the others, but it's hard to provide enough space for things like application upgrades without leaving enough room for the "savvy" user to put sensitive data on the "fast" partition.

Basically, you keep coming back to the fact that it's really hard to find a reliable technical solution (mandatory encryption) to a behavioral problem (users handling sensitive data carelessly).

Encrypted partition

I have my /home directory in a different partition, which is totally encrypted, it's easy as pie and as fast as an unecrypted partition. If someone steals my laptop, they can access the root partition, but every important thing is stored in the encrypted partition. The only problem I could have would be that someone stole my laptop, changed something (I'm booting from disk only and GRUB has a password, so I guess the easiest way would be to plug the HD into a different computer), and returned the laptop back. If I didn't notice, she could get my passwords and hence the data in my laptop.

Get real.

[Generic+Player]

How pathetic do you have to be to try and turn a bitter insult directed at an ex-lover after a very public and very humiliating break up into "him and his entire political party are sexist and hate all women"? Belinda is a "cheating whore", and for the people who she's fucked over to be a little bitter towards her is quite understandable. For liberals to try to turn this into a political situation is sad and reflects on them, not on the conservatives.

Some ideas to make it easier

[DeltaQH]

Just some ideas. To improve performance of encrypted hard disk, somekind of standard encrypting/unencrypting hardware should be included on the hard disk itself or in the notebook. Hardware implements a hardware algorithm. Encryption should not depend on the hardware, encryption/decription hardware is just an hardware accelerator for the encryption software. It can be implemented completely by software. In case of hardware failure encrypted data can be recovered and decrypted on any other computer, independently of the hardware accelerator. Only keys and right algorithm are required for decripting the data. For secure access to the Notebook, instead of using a fingerprint reading device, why not use a small integrated camera and face recognition software. What techniques are available and how easily can they be fooled? If the face recognition is smart enough, the computer can lock itself automatically when the user walks away and unlock itself when he/she turns back. Can security be improved combining face recognition with optional/mandatory keyboard passwords or smartcards? For example, when starting the computer or dehibernating it, password/smartcad+face recognition is required. While working with the computer to lock/unlock it when user walk for a moment away, just face recognition is required. One caveat of smartcards, user can leave it always inserted in computer. What about some kind of badge the user always carries with him, which connects to the computer by radio or infrared: Bluetooth, RFID, Infrared. Could a mobile phone/PDA be used for this functionality? No need to carry additional devices. In case of lost or forgotten mobile phone, phone provider could provide a replacement ( if system implemented right) To avoid data lock if encryption keys are lost, use a second trusted party for key storage and recovery, regeneration of smartcards, etc. In worst case scenario, delivery of hard disk to trusted company/service, through trusted delivery system, to have it backed up and/or reinstalled in new HD or notebook. Would it be nice that hardware provider like HP, DELL, etc provided such a combination of hardware and service to companies and profesionals? Wonder is Google would be interested in such a service. If solution implemented through mobile phones, maybe some other companies could find it interesting. By the way, is this idea already patented? ;-)

MOD UP PARENT?

If what the parent post says is true, it deserves an interesting rating. If it is not true, I'd like to see somebody explain the real situation.

nice boys at the FBI?

[madeye+the+younger]

Perhaps you mean, they'll return it to where you used to live before the other nice boys at the FBI have detained you indefinately at an undisclosed location, prior to shipping your ass to Syria for 'interrogation'?

Re:nice boys at the FBI?

[Angst+Badger]

No kidding. But hey, I hear Syria is lovely this time of year.

Reliability issue

[dargaud]

What if the drive has a hiccup for some reason ? Say a sector or even a single byte gets written wrong for some reason (power loss, OS reboot, falling off the lap...). From what I understand of encrypted discs, you loose the whole thing and you cannot build redundancies which would weaken the encryption. How is this issue addressed ?

nonsense

[Tom]

We don't encrypt the entire disk because it's total utter nonsense (except if you try to sell a product).

Most of the data on most machines is neither secret nor special - it's the OS and applications binaries, libraries, graphics, etc.

Encrypting /home (or /Users for us Mac-heads) is sufficient for most machines. So look into system settings and Security and you'll find File Vault. Activate, done. No need to buy some snakeoil some idiot is trying to sell (*).

(*) and he's conveniently not telling you that encryption isn't the end-all solution. There are plenty of ways of breaking even the best crypto without actually breaking it. Getting the key is often easy because people write it down or treat it carelessly.

Fingerprint spoofing made easy.

[Breetai]

Check the following presentation.

http://rehash.whatthehack.org/tmp/wth_spoofing_fin gerprints_in_10_minutes.mp4

The guy made a false fingerprint with the help of the original owner of the print within 10 minutes.
It even spoofed the most expensive and best fingerprint scanners.

Fingerprint scanners schould only be used where security doesn't depend on the fingerprint but you want to make someone easily identifiable. Like the mailboxes we have on our network printers. You still can supply a separate PIN code, to prevent just anyone accessing your print jobs.
Same counts for RFID.

Issue if you don't encrypt C drive on Windows

[Bunyip+Redgum]

>> There is absolutely no need to encrypt the main hard drive.
>> What? You afraid of someone stealing C:\WINNT?

Unfortunately many windows applications including IE and Office write loads of stuff to C drive including temp files and of course that is where the swap file is by default.

Many other badly written windows apps store data in their program files directories.

Therefore encrypting everything is the safest option.

New hardware needed

[Richard+Kirk]

A whole-disk encryption system will always need to apply some encryption or decryption algorithm to every byte going to and from the disk. If you are going to do this in software, then there is clearly going to be a performance hit. If you are not going to encrypt every byte, but just have a key for the whole disk then you are not going to be secure. I cannot see any way other than special hardware of achieving this.

It is unrealistic and unlikely to expect every disk manufacturer or computer manufacturer to include this extra hardware overnight. Howver, it should be possible to make something that can fit between the disk and the data bus that does the encryption or decryption. It would have to be pretty slim to fit into the average laptop, but this should be possible. When the computer boots up with the key in, then the key should get passed to the new gadget, and thereafter the encryption and decryption should be invisible to the user. When the computer is powered down, the key should be lost.

Ordinary USB drives make good physical keys. You can stick these on keyrings. If someone sticks their house keys and office keys on the keyring, then they are unlikely to leave them in the laptop. Once the drive is unlocked, they will stick them back in their pocket.

This ought to give reasonable security to the average Joe without changing their life too much. The weakest point is now the OS. A malicious rootkit could copy the key. To combat this you will probably need some reputable software organization to track the relentless progress of malware - it is beyond what dumb hardware can achieve. You might stick a bootable sector on the USB drive and have a physical switch to enable writing for when you want to change the key or update the software. I am surprised McAffee or Norton haven't made this sort of thing.

"just encrypt /home ..."

[Herve5]

Which, incidentally, is an option Apple has been offering on OSX for years...

Re:"just encrypt /home ..."

[IWannaBeAnAC]

Well, that is easy enough to do on any modern unix (OS X included). But it isn't enough.

Hardware encryption is the solution

[AmiMoJo]

For years now, it has been possible to get hardware encryption for ATA drives that operates at above maximum ATA spec speed, i.e. it is totally transparent and does not cause any reduction in performance.

The cheap stuff only uses 3DES and they key is a USB thumb drive type device, not very secure. But you can get AES capable devices which use password hashes supplied by the BIOS. Something like this... http://www.enovatech.net/products/mx_info.htm

Re:Hardware encryption is the solution

Check out the ATA specs on t13.org. Password protection is definitely built into (REQUIRED by) the ATA spec, as is secure data eraseure (apparently to a degree that complies with DoD 5220). The question is whether the BIOS of the computer you're using supports these features. To date, most manufacturers haven't bothered to provide the tools needed to access these features, e.g., BIOSes that are aware of these mandatory ATA features.

You're talking about DRM

I suggest you look at the problems with DRM first. Sample problems with single point of failure, need to be everywhere before it's not holed, total lack of recovery methods (I know that's the point here, but sometimes data loss is even worse than disclosure, and you'd make this choice non-optional).

Protect what needs to be protected, but leave it off the rest. Disk/file encryption isn't that high a load. If we'd take some processing power back from making fancy animated cursors and pre-spell checks we'd have plenty for encryption. A good step is to stop using Windows - plenty of cycles left then :-).

We Do

[mikeraz]

The OP cites several drawbacks to full disk encryption. So? Protecting people's privacy is important.

My employer, US Bank, requires full disk encryption for all laptops. Even ones, like mine, that do not and never will contain a single bit of customer data.

Microsoft Encryption May Fail!!!

[Futurepower(R)]

You said, "Unfortunately, MS encrypted folders use a key that is uniquely generated for your account, and once you lose the account (on the dead computer) you can't decrypt anything."

It is good to provide a stronger warning. Many, many people are losing all their data.

If your Windows XP computer is not part of a domain, and you use Microsoft's Encrypting File System (EFS), you could lose everything you have encrypted! Microsoft is a truly heartless company, I think, because there is no warning about this, even though it has been discussed with Microsoft employees many times.

With a stand-alone computer, EVEN IF YOU SAVE YOUR CRYPTOGRAPHY KEYS, you could lose all your data, because EFS uses your account information as part of the password!

-
Bush lied. Thousands died. Impeach. Imprison.

Be very careful!

[Futurepower(R)]

Be very careful about the software linked here which claims to be able to retrieve your EFS keys! It may not work if you move to a new computer because your old computer failed.

EFS Key says, Encryption password must be known or SAM database must be present (Windows 2000).

Elcomsoft claims: "Finally, AEFSDR is also a state-of-the-art computer forensics tool that could be used by law enforcement, military and intelligence agencies to open secured files."

According to them, EFS provides no protection at all, since anyone can buy the software. But they don't provide information about when their software won't work, such as if you have moved a hard drive to a new computer.

-
Bush lied. Thousands died. Impeach. Imprison.

Pencil pushers

I hope all you pencil pushing, gonna change the world, self righteous wanna be do gooders arent to traumatized, that you wont need to see your therapist, or go to therapy. Remember last year when Junior didnt get his new tonka toy, oh my, it was horrible, thank goodness we had a good therapist. ( What is this country coming to honey, they even raised the taxes at our country club, where we try to play golf ).

What's not to like?

[time961]

Full disk encryption (FDE) is simple, is easy to use, is readily available, imposes negligible user-visible performance penalties on Windows laptops, and is completely effective in solving "theft of laptop" problems. Not using it should be automatic evidence of gross negligence.

I've deployed both PointSec and DriveCrypt Plus Pack for over five years on a large number of machines, and even for heavy-duty software development, where "rebuild world" takes many minutes, the actual impact--in terms of effect on end-user activities--is negligible.

Sure, if you imagine performance is an issue, you can try any of the vastly more difficult to manage solutions that try to "encrypt only sensitive data", or the even sillier solutions that "delete sensitive data" when the laptop connects to the Internet after it's stolen, but why bother? Try it yourself, and you'll find that performance is NOT an issue in the vast majority of real-world situations. As long as you don't use FDE on heavy-duty I/O-bound database servers and such, you'll rarely notice a difference. Modern computers are so fast that encryption just isn't an issue.

Yes, key management requires some attention. For example, as system administrator, you can just generate some reasonably long passphrases, write them on little cards, and give them to your users to carry in their wallets--and explain the rules. Don't allow users to change them, and keep a copy along with other critical corporate records, and key management is a solved problem. Worried about users losing wallet and laptop simultaneously? Take the cards back after a week, and obfuscate their contents to begin with. Worried about backup? Keep two copies. And so forth. Sure, it could be stronger, and some users will always work around the system, but users will lie, cheat, and steal in other ways, too. In the corporate world, at least, your goal is risk management, not perfection.

Too hard to type a password when you boot the machine? Gosh, fifteen characters at one character per second is, yes, fifteen whole seconds--and anyone will learn to type it more quickly over even a short period of use. Don't change the passwords, either: they're not shared, and not transmitted over networks, so there's virtually no risk of interception--just pick a good one and stay with it.

Backup and recovery also requires some thought. I've actually recovered encrypted drives occasionally, but most recovery is done from file-level backups, where the data is backed up in the clear, over a secured network, and stored on other encrypted volumes. That's really no different when using FDE as not.

If computer theft is the problem, full disk encryption is the answer. It's not the whole answer, and it's not perfect, but it sure goes a long way toward solving the problem. Heck, even Microsoft is offering it in Windows Vista, only a decade or so too late.

Re:What's not to like?

Yes, key management requires some attention. For example, as system administrator, you can just generate some reasonably long passphrases, write them on little cards, and give them to your users to carry in their wallets--and explain the rules. Don't allow users to change them, and keep a copy along with other critical corporate records, and key management is a solved problem. Worried about users losing wallet and laptop simultaneously? Take the cards back after a week, and obfuscate their contents to begin with.

Hang on a sec. You are advocating that users carry a card with their strong password on it, even for a short period of time? And you are advocating that they never change thier passwords?

What if a disgruntled employee wishes to take advantage of that security policy? And steals a laptop and wallet, within that window of opportunity which he is aware of? Perhaps, he will steal those of the person who replaced him, in a show of irony. Or if some other person becomes aware of that policy and takes advantage of it?

Beyond that window of opportunity, notice all the security cameras we live with now? No matter how strong your passwords are, they can be captured fully or partially on a security camera or any other for that matter. You talk about risk management, but periodically changing passwords, no matter how "strong" they are, is a part of risk management. The longer a password is allowed to be used, the greater the risk that it may be captured and used. So really, as each day passes, your passwords are virtually getting weaker and weaker.

3 factor authentication from pre-boot would be optimum with full disk encryption, but if we can't have that I'll take an SOE which restricts the user to their data area only and then place that on an encrypted volume with 3 factor authentication. This way, they can use themselves and tokens in addition to the medium strength passwords that you actually can expect users to adhere to.

With that the attacker has to steal these:

1/ Laptop
2/ Token
3/ User or possibly a body part
4/ Password

With your system within critical window of opportunity:

1/ Laptop (super easy)
2/ Password

With your system beyond critical window of opportunity:

1/ Laptop (not as hard as you might think)
2/ Password

Why don't we see any HIPPA Penalties Imposed?

[swaha]

For any theft involving Medically related data (e.g. VA) there should be HIPPA penalties involved ($20K per individual). If penalties for one or more of a single person's data (amoungst thousands) should more than offset the cost of full disk encryption.

Debian/Etch supports full disk encryption natively

[Bishop]

Debian/Etch supports (mostly) full disk encryption easily (/boot can't be encrypted). The disk is encrypted using dm_crypt and the AES algorithm. At install time the disk has to be partitioned manually. There is no "use full disk encryption" option in the installer. This should not be a problem for anyone who can read a howto. The /boot partition cannot be encrypted as the bootloader needs to be able to read the kernel image and initrd. A smarter user could install /boot on a flash drive or mini cd if they see this as an issue. At boot time the passphrase will be requested to unlock the encrypted portion of the disk.

The procedure is pretty simple.

Select the manual partition option.
Create a small /boot partition (50MB should be more then enough).
Create a second partition using all the remaining space. Set the partition to encrypted space.
In the encrypted space, create a LVM physical volume.
Configure swap, /, and other filesystems in the LVM.

The terrible Debian/Etch partion creation could be much easier to use. That is the only difficulty. Once it is setup at install time no additional packages or software are required. When a new kernel image is installed the initrd will be created with encryption support.

The keys are managed via LUKS. Multiple passphrases or key files can be added to unlock the disk. A backup key could be stored on removable media and stored in a safe place.

Because the encryption is entirely in software and supported natively by the linux kernel an encrypted harddrive could be moved to another computer to recover the data after hardware failure, etc.

Suspend to disk works.

I am using this setup on my laptop. The performance hit on laptops is minimal as the laptop harddrive is already pretty slow. Encrypted swap can be problematic so a good ammount of ram is important. (1GB is more then sufficient for my needs.) I will consider the same setup with my desktop and fileserver when I reinstall those computers.

Scaling & Key management

[Coward+Anonymous]

A similar question was asked in June here: http://ask.slashdot.org/article.pl?sid=06/06/01/23 18254
My answer was this: http://slashdot.org/comments.pl?sid=187274&cid=154 54668

Nothing has changed in the last 4 months...

Using a VM instead

[Natales]

What's proven to be a very successful solution for me is the use VMware virtual machines encapsulated as files inside a truecrypt volume. The volume is on top of an XFS partition with realtime extension, so you have contiguous extents and the I/O performance is as close as native as you can get. At the same time, I keep the benefits of having a VM, so I can boot it anywhere and I can move/copy the file. I loose the capability of doing good rsync incremental backups because the changing nature of the encrypted file, but I run a full file backup twice a week what gives me acceptable levels of functionality/performance.

Since I started doing that on my Thinkpad T41p, I noticed an 6% increase in my I/O overhead and an 11% on my CPU overhead. If you consider those numbers on a 1.7Ghz laptop, they become virtually irrelevant in a larger configuration with faster disks and CPUs.

Windows.

[leuk_he]

The fact that the windows password is the only thing that is between an intruder and the the encrypted data shows the weak point of windows encrypted folders. If one breaks the windows Password (which is far easier than breaking 128 bit encryption) your encrypted data is in the clear.

I think most of the full encryption products can be better than that.

no, I'm not

Block-level encryption with a password that's provided to the controller is not DRM. Nor is it a "single point of failure" (at least not anymore than the disk controller itself). All it does is rearrange the bits within each block. If a block gets corrupted you lose no more than without block-level encryption: you lose exactly and only the contents of that block.

boneheads are the issue, not the [hard|soft]ware

[grikdog]

You can't use standard backup software with encrypted user directories (e.g., Mac OS X), because the backups copied from such volumes are not themselves encrypted. Backing up the underlying hdimage files is crude because they are not compressible (contents are effectively random already, remember?), so you wind up storing 80 Gb or more instead of 80 Mb of incremental differences. Even an enterprise-wide encrypted file system that works on any drive plugged in is flawed, because it distributes exposure to the very inside-job artistes we'd like to block out in the first place. I suspect encryption is still a choice reserved for individuals and shops who can enforce their own protocols.

Easy, but In a word...Users

[ManyLostPackets]

Being a general user and having no dicipline.

http://www.truecrypt.org/ is awsome and easy.

But users...are...getting...worse.

When your concept of file structure is such that you can't navigate to a file outside of "My Documents", security is really futile.

Until companies put a moratorium on hiring art-history majors and giving them a laptop, it's a bit much to ask.

of course not

[r00t]

No, you don't put unencrypted keys in the boot partition. The boot loader, kernel, and/or initrd (initial ramdisk) can ask for your password.

The solution is fairly simple:

Do not encrypt the boot loader, boot config, initrd (if used), or kernel. Encrypt /home, /tmp, swap, and anything else where you might write sensitive data. (possibly /var) The rest is optional; do whatever is easy. I strongly suggest encrypting the data itself with a random 256-bit key, then encrypting the key itself with your password. The key gets stored in the unencrypted part of the disk.

If hostile people get access to the laptop and then you recover the laptop, you assume that the unencrypted partitions have been trojaned to grab your password. If seriously paranoid, you assume that a transmitter has been installed to broadcast your keystrokes. :-)

Very happy with WinMagic's SecureDoc FDE product..

I've been using WinMagic's boot-mode (int13h hook + windows storage filter driver) encryption product (SecureDoc) for several months now and haven't had a single problem with it. I routinely perform builds (a disk I/O intensive process) and notice little overhead from the encryption. The initial conversion of your disk, from plain text to encrypted, is extremely slow. I imagine this is due to the fact that the conversion is a transaction-oriented process that can survive power-loss/crashes. After the initial conversion, you'll likely notice little or no overhead from the encryption. I like the fact that none of our (or our partners') IP can leak out the door though my machine (if I misplace it).

that isn't what makes the drive feel slow

[r00t]

You're doing bulk reads. Those are plenty fast either way.

Seeks are painfully slow. You can do about 100 to 300 seeks per second. Crypto won't really change that.

Solve the Problem - For Real

[malcomvetter]

If you really want to see the problem of data exposure reduced to a very tolerable level, the best solution is NOT to fully encrypt the drives of mobile computers, but to change our mobile computing paradigm entirely. Once viable alternatives to general purpose mobile computing are commercially available, we as an industry will finally be able to reduce the events. In other words, once thin-client mobile computing takes off, these full disk encryption products will likely not be needed at all.

Imagine a world where executives, sales people, and most other road-warrior types have a mobile computer that looks like a laptop, but instead of running its own full-blown OS, it simply rides the vast array of mobile carrier networks (like Blackberries currently do) to deliver a virtual desktop hosted in a nice segmented/protected internal network in their employers' data centers (e.g. Citrix, Terminal Servers, or X Windows). Instead of the critical, highly-valuable information floating all over the network and beyond in general purpose computers, we will see a return to the centralized computing paradigm reminiscent of the mainframe days, but with all of the flexibility of the point-and-click user interfaces. Users will interact with their desktops over nice TLS/SSL/IPSEC tunnels over a variety of wireless carrier and 802.11 networks. As long as there's bandwidth, there will be productivity. The thin client hardware will be cheaper and last longer-- another sure foothold that will bring them into the mobile market. And best of all, if one is lost, it will only cost pennies to replace the device since the data does not reside within it. Provisioning will be faster than disk-imaging techniques, and the massive back-end systems can be heavily virtualized with tools like VMWare.

Dan Geer recently said that as Moore's Law for computing power doubles every 18 months, disk space doubles every 12 and bandwidth doubles every 9 months. In our "data in motion" world, the best way for organizations to really protect data is to only "present" it to thin client endpoints. RIM has been wildly successful with introducing us to this concept via its Blackberry product line, it will only be a matter of time before some other company changes the way we think about thin clients as a mobile computing solution.

Before I am blasted by those whose religion is the PC based (decentralized) world, let me be the first to say this will not solve the problem for everybody-- just 99.9% of those cases where laptops are stolen or lost. Thin computing will not necessarily help the end-user market, but it will assist fixing their problems as well.


-Tim

That's exactly what I do

[CrazedWalrus]

I have a 40 gig partition sitting on my disk which I mount via the cryptoloop kernel module (available by default - nothing special required). I use this as a simple secure data store, and the directories I think are sensitive I put in there via symlink. The CPU (Core Duo 1.83Ghz) doesn't even break a sweat. I have a small shell script that's run by /etc/gdm/Default/Init (if I remember correctly) that pops up a zenity dialog asking for my disk password (which must be at least 25 characters in length) before it asks for my regular username/password. After that dialog, the filesystem is mounted, and I can forget that I'm encrypting anything.

Obviously, /home is based there (via symlink). I've also created a 'secure' postgres tablespace, which houses my books and records development database snapshots. Very likely I should also be putting various */tmp directories there, as well, and any suggestions would be appreciated. I hadn't even thought of swap, but with 2G of RAM, I barely ever touch swap anyway. I'll be thinking about how to do this as well, though. I don't suspect it'd be much different than mounting the existing datastore -- just an extra swapon command for the loopback device.

I am a small corporation, and very likely the only theft of my laptop would be the typical smash-n-grab thief. I don't consider him the type who would spend the time breaking my encryption, and so I consider this measure to be sufficient to safeguard my information.

I've thought several times about starting a "secure laptop project", where we'd try to release scripts/RPM/deb for various distros (I use Ubuntu) to lock them down right. Really, though, the distros should detect that they're installing on a laptop and prompt for this type of thing at setup. It'd be a lot easier to do this at setup than after the filesystems have been populated -- more consistent and complete as well.

Anyway, my first cup of coffee hasn't kicked in yet, so please forgive me if this isn't totally coherent.

bingo!

[RMH101]

It's exactly what we use. It's not the only enterprise grade whole disk encryption out there, but it's a good one. For enterprise use it's GOT to provide some central mechanism for key recovery as you can't afford to run something that locks users out forever from their machine if they forget the key, it's just not practical. Pointsec has a bit of an overhead, it slows down older laptops but doesn't hurt reasonable spec ones too much...

Re:performance

[Kichigai+Mentat]

Yeah, but FileVault is different. FileVault just encrypts your Home directory, this doesn't include parts of the operating system, libraries, or applications. Encrypting those will definitely slow things down. Interesting side note: My iBook claims I need 4084 GB free to encrypt my 23 GB Home directory. But this brings up an interesting issue. With the new Dual-Core processors (like those used in the MacBooks), what kind of performance hit do people take with their usual usage? One core decrypts, one executes code. Theoretically, aside from waiting for code to be decrypted, there shouldn't be a big hit on speed at all.

Better not to encrypt in the U.S.

okay, so you encypt all of your stuff. then Uncle Samuel's best comes back to talk you and wants to know what is on your machine. They can torture or your children or take to gawdknowswhere and keep you there until you talk.

Better to say in the clear as you as you live in the police states of the U.S.A.

Re:Some data and personal perspective on that poin

[frp001]

WHO are "they"???? And why would "they" want to see the laptop?

FDE Study

[KC7JHO]

This is a study I have just completed on this. I welcome any thoughts on this, if they are well thought out and stated.

Requirements:

Full disk encryption required: This is required because of the nature of the security threat our users face.

If the laptop is stolen the entire contents MUST be encrypted in order to keep the data from being recovered. This is our top priority.

If we were to use a repository / single file based encryption mechanism the user would be required to move all files they are working with into and out of that system. Our users usually have no idea where the files are physically located on their hard drive and would have very little probability of moving the correct files to the correct place.
This also leaves open the availability of recovering the "Protected" files from the systems temporary file management system and swap space after they have been opened. This is a common practice which computer forensics investigators use to recover deleted files during an investigation.

As a securities industry regulatory agency our investigators machines become a prime target for identity theft, con artist, corporate espionage, and any other type of thief would like to have a chance to view the investment records of a firm who we regulate. The first line of defense against this would be to not store any exams on the laptop which are not absolutely necessary for the examiner at the time of fielding. This still leave the possibility of their being current exams on the machine and traces of previous exams in the systems temporary and swap file space. In order to guard against this type of data loss and exposure to liability we must encrypt the data with cryptographic industry standard encryption systems. In order to be sure we have encrypted everything, we must encrypt the entire hard drive.

Three levels of authentication required:

1. Something you know (Password)
2. Something you have (Biometric Fingerprint Reader with Smartcard)
3. Something you are (Fingerprint)

When using a password only authentication system our users are exposed to the possibility of a shoulder surfer who is watching either directly or using cameras, remember that most cell phones now come with built in cameras which can be used to photo or video the position of the users fingers while they are typing the password in.

This also exposes the system to a brute force password attack which given time and equipment can eventually come up with the correct password. If the identity thief - Con artist thinks they will be able to make a few million dollars from the data on that laptop they will be willing to go to great lengths and expense to obtain it.

We have chosen biometrics as the 2nd/3rd level of authentication due to the fact that if a smart card / USB key is used it will simply be kept in the case with the laptop therefore negating it as a security solution in the event of laptop theft and reducing the level from 2 to only 1 instead of 3. If the reader is kept in the bag we still have 2 levels with the #3 being the most secure of all.

The biometric solution we have selected uses 4 levels of security in theory by requiring a smartcard and USB reader however we feel that the added security is negated due to the fact that the user will leave the smartcard in the reader and the reader in the bag with the laptop when not being used.

If we try to tell the users they must keep these items separate and not keep them with the laptop they will simply lose or damage them. They usually have enough items to carry while moving from site to site and the more compact the system can be the less chance they will leave something or that some thing will be grabbed with out their notice.

Our users are not usually accessing a network when outside of our office and the access to the local hard drive is protected through the windows logon and file sharing already when they do. This will keep intruders

My two cents

[DaveJay]

First: if your people in the field are running 1.2GHz laptops, and want to upgrade to 1.6GHz laptops, can you justify the cost? Probably not, because for most people using laptops, it's not the speed that matters (after a point); it's the portability. Yes, it sucks to be slower, but nobody ever gets a computer that's as fast as they want, and we used to run around with high-end laptops running 550mhz P3s. Your users won't care if they don't know.

Second: if the data is so important that losing access to it (due to a lost key or whatnot) is a big risk, then losing access to it due to physical damage, a bad drive, or theft is equally bad. The thing is, if you're not encrypting, then all of those cases (including theft) are a data LOSS issue; however, you're still open to data THEFT (as opposed to laptop theft.) Add encryption, and your data is safe when the laptop is stolen -- and is no worse off for data loss due to a forgotten key than it is for data loss due to other reasons.

In short: if the security of your data is important enough to justify the LOE involved with training for, implementation of and support of an encryption solution, DO IT, and ignore the speed/lost key issues as red herrings.

Crypted swap not high value but nearly zero cost

I agree that if your threat model is an idiot who wants to make an easy buck off your data, encrypting swap is not important. However, there are two factors the come into play:

1) For a huge number of people in the world, the most realistic threat model isn't some crackhead trying to make a buck... it's their own government looking for excuses to give them a hard time. The government might be staffed by twits but the twits have expensive tools. Crypting swap would help.
2) Encrypted swap is utterly trivial and has none of the key management issues of encrypted FS. Really, all OSes should ship with swap encrypted by default. Here is what it took to encrypt the swap on my Linux laptop:

Add two lines to /etc/rc.sysinit above the swapon line: /sbin/cryptsetup -c aes-cbc-plain -s 128 -d /dev/urandom create cryptswap /dev/hda3 /sbin/mkswap /dev/mapper/cryptswap

(hda3 is my swap partition)

And edit /etc/fstab to replace /dev/hda3 with /dev/cryptswap

Done.

The key is randomly changed every time I restart the computer and is never stored (except in kernel memory).

Performance? .. if I'm swapping hard I'm already screwed on performance.