Encryption is Not Enough

Keeping digital data private takes more than just encrypting the data.

Inconvenient fact #1: Encryption is harder than it looks: Not just any encryption program will do. You need expertly designed software. Not only the encryption algorithm itself, but the whole chain starting with password hashing. A  recent highly visible example shows that it's hard to know who's expertise to trust. [discussion] [examples of cryptographic vulnerabilities]

Any encryption program can have bugs that are eventually discovered. Why would it be different from other software? It can also have a secret backdoor. With that in mind, here's what I look for when choosing an encryption program.

• The program must not rely on a proprietary encryption algorithm, but rather a time proven algorithm that has been extensively reviewed by the cryptographic community. Examples are AES (Rijndael), DES, Triple-DES, Twofish, and Serpent, and combinations of these used in cascade. But that's just the first hurdle.
• I'm highly skeptical of programs offered by individual authors. Encryption is naturally intriguing, but inexperienced implementation of public algorithms is almost always fatally flawed. In many cases, there are clear warning signs that these programs are not secure at all.
• I look for software that has been proven over time. The program should have been widely used for several years without being breached. Even though a new encryption program uses a time-proven algorithm, implementation of that algorithm is not proven.
• Open-source software is a better choice than closed-source software, particularly if it is actively used by commercial entities.

Inconvenient fact #2: Operating systems are messy: They leave behind all sorts of echos of the data you access or process -- swap files, temp files, hibernation files, browser cache files, and other artifacts. Many simple encryption programs simply decrypt to a plain-text file. Yes, they may delete the plain-text file when you close the program, but they may not purge the file.

Using a compression -- e.g. Zip -- program for encryption can be particularly hazardous. Unless you can create, open and save files directly in the encrypted archive you'll leave clear-text version of files behind on the host computer. You must purge (not just delete) those working files. You did know that deleted files are not actually erased didn't you?

Thus anyone -- burglar, snatch thief, snoopy co-worker -- who gains access to your computer, running or not, could find clear-text echos of your encrypted data. If you don't have adequate physical security for your computer, you may want to use full disk encryption. Then those clear-text echos will be encrypted when your computer is off. Be sure your program also encrypts whole hard drive when your laptop lid is closed, not just when it is off.

Inconvenient fact #3: Most any competent programmer can grab the code for an encryption algorithm -- say AES -- and put together a user interface to control it. Unless they are a seasoned expert though, their encryption process will be fatally flawed by the naive implementation they develop. A good hacker can unlock most of those without much effort. As Bruce Schneier puts it in Security Pitfalls in Cryptography:

A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on. Break any of them, and you've broken the system. And just as it's possible to build a weak structure using strong materials, it's possible to build a weak cryptographic system using strong algorithms and protocols.
------------------
Just because an encryption program works doesn't mean it is secure. What happens with most products is that someone reads Applied Cryptography, chooses an algorithm and protocol, tests it to make sure it works, and thinks he's done. He's not.
------------------
Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely "buzzword compliant"; they use secure cryptography, but they are not secure.

Malware presents another threat: If any computer you  access your data with is infected by spyware, the clear-text (decrypted) data can be transmitted to an exploiter over the Internet. Encryption doesn't do a thing for you in this case. Your security system (or lack thereof) has let you down.

One final worry: Your computer and/or storage devices may be subject to search. It may be better to not have your sensitive data with you if you're traveling by air. Consider storing your data in the cloud (online in encrypted form) or accessing it over a VPN when you need it.

Conclusions:

• It can be as important to protect your computer(s) from malware as it is to encrypt your data.
• If your sensitive data is on a computing device that is not always physically secure you need full disk encryption to be sure your sensitive data is not recovered from residual clear-text data.
• Device, folder or file encryption programs are adequate if you're merely transporting data on portable media, like CDs or DVDs, or storage devices, like external hard drives or USB thumb drives.

Note from the TrueCrypt manual:

"System [full disk] encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well."

A fatal backup error:

Encryption programs that create encrypted "volumes" (files that contain encrypted files) do not change the size of the container file, and often intentionally do not change "date modified", even though files in the volume have been changed or added.  The purpose is to maintain plausible deniability, but the result can be that your backup software does not recognize that the volume file has changed, and skips backing it up.

Information on full disk encryption:

• 8 Reasons for Full Disk Encryption
• Bruce Schneier is a data-security expert, who recommends PGP Whole Disk Encryption program.
• full-disk-encryption.net
• Full-Disk Encryption Suites
• Comparison of disk encryption software
• Filesystem-level encryption