Encryption is Not Enough

A few facts

Inconvenient fact #1 - Cryptography is harder than it looks: Not just any encryption program will do.  Most any competent programmer could grab the open-source code for a block cipher (cryptographic protocol) -- say AES -- and put together an encryption process to get from password entry to ciphertext.

But there is a special Murphy's Law for budding cryptographers: Somewhere else in the naive coder's encryption process - key generation, random number generation, hash processes, etc. - there will almost certainly be one or more fatal flaws. A skilled hacker can often find and break process vulnerabilities without much effort. Do-it-yourself encryption is much like thinking you could be competitive with Bobby Fischer or Garry Kasparov [more]

As Bruce Schneier puts it in Security Pitfalls in Cryptography:

A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on. Break any of them, and you've broken the system. And just as it's possible to build a weak structure using strong materials, it's possible to build a weak cryptographic system using strong algorithms and protocols.
------------------
Just because an encryption program works doesn't mean it is secure. What happens with most products is that someone reads Applied Cryptography, chooses an algorithm and protocol, tests it to make sure it works, and thinks he's done. He's not.
------------------
Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely "buzzword compliant"; they use secure cryptography, but they are not secure.

A recent highly visible example shows that it's hard to know who's expertise to trust. [discussion] [examples of cryptographic vulnerabilities]

Example: The temptation to use proprietary, closed-source cryptology leads to persistent folly:

"Even the strongest of the encryption algorithms can be defenseless, if it is implemented with errors, or used inappropriately, and that is the illness of the proprietary software. Microsoft is especially infamous for that, as virtually each of its cryptographic solutions had serious vulnerabilities, often breakable in a trivial manner. One need not venture far for the examples, — Kerberos, encryption of Microsoft Office documents, PPTP VPN, NTLM authentication protocol, SysKey, EFS encryption in Windows 2000, RNG implementations in Windows 2000/XP/Vista. As history shows, that company is unable to learn on its own mistakes, therefore it is better to use anything, but the Microsoft's cryptography, since, even if you would want to, you will find no worse reputation, than the one enjoyed by the Microsoft." ~Mycotopia Forum

Inconvenient fact #2 - Operating systems are messy: They leave behind echoes (cleartext) of the data you access or process - swap files, temp files, hibernation files, browser cache files, and other artifacts.

Windows Volume Shadow Copy Service presents a special problem. Even if you wipe the file after encrypting it, the cleartext copy of previous versions remain on the drive. Even though they are hidden, it is easy enough to find and restore them.

Many simple encryption programs simply encrypt from and/or decrypt to a cleartext file. Yes, some of them delete the cleartext file after you close the program, but they may not securely purge the file (make it unrecoverable).

Using a compression -- e.g. Zip -- program for encryption can be particularly hazardous. Unless you can create, open and save files directly in the encrypted archive you'll leave clear-text version of files behind on the host computer. You must purge (not just delete) those working files. You did know that deleted files are not actually erased didn't you?

If you lose your computer, or if anyone - burglar, snatch thief, snoopy co-worker - gains access to your computer, running or not, they are likely to find cleartext echoes of your encrypted data. You may want to use full-drive encryption to prevent that. All those cleartext echoes will be encrypted when your computer is off. Be sure your program also encrypts the whole hard drive when your laptop lid is closed, not just when you turn it off.

  • From the TrueCrypt manual:

"System [full-drive] encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well."

Inconvenient fact #3: Any encryption program can have a secret backdoor. The backdoor may be government-mandated, or provided for convenience in recovery and other administrative functions. Other than government access, the primary hazard is that backdoors are often easily hacked by attackers.

Inconvenient fact #4: Malware presents another threat: If any computer you use to access your data is infected by spyware, the cleartext (decrypted) data can be transmitted to an exploiter over the Internet. Encryption doesn't do a thing for you in this case. Your computer security system (or lack thereof) is what lets you down.

Final worry: Your computer and/or storage devices may be subject to search. It may be better to not have your sensitive data with you if you're traveling by air. Consider storing your data in the cloud (online in encrypted form) or accessing it over a VPN when you need it.

With those factors in mind, here's what I look for when choosing an encryption program:

  1. The program must not rely on a proprietary cipher (encryption algorithm): It must use a time proven algorithm that has been extensively reviewed by the cryptographic community. Examples are AES (Rijndael), Twofish, and Serpent, plus combinations of these used in cascade. But that's just the first hurdle.
  2. I'm highly skeptical of programs offered by individual authors, or as a feature of software that has another primary purpose. Encryption is naturally intriguing, there are excellent public algorithms available for anyone to use, but inexperienced implementation is almost always fatally flawed. In many cases, there are clear warning signs that these programs are not secure at all.
  3. I look for software that has been proven over time. The program should ideally have been used for several years without being breached. Even though a new encryption program uses a time-proven cipher, implementation of the rest of the cryptology has not been demonstrated.
  4. Open-source software is a better choice than closed-source software, particularly if the software has been actively used by commercial entities.
  5. Does the software have a backdoor? Other than government access, the primary hazard is that backdoors are often easily hacked by attackers.

Pismo File Mount Audit Package provides a useful example of my approach to vetting encryption software, based on the factors in above.

I like the Private Folder feature of this audit package. It allows you to quickly access an encrypted file that you convert to an encrypted folder using a context menu command in Windows Explorer. There is no program to open. The big advantage other than convenience is that you can read and write to this folder, completely avoiding the problem of plain-text residue on your hard drive. But is the encryption robust?

  1. Does the program rely on a proprietary encryption algorithm? No, they state that “Private Folder utilizes AES encryption and PKCS5v2 key generation.” So far, so good.
  2. Is the program offered by an individual author? It is offered by a commercial enterprise. That's good.
  3. Is it a feature of software with another primary purpose? Encryption is a recently added feature to software that has a more general primary purpose. Not so assuring.
  4. Has the software been proven over time? The program has been available for some time, but the encryption feature is recent. Also, I was unable to find any reviews by competent examiners. Not yet proven I guess.
  5. Open-source software is a better choice than closed-source software: Source code is not available for the audit package itself, but source code is available for the core functions that the audit package uses. Good sign.
  6. Does the software have a backdoor? In my opinion, based on the nature of the product, probably not.
  7. Conclusion: There are better alternatives.

Fatal backup trap:

Encryption programs that create encrypted "volumes" (files that contain encrypted files) do not change the size of the container file, and often intentionally do not change "date modified", even though files in the volume have been changed or added.  The purpose is to maintain plausible deniability, but the result can be that your backup service or software will not recognize that the volume file has changed. If you use incremental backup for example, the volume file would be skipped after the first time.

TrueCrypt is an example of a program that does not change the modified date. However, some cloud backup services - Dropbox for example - check the hash value of volume files, not the date, and if they change Dropbox stores a new copy of the volume file. TrueCrypt is thus a good way to implement client-side encryption for your most sensitive files if you're using Dropbox for backup. SkyDrive, for example, uses the modified date - not a hash value - so TrueCrypt volumes will not be backed up by SkyDrive after they change.

Similar information on the pitfalls of encryption:

Share this
4.36508
Average: 4.4 (63 votes)
Your rating: None

Comments

by trojanaldila (not verified) on 11. November 2012 - 5:42  (102146)

(Very busy. Very old. Hope this site still active. Will take chance...)

What if i encrypt my (let's call it) 'data' with 4 or 5 different programs.
And then rollback the system (eg Acronis Try & Decide) and THEN: run an end-of-file/drive wiper (7 passes)? Am i safe now? (data now resides on encrypted-or-not jumpdrive(s) that i'm not worried about...)

Note: i'm not going to 'try' TrueCrypt because one horror story has scared me away from ANY drive locking software. (The user's 'drive' got inconveniently disconnected - oops...)

by trojanaldila (not verified) on 19. November 2012 - 2:59  (102538)

thank you...

thanks... NOW i give you my best crypto-secret:

If i want to like really protect a file: use encrypting mixed with file-splitting...

encrypt.. split (5+-pcs).. combine out-of-order.. encrypt.. split (3+-pcs).. combine again... ++...

((of course you don't write down the correct order or ANYTHING else...))

i'm not apraoind (paranoid - ha ha) - just cautious...

by philip on 11. November 2012 - 20:35  (102173)

If by "end-of-file/drive wiper" you mean free space wiper, then I'd say you're safe.

by trojanaldila (not verified) on 19. November 2012 - 3:04  (102539)

obviously i'm "new"...

see my 'thank you' reply UNDER my initial post.

thanks (again) to philip!

by Dennis B (not verified) on 23. September 2012 - 12:38  (99645)

Great article. I recently compared my TrueCrypt volume file that I backed up from the original file and long and behold the contents of the backup did not update some of the individual files (fatal backup trap). I really like TrueCrypt. Is there any backup software out there that will avoid the fatal backup trap while using TrueCrypt?
Tks
Dennis

by philip on 24. September 2012 - 0:31  (99663)

Hi Dennis,

I've updated this article very recently, so I don't know if you have read the latest version.

The latest one contains this paragraph:
"TrueCrypt is an example of a program that does not change date modified. However, some cloud backup services - DropBox for example - check the hash value of volume files, and if they change, they store a new copy of the volume file. So TrueCrypt is a good way to implement client-side encryption for your most sensitive files."

So... Dropbox is one backup service that does work. The only way I know of to make sure all the changes inside a TrueCrypt volume file are included is to avoid incremental backups and always perform a full or mirror backup. There may be other backup programs that check hash values though.

There is also a preference in TrueCrypt that you can un-check - "Preserve modification timestamp of file containers" - but it doesn't seem to change things for me.

by RichardCorso (not verified) on 11. May 2012 - 11:03  (93354)

I was told some time ago that only early versions of PGP should be used as later versions contain a mandatory CIA back door.

by philip on 11. May 2012 - 14:30  (93362)

Who knows? PGP does seem to have a questionable history.

by Anonymous on 10. February 2009 - 18:45  (15766)

If you are an English speaker ....

We don't permit discussion about the writing skills of our posters. This site is about exchanging information; it's not about grammar pedantry.

peter

by Anonymous on 10. February 2009 - 8:35  (15707)

Does anyone here have experience with full disk encryption of the system drive with Truecrypt? I'm using Cryptainer (Cypherix) on my data partitions and external drives for about 5 years without problems. I started using Truecrypt on my last external drive (+1TB) because cryptainer let you only make volumes of max 500GB. So far the Truecrypt vol and Crypt vol worked fine without conflicts. I'm thinking about encrypting my system drive as well with Truecrypt or any other encryption software. Any known problems with encrypting the system drive with Truecrypt ?

by chris.p on 26. January 2009 - 15:17  (14712)

Your point is valid, Jonathan. Anyone can say they are an expert. You can only check by looking at their volume of work, and their reputation.

As an example, take Steve Gibson of GRC fame. Nine years ago his site (whichever one it was at the time, as the situation was fluid then) was the go-to site for firewall advice, tests, and recommendations. He was the guy who basically told us how to evaluate firewalls, and gave us the tests to help with that. He flagged up how useless Blackice Defender was, for example, and their cunning attempts to make their product look better simply by rigging the response of the application to tests instead of just fixing it (which they did a lot later).

However, later it was found that he had not been entirely honest in some of his other dealings, notably with customers for his ZoneAlarm Pro firewall (which was undoubtedly the best at that time - Agnitum Outpost etc came later).

So to evaluate SG's contribution you would have to balance those facts. Know your expert.

chris.p

by Anonymous on 25. November 2008 - 11:36  (10989)

The Vermin8tor asks: If an encryption program once installed,ie Compusec 4.0, installs an embedded rootkit detected by AVG Anti-rootkit,will this cause problems,or is it simply something not to worry about?

by philip on 14. December 2008 - 21:30  (11897)

AVG is more than likely to identify software as a rootkit, even if it is perfectly benign, if it hooks into the operating system in the same manner that a malicious rootkit would. No doubt, that's what happened to you. You must decide if you trusted Compusec. If you did, then all that AVG has done is alert you with a false positive. Think of it as a question, not a statement that AVG makes about Compusec. Your response is what counts, not AVG's mechanistic message.

Cheers

by Anonymous on 25. November 2008 - 11:32  (10988)

Encryption puts up a red flag for Hackers who can get into your system and encrypt it so you can't access it.So wouldn't hiding your programs etc be better? Hiding them with a program that locks via a password?
Creating 1 partition with all your program files on that and then another, does it truly create a gap that no virus can jump over? or;
If you have 'created' C:\ partition and then a D:\,does it create a gap that 1 drive with infected program,can't jump over and infect the other? Or is this a myth?

by philip on 14. December 2008 - 21:25  (11896)

Hiding things simply does not work much better than hiding your jewels in the back of you underwear drawer. You can only hide things from non-sophisticated searchers. Hiding files only makes them somewhat invisible via the specific instance of the operating system that was used to hide them.

Taking the hard drive out and examining it with another computer, even one running nominally the same operating system, will completely reveal any files that are not encrypted, even if they were "hidden".

Cheers

by Winston Smith (not verified) on 16. July 2012 - 8:41  (96261)

"Taking the hard drive out and examining it with another computer, even one running nominally the same operating system, will completely reveal any files that are not encrypted, even if they were "hidden"."

Hard drives can be password-protected, right? So even if you take them out of one computer and stick them in another, you still won't be able to access it if you don't know the password. I've heard it's virtually impossible to bypass that. But is this alone a great option for protecting files? Or is encryption an absolute must?

by philip on 16. July 2012 - 14:37  (96274)

Hi Winston,

I'm not sure what you mean by password-protected hard drives. I presume you are referring to full hard drive encryption.

And yes - provided that the password is strong enough - the contents cannot be accessed without the password. For Windows 7 & 8, Microsoft includes BitLocker for encrypting the hard drive, but only on the Pro and higher versions. According to them:

"You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would."

There are also free versions of utilities that will provide full drive encryption, which include TrueCrypt. [http://www.techsupportalert.com/best-free-drive-encryption-utility.htm]

by adamwright66 on 28. September 2008 - 11:36  (8409)

Sir,
first : for more discussion on drive encryption softwares see : www.sdean12.org .

second : is there any possiblity that some expert person(s) evaluate some encryption softwares that are freeware and are in use currently?
it would be ideal that somebody like b. schnier evaluate kruptos2, advanced blowfish cs ,AxCrypt ,truecrypt and freeOTFE .i asked Mr.schnier myself but he was not familiar with these programs exept for truecrypt that he wrote it is good because one of his trustable friends said it .

i think community is vulnerable by these shortcomings about abscence of independent and trustful reviews about these programs .

what do you think about this?

regards . adam

by JonathanT on 29. September 2008 - 13:51  (8447)

I've heard AxCrypt is supposedly quite good: http://www.wilderssecurity.com/showpost.php?p=1221853&postcount=5

by philip on 28. September 2008 - 19:36  (8422)

It would be fantastic to have reviews from someone who knows the pitfalls of cryptogaphic software, and who can also read source code: Someone like Bruce Schneier or Sara Dean, but I don't know any experts myself. You've already asked Bruce about some programs, and Sarah wrote FreeOTFE, so she wouldn't be the one to review it. :-)

Sarah has reviewed E4M, Invincible Disk, and a whole bunch of not-free programs. I think I know enough to recognize that they are professional reviews. Besides those, TrueCrypt is the only free program for which I've found valid reviews online.

As with any security question, your choice of cryptography software is a balance between what you're willing to risk, and what you're willing to trust. Since this is a volunteer website, with no cryptographic experts, we have no way to improve trust beyond what we can discern online. Aside from TrueCrypt, that's not much for any of the free programs. ;-)

Cheers

by Anonymous on 29. August 2008 - 23:20  (7078)

I fully agree with Jonathan! This is my biggest concern with all forms of encryption. It is the "back door" that concerns me most. If you cannot keep the likes of the CIA out then why have encryption. I don't have a problem with security for financial transactions & I'm no axe murderer, I just simply don't trust them or any other corporation or government on the planet. Its as simple as that. So how can I best protect myself? When there is money to be made morality is gone.

I figured a way forward is when and if I don't want the CIA to know something I play off one government against the other. eg We all know China and America is the future / current cold war, so use Chinese written encryption software and visa versa to suite! No...not a good idea? Even here they can collaborate when it suites them, but at least it’s a better start. I'm sure there are other countries also not "conveniently" aligned with the western world like Malaysia etc. The only difficulty is getting this software & services written in english so I can use them...

Now there's a business in that isn't there?

by philip on 24. August 2008 - 14:26  (6839)

I'm the author of this article on encryption. I just stumbled on these comments because I haven't been checking. I need some time to think about the questions raised. Meanwhile, please leave any other thoughts.

Update: I have updated this article to more clearly define the attributes that a trustworthy encryption program should have.

Cheers

by JonathanT on 3. July 2008 - 11:28  (3500)

Hi

I just realised, isn't disk encryption still encryption? So how is it not enough?

Thanks

by philip on 6. September 2008 - 18:08  (7432)

The point was that file or partition encryption is what is not enough to protect you against anyone with physical access. So that's why you may need full disk encryption.

Cheers

by JonathanT on 7. September 2008 - 2:12  (7453)

Hi

OK. Thanks for the reply.

by JonathanT on 3. July 2008 - 11:27  (3499)

Hi

"It should also be open source software that has been examined by independent experts to make sure it doesn't hide any backdoor entry points."

Well I don't think this statement is entirely correct, a company which has closed-source software can build a good reputation and can be trusted, like PGP.

And how will people know who are the independent experts (I honestly don't know)? I mean couldn't anyone just say that they were an expert?

Thanks

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.