Home

Encryption is Not Enough

Sat, 09/06/2008 - 18:02 — philip

Keeping digital data private takes more than just encrypting the data.

Inconvenient fact: Encryption is harder than it looks. Not just any encryption program will do. You need expertly designed encryption software that been proven over time.

As with other software, any encryption program can have hidden flaws that are eventually revealed. It can also have a secret backdoor. With that in mind, here are the attributes I look for when choosing an encryption program.

  • The program must not use a proprietary encryption algorithm, but rather a time proven algorithm that has been extensively reviewed the cryptographic community. Examples are AES (Rijndael), DES, Triple-DES, Twofish, and Serpent, and combinations of these used in cascade.
  • It must have been widely used for several years without being breached. Even though a new encryption program uses a time-proven algorithm, implementation of that algorithm can easily be faulty.
  • Open-source software (not necessarily free) is a better choice than closed-source software, particularly if it is actively used by prominent entities.

Operating systems are messy. They leave behind all sorts of echos of the data they access or process -- swap files, temp files, hibernation files, browser artifacts, etc. Many simple encryption programs simply decrypt to a plain-text file. Yes, they may delete the file when you close the program, but they may not purge the file. It is trivial to find and open files that have merely been deleted. (You did know that deleted files are not actually erased didn't you?)

Thus anyone -- burgler, snatch thief, snoopy coworker -- who gains access to your computer, running or not, is likely to find plain text echos of your encrypted data. If you don't have adequate physical security for your computer, you need to use full disk encryption. Then those plain text echos will be encrypted when your computer is off. Be sure your program also encrypts your whole disk when your laptop lid is closed, not just when it is off.

A warning on backups: Encryption programs that create encrypted "volumes" (files that contain encrypted files) do not change the size of the volume file, and often do not change the file's "date modified" even though content in the file has been changed or added.  The purpose is to maintain plausable deniability, but the result can be that your backup software does not recognize that the file has changed, and skips backing it up.

Malware is another threat. If the computer that accesses your data is infected by spyware the plain text (decrypted) data can be transmitted to an exploiter over the Internet. Encryption doesn't do a thing for you in this case. Your security system (or lack thereof) has let you down.

One final worry: Your computer and/or storage devices may be subject to search. It may be better to not have your sensitive data with you if you're traveling by air. Consider storing your data in the cloud (online in encrypted form) or accessing it over a VPN when you need it.

Conclusions:

  • It can be as important to protect your computer(s) from malware as it is to encrypt your data.
  • If your sensitive data is on a computing device that is not always physically secure you need full disk encryption to keep sensitive data private.
  • Device, folder or file encryption programs are adequate if you're merely transporting data on portable media, like CDs or DVDs, or storage devices, like external hard drives or USB thumb drives.


Note from the TrueCrypt manual:

"System [full disk] encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well."

Information on full disk encryption:

 

Bookmark/Search this post with:
#1Submitted by adamwright66 on Sun, 09/28/2008 - 11:36.

Sir,
first : for more discussion on drive encryption softwares see : www.sdean12.org .

second : is there any possiblity that some expert person(s) evaluate some encryption softwares that are freeware and are in use currently?
it would be ideal that somebody like b. schnier evaluate kruptos2, advanced blowfish cs ,AxCrypt ,truecrypt and freeOTFE .i asked Mr.schnier myself but he was not familiar with these programs exept for truecrypt that he wrote it is good because one of his trustable friends said it .

i think community is vulnerable by these shortcomings about abscence of independent and trustful reviews about these programs .

what do you think about this?

regards . adam

#2Submitted by JonathanT on Mon, 09/29/2008 - 13:51.

I've heard AxCrypt is supposedly quite good: http://www.wilderssecurity.com/showpost.php?p=1221853&postcount=5

#3Submitted by philip on Sun, 09/28/2008 - 19:36.

It would be fantastic to have reviews from someone who knows the pitfalls of cryptogaphic software, and who can also read source code: Someone like Bruce Schneier or Sara Dean, but I don't know any experts myself. You've already asked Bruce about some programs, and Sarah wrote FreeOTFE, so she wouldn't be the one to review it. :-)

Sarah has reviewed E4M, Invincible Disk, and a whole bunch of not-free programs. I think I know enough to recognize that they are professional reviews. Besides those, TrueCrypt is the only free program for which I've found valid reviews online.

As with any security question, your choice of cryptography software is a balance between what you're willing to risk, and what you're willing to trust. Since this is a volunteer website, with no cryptographic experts, we have no way to improve trust beyond what we can discern online. Aside from TrueCrypt, that's not much for any of the free programs. ;-)

Cheers

#4Submitted by Anonymous on Fri, 08/29/2008 - 23:20.

I fully agree with Jonathan! This is my biggest concern with all forms of encryption. It is the "back door" that concerns me most. If you cannot keep the likes of the CIA out then why have encryption. I don't have a problem with security for financial transactions & I'm no axe murderer, I just simply don't trust them or any other corporation or government on the planet. Its as simple as that. So how can I best protect myself? When there is money to be made morality is gone.

I figured a way forward is when and if I don't want the CIA to know something I play off one government against the other. eg We all know China and America is the future / current cold war, so use Chinese written encryption software and visa versa to suite! No...not a good idea? Even here they can collaborate when it suites them, but at least it’s a better start. I'm sure there are other countries also not "conveniently" aligned with the western world like Malaysia etc. The only difficulty is getting this software & services written in english so I can use them...

Now there's a business in that isn't there?

#5Submitted by philip on Sun, 08/24/2008 - 14:26.

I'm the author of this article on encryption. I just stumbled on these comments because I haven't been checking. I need some time to think about the questions raised. Meanwhile, please leave any other thoughts.

Update: I have updated this article to more clearly define the attributes that a trustworthy encryption program should have.

Cheers

#6Submitted by JonathanT on Thu, 07/03/2008 - 11:28.

Hi

I just realised, isn't disk encryption still encryption? So how is it not enough?

Thanks

#7Submitted by philip on Sat, 09/06/2008 - 18:08.

The point was that file or partition encryption is what is not enough to protect you against anyone with physical access. So that's why you may need full disk encryption.

Cheers

#8Submitted by JonathanT on Sun, 09/07/2008 - 02:12.

Hi

OK. Thanks for the reply.

#9Submitted by JonathanT on Thu, 07/03/2008 - 11:27.

Hi

"It should also be open source software that has been examined by independent experts to make sure it doesn't hide any backdoor entry points."

Well I don't think this statement is entirely correct, a company which has closed-source software can build a good reputation and can be trusted, like PGP.

And how will people know who are the independent experts (I honestly don't know)? I mean couldn't anyone just say that they were an expert?

Thanks

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <b> <address> <blockquote> <br> <caption> <center> <code> <dd> <del> <div> <dl> <dt> <em> <font> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <pre> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul> <tr>
  • Lines and paragraphs break automatically.

More information about formatting options