Capitol Armory ad

Anyone using Tor?

The #1 community for Gun Owners in Texas

Member Benefits:

  • Fewer Ads!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • TX69

    TGT Addict
    Emeritus - "Texas Proud"
    Rating - 0%
    0   0   0
    Dec 23, 2012
    6,801
    21
    DFW
    Most people find TrueCrypt works fine. It has certain advanced features that are relatively obtuse in application (plausible deniability, for one) and it depends on the user to define what is and isn't encrypted. The problem, of course, is that Windows tends to spread forensically useful files all over the place, potentially in places other than what TrueCrypt is protecting if you've set up TrueCrypt in a way that leaves parts of the system vulnerable.

    As an aside, you mentioned "real time". I've done a great deal of performance testing with various whole disk encryption products and have found that almost none of them, even the crappiest ones, slow the computer enough for a user to tell the difference. Don't worry about "real time"; they can pretty much all do "real time".

    Let's start with data at rest. For beginners, I prefer a good whole-disk solution. I know that various government agencies, including some that have been taking whole-disk encryption seriously for much longer than most, use WinMagic. I've used it both at work and on home computers. In these days of paranoia, I have to admit that it could be compromised. However, if you got prosecuted for something that required WinMagic to be broken, there are a bunch of government agencies that would cancel their contracts. I'd be willing to trust it.

    It's $108 from https://winmagic.com/estore/securedoc-for-windows

    It has competitors but I only have administrative experience with a couple of them. I'd be happy to investigate further into any particular product that interests you.

    Freeware solutions are a bit more difficult. Yes, TrueCrypt is the default standard. It will do everything that anyone wants. It has the capability to do more, unfortunately, so that means that setup can be a bit more complex. For a novice, setup was pretty impenetrable the last time I tested it. However, that was years ago. I feel sure things are much improved by now.

    You can use TrueCrypt, reputedly, with full confidence. I just can't personally endorse it since I've always used either high-dollar enterprise implementations or LUKS-based schemes inside Linux, a different operating system. IOW, my experience doesn't parallel yours sufficiently for me to make a solid recommendation based on personal experience. Still, sources I trust say that TrueCrypt is good. I wouldn't be nervous if I had no other option. Use it with confidence because if it's ever well and truly broken, the tech press will be all over that story.

    Having considered data at rest, we turn to communications. Frankly, that's a much more complex topic and one that I'm not sharp enough to trust for comprehensive recommendations. At minimum, ditch Internet Explorer and use Firefox or Chrome with HTTPS Everywhere installed. See: https://www.eff.org/https-everywhere . If you do your communications through web apps of one sort or another, this will greatly increase your security. It's not a cure-all by any means, but it's a good start. Absolutely read the FAQ and understand what you're getting and what you're not. If you feel you need more, there's a learning curve. Sometimes it's steep, depending on what you want to achieve.

    Hope this gets you started.

    Jordan - Any thoughts?

    Jordan, Much appreciate the reply and lengthy write up. I am a rookie at best albeit I have been working with/on computers since the TRS80 days. At the moment we both use our PC's for work and I am responsible for keeping thing working. Basic home network with three laptops that get used a lot.

    Recently I have gotten much more concerned about security which had led me to the questions about encryption. Not that we have suer sensitive info here but want to take steps to protect what is ours. My SO (like everyone else's) is addicted to FB and social networking. She bounces around life without a care as ignorance is bliss in her world. I am the more paranoid type and want some anonymity. From the bolded test above here are the steps/software that I have been using on our PC's.

    Ghostery
    DNT+ / MaskMe
    Priv3
    Disconnect
    HTTPS Everywhere
    AdBlock Plus
    Google Opt Out

    I tried changing the value of "referer" to "0" but it locked me out of a forum I use so I kept the value at 2.

    A few years ago I tried Anonymous but they have since raised their prices very high and I have not been back. Not sure if using it would be of any help?

    I'll admit that using TrueCrypt scares me a little since I fear locking myself out (lol) or fubarring my PC in some way. I may try it on one of our old and retired machines to get the hang of it. Being that we travel internationally it might be a good option.

    Thanks again for the help
     

    benenglish

    Just Another Boomer
    Staff member
    Lifetime Member
    Admin
    Rating - 100%
    7   0   0
    Nov 22, 2011
    23,933
    96
    Spring
    Being that we travel internationally it might be a good option.
    Be aware that in some jurisdictions encryption is selectively illegal. Whenever I prepped an Agent for duty in France, for example, I had to wipe their computer clean because it is illegal to enter France with an encrypted computer. Once inside the country, they'd have to check in with my counterpart in Paris and we'd build their machine from there. A local tech could image it, I could set up the crypto, and then I'd restore the files. (France is weird. You can be encrypted while in the country; you're just not allowed to cross the border with an encrypted device.)

    Traveling internationally with a *very* secure machine is considered highly suspicious in some places. Generally, no one notices because they don't look closely. However, there are places that if they do look and you're encrypted, your day is ruined.

    If you travel internationally, TrueCrypt and its plausible deniability might actually be useful to you.

    ...TrueCrypt scares me a little since I fear locking myself out...
    Same here, at first. Since I've been using whole disk encryption for over a decade (nearly 20 years, now that I think about it), I've gotten over that. My passphrase is a small paragraph of nonsense and weird abbreviations and character substitutions, including using the extended ASCII character set. I know that if I ever forget it (it's not written down anywhere), I lose everything. But that's the price you pay for ironclad "data at rest" security.

    I once used a hardware solution that was very elegant. I really do love these drives: Eclypt Core Self-Encrypting Internal Hard Drive - ViaSat and have used them extensively. However, they are very unforgiving of forgotten and mistyped passwords. Screw up a few times in a row and you must use an admin account to unlock them. If you screw up with the admin account, the device is essentially bricked. Your data is gone, permanently. They are designed for large organizations where there is a central admin function that actually keeps track of emergency keys. For a home or small business user, they're just not appropriate. They're an awful lot of fun to play with, though. So are in-line encryptors like the one on the shelf right behind me (It's a DigiSafe DeskCrypt: DigiSAFE DeskCrypt | ST Electronics (Information Security) ? Data Protection ) ... but now I'm starting to ramble.

    Take care. ;)
     
    Top Bottom