I am not a noob, nor am I experienced in these areas, modesty is a safe bet as I do not want to overstate my skillset.
I have two sources that I consider to be the people with the most experience that I know in these areas but they do not fully agree. I would like to get your opinions and whatever else you may want to share about what you do and why.
Friend 1, computer professional, runs his own business out of his house fixing peoples shit and tinkering with his own tech. Recommends LUKS for encrypting non-OS files (for speed) and temporary files and important data. Thinks truecrypt is garbage because its proprietary.
For deletion he uses dd and dev/zero. On his ext4 filesystem it takes 2 hours to dd and 2 minutes to LUKS a 300gb drive. He suspects that dev/zero over dev/urandom contributes a bit (he admitted he doesn't know how much cause he doesn't use urandom) but he thinks that the NTFS filesystem is the cause of the slow (20GB/hour) dd speed. He also said, when I brought up the idea that dev/zero with dd is less secure and determined people could see what was written on the disk before all the 0's because they're all 0's and its easy to see ( read a paranoid theory about this idea) and he said that with NTFS that'd be possible but not other filesystems.
His paranoia solution was dd, format, encrypt with random salt (I'm unsure what this is, something about password security) and then format with a different filesystem and use that one after encrypting. He also mentioned setting up encryption to randomize keys on bootup for your temp files and pagefile where your encryption passwords are stored.
Friend 2 said that dd dev/urandom with a few passes to be safe was a good idea and that Truecrypt is trustworthy. He also recommended using a bootable USB OS over a hard drive.
Please criticize all of these assumptions as I am here to learn what is correct.
Name:
Anonymous2012-07-04 4:41
>>1
set up LUKS with a random key
luksOpen it
dd over encrypted device-mapper disk
luksClose it
destroy LUKS header by overwriting the first four megabytes
create proper LUKS set-up
alternatively, pipe aespipe with a random key into dd
/dev/zero is in no way less secure than any random data source for wiping drives, even if it is only done once instead of through multiple passes. I advise you to Google "The Great Zero Challenge" for more information on the subject.
Name:
Anonymous2012-07-05 13:50
>>7
O RLY?
"someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. ... but the person chose the option to overwrite the information only once — a much less secure and less thorough option." - Wired article on how Bradly Manning got fucked. http://www.wired.com/threatlevel/2011/12/manning-assange-laptop/
"Bradley Manning's hard disk data was overwritten once, and the data that was recovered was from after the act of overwriting." -wikipedia
7 passes with random data or nothing.
Name:
Anonymous2012-07-05 14:01
>>8
Also, I just looked into the challenge. You only had 3 days to do it, and you couldn't write to or open the drive. That's like having a lock-picking challenge where you have 15 seconds to do it, and you're only allowed to use keys.
LUKS is better than TrueCrypt. I wrote 20 pages worth of notes about this a long time ago but I'm pretty sure they're lost forever.
In short, LUKS does more to fight data forensics. Plus you can have multiple keys for any one drive. TrueCrypt tries to give you "plausible deniability" but fails horribly at it. Any encrypted data passes the Chi Squared test, and even if you try to minimize how much information is in the header, it's fairly trivial to figure out what program / encryption scheme was used if the program is well known, which TrueCrypt is.
LUKS also inflates the encrypted master key and scatters it all over the drive so that it's impossible that dead sectors would cause the key to be permanently stored on the drive (if a sector dies the HDD just marks that area as unusable and will not read/write to it anymore, if the key was on a dead sector and you tried to wipe the drive, even 1,000 passes of /dev/random with dd wouldn't touch it).
The PBKDF in LUKS is better, in general LUKS is also more stable, there's a higher chance your data will get corrupted to shit with TrueCrypt. Its "hidden volumes" are a complete joke, look at the paper by Schneier on that.
Finally, in general you want full disk encryption, something that TrueCrypt doesn't provide on Linux (As far as I know, even if it does now, it would have implemented it recently, not enough time for suitable testing / peer review), and if you're going for security, Linux/BSD is the only choice, using Windows with encryption is pointless. Without full disk encryption, it's likely the programs you use will leave traces of the data you open, from thumbnails, caches, filename records, device access records, and so on. If your entire disk isn't encrypted, it's hard to not leave plaintext traces.
Oh right, and the stuff about USB OS over HDD OS is pointless. I guess if you want to be able to swallow your hard drive or keep all your data in your pocket any time your computer isn't on, but otherwise, with full disk encryption the integrity of your data is assured. Just put your boot partition on a USB stick or MicroSD card, that's the only partition that can't be encrypted. If you keep that on you at all times, then no one will be able to mess with the OS while the computer is off. So that someone wouldn't be able to modify the kernel and mess with the scheme. People could still install hardware keyloggers and other hardware fuckery, so keep that in mind.
You can use keyfiles too, but it isn't really necessary in my opinion. The way AES-256 works, a 39 character completely random (or as "random" as it will get) ASCII passphrase is the maximum amount of security you can get. This will get transformed into a 32-byte Key by the Password Based Key Derivation Function anyway, so after 39 ASCII characters you start running into collisions. Having >100 char passwords or multiple keyfiles won't do anything other than increasing the risk of data loss when you forget the passphrase / lose the USB sticks the keyfiles are on.
Name:
Anonymous2012-07-05 22:18
>>12
Dude, if your passphrase is over 18 words, you already have more entropy than can fit in a 256-bit key. Give it up.
Yes, and 39 random ASCII chars also have more entropy than a 256-bit key.
Assuming an average of 5 characters per word, that's 90 characters. I find it easier to just memorize 39 pseudo-randomly generated ASCII chars. Faster to type in, less chance of me mixing it up in my head, because I make new mnemonics for it, as opposed to reusing old ones from the familiar words.
Name:
Anonymous2012-07-05 22:43
I JUZ WARNERED A KNOW WHERES A BUS STOP WAAAH
Name:
Anonymous2012-07-05 23:03
>>14
Memorizing even 7 pseudo-randomly generate ASCII chars sounds impossible to me. How the fuck do you memorize 39?
>>2
Do you think you could explain what any of that means and why I should do it?
How does the DoD do 9 passes (1's, 0's, random x3)?
it took 17 hours to do a 300GB SATA connected disk for me with urandom. How does anyone?
>>12 Wouldn't a USB OS be preferable as all temporary data will not be stored on the drive and then be overwritten because of space limitations, rather than on an HDD where all temporary data will pile up on the disk rather than over each other thusly obfuscating any forensics looking into the past?
Someone over at /g/ said this... they weren't much help otherwise lol. It's all iPhones and NCIX builds over there lol.
"Secure data deletion is a myth of sorts. It simply can't be done on a file by file basis. However wiping an entire disk works better. urandom is a better choice, filing a drive with zeros can be filtered. The more over writes the better. However given time all data can be recovered if they know what they are looking for. Encrypted data can be wiped with a single random pass and there no chance in hell of getting it back. A single pass of zeros is always nice before a fresh install. DATA CANNOT BE WIPED FROM FLASH MEDIA. Unless encrypted as previously stated, do not store on flash drives because there is no way to securely wipe it. Lastly, filesystem makes no difference to a wipe."
What do you guys make of these claims? PS all my passwords are on post it notes! We're like brothers!
Name:
Anonymous2012-07-06 10:36
'>DATA CANNOT BE WIPED FROM FLASH MEDIA
this would imply that a flash memory cell can contain an infinite amount of information. Maybe they were getting at that it wouldn't be a good idea to frequently wipe your flash since it has a limited amount of writes. Or maybe they were talking about how the hardware will isolate blocks that are determined to no longer be reliable, and maybe you have information in these blocks that you would like to wipe, but now can't.
Most SSDs nowdays have secure erase. It's a firmware level function, it will wipe the drive completely regardless of if the blocks are dead or not. It also doesn't completely destroy the SSD when you wipe it as otherwise it would attempt to wear-level your wipe, causing exhaustion of all the write cycles for every cell.
rather than on an HDD where all temporary data will pile up on the disk rather than over each other thusly obfuscating any forensics looking into the past?
No. Just use a filesystem like XFS with full disk encryption. XFS makes use of deleted blocks as soon as possible.
Also I read about a secure delete function disabled by default in most hard drives. That you have to go into the bios or something and enable it. The talk was that it was faster and more secure than DBAN. Anyone know anything about this?
You guys are a lot of help, I appreciate it. Also, >>24 seconded >>22 Do people use XFS with linux? I'm switching over soon, and am open to distro recommendations
That seems like a total bullshit lie. Either the process wasn't done properly, or it was interrupted before any passes actually finished.
Don't quote wired on this shit. Journalists don't understand anything about data recovery techniques, and the government is likely to overstate their accomplishments.
I'm inclined to believe you because of the pervasiveness of the rumours, but how can you be sure?
Name:
!L33tUKZj5I2012-07-07 14:16
>>1 I brought up the idea that dev/zero with dd is less secure and determined people could see what was written on the disk before all the 0's because they're all 0's
This is one of the greatest trolls on the internet.
Let's remind ourselves, no one (no one!) has ever beaten a single pass with 0's or 1's or random chars, ever. On any filesystem.
There was a prize of a million dollars a while back for anyone who could, which I (and I'm sure the people who offered it) found highly amusing.
This, pretty much. I saw a study a while ago related to data recovery where they used scanning magnetoresistance microscopy or Magnetic Force Microscopy or something, it was years ago and I lost the link, anyway, with one pass with zeros they were able to read like 100 bytes off a 100GB disk total, due to residue forces, but it wasn't even a sure thing and they were scattered all over the place. Furthermore, it's probably even more impossible nowdays since the hard disks have much higher density, so that the states can't lock anymore and leave residue charges, since they're so easily disturbed.
Best solution is keeping your shit in a LUKS-encrypted partition and destroying the header by multiple random overwrite when the companies/feds/jews/niggers/fundamentalists/faggots knock down your door.
Name:
Aleph2012-07-07 21:11
So someone tell me again what's wrong with DBAN? A Mersenne Twister PRNG like ISAAC should be enough for a single pass, maybe make a second pass with a 01 walk to reduce the likelihood of remnant magnetism. Tinfoil hats need not apply, the source code is available and if you don't believe your data was wiped, hit it with DEFT linux and try to recover some data.
If you are that freaked about speed just make sure your encryption method is up to snuff and wipe your keys.
Sort of oftopic but fuck it. Do you guys know of any good free online reading on these sorts of things?
Not really about cryptography but more about how data recovery and how HDDs work and the sorts of things you can do with them.
Reading commencing, I'm sure I'll be back.
Any tips on the specific options of using LUKS or setting up my linux distro (filesystem)? Otherwise I'm gonna wing it with some googling.
>>45
It looks like >>2 is simply suggesting using a rather inefficient method to write pseudorandom data to the entire disk, and then setting up an encrypted volume after that.
Bitch and moan about how wired is "lying" or "misinterpreting" all you want, the people I've spoken with in the EFF have told me that Manning wiped his entire disk with 0s, and it didn't stop the recovery. As to the competition, it was total BS, see >>9
Nice anecdotal evidence. He DID get caught so that already implies he was an idiot in general, so it's safe to assume he probably didn't wipe his shit properly if at all.
Name:
Anonymous2012-07-11 3:38
>>48
I don't think you understand how cryptography works. Also, a well-reputed article hardly counts as "anecdotal." Unless you can show me some evidence that Wired is wrong, and my options are between "professional technology journalist who attending the hearing" and "some random asshole on the internet," guess who I'm going with.
Name:
Anonymous2012-07-11 6:58
lol you're both children arguing over who's right, when all of their knowledge (note: not understanding) of the issue is based off of what their parents said. And instead of just belittling you I'm going to list each of your points and why they're basically r/atheism vs christianity bullshit dogma.
>>31 paraphrasing, "no one has beaten a pass with any write method." --- we don't know that. The doubt is reasonable when you assume the people who would be capable of these sophisticated techniques have an interest in keeping it secret.
"There was a prize of a million dollars for anyone who could" --- Doesn't mean it was a legitimate challenge.
>>8 references the wired article about manning and beating a 0 wipe and then >>47 takes it as fact and bitches at >>31 saying that the wired article is super reputable and NOT anecdotal despite it being written by a journalist who got second hand information.
The EFF verifying the wired story is no more reputable than the wired story. Unless my ignorance to the situation extends to the EFF having a reason to have reliable intelligence on this matter. Then he talks about the competition being BS and referring to the opinion of someone else... come on guys. This is so circular. It's all hearsay based off of the people who caught manning. WHO COULD HAVE LIED OR TOLD PEOPLE THE WRONG THINGS.
>>48 points out the garbage heap of circle jerk evidence and then fucks it with a retarded generalization that idiots are the only people to get caught by the authorities and the idiocy specifically extends to his capabilities of wiping his drive. lol.
>>49 you are an idiot for trusting information from a journalist who got it from people with a possible vested interest in lying about a sketchy ass situation.
tl;dr fuck you motherfuckers who pull this shit for making me take more time than I needed to in order to learn about cryptography. Instead of people stating their biases and why they have them I had to sort through a garbage heap of unsubstantiated beliefs and biases to learn about how retarded everyone is and THEN about cryptography. Thanks to everyone who helped me out and I hope this thread is not hindered by my ranting. My butt is not hurt, for I am a 4 time St.Patricks day foosball champion!
Name:
Anonymous2012-07-11 23:18
>>50
I take it you didn't read the article. The journalist didn't have "secondhand information," he was attending the trial. The guy quoted was speaking under oath. Unless you mean he personally didn't do the analysis, in which case there's never going to be first hand accounts, and once again, should I trust you or the guy who was there? As to why the EFF is a reliable source, this is sort of what they do.
>>53
I hope it actually effected you and you're not talking about some big evil conspiracy where everything and everyone are corrupt and the scenario dictates and implies the man actually gives a fuck about you. (Protip: They don't.)
>>55 it did happen to me, and if it hadn't the ideas would still be valid.
what >>54 said minus the offensive part born of frustration. I didn't understand until something effected me personally. It shouldn't have taken that long