Encrypting your data

This post will deal with the worst case scenario; that your computer has been seized. All of your questionable/incriminating/private data is now in the hands of the authorities or your enemy. You may now face any fate, for you are at the mercy of whomever possesses your data.
How can I secure my data?The best way to secure your sensitive data is to store it in encrypted form. There are several tools that can help you do this, my recommendation is 'TrueCrypt'.
TrueCrypt offers you many options for encryption, the following is taken from the site:
Main Features:

TrueCrypt offers on-the-fly encryption/decryption to and from a virtually mounted disc using any of several algorithms, or even a cascading combination of them.
Summary of encryption algorithms offered by TrueCrypt:Once again taken from truecrypt.org:
AlgorithmDesigner(s)Key Size
Block Size (Bits)Mode of Operation
AESJ. Daemen, V. Rijmen256128XTS
SerpentR. Anderson, E. Biham, L. Knudsen256128XTS
TwofishB. Schneier, J. Kelsey, D. Whiting,
D. Wagner, C. Hall, N. Ferguson
AES-Twofish256; 256128XTS
AES-Twofish-Serpent256; 256; 256128XTS
Serpent-AES256; 256128XTS
Serpent-Twofish-AES256; 256; 256128XTS
Twofish-Serpent256; 256128XTS

AES: Advanced Encryption Standard. AES replaced DES (Data Encryption Standard)  as the standard algorithm used by American government facilities in May 2002. AES is the fastest of the 3 encryption routines supported. Some of the more paranoid members of the cryptography community have security fears over AES as although no published attacks have managed to crack it yet, some have gotten part of the way there, as well as this some people believe that the American government has a back-door for AES  that allows them to decrypt it.
AES is actually the Rijndael cipher. The Rijndael cipher was selected to be employed as AES after a several year long competition to find a suitable encryption routine, Serpent and Twofish were also finalists.
Twofish: Twofish lost out to the Rijndael cipher mainly because of it's performance. the Rijndael cipher has a greater throughput. Twofish uses more rounds of encryption, this is partly why it has a lesser throughput, however in some circumstances, such as when using 256-bit keys Twofish can have a greater throughput than the Rijndael cipher. Twofish is related to the earlier 'Blowfish' cipher.
Serpent: Some consider Serpent to be the most secure of the 3 due to it's 32 rounds, as opposed to the Rijndael cipher's 10, however these extra rounds reduce it's throughput considerably.
How to create an encrypted container using TrueCrypt:Here we will create a mountable encrypted container using TrueCrypt's ability to create a virtual encrypted disc within a file.
Note: I am running Ubuntu.
Step 1:Download and install TrueCrypt from the website.
Step 2:Start it up, you should be presented with this window:

Click the 'Create Volume' button.
Step 3:You should be presented with a window asking you which type of volume you wish to create, for the purpose of this article we will be creating an encrypted file container, so leave this option selected.

Step 4:Leave the first option selected again, in the future you may want to use the second option for added security.

Step 5:Select where to save your TrueCrypt volume.

Step 6:Next a window will appear which will let you select which encryption routine and hash algorithm you wish to use. For the purposes of this article I will select 'Serpent' and 'RIPEMD-160'.

Step 7:The next window to appear allows you to configure how large your encrypted container will be, this is of course all based on what you will be using it for.
I have chosen 20MB for demonstration purposes.

Step 8:Next you decide the password for your volume, I suggest that you follow the advice of the program and create a long, random password.

Step 9:Here you select the file system format you wish to use, select this based on the system you plan to use the volume on (the default is probably fine).

Step 10 (final step):Move your mouse around this next window to generate some random data then click the 'Format' button.
Congratulations you're done! Your volume is now ready to use by using the window found in the first image.

Conclusion:Your data is now secure from prying eyes. This could save you from whatever fate would have befallen you had your sensitive data been available to the authorities.
But this is not a complete solution, remember that option for creating a hidden volume we didn't choose earlier? Well that was for the sake of this article, but in practice you may want to utilise the feature, otherwise you may end up in jail like poor Oliver Drage.
Please leave any suggestions/requests/questions as comments!
Thanks. by - sudo nim.


No comments:

Post a Comment