[ale] Fwd: External Hard Drive Encryption

Jim Kinney jim.kinney at gmail.com
Sun Apr 8 17:21:46 EDT 2012 

This has made me ponder the question: Can you trust the encryption tools on
a platform you can't or don't control?

As an admin, I lock out all admin level functionality from users on systems
I am responsible for. So far, in all of those situations, the owner of the
hardware had legitimate reasons to enforce a locked-down mode of use on
those systems. In some situations, I was tasked with providing a
keystoke-by-keystroke archive of all user activity on certain of those
systems. In as much as that level of detail on ones staff is anathema to my
personal morals were it to be done in secret, I was able to successfully
make the case that this activity was to be made highly public knowledge so
that the information would never have to be used against any one
internally. The decision makers understood that full awareness would help
cut down on the transgressions and the staff fully understood it could be
used as a double edged sword as it was being implemented on ALL systems
within a particular group.

Yet, the OP appears to be wanting to use a work system for personal use and
that crosses a very fuzzy legal and security-awareness line. On the one
hand, the convenience factor is immense yet the owner of the machine has
full rights to the content and material that crosses that machine (that is
most likely a clause buried in an employment agreement). So to attempt to
use encrypted material, especially personal material, is to volunteer to
give the employer both ownership of the content as well as the keys to that
content.

So even if you use an embedded TrueCrypt drive system, the machine owner
has full access to the drive contents by means of any keystroke logger an
admin like me has been tasked with installing.

So the corollary question is this: on a machine where they don't you to
install a printer driver why would you trust them with your private
information so sensitive to you that you keep it encrypted?

Note: I do nothing on my work-provided equipment I wouldn't do in front of
the CEO and the corporate lawyers. What you do is your business until you
use company equipment. Then it's all their business.

On Sun, Apr 8, 2012 at 8:02 AM, JD <jdp at algoloma.com> wrote:

> On 04/07/2012 09:39 PM, Tod Davis wrote:
> > Hi all,
> > I need an encryption solution for my external hard drive with
> > plug-it-in-anywhere password protection. I need to be able to read/write
> to it
> >  from both Windows and Linux OS machines and without any software
> installed on
> > at least some of the computers. (my work WinXP laptop is locked down so
> I can't
> > install anything).  Will TrueCrypt work for this or is there a better
> solution?
> >
>
> Encrypted ZIP files are pretty much it.  Just be aware that tools exist to
> brute
> force these trying over a billion passwords per second (on a C2D 5 yrs
> ago), so
> you need a really long, random, passphrase.  I think most computers support
> password, encrypted ZIP files.
>
> I'd look into portable apps for those pesky non-Linux systems.
>
> Depending on your underlying requirement, you may want to use variations of
> KeePassX/KeePass and store the data encrypted inside the password DB
> instead,
> then having a portable app for almost every platform wouldn't be as
> suspicious.
>  Then again, accessing your password DB from an untrusted computer is
> dangerous.
>
> Truecrypt is cross-platform, but the file system selected under it may not
> be.
> For example, mounting an ext4 file system under Windows isn't likely. I've
> never
> tried mounting an NTFS FS under Linux from a Truecrypt partition. It
> definitely
> requires admin rights to run, even the portable version.
>
> Encrypted ZIP files are the best answer today.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120408/c150d003/attachment.html

More information about the Ale mailing list