[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Search] [Home]
Board
Settings Home
/g/ - Technology


Thread archived.
You cannot reply anymore.



File: luks.png (101 KB, 786x423)
101 KB
101 KB PNG
do many people actually encrypt their drives? is there any point?
>>
i use veracrypt
i doubt it's secure against LE or anything (i just screen lock when i'm out and about, making coldboot or even just driver abuse piss easy), but it gives me enough peace of mind knowing there's some protection over who sees my intimate and/or classified content, mainly burglars and the like
and if LE does get my data, i'll know (the pc will be off, have driver messages, or anything of the sort)
right now i'd be more worried about software collecting data (e.g. win10 has permission to copy ALL data on the PC in ANY device to microsoft servers and let them do anything with it, without ever telling you)
>>
>>71389218
>is there any point?
Seriously, pal?
>>
>>71389218
i use encryption on literally everything i can
it's basic security 101 nowadays
>>
>>71389218
There is no point when using an SSD since the way data is written to an SSD and cached means that unencrypted data is written to portions of the drive that is not encrypted. SSD's have no value whatsoever as encrypted drives

google encryption ssd
>>
>>71389303
>>71389318
I mean I understand it for the risk of theft but here in Aus we're completely fucked for government/border checks. Every time I go on holiday there's a chance of being randomly chosen to have my devices cloned (go to prison if refuse password) with no warrant or reason. The same government that has had numerous data breaches.
>>
>>71389351
>what is encrypted cloud storage
>how do i clone and store a device on the internet
>I am nuts
>>
>>71389351
I am in Aus, and my lappy HDD is encrypted for one reason only. If some shit head meth addict pinches it, then my data is protected and it will frustrate the hell out of him when he cant get on "facey".
I dont mind if the man wants to look at my laptop when I am boarding a flight.
>>
>>71389383
Fuck off
>>
>>71389395
fair
>>71389383
no
>>71389348
I'll read into this but surely the readable data is minimal if its just a temp cache
>>
>>71389348

That's only if you allow the drive itself to do the encryption. When the entire device is encrypted in software (i.e. via bitlocker, dm-crypt, etc) the only thing it can cache is encrypted blobs it's been handed by the OS. The whole encryption/decryption process is abstracted away from the actual storage medium. The only thing it should be handling in any way is ciphertext.

SSD's builtin hardware crypto is garbage though, most is, even TPMs.
>>
>>71389218
I do it on Linux because why not

I don't on windows though, since bitlocker is meh and I don't want to use a 3rd party solution.
>>
>>71389395
>>71389351
How would you encrypt something here in Australia and get away with it?

It's 60 grand and 5 years if you don't give up your password. Is there some way you can encrypt something but also be unable to access it with a password so you don't get charged with a crime but are also able to access it afterwards?
>>
>>71389536
Just carry your encrypted device up your arse and hope they dont make you shit in a bucket
>>
>>71389536
none. claiming to forget details isn't an excuse and you'll still go to prison. they extended it to 5-10 btw
>>
>>71389616
What if the device is set to brick itself if a password isn't entered in a certain period of time or if you had some sort of toggle that unless flicked back woupd set it to be locked out once turned on?
>>
>>71389657
either would be under intentional evasion/obstruction and you would be charged. guilty until proven innocent
>>
>>71389519
i need your help, i am new to linux and use luks to encrypt my external drives can you tell me is it secure enough or any other things i can use
>>
>>71389351
I just have a low power home server and connect to it.
The fuck is security gonna do about that.
>>
>>71389813
So he wasn't joking literally the only way to get electronic information out physically is on a usb up your ass.
>>
>>71389893
what about hidden containers using veracrypt? Doesn't that provide plausible deniability, and allows you to avoid detection when it comes to your sensitive files?
>>
>>71389218
Yes. If I lose my shit, at least they only get hardware.
I give no fuck about feds.
>>
>>71389876
It is secure enough
>>
File: thief-crowbar.jpg (20 KB, 320x240)
20 KB
20 KB JPG
>>71389218
I encrypt all my drives, just in case.
>>
File: 1558478012588.jpg (43 KB, 576x521)
43 KB
43 KB JPG
>>71389218
>is there any point?
Yes, if your drive fails and you RMA with warranty/guarantee.

Do you really want them to see your gay porn?
>>
File: 1513804958242.png (144 KB, 423x410)
144 KB
144 KB PNG
>>71389218
Mainly for burglar or relative protection. So they'd wipe the drives instead of look into them.
Government will just lock you up for contempt or find you after suicide where you had to shoot yourself in the back of the head twice.
>>
>>71389917
Can anyone weigh in on this?

Is it possible for them to turn up hidden containers? Keep in mind that they do clone the device once you unlock it for them.
>>
All external drives should be encrypted.
All laptop drives should be encrypted.
All BIOS/Firmware should be password protected.
All laptops should have booting from different drives (external or internal) disabled in the BIOS.

Not because of the NSA but just to piss off Jamal. If Jamal were aware of the fact that stealing an electronic item isn't worth bothering he wouldn't be doing it.
>>
>>71390191
>thinking a chad jamal gives a shit about some whitey's cringe weeb porn
>>
>>71389515
fake news
even a fully encrypted SSD will leak data in an unencrypted way
>>
>>71389218
>>71389351
Plausible deniability mode. Make a 64GB partition with ubuntu and some shitware. As if it's a trashy 64gb ssd inside. Give it a special key to unlock.
>>
If your laptop get stolen they cant do shit unless wiping the drive off
>>
>>71390349
Ok, so why not just uefi password? Seems like the same result with no overhead.
>>
>>71390431
Because that doesn't protect the hard drive.
>>
File: waterboarding.jpg (69 KB, 820x547)
69 KB
69 KB JPG
>>71389917
>>
Opinions on OPAL 2 drives?
I assume they have NSA backdoors but are they still /g/ approved?
>>
Just put your goddamn deviant porn on external storage, geez.
>>
>>71390345
I would instead make a Veracrypt container and name it "bluray_rip.iso"
>>
>>71390794
>check magic number string of file
>know it's definitely not a legitimate iso

Yeah good one.
>>
>>71389813
can't you do 2 level encryption to avoid this punishment? First pw decrypts normie stuff, second secret password decrypts the rest?
>>
Aussies get their PCs screened just because? Good lord, I thought you guys left the "prison colony" days behind.
>>
I do important shit in my Linux laptop which means I have a lot of sensitive information. On an SSD. You'll have to trust the manufacturer in order to properly wipe those. Or you can just use LUKS which means anything written on it (after decryption of course) will be encrypted upon write, which means I won't have to worry about wiping the SSD when eventually I will sell it in the future.
>>
>>71390932
Isn't TRIM disabled when using encryption on an SSD though? That's going to reduce lifespan.
>>
>>71389813
Have thousand-level decryption, then decrypting takes too long and big bro gives up
>>
>>71390825
You could always insist something must have gone wrong in the ripping process, or just play dumb.
AFAIK it's impossible to prove it's encrypted rather than just some random bits.
>>
>>71390315
>nigger
>chad
The cuck exposes himself
>>
>>71390957
>Isn't TRIM disabled when using encryption on an SSD

I'm not sure but I assume the encryption software will do something similar to TRIM when deleting data rather than zeroing (or even randomizing!) deleted data.
That would make far more sense to me since it would be much faster.
>>
>>71391039
You wont get the benefit of the doubt and the security clerk will decide if youre being prissy
>>
>>71389218
I encrypt everything because in burger land I can.
>>
Why do you guys travel with your cheese pizza ?

Why don't just let it home hidden and secure ?
>>
>>71389218
Mine's LUKS encrypted with secureboot and BIOS passwords, all different passphrases, and encrypted RAM and swap.
>>71389303
Has coldboot ever actually been used against anyone? I can't imagine agents bursting into your house with jugs of liquid nitrogen or some shit...
>>
>>71391378
The guy who ran the original silk road I think. Some woman distracted him in a cafe and another agent took the laptop before it had a chance to shutdown.
>>
>>71390446
>be jamal
>steal computer
>fuck nigga this uefi password
>removes hdd, mounts on his liveboot of kali
>[in my best nigger hacker voice] shieeeeeeeeeeeet. im in.
>>
>>71391564
They didn't need to, it was wide open, I think he was even logged into the site at the time.
>>
My thinkpad has bios passwords, LUKS-LVM, and i's got a smaller attack vector. If it wasn't for school, I would have sub-400 packages.. But alas, LaTeX and an actual browser.
>>71391628
Yeah. He didn't even close his laptop.
>>
>>71389218
do many people actually lock their front doors? is there any point?
>>
>>71390957
Yes, unless LUKS devs have added support for TRIM in the last 9 years. I would think they have by now.
>>
>>71390333
>SSD can magically decrypt an encoded data stream
NSA should use SSDs to decrypt bitcoins. Just copy that pesky encrypted data into the SSD!
>>
File: 1559399620703.jpg (47 KB, 494x495)
47 KB
47 KB JPG
>>71389218
basically every storage device i own is encrypted with luks
>>
>>71390957
It's not, but it makes deniable encrypton impossible, since SSD will be zeroed selectively.
>>
>>71390333
Prove it
>>
>>71389218
I use Veracrypt to make encrypted containers and partitions. I have a dual 2.5" external enclosure with 500GB drives inside. Both fully encrypted. Holds all my porn. I don't even have anything risky, but if I were to die in an accident or something, I wouldn't want my parents to find out I am into mom-dom hentai. There's also the 100MB encrypted containers I have that hosts a plain text file of every single username/password for every single online service I've ever used, banks included. Definitely wouldn't want that getting out.

O. That note, is it possible to burn an encrypted containers to a DVD or Blu-ray?
>>
>>71389351
Plausable deniability? Why not just use full disk encryption (as in including the boot sector) after filling the drive with random info and/or using a cheap secondary drive with some bsOS on it to turn in. If they cant see if anything is on the disk or not you can say that its just broken.
>>
>>71390721
I doubt a rubber hose attack is within the threat model of someone who just doesnt want their stuff ripped. I these are random checks I doubt they will give enough of a shit or be suspicious enough to try to torture a confession out of him. Its p reasonable that someones drive might just be broken.
>>
>>71389813
>>71390846
Hidden encrypted partition, perhaps?
Machine will always boot into non hidden partition and you sacrifice when you have to surrender your password, actual everything is on hidden partition.
>>
>>71391378
Coldboot has never been used IRL.

>>71391564
Nah. He was running his OS off a thumb drive and the feds had realized that while spying on him. Some undercovers created a distraction and another one grabbed him before he knew he was in danger.

>>71389351
If I were you I would be buttsmuggling a micro SD with all my important shit on it.
>>
This is why you don't have a gf.
>>
>veracrypt container
>download best gay porn u can find
>merge your encrypted file container into the gay.mp4 file
>default to open .mp4 with VLC just in case
>artifacts show up as frames

its like u retards arent even trying
>>
>>71392588
No. This isn't why. My wife won't let me is why.
>>
>>71392669
>tfw the image/video thumbnails show up in the unencrypted cache folder
>>
>>71391122
What about steganography? At that point they can claim you're hiding child porn inside your family photos using steganography. Oh, you don't know what that is? Clearly, you're lying through your teeth, into jail with you
That literally breaks the entire concept of law and justice
>>
>>71389616
>>71389536
What the fuck? How? How you people okay with this??? This is worse than 1984. If I lived there I'd have moved the fuck out just because of that, and I hate moving.
>>
>>71389351
Wow. How is Australia any better than North Korea?
>>
>>71389303
I completely deny that veracrypt has and currently is saving my ass. LE is on my ass, so just making a case for plausible deniability.

As for OP. Yes.
>>
>>71393564
>That literally breaks the entire concept of law and justice
That's the idea, yes.
>>
>>71389536
>>71390345
veracrypt hidden volume
>>
>>71389218
I do accounting for myself, my fiance, my sole proprietorship, collect baby and family photos on my thinkpad, so yeah, I encrypt it with LUKS and a relatively "simple" passphrase about 14-16 characters.
Not hiding from the law, or government to any great degree, so mostly just a restriction in case regular thieves get the system when I'm not watching.
I have PGP encryption setup with my email clients on my phone and my desktop just in case. Useful enough if I wanna send myself a file easy by email but keep it secure too.
>>
is it possible to make an encryption so insanely long to decrypt even with a key that they would just give up?
>>
>>71389536
Use hidden partition feature of veracrypt. No one can find that you encrypted something
>>
>>71395614
What would be the point?

You would still have to decrypt it at some point and I doubt you have access to something as strong as an NSA supercomputer so if it took years for one of them to decrypt it you would have no chance of decrypting it in this century.



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.