Silk Road forums
Discussion => Security => Topic started by: chronicpain on December 01, 2011, 11:02 pm
-
I use truecrypt right now, i was wondering if pgp whole disk encryption would be a good way to go. I also use Tails. Im thinking about having a usb hdd with trucrypt that i back everything on, but use pgp whole disk encryption for my internal HD. then use tails to log into SR.
I wonder how good pgp whole disk encryption is? its made by symantec.. I just want to be as secure as possible...
-
I see no reason why you'd use PGP whole disk encryption over TrueCrypt. I'd stick with TrueCrypt.
-
you are right, but there are so many features that you can do with pgp whole disk encryption that you cant do with trucrypt. Im dealing with a mac, so, if I were dealing with windows, truecrypt has all the bells and whitles for that but not mac. In order to encrypt your HD on a mac with trucrypt you have to copy all the data on to another drive, reformat and then put truecrypt on then put all the info back. with pgp wde, you can encrypt it without doing that. it seems that it would make my life easier. Had i known all this before starting I would have done it different, but since i didnt I want to do it the easiest and safest way possible.
but, ill probably just stick with truecrypt..
-
I use truecrypt with a hidden operating system. My truecrypt hidden operating system has a password with 100 random numbers and letters. The outer (decoy) system has a password that would be able to be attained by brute force , making Law enforcement think they have broken my password and cracked open my safe....
Also, I NEVER use tor at home but that's a personal preference I choose , usually an open network and never log on without changing my mac address and running thru an anonymous VPN.. If you follow the setup procedures with truecrypt and leave no holes in your security then I believe truecrypt will cover your ass when things go south.
-
..dont use windows...not for SR ....only where i really have no choice for work etc..
http://www.truecrypt.org/
- suggestion ..previous post..yes....Windows 7/Vista/XP, Mac OS X, and Linux...seems a good option..don't forget to donate as its an opensource project and thats what will keep them in business and hence provide you with a supportable product.
symantec do a pgp disk enc product but then i wouldn't recommend you go with their products...esp since they just bought pgp.com -they are up to something...
my advice would be to encrypt say just the data vol, if and when it goes tits up ...recovery may not be possible and you've not lost the entire disk just data where your sensitive SR data double encrypted with another layer.....unless you know what you're doing and / or prepared to take those risks.
and if you need to delete the sensitive data its just the data and not the entire OS.
Also think where a 2nd copy of that 'SR data volume' could be backed up...?!
again so just the important data is copied and not gigs and gigs which includes the OS which you could restore with a reinstall.
with linux you can use encrypted volumes, password protected at boot.
at some point somebody owns or runs the vpn and so they are the ones who are going to be approached when theres a query -which in turn the admin is going to have to trawl thru the logs and find your entry where you connect, at the very least your isp dhcp delivered ipaddress is going to be listed and most likely your full isp dns name too; with vpn's there's supposed to be user and passw sets, dont know who would provide an open vpn here ?!; again if work vpn is misused then its like shitting on your own doorstep.
i don't see any problem with running tor connections thru home dsl...probably 95% of everyone here do...
changing mac address again won't achieve much because you're still using the same credential set and / or coming from the same dsl link; you're isp still knows who you are whether you have a different mac every hour or not....
-
TravellingWithoutMoving, your probably correct about the VPN , I got in a habit of using them for travel and when connecting thru an open WIFI AP.
I had fun this weekend installing Ubuntu fully encrypted (LUKS) on a USB, it's a little slow but its fully upgradeable (unlike a live USB) , this is the way to go, fully disposable and very secure. The only drawback is the USB is only compatible with the computer it was setup on. You can setup Truecrypt containers with 3 step encryption for emails, links etc..
-
I use truecrypt with a hidden operating system. My truecrypt hidden operating system has a password with 100 random numbers and letters.
No it doesn't.
You can't boot with a hidden o/s password in excess of 64 characters.
So no, you haven't got a 100 character long password.
-
TravellingWithoutMoving, your probably correct about the VPN , I got in a habit of using them for travel and when connecting thru an open WIFI AP.
I had fun this weekend installing Ubuntu fully encrypted (LUKS) on a USB, it's a little slow but its fully upgradeable (unlike a live USB) , this is the way to go, fully disposable and very secure. The only drawback is the USB is only compatible with the computer it was setup on. You can setup Truecrypt containers with 3 step encryption for emails, links etc..
ok..
obviously the usb method has some limitations and must be a pain to use and slow, don't know how successfull / easy to add programs etc...
so question is why the encrypted usb method, for what purpose....so its not a permanent setup ?!
rejig a multi partition setup is work but then surely its better use of the hardware ! encrypt parts of the disk/data as we've suggested and can be quickly deleted if thats what your concern is....
no matter what your setup above, the internet traffic is still coming from you...
unless you borrow your neighbours wireless link w/o them know, then you can change your Mac address on your wifi interface each session.
3rd possibility is 3G wireless internet on non-contract, remember that the signal can be traced to within 1 or 2 metres on GPRS/HSPA {?!}...if they really want to know who you / where you are.
-
That one of the main reasons I like liberte linux, as it has encrypted volume:
Persistence
All persistent changes are kept in a secure LUKS/OTFE volume, easily accessible from any operating system. This includes application settings that are archived upon shutdown, as well as any documents explicitly stored in the encrypted volume. The OTFE volume is just a file on the boot media that can be copied, backed up, or transparently resized from inside Liberté.
For a while I used privatix: http://www.mandalka.name/privatix/index.html.en
Everything is encrypted, and I found it handy, and I like 'changing up...'
Tails has no persistent data storage, and that can be a pain, but it actually keeps me careful, as that way I *have* to keep all data stored somewhere--online works, swissdisk.com or wuala or even dropbox, depending on personal pref. I find swissdisk is good in tor.
Forums I use one thing, Main Site, I like Tails, for reasons described.
-
No it doesn't.
You can't boot with a hidden o/s password in excess of 64 characters.
So no, you haven't got a 100 character long password.
Up to 256 characters for the hidden volume.. The actual boot up password is shorter, be a pain to enter 100 charters on the boot up prompt.
-
Oh, you can CREATE passwords for a hidden o/s longer than 64 chars, and you can even mount them on another system using mount without pre-boot authentication, but what you can't do is actually BOOT the hidden o/s because the bootloader has a 64 character buffer, and that's it.
So you cannot boot into a hidden o/s with a password over 64 characters.
I may have created a hidden o/s with a password too long to boot with, and had to force-fuck the info onto another, bootable hidden o/s, but I'd never admit that.