[ale] I have fallen in love with Truecrypt

Mark Heiges mheiges at gmail.com
Fri Feb 11 10:41:44 EST 2011


Applications and operating systems can cache data in odd places on the  
drive; and then there's the not-so-odd swap space. If you encrypt the  
whole drive, even the caches are locked away.
YMMV.

On Feb 11, 2011, at 10:27 AM, Jerald Sheets wrote:

> Work?  No question.  I'm in financial services.  To me, that is a  
> different topic.
>
> I'm talking about personal machine full-disk encryption.
>
> Unless I'm going to extensive measures to hide a cache of pirated  
> music or porn or other things that would be embarrassing if found, I  
> fail to see the need for whole-disk encryption IN MY CASE (before  
> anyone gets their panties in a twist).  So, I asked to get some  
> education on what folks might be using such tech for.
>
> Am I familiar with it?  Sure.  Do I have sensitive docs?  You  
> betcha.  I have a single image with all the goodies in it and use  
> TrueCrypt on my Mac for the few things that shouldn't have prying  
> eyes.
>
> The whole-disk thing is what is a curiosity to me is all.  Apple  
> gives me the ability to encrypt my entire home directory, but not  
> the volume.  I'm sure that if I researched what the underlying BSD  
> stuff they're using is, I could undertake the task of encrypting my  
> whole volume.
>
> Anywho, just curious.
>
> Now, a different topic:  I use a 2-key password scheme I picked up  
> awhile ago. A portion is in my head and a portion comes from a  
> password grid I've created (8x8, double-sided) that I carry in my  
> wallet.  I use patterns+private key.  So, I could actually give you  
> my password list, and you'd never guess it. I also impose on myself  
> a 30-day password change as well.  I even do this at home.  Not a  
> foolproof system, but secure enough since I don't ever login with  
> any elevated privileges.  I'm even in the "users" group only.
>
> A couple more notes in-line below.
>
> On Feb 11, 2011, at 9:05 AM, Greg Freemyer wrote:
>
>> Jerold,
>>
>> You're a professional sys admin.
>>
>> Whether you like it or not, today that means you are part of  
>> America's
>> counter-espionage team.
>> Yes, you are a spook's spook!
>
> I would not assist any agency or representative of the governmental  
> intrusion squad even under threat of incarceration.  If there was  
> research into money or assets stolen from the company I work for,  
> that's a different topic...I will assist to the limits of what my  
> employer requests of me up to, but not further than what is needed  
> to protect company assets or to apprehend said criminals.
>
>
>> So assume the bad guys crack your network and steal your login /
>> password.  (Sys admin login/password is a much sought after goodie.)
>>
>> Next assume they are willing to invest many man months crawling  
>> around
>> your network and getting to know it better than you do.
>>
>> What corporate assets do you have privileges to that you don't want
>> them to have?
>>
>> 1) Anything you have related to security config in general.
>
> ...which I would not be allowed to encrypt.  I'm not part of the  
> security team...
>
>>
>> 2) Network / server config docs.
>
> Hosted on that god-forsaken sharepoint travesty (last three  
> companies, in fact!).  Not my responsibility.
>
>>
>> 3) Specific intrusion / remediation details. Especially if a peer at
>> another company gave it to you.
>
> Remanded to the security department, and out of my jurisdiction  
> where I am.  Other companies vary, but now that you mention it, I  
> *am* seeing a trend where security teams are slowly peeling away the  
> hardening/post-mortem duties from Systems Admins, especially in the  
> bigger companies.  That doesn't bode well, methinks.
>
> #!/jerald
> Linux User #183003
> Ubuntu User #32648
> Public GPG Key:  http://questy.org/js.asc
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GIT/MU d-@ s++(++)>+++:> a+ C++++(+++)$>++ UBLAVHSC++(on)$>++++ P++(+ 
> ++)$>++++ L++(++++)$>+++ !E---(---)>--- W+(++)$>+++ N(+)$>++ !o !K--  
> w(--)>--- O()@> M++(++)$>++ V()>- PS+++()@>-- PE(++)@>+ Y+(+)@>+ PGP+ 
> +(++)$>+++ t+(++)@>+++ 5(+)@>+ X+(++)@>+++ R+(+)@>++ tv-(+)$>++ b+++ 
> (++)$>++ DI++++(++)>+++ D++(++)@>++ G++(++)@>++ e++(++)$>++ h(-)$>- r 
> +++(+++)@>+++ y+(+++)>++++@
> ------END GEEK CODE BLOCK------
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list