Friday, December 26, 2008

Early spring cleaning: secure computer data

I tried to encrypt bank accounts on my laptop long ago. You wouldn't believe how many money went through the laptop. I used KeePass and TrueCrypt, but gave up, until now.

You can setup your laptop with whatever password you can create, BIOS, Windows Logon, and even the hard drive. But all are crackable.

KeePass is good, but it's standalone, not integrated with anything. You have to pull your password into the browser forms. It's not bad at all but I have alternatives.

I was using TrueCrypt for file encryption. But it was tedious on a file by file basis. You can use it to create a big encrypted drive too, but I don't trust it enough. And the backup is a problem.

Revisiting TrueCrypt again, I came across encrypting entire operating system, optionally hidden, may have a decoy too. I doubt how TC deal with it. On close look, TC decrypts on the fly, which explains it's capabilities. When you are reading a file, TC doesn't decrypt it into another file, but decrypt a portion of it at a time and hand it over to the application.

I was amazed to see how fast and painless it is to use TC. I encrypt the entire video, actually quite a lot of large video clips, and play it. You don't feel any difference with the encryption, and you don't need to wait for encryption, nor have to deal with which version of the file to keep.

So instead of dealing with passwords, I encrypt the entire profile of firefox, which allows you to specify where your profile should be. So whatever I do on the web is encrypted, history, bookmarks, passwords (now double encrypted), and everything except some extensions may put data outside of the profile directory. If the profile directory is not mounted as a drive, it's just an encrypted file with a code supposed to be unbreakable. When it's mounted, someone need to run some spyware to read the drive where my profile is, or to steal the TC password in memory, if they know I'm using TC. Keyloggers and screen capture spyware won't work because I don't type in passwords anymore.

You can encrypt the entire OS, but I'll settle with using only two different master passwords. One is the personal secrets password and one is the shared secrets password. The only difference is, you don't need to or don't want to give out the personal password even when you drop dead.

There are three types of secrets to encrypt. The first two corresponds with the two type of passwords. Being secrets, the data naturally have to be backup safely. The third type are personal secrets that don't need to be backup. You don't want others to know but you can recover the data in other ways other than backup.

The model of 2 password, 3 types of data is strange, but like bookmark, you can lost it with minor inconvenience, but you don't want others to know all your online activities, such as surfing at work. (In this case there are other logs on the company LAN but you can also bypass the company LAN.)

For each type of data, you can split them into TC drives suitable for backup. Since secrets don't change that often, some drives can be huge. Example, 4.7 GB size for DVD, or some other values customized for your online backup accounts. To backup, you just copy the 4.7 GB encrypted file into a DVD. To read, you just mount the encrypted file as a drive.

For the Firefox profile, a 200 to 500 MB file size is enough, which can be smaller. You can setup automatic backup just like any other files. Though the whole file is copied whenever you use FF. I only backup it up manually when I added new passwords. They are randomly generated, only stored in the FF password manager, and I couldn't recover it if the file get corrupted (or lost the master password for that matter).

You can still do daily incremental backup like ordinary files. But you have to do it when both the source drive and the backup drive is mounted. Once unmounted, they are just ordinary drives containing ordinary files to any application.

TC has one interesting option, to have hidden encryption. You can have two passwords to the same drive, one mounts you the outer files, and the other decrypt the hidden files. I am not sure if that's theoretically possible, as I read about it a while ago as the next big research topic, which is supposed to be difficult. But for ordinary people, if you give them a password, they will believe what they decrypt is all what you have. TC seem to claim that others cannot know the existence of hidden files. It will not be easy, but I'm not sure it's impossible.

No comments: