Encryption

[DoubleK]

Been doing a little bit of research into an unfamiliar topic as of late (encryption). I find it hardly interesting since most of these encryption technologies seem to use a password selected by a user to access encrypted data. Therefore unless I am missing something, this password now becomes the weak link to be attacked and exploited in this scheme.

Sure aes 256 bit will take over a trillion years to brute force crack but since most of us only have the capacity to remember a ten to twenty alpha/numeric password how would this really matter unless we were to use some type of 256 bit aes biometric password encryption scheme on top of actually locking the data down?

Obviously then the password/data would be near bullet proof unless someone had physical access to the biometric data or knew the algorithms in question correct?

[elroy]

The password can be a vulnerability if you don't keep it secure. Many programs now recommend a "pass phrase". For example: "I lived at 1233 Main street in Des Moines in 1960" is much easier to remember then "giuwr7fw89wa934i12yryr9y25h"
PGP uses a paragraph of random characters for a key. This must be saved somewhere on a pc or on removeable media.
Current encryption programs are very secure however you should keep in mind that what may be very hard to break with todays technology may not be so hard to break 5 or 10 years from now.
Currently encrypted data is much more likely to be broken via keyloggers and trojans intercepting the password than anything else. You also need to be aware of left over data in your swap file and bits left in the slack space in clusters.

[DoubleK]

Very useful Elroy. Thanks for the insightful password phrase suggestion. I will be sure to add it to my arsenal.

I think what I was really wondering was what I finally answered for myself and that is yes you could easily crunch any 100 character password for that matter until you were locked out due to incorrect password attempts.

In essence a powerful pass phrase inluding alpha/numeric is anyones best line of defense against 75% of your data bandits. You can stop the other 24% keeping your system rid of keyloggers either software or hardware and lets just hope that the special 1% is on our side.

Now here is a question: does anyone know of a data encryption utility that besides our government having the algorithm for no one else readily does and locks out repeated incorrect logins?

[elroy]

Quote:

Originally Posted by DoubleK

Now here is a question: does anyone know of a data encryption utility that besides our government having the algorithm for no one else readily does and locks out repeated incorrect logins?

Off hand I don't know of any encryption programs that have this feature. It is common on websites etc. I could suggest some good programs if you can tell me how much data you want to protect, 10mb, 100mb, gigs etc ?

[DoubleK]

I gave up using a thumbdrive or usbkey as the capacity is just way to small and am currently and for the forseeable future utilizing a seagate 160gig usb2 external harddrive.

I have used Cryptainer to lock down drives before and see no where in its features any way to limit the number of logins. Maybe this software does. No clue. I guess the only way to find out is to reinstall and attempt multiple logins.

[elroy]

You might consider Bestcrypt by Jetico. It has a higher level of encryption than Cryptainer. [256 bit vs 128 bit] Also it has an option to encrypt the swap file in the background. It also offers several different types of encryption, Gost, Blowfish, AES etc.
Bestcrypt handles the following sizes of containers, FAT - 2gb, FAT32 - 4gb, NTFS - 512gb.
I've used this program for years and it is a quality product.

[DoubleK]

Thank You

[jkrohn]

You do understand that you don't need the locking out don't you?

If you are using the password as the weak link, and have a 10 character alpha numeric password there are 36^10 possible passwords.....
Assuming you could check 1000 a second you are looking at 116,000 years to crack that.
For kicks, lets assume 10,000,000 passwords per second. It will still take 12 years...

No one is going to crack that, plain and simple, it is much more likely that a flaw is found in the encryption algorithm.

Bottom line is don't worry about lockout. Select a strong encryption algorithm and use a strong password (passphrase is even better) and you really don't need to worry about it.

Jkrohn

[DoubleK]

My point jkrohn. 10,000,000 seems like alot @ 12 years but with advances in processors it really isn't. Given your example which seems to fit what the industry also states, and given with what I know to be true, that is the number of mathematical computations a modern dualcore proc can resolve per second I find it highly probable that the best way to secure important data would be to limit login attempts thusly solving any attempt at unauthorized entry. That is at least until the algorithm is compromised.

One of our IT guys finally got on the ball and got us liscensed for home use also since work always seems to follow some of us home. I think some of the blazingly embarassing security breaches involving laptops as of late had something to do with it.

[DoubleK]

I do see your point also jkrohn and duly noted. Near impossible with 256 bit encryption.