8 Comments

Summary:

A lot of web workers carry a ton of data around in their laptops: everything from financial records to passwords to client code. If you’re one of them, have you given any thought to protecting that data if you lose the laptop? Hardware replacement costs can […]

A lot of web workers carry a ton of data around in their laptops: everything from financial records to passwords to client code. If you’re one of them, have you given any thought to protecting that data if you lose the laptop? Hardware replacement costs can be tough, but losing sensitive data is devastating. If you’re in this situation, you might want to take a look at the just-released version 5.0 of TrueCrypt, which offers open-source on-the-fly data encryption.

With TrueCrypt, you can set aside an area on your drive to act as a virtual encrypted file system, encrypt an entire partition, or even (on Windows) encrypt the boot volume and require pre-boot authentication. In any case, your data can only be accessed by entering your password (or better, passphrase). Best new features of version 5.0: higher-security encryption algorithms and a Mac OS X version.

You’re subscribed! If you like, you can update your settings

  1. Logical Extremes Friday, February 29, 2008

    I’m a big fan of TrueCrypt, but keep in mind the very recent findings on cold boot attacks on encryption keys:

    http://citp.princeton.edu/memory/

    Encryption is a great idea, but go the extra mile and completely shut down your computer and wait a few minutes before leaving it alone.

  2. SecurityNow did an episode on the new version of TrueCrypt, definitely worth checking out. http://twit.tv/sn133

  3. “I’m a big fan of TrueCrypt, but keep in mind the very recent findings on cold boot attacks on encryption keys:

    http://citp.princeton.edu/memory/

    Encryption is a great idea, but go the extra mile and completely shut down your computer and wait a few minutes before leaving it alone.”

    I don’t think is that much of a concern *unless* you are worrying about police/TSA/Customs looking at your laptop data. Clearly those folks are likely to get some sort of forensic tool in the near future utilizing the SDRAM vulnerability.

    Personally, my big concern is someone stealing my bag and not only having my laptop but also having my data. For that, disk level encryption is ideal. In fact, I frequently use it on disks that I move back and forth between computers that are never shut off, so if the feds break in they’re going to be able to obtain access to the key, but if someone steals the drive in transit, the only thing they’re getting out of it is a free disk.

  4. Also don’t use suspend on your laptop. If someone steals your laptop bag they can read your data with the technique described above.

  5. You can also create scripts to mount/unmount your volumes. Just hide the scripts in good places.

    HOWTO: Securely Open TrueCrypt Volumes in One Click

  6. Only restriction with Truecrypt is that you need administrator rights to encrypt/decrypt files…A luxury that not all web workers have when they visit client sites!

  7. rossgoodman Monday, March 3, 2008

    I must admit this is the one piece of software that I can’t do without.
    On my work laptop, all customer files go in one container, personal files in another.

    The only downside is continually having to back up multi-GB files (the container) when you change one text file.

  8. The System Encryption is ideal for laptops and any system with sensitive data. Another great piece of functionality is the traveller disk. No web worker leaves home without his trusty USB thumb drive, with Truecrypt, you can not only create an encrypted volume on the USB drive, but also an autorun.inf file and the binaries needed to mount the drive, so the system you’re using it on doesn’t need to have Truecrypt installed.

Comments have been disabled for this post