mersenneforum.org  

Go Back   mersenneforum.org > Extra Stuff > Hobbies

Reply
 
Thread Tools
Old 2018-08-08, 10:53   #1
VictordeHolland
 
VictordeHolland's Avatar
 
"Victor de Hollander"
Aug 2011
the Netherlands

23×3×72 Posts
Default Bitlocker (disk encryption) strenght and performance?

Not sure this is the right forum (we have a Linux subforum but no Windows, could also go in a crypto forum).

Question: Is Bitlocker (disk encryption in Win10 Pro and Edu) safe to use? As in is the encryption standard used not broken? The implementation by Microsoft could contain bugs *kuch*NSAbackdoors*kuch*, but that is not something we can check. Are there any good alternatives? I read Truecrypt, but that is not developed anymore, so I'm a bit reluctant to try that.

The data I'm trying to protect contains sensitive customer data (telephone numbers, emailadresses), so I just want to make sure that a stolen PC or HDD cannot be read by thieves. Protection against 3-letter agencies is not needed.

What is the performance impact of Bitlocker?
The motherboard doesn't have a TPM chip, so it will be with a passphase? How do I backup the key/recovery safely in case somebody forgets the password?
VictordeHolland is offline   Reply With Quote
Old 2018-08-08, 13:24   #2
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

3×19×103 Posts
Default

It uses AES which has not been broken and is not likely to be broken in the near future. As far as we can tell from the Snowden documents the NSA does not have a cryptographic break. AES is quantum resistant: small quantum computers are no threat, large efficient quantum computers might break AES-128 but not AES-256 (for the foreseeable future).

BitLocker and similar schemes are vulnerable to cold boot attacks unless you are using (at least) 2-factor authentication.

Last fiddled with by CRGreathouse on 2018-08-08 at 13:25
CRGreathouse is offline   Reply With Quote
Old 2018-08-08, 18:55   #3
VictordeHolland
 
VictordeHolland's Avatar
 
"Victor de Hollander"
Aug 2011
the Netherlands

49816 Posts
Default

So basicly it is safe to use for the purpose I was thinking of?
VictordeHolland is offline   Reply With Quote
Old 2018-08-08, 19:31   #4
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

3·19·103 Posts
Default

If you use a secure passphrase and don't allow people physical access to the machine while and shortly after it has power I think it should be safe for that scenario, yes.
CRGreathouse is offline   Reply With Quote
Old 2018-08-09, 01:30   #5
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

2·2,819 Posts
Default

I would suggest TrueCrypt's successor VeraCrypt.
  • It is open source.
  • It is honest about what it does and does not protect.
  • It does not send any "recovery key" to anyone (unlike BitLocker which sends the master key to MS).
  • It is also cross platform in that the partition format is public and they can be opened in Linux and Windows clients, so you don't have to have a valid Windows license to recover the data.
  • The master key is not tied to the system, since it doesn't use the TPM, so the data can be opened in any system (with the correct passphrase of course).
  • It also has cypher cascading so if any one cypher is broken or backdoored it can have another one, or two, cyphers in cascade still protecting the data.

Edit: You can have multiple passphrases to the same data by exchanging the header. So if someone forgets a passphrase you can replace the header with a backup.

Last fiddled with by retina on 2018-08-09 at 01:34
retina is online now   Reply With Quote
Old 2018-08-09, 14:01   #6
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

10110111011112 Posts
Default

Quote:
Originally Posted by retina View Post
It also has cypher cascading so if any one cypher is broken or backdoored it can have another one, or two, cyphers in cascade still protecting the data.
That's a nice feature. Remember to put the cipher you trust the most *first* in the cascade: the cascade is guaranteed to be as strong as the first cipher, and it's possible (however unlikely) to weaken a cipher by putting a worse cipher ahead of it.

Ueli M. Maurer and James L. Massey, Cascade ciphers: the importance of being first, Journal of Cryptology 6:1 (1993), pp. 55-61.
CRGreathouse is offline   Reply With Quote
Old 2018-08-10, 05:25   #7
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

22·17·127 Posts
Default

Quote:
Originally Posted by retina View Post
Edit: You can have multiple passphrases to the same data by exchanging the header. So if someone forgets a passphrase you can replace the header with a backup.
You lost me here. How is that possible, and still be secure? If the encryption key is generated from the password, then it means they have a way to generate the same key from different passwords, which is by itself insecure (imagine SHA256 but being able to get the same hash from two different sets of data). If the encryption key is not generated from the passphrase, then is is stored somewhere (is that why a "header" is needed?) and the passphrase is used to get to it, which is also not so secure if the attacker can get his hands on some copies of different "headers".

Last fiddled with by LaurV on 2018-08-10 at 05:27
LaurV is offline   Reply With Quote
Old 2018-08-10, 10:35   #8
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

2×2,819 Posts
Default

Quote:
Originally Posted by LaurV View Post
You lost me here. How is that possible, and still be secure? If the encryption key is generated from the password, then it means they have a way to generate the same key from different passwords, which is by itself insecure (imagine SHA256 but being able to get the same hash from two different sets of data). If the encryption key is not generated from the passphrase, then is is stored somewhere (is that why a "header" is needed?) and the passphrase is used to get to it, which is also not so secure if the attacker can get his hands on some copies of different "headers".
The passphrase only encrypts the master key. The master key never changes. So you can change your passphrase without having to re-encrypt the entire drive, you only have to re-encrypt the header. The header contains the master key. Then the master key is used to encrypt the rest of the data.
retina is online now   Reply With Quote
Old 2018-08-10, 10:43   #9
R. Gerbicz
 
R. Gerbicz's Avatar
 
"Robert Gerbicz"
Oct 2005
Hungary

101011001112 Posts
Default

Quote:
Originally Posted by VictordeHolland View Post
Are there any good alternatives?
Yes, your own (secure) decryption. Ofcourse this needs some Maths background to construct such one.
R. Gerbicz is offline   Reply With Quote
Old 2018-08-10, 14:32   #10
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

3×19×103 Posts
Default

Quote:
Originally Posted by R. Gerbicz View Post
Yes, your own (secure) decryption. Ofcourse this needs some Maths background to construct such one.
Please don't. There are lots of ways to make mistakes, lots of unobvious side-channel attacks, lots of vulnerabilities. It's hard to test your own software rigorously. Phil Zimmermann gives an example of how he created a crypto scheme he created in college used as an example in intro to cryptography texts as an exercise on how to break cryptosystems...

Maybe if you are Robert Gerbicz or Phil Zimmermann this doesn't apply to you, but for most people:
https://motherboard.vice.com/en_us/a...our-own-crypto
CRGreathouse is offline   Reply With Quote
Old 2018-08-10, 16:29   #11
M344587487
 
M344587487's Avatar
 
"Composite as Heck"
Oct 2017

5·112 Posts
Default

Quote:
Originally Posted by CRGreathouse View Post
Please don't. There are lots of ways to make mistakes, lots of unobvious side-channel attacks, lots of vulnerabilities. It's hard to test your own software rigorously. Phil Zimmermann gives an example of how he created a crypto scheme he created in college used as an example in intro to cryptography texts as an exercise on how to break cryptosystems...

Maybe if you are Robert Gerbicz or Phil Zimmermann this doesn't apply to you, but for most people:
https://motherboard.vice.com/en_us/a...our-own-crypto
True, but at the same time security through obscurity isn't the worst idea as a last mile step for personal use only. Just take the cascade idea you commented on above and put custom crappyEncryption (TM) at the end, preferably something that leaves no data footprint and can be memorised/forgotten as necessary. It's a little batshit but we are talking largely enthusiast dabbling and nothing more.
M344587487 is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Laymans explanation of RSA encryption Fusion_power Programming 3 2013-11-04 20:50
Encryption and governments retina Soap Box 119 2012-02-28 05:00
A good encryption ? science_man_88 Soap Box 14 2010-10-14 18:31
Interesting Encryption problem FDCmercs Math 0 2007-01-07 15:50
No disk writing Max Software 22 2006-10-27 21:26

All times are UTC. The time now is 15:12.

Sat Aug 15 15:12:52 UTC 2020 up 2 days, 11:48, 0 users, load averages: 2.22, 1.95, 1.91

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.