Security Matters! Your hobby phone is not enough.

LexusLover's Avatar
Still waiting on that shit too... Originally Posted by Wakeuр
Don't hold your breath.

http://content.usatoday.com/communit...deadline/index
Would the drive be recoverable after the wipe? Or would the info be gone, or scrambled for good? Originally Posted by pyramider
the drive would be clean. It was first encrypted, then the fail safe would scramble an encrypted drive so even if they got a partial read it would still be garbage.
LexusLover's Avatar
Would the drive be recoverable after the wipe? Or would the info be gone, or scrambled for good? Originally Posted by pyramider
pyramider, one of the problems on this board from time to time is folks make statements that can mislead others into a false sense of security ... sort of like .... "don't worry about it" ..... without any accountability.

... for your information I just recovered all of the data and files off a formatted drive and I am now in the process of re-organizing it and renaming the files as I do so to put the data and files back into its original condition and organization.
LexusLover's Avatar
pyramider,

... for your information I just recovered all of the data and files off a formatted drive and I am now in the process of re-organizing it and renaming the files as I do so to put the data and files back into its original condition and organization. Originally Posted by LexusLover
And I would like to add that I have no interest in getting into any testosterone, ass-kissing, white-knight pissing contest .... because I got no dog in the hunt .... and my only concern is that some folks post crap on here they read about from an advertisement or a headline grabbing journalist and post it as FACT .... and some folks buy into it, because they have lots of "reviews" ..... and put themselves at risk by believing it.

It's not about "who wins the discussion on the board" .... it's about your "safety" and the "safety" of those around you. Remember:

"The only people who die of mushroom poisoning are "mushroom experts.""
txswing99's Avatar
Depending on the tools you use, you are provided with a recovery mechanism for an encrypted drive. Generally, this may be a file or some sort of recovery disk which should be stored in a safe and secure place.

Remember, all encryption can be broken with enough time and resources...the idea is to use strong enough encryption to make sure that it is not possible to break in the forceable future with a normal level of resources.

When disposing of...or simply permanently deleting...a drive whether encrypted or not, you should consider using a Secure Erase tool...there are several open source options, but always use one that meets DoD standards. Hardware options exists do this as well.

Hope it helps...

-T
LexusLover's Avatar
...the idea is to use strong enough encryption to make sure that it is not possible to break in the forceable future with a normal level of resources.... Originally Posted by txswing99
There in lies the principal issue of this discussion ... LE has at its disposal those resources that are above "normal" ... and the bottom line is that if a 13-year-old kid can break into the DOD, FBI, and CIA mainframes ... then it is a "walk in the park" for DHS to pick any lock you throw at it...and LE has their services readily available.
This was posted on TheRegister Laws about encrypting hard drives

Now I am not going to say you won't have hassles but this is a step in the right direction pertaining the 5th amendment.

At its basic definition it implies that no entity can force you to provide evidence of wrong doing against yourself. Be it spoken word, printed word or other type..

I see this gaining momentum, but the danger is that evidence OF crimes can be hidden from the law (child porn, drug cartel financial records etc.....) and if the cops cannot crack into those drives then it will hinder prosecution.

This will be a double edged sword to watch out for
txswing99's Avatar
LexusLover...

There in lies the principal issue of this discussion ... LE has at its disposal those resources that are above "normal" ... and the bottom line is that if a 13-year-old kid can break into the DOD, FBI, and CIA mainframes ... then it is a "walk in the park" for DHS to pick any lock you throw at it...and LE has their services readily available. Originally Posted by LexusLover
In my attempt to be rather precise with my language regarding encryption, I may have suggested that encrypting your private material is not worth the time. It very much is worthwhile.

For example, a brute force attack against a 256-bit key in AES encryption algorithm -- one of the more popular options-- requires 2 to the power of 200 operations; that is, with all the current computing power on earth today would still take far longer than the age of the universe to complete.

While there are other ways to attack encrypted content, the current recommended algorithms are considered very secure at least until we start producing "quantum" computers in approx. 30 to 50 years time. By that time, new stronger encryption algorithms will exist to choose from.

This brings back to my initial point in that software choices are not enough without good procedures to supplement them...over the long term, you should update your encryption periodically to ensure they remain secure.

Good security is about playing the averages...and protecting yourself from the possible threats that you will encounter. LE is not going to spend the same type of resources to investigate that one of the three-letter government agencies would use.

So unless you wind up in the most wanted list, piss off a well-funded gang of European hackers, or impregnate the youngest daughter of a Saudi prince, some common-sense security tools and good practices should go a long way in your hobby life.

my regards...

-T
Randall Creed's Avatar
I let a MF'er use my laptop once (foolishly). Man, I tell ya, it was a couple years ago, and I'm STILL uneasy about that shit. And she had it for over a day or so, away from my sight No telling what the fuck she looked up on my computer, or told WHO, and she was fucking around with a potna of mine. Hell, she might've told and showed his ass some shit about me on this computer (this site, for instance). These MF'ers could be monitoring my handle on this MF'er right now, keeping an eye on me and shit.

Fuck that! I'm never loaning my computer out again....ever!!
pyramider's Avatar
I was just asking an innocent question ... My computer knowledge is lacking, I thought everything was recoverable.
txswing99's Avatar
Pyramider...

Yes, an encrypted drive is recoverable provided you create and store in a safe place a recovery file or disk that the disk encryption software provides.

Depending on the tools you use, you are provided with a recovery mechanism for an encrypted drive. Generally, this may be a file or some sort of recovery disk which should be stored in a safe and secure place.
-T Originally Posted by txswing99
Hopefully that helps answer your question.

-T
LexusLover's Avatar
LE is not going to spend the same type of resources to investigate that one of the three-letter government agencies would use. Originally Posted by txswing99
Herein lies the flaw in all of this gibberish. Local law enforcement daily utilize the resources of Federal and State agencies, and the Feds use the local resources. In fact it may apparently come as a surprize, but local, state, and Federal law enforcement agencies utilize the technical know-how and hardware resources of other traditionally thought to be "non-LE" agencies of the Federal government, eg. NASA, for the enhancement and improvement of data, images, and sound. That was the case before 9-11, but it has increased to an extreme level since. (In fact agencies, e.g. NASA, have "loaner" programs to local LE to utilize equipment (and weapons from DOD) that are on the shelf and readily available for special operations and investigations ... for decades now.)

For some reason folks on here actually believe that "commercially available" and "publicly available" so called "encryption" software can defeat the available resources of the Feds, and to bet one's livelihood, future, and freedom on such folly is to say the least .. foolish. And to "assume" that local LE is not going to utilize the resources of the Feds (implies that the resources ARE available to begin with) is equally fool-hardy and certainly not a "security option" for protecting data.

My suggestion is: If you are going to put your life, future, and freedom on the line with one of these "gee-whiz" IT b.s. encryption ideas, make sure you start a defense fund savings plan along with it. You'll need it.
bullet0's Avatar
I don't disagree that local LE has all these resources from which to draw, but are they really going to invest that kind of time and effort to get a working girl off the street. Sure it's possible, but not very cost effective. LE can go raid an AMP or two and get plenty of press without spending hundreds or thousands of man hours decrypting one laptop.

Herein lies the flaw in all of this gibberish. Local law enforcement daily utilize the resources of Federal and State agencies, and the Feds use the local resources. In fact it may apparently come as a surprize, but local, state, and Federal law enforcement agencies utilize the technical know-how and hardware resources of other traditionally thought to be "non-LE" agencies of the Federal government, eg. NASA, for the enhancement and improvement of data, images, and sound. That was the case before 9-11, but it has increased to an extreme level since. (In fact agencies, e.g. NASA, have "loaner" programs to local LE to utilize equipment (and weapons from DOD) that are on the shelf and readily available for special operations and investigations ... for decades now.)

For some reason folks on here actually believe that "commercially available" and "publicly available" so called "encryption" software can defeat the available resources of the Feds, and to bet one's livelihood, future, and freedom on such folly is to say the least .. foolish. And to "assume" that local LE is not going to utilize the resources of the Feds (implies that the resources ARE available to begin with) is equally fool-hardy and certainly not a "security option" for protecting data.

My suggestion is: If you are going to put your life, future, and freedom on the line with one of these "gee-whiz" IT b.s. encryption ideas, make sure you start a defense fund savings plan along with it. You'll need it. Originally Posted by LexusLover
boardman's Avatar
Animal control only has nets and tranquilizer guns...
txswing99's Avatar
My suggestion is: If you are going to put your life, future, and freedom on the line with one of these "gee-whiz" IT b.s. encryption ideas, make sure you start a defense fund savings plan along with it. You'll need it. Originally Posted by LexusLover
It seems that your basic advice is one should basically do nothing...'cause they can get you!...no matter what!

It's a bit like saying that to prevent pregnancy we should only have sex with good girls from the local church and then keep walking to the next town...'cause those new-fangled condoms are uncomfortable and can ultimately be defeated with a well-placed bobby pin...and her daddy will get you anyways!

Well, that argument is gibberish! Folks should use all the available protection.

Further, this thread started with a real-world story describing how using some of these protection options could not be defeated by LE, or an overzealous divorce lawyer. While I certainly can appreciate that you might be a little skeptical of that story...I'm definitely skeptical that your "do nothing 'cause they will get you anyways" strategy is anything like a good idea.

-T