On 30 April 2011 13:50, Kraktus <[email protected]> wrote: > On 30/04/2011, Kevin Chadwick <[email protected]> wrote: >> On Sat, 30 Apr 2011 12:04:32 -0400 >> Kraktus wrote: >> >>> What the encrypted external drive *does* do is protect me from a thief >>> who jumps me along the way, while I am carrying the data. >> >> In which case vnconfig and bioctl are just fine. You seem to be jumping >> about, you can use the following for portability two of which you've >> now mentioned. I'm not sure what you're getting at except you can only >> trust yourself, maybe or are you just hoping for some insight. >> All the products for windows I've seen (so far) have flaws >> (even ignoring network attacks), a users/managers job is to realise and >> manage them.
Ah! you're thinking corporate. Try to imagine a more mundane scenario. Alice uses OpenBSD on her home computer. She is not running a server. She has this awesome secret recipe for macaroni and cheese, and she wants to share it with her cousin, Bob. Her cousin Bob is very busy and does not have time to come and see her, so she has to go and see him. Unfortunately, Bob is not security-minded and is running Windows. (Or perhaps, if she's lucky, he's running Mac or Ubuntu.) Alice's computer is a big heavy desktop that is not easy to transport. Alice decides to put her secret recipe for macaroni and cheese on a USB drive formatted with ext2 or FAT32, because both OpenBSD and Windows can read those file systems. Alice is afraid that Eve might try to steal her secret macaroni and cheese recipe to support Eve's meth addiction. Eve, being a brain-damaged meth addict, doesn't know about cracking, not even into Windows, so she's going to try to steal the USB drive and mount it on her own computer. Alice wants to prevent Eve from being able to do this, so she encrypts the recipe with GPG. However, a few months later, Alice has 511 secret recipes she wants to take to her cousin Bob. Encrypting them individually is too much trouble. She wants block-level encryption, and, due to the lack of cross-platform block-level encryption software available, settles on a hardware solution. She makes two trips to avoid transporting the data and the key at the same time. If Eve did know about cracking into Windows computers, then of course Alice's plan would be foiled unless she could persuade Bob to switch to a better operating system -- not likely, since he's so stubborn -- or waited for him to come to her, which could easily take several months given how busy he is. > If my friend uses OpenBSD too. Well, I could dream. > >> Openssl is pretty cross platform but AES. Windows + encryption, >> is there any point. > > Sure, if transporting the data over the internet rather than physically. > > Sure there's a point. I can't stop people from using Windows, as much > as I may want to, and encryption at least helps against a local > attacker while the otherwise untrustworthy Windows computer is off. It > also helps while the USB drive transporting data is off. To protect > you against that thief who jumps you on the way there who is hoping > for data he can sell to support his drug habits. Okay, he can still > reformat and sell the physical drive, but at least he can't try to > sell your data if it's encrypted. > >> If you think so maybe in specific scenarios, then I don't know how >> difficult truecrypt would be to port. > > Impossible, given that the Truecrypt license looks like it was written > by someone who likes suing people. It would be easier to port softraid > to Windows, because unlike Truecrypt, softraid is under a friendly BSD > license. Of course, that would require actually knowledge of > programming on Windows, but at least a person wouldn't be sued for the > mere attempt. There are other things that are also under much > friendlier licenses than Truecrypt. I think dm-crypt has already sort > of been ported to Windows, and it's probably GPL. > >> There's always gpg ready to go in ports and available for windows. > > True. There's also some zip programs that also offer encryption. > That's all file-by-file. It's just a shame that there's no > cross-platform block-level encryption programs, unless you resort to > hardware solutions. Well, technology moves fast; maybe I'll get my > wish in five years or so.
