2005-11-13

Disk encryption

I've set up my gentoo linux to use disk encryption in the following cases:
  • encrypted swap using random key on each boot
  • encrypted /tmp using random key on each boot
  • encrypted disk partition for sensitive data
I'm trying out BestCrypt from Jetico Software, a Finnish company. First I thought of using cryptoloop or dm-crypt, but they have some security weaknesses. Kernels >= 2.6.10 include some stronger IV modes, according to the author of the patch. Does anyone know some other analysis of this new encryption mode?

On the other hand, I didn't find any formal analysis of BestCrypt either. But it also doesn't have any published weaknesses. It is a commercial piece of software, not very expensive, with two bonus features:
  • hidden encrypted containers, and
  • encrypted containers are readable on Win32.
The latter feature might come in handy. BestCrypt is also very user-friendly, flexible and almost trivial to use. I think it is worth its price.

Ah yes, my threat model, and why have I decided now to use disk encryption? Soon I'm going to travel around with my laptop and I don't want my work and personal data available to strangers if it gets stolen. So I'm moving all of my mails, work and private stuff to the encrypted partition. And all of the dot-files in my home directory. It's surprising how much data can be found there.

7 comments:

Anonymous said...

You should try Truecrypt, IMO the best encryption program on Windows and as a bonus it is free and open source.
http://www.truecrypt.org/

zvrba said...

Nice advertisement. Oh, and I don't use windows for 99% of the time. Therefore, Truecrypt is pretty much useless to me.

Anonymous said...

The Linux version of TrueCrypt is available at http://www.truecrypt.org/downloads.php

:)

zvrba said...

I don't like when someone starts to claim that some product is "the best", especially without stating their evaluation criteria.

"Best" is meaningless without true understanding of other people's needs. Since these needs are different, consequently, "best" does not exist.

Talking about best product is like talking about best religion...

Anonymous said...

the article has been updated, bestcrypt and truecrypt are also vulnerable to watermark attacks.

zvrba said...

Thanks for the notice.

Anonymous said...

I use BestCrypt already for many years. As far as my knowledge goes, I can assure you that Bestcrypt is one of the best encryption programs I can think of. Used in Linux offcourse. There is only one con and that is that you have to install your kernel sources to be able to install BestCrypt. Another thing is that Jetico asks you to pay for the Linux version, but actually you are free to pay for it or not. The Linux version does not have a serial number check. I did pay for it but you can try it out fully featured for as long as you like.

My advise: use the Rijendael algorithm.

Friends of mine (and they have the gear to hack encrypted stuff) have tried to hack the containers, but no go.

and another nice thing about BestCrypt is that you can make hidden containers inside the original container. Used with different passphrases.

This is not ment als an add. I am just very enthousiastic about BestCrypt.

Have fun!