Truecrypt, bitlocker, filevault

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

Modelworks

Lifer
Feb 22, 2007
16,240
6
76
My take on the whole situation is, if you have data that you need to keep private, don't put it on a laptop.

Granted desktops are vulnerable to this too, but it takes more time to open a desktop system up, grab the ram, etc. Especially if its in a half way secure location. Or the person has a locked case.

Unfortunately business and government can't seem to understand this, because they keep sending laptops out with a million customers info or top secret documents.

 

tomt4535

Golden Member
Jan 4, 2004
1,758
0
76
Originally posted by: GTaudiophile
Originally posted by: irishScott
Originally posted by: GTaudiophile
I wonder if this has been posted over in the Truecrypt forum yet.
http://forums.truecrypt.org/viewtopic.php?t=9410

Inherently, unencrypted master keys have to be stored in RAM as well. When a TrueCrypt volume is dismounted, TrueCrypt erases its master keys (stored in RAM). When the computer is cleanly restarted, all TrueCrypt volumes are automatically dismounted (thus, all master keys stored in RAM are erased by the TrueCrypt driver). However, when the computer is reset (not cleanly restarted), when the system crashes, or when power supply is abruptly interrupted, the TrueCrypt driver stops running and therefore cannot erase any keys.
So TrueCrypt seems to have this vulnerability taken care of?
If you do a normal shutdown, it clears out the keys, but if you pull the plug it cant clear the keys in ram and they can stay there for however long.
 

Jeff7

Lifer
Jan 4, 2001
41,599
18
81
Originally posted by: Modelworks
My take on the whole situation is, if you have data that you need to keep private, don't put it on a laptop.

Granted desktops are vulnerable to this too, but it takes more time to open a desktop system up, grab the ram, etc. Especially if its in a half way secure location. Or the person has a locked case.

Unfortunately business and government can't seem to understand this, because they keep sending laptops out with a million customers info or top secret documents.
And if you see someone cruising the airport with a container of liquid nitrogen and a spare laptop with the case open, you might want to keep your own laptop close to you.
 

GTaudiophile

Lifer
Oct 24, 2000
29,776
29
81
Originally posted by: randay
encryption isnt foolproof anyway, there is always a way to break it.
With brute force, sure, but who has the time/money for that besides the government?
 

SampSon

Diamond Member
Jan 3, 2006
7,160
1
0
Wait, did people actually forget for a second that physical access is bad for security?
 

Modelworks

Lifer
Feb 22, 2007
16,240
6
76
Originally posted by: SampSon
Wait, did people actually forget for a second that physical access is bad for security?


I really think a law needs to be passed that any sensitive information cannot be stored on a laptop. Give them access to it with the laptop, but storing all the data on the laptop should be illegal.

Look below, it took me mere seconds to find all those on google.
There are literally hundreds more.



Laptop theft compromises Hotels.com customer data
Sensitive information on nearly a quarter million people was exposed


Stolen Fidelity computer raises privacy fears
Laptop contained sensitive data on nearly 200,000 retirement accounts

Nationwide Building Society, a U.K. financial services provider, has been fined $1.9 million after a laptop containing sensitive customer data was stolen from an employee.

Mercantile Bankshares Corp. said late Friday that a laptop computer containing personal information for more than 48,000 customers was stolen from an employee of subsidiary Mercantile Potomac Bank.

Ameriprise has agreed to a settlement with Massachusetts' regulatory office over damages from a laptop that was stolen from an employee's car in December 2005.
The missing laptop contained information on over 150,000 customers and 60,000 advisors to the financial services firm

Upscale retailer Neiman Marcus Group Inc. acknowledged this week that sensitive information on up to 160,000 current and former employees was housed on a laptop stolen from one of its consultants.

Gap Inc. announced Friday that a laptop containing the personal information of about 800,000 job applicants was stolen from the offices of one of its vendors that manages data for the company.

Federal investigators are frantically trying to determine what happened to a missing laptop computer that contains sensitive data on as many as 100 Drug Enforcement Administration investigations around the country, including a wealth of information about many of the agency?s confidential informants,

Representatives of the University of California, Los Angeles, are warning 145,000 blood donors they could be at risk for identity theft due to a stolen university laptop.

A state college in Denver believes it may have lost sensitive information on more than 93,000 students after one of the school?s laptop computers was stolen from an employee?s home late last month.


 

ASK THE COMMUNITY