Page 1 of 2
1
2
LastLast
  1. #1

    Question about what is being stored on your computer

    I have no idea how to formulate a fitting thread title, so please bear with me.

    My dad had some super confidential files on his USB stick and he asked me to encrypt them, so nobody else but him could access them.

    So I put the USB into my PC, created an encrypted storage with TrueCrypt and stored the confidential files in that storage. I have not copied the files to my PC, nor was the truecrypt storage ever on my HDD. Everything happened on that USB stick.

    My dad now wants me to shred the HDD... I've got no real clue if somebody could recover those files from the HDD, even though it has never been on it.


    Is simply inserting a USB and moving files around on the USB enough to leave traces on the PC?



    Before somebody asks wtf was in those files... don't even bother, I've got no clue myself. Just some text files... so no picture preview or anything that could have been triggered.

    For now I have told him that shredding my HDD is no option. I would have to buy an external to save my stuff before even considering something like this... But my dad is pretty serious about this.


    To clear things up a bit: My dad has his own company. They are quite successful and 'big', but he got no IT stuff or anything. Yet they have to deal with confidential things and they have to hide things from their competitors. He is paranoid about getting hacked after he noticed some strange log ins into his email account...
    Last edited by StayTuned; 2012-11-22 at 02:08 AM.

  2. #2
    I am not an expert on this, but so long as the files did not leave the USB drive and you didn't open them there shouldn't be any trace on your hard drive.

    If he is concerned with his email perhaps he should start scanning for anything malicious on his computer and change his email password to something a little more secure.

    Also look into a Digital ID:
    Digital signature ensures confidentiality
    Secure message encryption
    Protection against identity theft
    Integrates with Microsoft® Office and major applications
    Trusted by popular email clients

    http://www.comodo.com/home/email-sec...ertificate.php

  3. #3
    Thanks for that Comodo link. I had no clue about it. I'll forward it to my father. Much appreciated.

  4. #4
    When u delete a file/folder from your external flash drive the files will get deleted and not go to your local pc's recycle bin.

    If you really want to be sure and safe then do it on a pc that's not connected to the internet and also don't open the files/folders. Do a quick format on the flash drive and that will clear off the flash drive if you wanna clear all of its contents.

  5. #5
    I am Murloc! Cyanotical's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,553
    it's possible truecrypt stored your private key on your HDD as part of an asymmetrical encryption

    however, unless you are expecting the government to raid your house, shredding your HDD is not necessary, even still, if your dad insists, agree to it after he buys you a few SSD's and gives you a chance to back up your data

    also, if you're dad is serious about that data, truecrypt and bitlocker are pointless, they are both as effective as using '1234' for a password, i can crack an 8GB usb drive encrypted with truecrypt in 1-2 hours using cuda

    get an ironkey

    EDIT: there is also commercially available software for breaking truecrypt and bitlocker faster than hashcat
    Last edited by Cyanotical; 2012-11-22 at 03:59 AM.

  6. #6
    Quote Originally Posted by Cyanotical View Post
    it's possible truecrypt stored your private key on your HDD as part of an asymmetrical encryption

    however, unless you are expecting the government to raid your house, shredding your HDD is not necessary, even still, if your dad insists, agree to it after he buys you a few SSD's and gives you a chance to back up your data

    also, if you're dad is serious about that data, truecrypt and bitlocker are pointless, they are both as effective as using '1234' for a password, i can crack an 8GB usb drive encrypted with truecrypt in 1-2 hours using cuda

    get an ironkey

    EDIT: there is also commercially available software for breaking truecrypt and bitlocker faster than hashcat
    Are you serious? I looked up the whole internet almost and it is said that not even the FBI was able to crack a truecrypt file that has been set up properly with a good enough password. He said that if somebody would steal these text files, his company could be seriously damaged and that's why he's being so paranoid about it. I'd like to help him out as good as possible.
    Last edited by StayTuned; 2012-11-22 at 04:16 AM.

  7. #7
    I know this isn't exactly what you were asking for, but if your father is that concerned about his IT security then it's time to hire a professional, instead of having his son do it because "You're good with computers".

  8. #8
    I am Murloc! Cyanotical's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,553
    Quote Originally Posted by StayTuned View Post
    Are you serious? I looked up the whole internet almost and it is said that not even the FBI was able to crack a truecrypt file that has been set up properly with a good enough password.
    the FBI can crack anything they want, it's usually an issue of legality when they can't, not capability, it's not like their super computers are using P4s

  9. #9
    Quote Originally Posted by Cyanotical View Post
    the FBI can crack anything they want, it's usually an issue of legality when they can't, not capability, it's not like their super computers are using P4s
    Might be true. But I don't think the FBI or any government is going to raid us anyway. But it kinda worries me that you make TrueCrypt look so unsafe. Any safer alternatives? Or should I just tell him to get the Ironkey? How crackable is that one?

    Quote Originally Posted by Beyturga View Post
    I know this isn't exactly what you were asking for, but if your father is that concerned about his IT security then it's time to hire a professional, instead of having his son do it because "You're good with computers".
    That's what I told him, too. Yet he doesn't want to spend money on it... even though he could easily afford it.

  10. #10
    Quote Originally Posted by Cyanotical View Post
    the FBI can crack anything they want, it's usually an issue of legality when they can't, not capability, it's not like their super computers are using P4s
    Things such as the DoD and FBI do not use encryption software unless they themselves can crack it, afaik. When Bitlocker first came out, it may have been uncrackable, but by now it is definitely crackable. However the speed at which some of these programs claim to be able to crack Truecrypt and BitLocker seems a bit off to me... unless they are doing some clever marketing and using supercomputers to get these instantaneous results.

  11. #11
    <Snip>

    Offering "bets" to other users is not something we really allow here, sorry.
    Last edited by noteworthynerd; 2012-11-23 at 02:10 PM.

  12. #12
    I am Murloc! Cyanotical's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,553
    Quote Originally Posted by StayTuned View Post
    Might be true. But I don't think the FBI or any government is going to raid us anyway. But it kinda worries me that you make TrueCrypt look so unsafe. Any safer alternatives? Or should I just tell him to get the Ironkey? How crackable is that one?
    hardware based encryption is much better than software, ironkeys are not uncrackable (nothing is) it's just a matter of time and money, (which is a whole different topic atm in white hat groups) but they are certainly better than a basic truecrypt run on a standard flash drive

    there are ways to improve bitlocker and truecrypt, such as using a TPM chip on your motherboard, a 24+ character passphrase, and 512bit encryption

    Quote Originally Posted by Beyturga View Post
    Things such as the DoD and FBI do not use encryption software unless they themselves can crack it, afaik. When Bitlocker first came out, it may have been uncrackable, but by now it is definitely crackable. However the speed at which some of these programs claim to be able to crack Truecrypt and BitLocker seems a bit off to me... unless they are doing some clever marketing and using supercomputers to get these instantaneous results.
    well, decryption has been advancing much more in the last 2-3 years, it's now more of a sport with groups competing to see who can crack various forms of encryption the fastest, just a few years ago, WPA could not be cracked, then it was, but took almost a year and now:



    thats a SHA512 key cracked in 27 seconds using just a CPU and 2 AMD GPUs

  13. #13
    Quote Originally Posted by StayTuned View Post
    That's what I told him, too. Yet he doesn't want to spend money on it... even though he could easily afford it.
    Pose this question to him: "What's going to cost you more money: Hiring someone who is trained and informed on protecting your information? Or having those files compromised and losing business/money?"

    I'm at the start of my IT career, yet I've still dealt with this situation a couple times already. Mainly to do with password policies. Bosses complaining and threatening because they don't want to have to follow a complex password requirement that remembers the last X amount of passwords used and has to be changed every 30 days etc etc. I sit them down and hypothesize what is cheaper, them remembering a complex password that gives better security, or him being able to have his password be spacebar and that it never expires, when their account has access to very privy information that can make or break the company that Bob the janitor can walk up to after-hours and log in and walk out the door with all his confidential information.

    ---------- Post added 2012-11-21 at 10:50 PM ----------

    Quote Originally Posted by Cyanotical View Post
    well, decryption has been advancing much more in the last 2-3 years, it's now more of a sport with groups competing to see who can crack various forms of encryption the fastest, just a few years ago, WPA could not be cracked, then it was, but took almost a year and now:
    I'm not saying I don't believe you, but I'm rather curious. Do you mean WPA or WPA2?

  14. #14
    I am Murloc! Cyanotical's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,553
    Quote Originally Posted by Beyturga View Post
    I'm at the start of my IT career, yet I've still dealt with this situation a couple times already. Mainly to do with password policies. Bosses complaining and threatening because they don't want to have to follow a complex password requirement that remembers the last X amount of passwords used and has to be changed every 30 days etc etc. I sit them down and hypothesize what is cheaper, them remembering a complex password that gives better security, or him being able to have his password be spacebar and that it never expires, when their account has access to very privy information that can make or break the company that Bob the janitor can walk up to after-hours and log in and walk out the door with all his confidential information.
    ^this, the number one reason so many websites and companies get compromised is because somebody high up doesnt want to deal with complex password policies, or spend money on upgraded firewalls, two factor authentication, etc

  15. #15
    Quote Originally Posted by Cyanotical View Post
    ^this, the number one reason so many websites and companies get compromised is because somebody high up doesnt want to deal with complex password policies, or spend money on upgraded firewalls, two factor authentication, etc
    That's exactly my dad. Even though he's a somewhat respectable entrepreneur, his passwords suck balls and he has no clue about IT security. That's why I have to help him out first and do some first aid before I convince him to leave me alone and hire somebody who actually learned more than just how to properly set up a network.

    Also, TrueCrypt has the advantage that you can disguise the storage. Just give it some generic name like 'SoftwareUpdate.dll' and hide it in some program that you have on your flash drive.
    Last edited by StayTuned; 2012-11-22 at 04:55 AM.

  16. #16
    I am Murloc! Cyanotical's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,553
    Quote Originally Posted by Beyturga View Post

    I'm not saying I don't believe you, but I'm rather curious. Do you mean WPA or WPA2?
    actually, anymore, not even WPA2-ENT is secure, MSChapv2 was cracked this year, and that's what most RADIUS servers run

    the scary thing from an IT standpoint is that you only need one packet to decrypt WPA/WPA2, not like WEP which can take a while to gather IVs, giving securrity a chance to spot someone with a laptop who shouldn't be there

    you dont even need a high power computer to do it, people run hashcat on EC2 all the time

    although, this is all somewhat mute anyway, if someone really really wants in your network, they will get in, current security measure stop 95% of hackers, its the other 5% that you have to worry about

    ---------- Post added 2012-11-21 at 10:06 PM ----------

    Quote Originally Posted by StayTuned View Post
    That's exactly my dad. Even though he's a somewhat respectable entrepreneur, his passwords suck balls and he has no clue about IT security. That's why I have to help him out first and do some first aid before I convince him to leave me alone and hire somebody who actually learned more than just how to properly set up a network.

    Also, TrueCrypt has the advantage that you can disguise the storage. Just give it some generic name like 'SoftwareUpdate.dll' and hide it in some program that you have on your flash drive.
    a method that we developed back in my enterprise security class was thought to be uncrackable, the problem is that it is almost completely impractical

    create your secure data, and bury it in another functional file
    place that file on a VM, and then encrypt it within the VM
    encrypt the VM file within the actual OS
    store the VM on a 3-4 disk RAID0 array
    then encrypt and password protect each hard drive
    store each hard drive in a separate location, such as bank deposit boxes at different banks

    so, the reverse of that is rather painful, and you have a high risk of data corruption ruining the whole thing, but it should be nearly impossible to extract the secure data without full knowledge of the system
    Last edited by Cyanotical; 2012-11-22 at 05:07 AM.

  17. #17
    Quote Originally Posted by Cyanotical View Post


    a method that we developed back in my enterprise security class was thought to be uncrackable, the problem is that it is almost completely impractical

    create your secure data, and bury it in another functional file
    place that file on a VM, and then encrypt it within the VM
    encrypt the VM file within the actual OS
    store the VM on a 3-4 disk RAID0 array
    then encrypt and password protect each hard drive
    store each hard drive in a separate location, such as bank deposit boxes at different banks

    so, the reverse of that is rather painful, and you have a high risk of data corruption ruining the whole thing, but it should be nearly impossible to extract the secure data without full knowledge of the system
    Yeah... but that is really impractical. You want to have access to that data, otherwise you can just delete it and burn the HDD to ashes. Tell me, how can somebody hack something, if he doesn't even know where to search? An encrypted file could be literally everywhere on my PC. 1kb big, 1mb big, a .dll, a .exe a .txt. It could be called 'update' or 'driver or 'data'. Anything.

  18. #18
    I am Murloc! Cyanotical's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,553
    Quote Originally Posted by StayTuned View Post
    Yeah... but that is really impractical. You want to have access to that data, otherwise you can just delete it and burn the HDD to ashes. Tell me, how can somebody hack something, if he doesn't even know where to search? An encrypted file could be literally everywhere on my PC. 1kb big, 1mb big, a .dll, a .exe a .txt. It could be called 'update' or 'driver or 'data'. Anything.
    well a 6GB txt file is a dead give away

    it's not easy, but, in certain countries there are rooms of hundreds of paid hackers

    if say your HDD was copied or stolen on a business trip, they would each take a section of files and systematically check each file


    but, if you are worried about a typical "hacker" script kiddie, then no, they wont find it, nor do they generally know about software like passware, most tend to shy away from the expensive professional software suites

  19. #19
    Quote Originally Posted by Cyanotical View Post
    well a 6GB txt file is a dead give away

    it's not easy, but, in certain countries there are rooms of hundreds of paid hackers

    if say your HDD was copied or stolen on a business trip, they would each take a section of files and systematically check each file


    but, if you are worried about a typical "hacker" script kiddie, then no, they wont find it, nor do they generally know about software like passware, most tend to shy away from the expensive professional software suites
    Haha. I obviously didn't make the file a 6gb big .txt ^^
    And thanks so far. You helped me out even if doesn't look like it. We never had any issues regarding IT security, but seeing how fast the technology is progressing it is better to be safe than sorry. Most of the people my dad has to deal with are pretty much IT illiterates themselves, so even if they manage to steal the USB, I am almost sure they won't find the files they are searching for.

    I am going to make him use Comodo in future and tell him to buy that Ironkey USB. Using that and TrueCrypt to hide files should be sufficient for now.

  20. #20
    Yeah... but that is really impractical. You want to have access to that data, otherwise you can just delete it and burn the HDD to ashes. Tell me, how can somebody hack something, if he doesn't even know where to search. An encrypted file could be literally everywhere on my PC. 1kb big, 1mb big, a .dll, a .exe a .txt. Anything.
    If you're not educated or careful then I could just look for files that are "wrong". Encrypted data looks unstructured and random so doing something like naming a file "libxml.dll" when it's actually an aes encrypted file isn't going to work because they'll just pipe ls -aR through file -f. Better approaches are available of course, but this 'rename the file' approach has probably been used by every teenage boy to hide their porn so it's worth mentioning.

    Truecrypt's value over bitlocker or filevault isn't the encryption it offers but the plausible deniability: it stores your data in a way that you can convincingly claim "it's not there".

    While breaking the encryption might be a concern for run of the mill criminals it's not going to help if you're dealing with a government that can compel you to turn over the keys (through the courts or cutting off your fingers until you tell them what they want to know). A big encrypted file/drive is a giveaway that you've got something to hide: they'll know to torture you to be able to look inside. Truecrypt is valuable because it lets you say "there's no such file on the drive". Even if they detect the truecrypt volume (which they can) you can have nested volumes that are impossible to distinguish from random noise. When 'the man' starts breaking your toes with a hammer you can give him the keys to your top-level volume that he knows exists and then deny to the death that a second or third one is on that drive and he'll have no way to know for certain that you're hiding something.
    Last edited by a21fa7c67f26f6d49a20c2c51; 2012-11-22 at 05:29 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •