![]() It is considered to be the official upgrade to TrueCrypt by many as it is open source, and had a code audit completed in October of 2016 (see: ). For Mounir Idrassi, that meant taking all of the security issues present in the TC 7.1a release and fixing them in a fork of the project called VeraCrypt. Was there really security issues? Were they served a National Security Letter mandating a backdoor in an update version be released? Nobody really knew anything above and beyond speculation and it had many people becoming weary. ![]() When TrueCrypt died back in 2014, there was a lot of talk about the security issues that the developers could have been talking about on their website. LUKS is also fully open source that along with its consistent use within Linux distributions makes it a very trusted choice for FDE. For serious individuals, you would be wise to take that count above 70,000 with a passphrase over 40 characters. The command would be: cryptsetup luksFormat -i 15000 and I would recommend experienced users setting the value at no less than 20,000. For slower computers, this may be lower than wanted so it can be specified with the cryptsetup command. The iteration count for LUKS is specified by the CPU power of the machine. Like FileVault2 for OSX, LUKS has no character limit for the passwords/passphrases and I have tested this with a 212-character passphrase consisting of letters, numbers, spaces, and symbols. Typically, it uses AES 256-bit encryption in CBC mode with SHA256 for hashing but that can be edited if needed to run other modes like XTS and decreasing the key size of the AES algorithm to 128-bit. Short for Linux Unified Key Setup, LUKS is the full disk encryption solution used by many Linux/GNU based operating systems. If you have a Mac, I would highly recommend enabling full disk encryption to keep your files safe. It is unknown, but unlikely, if a backdoor has been implemented by Apple in FileVault2. There also doesn’t appear to be a limit to the password length so one could in theory create one 100 characters long without any issues other than delay before unencrypting. This works to prevent bruteforcing the password due to the delay in checking the hashed password with the one stored on the system. ![]() Based on some findings in this paper:, FileVault2 uses PBKDF2 x SHA256 and 41,000 iterations on the password. Once you have securely saved this key, burn/shred the paper you originally wrote it down on. Instead, I would recommend writing it down on a piece of paper temporarily until you can keep it in an encrypted form (7zip password protected archive) in something like your Tresorit Drive. I would recommend not storing this Recovery Key with Apple even though they give you the option to do so using 3 security questions and answers for recovery authentication of this key. When you set up FileVault2 for the first time, it requires you to have a password on the current administrator account and uses a random number generator (with about 320 bits of randomness available after first boot) to create a recovery key. ![]() Good strategy here on part of Apple to include a dedicated section about it in the Initial Computer Setup when you first setup OSX. It uses 128bit AES in XTS mode to encrypt the disk and is highly suggested when setting up a new computer that has Yosemite or higher. Native to all versions of Lion and up, FileVault2 is the advancement on the original FileVault that only encrypted the home folder. See: File Encryption Software on PrivacyTools.io To start, I’ll dive right into FileVault2, which is the OSX built in Full Disk Encryption because it is what I use on my primary machine. Other’s like Macbooks and PCs running Linux, need to have these features enabled and setup. Some devices, like those running iOS, do this by default. Full Disk Encryption refers to taking a hard drive inside of a device and encrypting it as a whole so that all the files it has are converted into an unreadable form (encrypted) and not accessible without the password to decrypt them. Really, the only way to do that in this day and age is to make sure they are full disk encrypted. One of your strongest counters to surveillance, attack, and theft of your devices is making sure the data on them is secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |