Upgrade available as of 1/2/10 - I recommend you upgrade your cryptovolumes. No vulnerabilities in the old version are known, but the new method is even tougher.
I've been reading articles about vulnerabilities in the implementation of cryptoloops, BestCrypt, TrueCrypt and most other cryptosystems currently available to the public and I was really annoyed - Phil Zimmerman wrote PGP to put crypto in the hands of the people. Now that time has passed vulnerabilities in everything are discovered, but those vulnerabilities never really make it to the mainstream; you really have to keep your ear to the ground or else you'll find yourself using a cryptosystem that has more holes than a miniature golf course built on a brick of swiss cheese. What truly offends me is that even in good crypto software, the default settings offer imperfect security! The computer's doing all the work, why not make it tough as nails by default?
I'm especially dissappointed in BestCrypt and the BCWipe utility by Jetico (www.jetico.com) - when it was disclosed that the above vulnerabilities applied to their software, they essentially said 'Yep' and gave me the URL they wrote to address it (essentially saying 'Yep'). I also learned about the shred utility that comes with Linux and found that it did a far more thorough job. Their software is a racket, carelessly developed and not worth paying for.
With all this I had to find out what the very best current option available is, and I believe it to be LUKS on Linux, with the strong key encrypted to a removable disk (USB key or the like). This provides two-factor authentication (what you have and what you know - without both, the cryptofile won't open). what follows is my research and what I did to make it work.
This is all geared toward Linux, because anybody who really cares about security beyond keeping an affair from their spouse does not use Windows or a Mac.
More articles than the default 10 - change the Display number below or select 'next' to get to the other articles and the script itself. |
