Inspired by this thread, I decided to launch this one to see how you folks approach the issue of securing your private files at work or at places where computer-professionals can access the machine you use. Following is my response to ethergeek's post in the aforementioned topic:



I agree with that completely. Such machine could always be taken away from you without prior notice, with the files you care about in it. Besides, if the machine isn't yours you can't really control and evaluate the security mechanisms employed in such system.



The problem with such kind of mechanism is that if you will loose control over the operating system, you can't gain access to your encrypted files anymore. Besides anybody who gains access to your account, can access the encrypted files as well. Moreover, there are already known viruses that can access OS's kernel to stop A-V and firewall software. I don't think we have to wait long till such malicious programs take over kernel drivers to read your encrypted files, which are important by definition. ethergeek - could you tell us a bit more about you installation of TrueCrypt? Do you need a password, or a certificate to initiate the process? What happens if you need to reinstall the system (without any break-downs)?



That seems to work well (especially that there are Linux distributions designed to fit on such keys, and with such you can encrypt the contents of the key as well), unless you are in an environment, where security is a concern and USB ports are disabled.

If you were gonna quote my post and then comment on it in a new thread, ya should have sent me a PM; I'd have responded sooner



TrueCrypt and FreeOTFE can use passwords, keyfiles, and any combination thereof. There is nothing that links it to your windows account (if there is I sure as hell don't use it). Both applications are compatible in some way with Linux also; the FreeOTFE can create and work with linux dmcypt and cryptoloop volumes, and TrueCrypt has a linux version that will mount volumes directly. FreeOTFE also has a version for PocketPC.

I secure mine with a hard passphrase for the most part, though one of them additionally requires a keyfile on a USB key I keep in my safe at home.

That's the whole point of security. Someone who can't get in your OS can't access them - otherwise someone would be able to leech the files off your HD by using something like EnCase. It's only evident that if you invest in security you lose some ease of use.

You guys are paranoid!

I have the data on my laptop encrypted using TrueCrypt and a few keys on a USB stick. It's not realy 100% secure because the 'drives' are only unmounted when I reboot and if you have the USB stick and you know you need it you can easily access the my data. Still, it's better than nothing

I like PGP's Full Disk Encryption. That's about as safe as civilian encryption gets, as far as I know.

I disagree. I don't understand why encryption software cannot be efficient and user-friendly at the same time. I would choose a software which:
a) enables you to access the files transparently (of course after providing ID of some sort, whether it's a password or a digital certificate)
does not have to be installed with admin privileges
c) grants you the possibility of moving the encrypted files to a different computer and decrypting them over there

That's not paranoia. I'm sure most of us keep private stuff at our work, even though we are not suppose to. IT guys usually have full access to our computers, with root accounts obviously, so that's nothing strange that we want to cover our tracks.

Could you tell us a bit more about it? Why do you think Full Disk Encryption is better than other available solutions (as in better than creating a password-protected archive)? Remember we're talking about non-private computers so you can't really install software on your own, at least not that which hooks into the OS.