0

So my friend told me about this thing called disk encryption, how you can protect your data if your computer were ever to become compromised.. Now I go to a school where there are alot of bad people, who might steal my computer and I dont want them to steal my projects, my bitcoins I just dont want them to snook around my computer due to the fact that I got alot of family related things on it. (Family trips, fishing with my dad etc) I've known about this for a while but I've always been sceptic.

I've heard about the most popular ones such as.

  • BitLocker
  • TrueCrypt
  • VeraCrypt

And there are a few reasons to why I dont trust these.

BitLocker
Was developed by a big corporation that wouldnt mind selling out users and helping people retrieve data. Also (This might be a bit far fetched) someone who works there might one day steal my computer and how hard would it be for him to unlock everything? I would guess it would take him 1 day with the right tools. (Keep in mind that I've never used a disk encryptor so this is just guesses at this point)

TrueCrypt
The project died out and is now a open-source project due to a Unknown "Hack" or a "Security breach" back in 2013.
and the fact that it was unknown makes it even worse because it could of been anyone in between a normal skidder to someone who works at the NSA.
(I say NSA because apaprently they had a hard time cracking TrueCrypt)
And who knows.. Maybe they fianlly succeeded.

VeraCrypt
I dont know too much about VeraCrypt if I'm going to be completely honest.
But I do know that the project is open-source which makes the code available for anyone and everyone right?
Which just writes security breach all over the project.

Question
What are some good softwares to look into or is there no use because they're all crackable?




Necessary Information
I'm not a professional and most of the things in this post are based upon things I've read online and some are just thoughts floating around my head.
75% - 25%

Community
  • 1
Jonny
  • 1
  • 2
    Unfortunately, questions seeking product recommendations are off-topic as they become obsolete quickly. You could try on our sister site [SoftwareRecs.SE]. Keep in mind that they are very strict on what is allowed; you'll want to read their Help Center and [this](http://meta.softwarerecs.stackexchange.com/questions/336/what-is-required-for-a-question-to-contain-enough-information) before posting there. – S.L. Barth Jan 11 '17 at 12:29
  • 2
    Your threat modelling is way off. On one hand you want to protect yourself from people at school, on the other your arguments for not using certain software is that Microsoft might sell you out or the NSA might come after you. I highly doubt that Microsoft would sell out to a class mate. Also if the NSA comes after you, the last thing you should be worried about is your full disk encryption. Then all the solutions listed are for use with Windows. You don't trust them to do your FDE, but you do trust them to not build backdoors in their OS? – Lucas Kauffman Jan 11 '17 at 12:39
  • Modern encryption software like TrueCrypt and VeraCrypt are developed under the [Kerckhoff's Principle](https://en.m.wikipedia.org/wiki/Kerckhoffs's_principle): "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge." The attacker knowing that you used TrueCrypt/VeraCrypt should be of no help in their attempt at decrypting your hard disk. There has never been any evidence that TrueCrypt/VeraCrypt disk had ever been decrypted without the key. – Lie Ryan Jan 11 '17 at 13:10
  • BitLocker "Was developed by a big corporation that wouldn't mind selling out users and helping people retrieve data" - Is this something you found online or something that floated around your head? Couldn't help but wonder. – sir_k Jan 11 '17 at 14:22

1 Answers1

2

I will just reverse your arguments concerning VeraCrypt. First, it is by no way a brand new tool, but it is a fork of TrueCrypt. The fork was done when TrueCrypt was discontinued, and that was allowed precisely because TrueCrypt was an open source product.

Secondly as far as security is concerned, the major opinion is that open source is better than closed source. Security must not rely on obfuscation (unknown algorithms) but on well known algorithms and thoroughly reviewed implementations and on secure keys.

So the fact that VeraCrypt is an open source project offers 2 guarantees:

  • if the team that currently manages the project, another team is likely to produce a new fork, so users will not be left with an abondoned and no longer maintained tool
  • as it is open source, experts can scrutinize the code and report vulnerabilites. I would never trust a closed source security tool.
Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
  • I'm kind of curious where did you find the data for the following statement: "Secondly as far as security is concerned, the major opinion is that open source is better than closed source." I think there might be a slight confusion here. "Security must not rely on obfuscation (unknown algorithms)" closed source is not security by obfuscation it's related to intellectual property most of the time. Often they use well known algorithms during the development and the code is very well documented. – sir_k Jan 11 '17 at 14:26
  • take a look at https://www.reddit.com/r/linux/comments/3lxd0t/open_source_software_is_more_secure/ http://wiki.c2.com/?TheKenThompsonHack – hub Jan 11 '17 at 15:46
  • @FlorinCoada: The problem is not there. I'm pretty sure that serious organization do nice development. But as a simple customer, I can have no evidence of that, nor of possible backdoors. I must admit that this is only an opinion but I found it generally shared in this site, and in other forums about security. – Serge Ballesta Jan 11 '17 at 15:46
  • While I do understand what you are saying, think about OpenSSL heartbleed. Open source project thoroughly tested and reviewed... I like open source projects and I think they are great. As far as security goes either open or closed source, you pretty much have to go on. One small bonus with closed is that you can sue them if something happens :)) @hub the redit post has mixed views. There's no consesuns towards one of them. Open source did however get a few more votes. P.S. 10x for the KTH article – sir_k Jan 11 '17 at 21:51