Prev: United Mileage Plus mystery terms
Next: Effect of very long flights
From: RAK on 26 Mar 2007 07:27

"Bucky" <uw_badgers(a)email.com> wrote in message
news:1174891440.524037.320380(a)d57g2000hsg.googlegroups.com...
> On Mar 25, 6:02 pm, BubbaGump <BubbaGump(a)localhost> wrote:
>> I'm not worried about the metal detector. What I'm wondering is if
>> security will let the item through.
>
> don't worry, I have taken usb flash drives dozens of times, never a
> problem.
>
>> don't anyone say
>> not to store passwords on a portable drive because I use a different
>> one for each account, for security, and I have way too many too
>> remember them all.
>
> that's fine, but you might want to encrypt the file (easy if it's a
> Word or Excel doc) so that if you do lose the usb flash drive, it
> won't be trivial for the finder to open the file.
>
Actually it is almost trivial to open an encrypted Word or Excel file if you
encrypt using the built-in MS system. There are plenty of programs which
will open these files. I once used one to open a file in the office where
someone had forgotten the password, but I forget which one I used.

Examples:
http://www.google.co.uk/search?q=open+encrypted+word+excel+files&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a

I often carry a portable hard disk drive through security (international in
UK, SE Asia, Australia) - never had a problem.



--
Posted via a free Usenet account from http://www.teranews.com

From: DevilsPGD on 27 Mar 2007 14:56
In message <4607a1b9$0$16398$88260bb3(a)free.teranews.com> "RAK"
<raknews(a)gmail.com> wrote:

>Actually it is almost trivial to open an encrypted Word or Excel file if you
>encrypt using the built-in MS system. There are plenty of programs which
>will open these files. I once used one to open a file in the office where
>someone had forgotten the password, but I forget which one I used.

Three letters: EFS. (Encrypted File System)
--
Insert something clever here.
From: BubbaGump on 27 Mar 2007 22:38
On Tue, 27 Mar 2007 12:56:46 -0600, DevilsPGD
<spam_narf_spam(a)crazyhat.net> wrote:

>In message <4607a1b9$0$16398$88260bb3(a)free.teranews.com> "RAK"
><raknews(a)gmail.com> wrote:
>
>>Actually it is almost trivial to open an encrypted Word or Excel file if you
>>encrypt using the built-in MS system. There are plenty of programs which
>>will open these files. I once used one to open a file in the office where
>>someone had forgotten the password, but I forget which one I used.
>
>Three letters: EFS. (Encrypted File System)

With Windows? How do you make sure you export all the key(s) and
other data used for the encryption so that they don't fall into the
wrong hands or get lost if your boot drive is ever corrupted? I'm a
bit paranoid about any sort of encryption that's Windows-based, about
how much the encryption is tied to a particular user account or some
other odd values uniquely chosen and hidden away in the registry or on
the boot drive. For instance, services like iTunes, the new Napster,
MovieLink, and CinemaNow do this for their media files.


How physically secure is EFS anyway?

http://www.elcomsoft.com/aefsdr.html

"With AEFSDR (Advanced EFS Data Recovery), protected files can be
decrypted, even when the system is not bootable so you cannot log on,
or when some encryption keys (private or master) have been tampered
with."

From: DevilsPGD on 28 Mar 2007 00:55
In message <c9lj03puflvsvq2i5bv982t7n69ap7m73q(a)4ax.com> BubbaGump
<BubbaGump(a)localhost> wrote:

>On Tue, 27 Mar 2007 12:56:46 -0600, DevilsPGD
><spam_narf_spam(a)crazyhat.net> wrote:
>
>>In message <4607a1b9$0$16398$88260bb3(a)free.teranews.com> "RAK"
>><raknews(a)gmail.com> wrote:
>>
>>>Actually it is almost trivial to open an encrypted Word or Excel file if you
>>>encrypt using the built-in MS system. There are plenty of programs which
>>>will open these files. I once used one to open a file in the office where
>>>someone had forgotten the password, but I forget which one I used.
>>
>>Three letters: EFS. (Encrypted File System)
>
>With Windows? How do you make sure you export all the key(s) and
>other data used for the encryption so that they don't fall into the
>wrong hands or get lost if your boot drive is ever corrupted?

How do you make sure you export all the keys? A sticky note on the
drive reminding you to export the keys. Once it's done, it's done, it
only takes a couple minutes.

Exporting the keys isn't tough, and there are a number of options, but I
would simply encrypt the drive, then send the key via a different method
when traveling if the goal is to prevent a physically compromised drive
from being accessed.

For example, if you're traveling between offices, simply transferring
the key via SSL and storing it within the LAN of the destination office
should be sufficient (this is roughly the technique I use when traveling
with confidential data, although I actually leave the key behind and VPN
in to retrieve it the first time, afterward the key is stored on both my
workstation at home and in the office, but not on the laptop physically
traveling with the removable drive)

>I'm a
>bit paranoid about any sort of encryption that's Windows-based, about
>how much the encryption is tied to a particular user account or some
>other odd values uniquely chosen and hidden away in the registry or on
>the boot drive. For instance, services like iTunes, the new Napster,
>MovieLink, and CinemaNow do this for their media files.

It's not exactly hidden, the key is stored in the certificate store. You
can easily import it, export it, move it around, create recovery paths,
whatever else suits your fancy.

The upside is that it's completely transparent for day to day use, once
properly configured, and you can encrypt your %temp% directory and any
other places where data may end up unencrypted. The reason I'm not a
fan of PGP-style solutions is that it requires me to save an unencrypted
version of the file first and then encrypt it, which might leave
recoverable traces on the drive. There is also a chance I'll be in a
hurry and forget to encrypt something. It's also simple enough that my
mom can use it (although she doesn't know she the technical details
about what she is using, or why it works, just that her data can't be
accessed on any PC other then her regular workstation at work without
calling IT)

>How physically secure is EFS anyway?
>
> http://www.elcomsoft.com/aefsdr.html
>
>"With AEFSDR (Advanced EFS Data Recovery), protected files can be
>decrypted, even when the system is not bootable so you cannot log on,
>or when some encryption keys (private or master) have been tampered
>with."

Funny, you can decrypt PGP with the a copy of the keys too. In short,
EFS allows recovery agents to decrypt files as well, which helps out
when users don't bother to backup their keys (typical in a large network
environment)

Recovery Agents don't happen by accident, only by explicit administrator
action prior to when the files were initially encrypted and/or when the
original key was lost.

(In other words, if you don't do it in advance, you won't be able to
recover the data after you lose your key)

As I understand it, EFS is essentially considered unbreakable in
practical senses (the whole "heat death of the universe would occur
first" problem), as long as the keys are properly secured, assuming
there are no logic flaws in the implementation.
--
Insert something clever here.
First  |  Prev  | 
Pages: 1 2 3 4
Prev: United Mileage Plus mystery terms
Next: Effect of very long flights