• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Am I doing this right? (encryption)

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware

View previous topic :: View next topic  
Author Message
bhvm
Just Arrived
Just Arrived


Joined: 18 Feb 2010
Posts: 0


Offline

PostPosted: Thu Feb 18, 2010 5:19 pm    Post subject: Am I doing this right? (encryption) Reply with quote

Hello all,

I work as an accountant and deal with sensitive files all day.
My natural choice is to encrypt them.
So i use 7 Zip to create an encrypted archive with AES 256.

Some of the articles i read made me give this a second thought.....

1>How secure is 7 Zip encryption anyways? Are there any Backdoors etc for some hacker/Security agency to exploit?

2>Most of such softwares use a sort of TEMP folder for working....Which means plain text copies of my work can be found here. (could'nt successfully recover them tough). What could be the solution?.

3>7 Zip creates a .TMP file in the current folder, then deletes it on completion of task. Can this .TMP be recovered and Files discovered?

4> Where Should i wipe other 'traces' of my data... Eg... Temp folders... Pagefile...Prefetch folder etc....?///

My data mostly consists of TXT, DOC, PDF, JPG etc...
Back to top
View user's profile Send private message
bhvm
Just Arrived
Just Arrived


Joined: 18 Feb 2010
Posts: 0


Offline

PostPosted: Sat Feb 20, 2010 2:38 pm    Post subject: Reply with quote

Anyone? please.
Back to top
View user's profile Send private message
parallax
Just Arrived
Just Arrived


Joined: 11 Jul 2009
Posts: 0


Offline

PostPosted: Thu Apr 01, 2010 1:23 am    Post subject: Reply with quote

Hi, as for the 1, question: I don't trust the encryption of the various archivers so I rather pack the file(s) without compression or encryption (using WinRAR) and then encrypt the resulting RAR archive with GPG via GPGee (which is Explorer extension).
Maybe a double encryption (first with RAR/7-zip/etc. and then with GPG) could be done to secure the files even more. But I am not sure if it would make any difference at all.

http://www.gnupg.org/

http://gpgee.excelcia.org/

(I am no security expert though. Hopefully someone more knowledgable will correct me if I am wrong.)
Back to top
View user's profile Send private message
bhvm
Just Arrived
Just Arrived


Joined: 18 Feb 2010
Posts: 0


Offline

PostPosted: Thu Apr 01, 2010 3:41 am    Post subject: Reply with quote

Thanks,

Do you have any idea how to 'Wipe the traces'
once the encryption is done?

Where would be the sketches of files hiding? Swap Files? prefetch? temP folders?
Back to top
View user's profile Send private message
parallax
Just Arrived
Just Arrived


Joined: 11 Jul 2009
Posts: 0


Offline

PostPosted: Thu Apr 01, 2010 6:34 am    Post subject: Reply with quote

3> Can the 7-zip be set up so that it doesn't delete the .TMP file? If yes, then it would be good because then you could delete it much more thorougly yourself. For example I use Directory Opus file manager which has the option to securely wipe the files (it overwrites them up to 32 times) but there are other various specialized utilities for that.

2> Maybe you could create a special small partition on your disk and then set up the programs which create temporary files to save them on this partition (or possibly move the Windows temp folder there). Then if you wanted to get rid of the traces you could launch for example some disk managing app (I use Acronis Disk Director for this) and securely wipe the whole partition (Acronis DD possesses this option) so even previously deleted data should be rewritten in order to be unrecoverable. Again there are specialized tools for this too. Maybe there could be some problems though if temp folder contained some data that are still in use/useful.

4> As for the pagefile unfortunately I don't know much about it (how insecure it is etc.) but if it's potentialy dangerous I believe you could securely wipe it too from some Live CD etc. before booting Windows.
As for the Prefetch, I am sorry, I don't know about it enough to be of any help.


Another option could be to set up some virtual wholy encrypted computer and it would be used just for this purpose, you would move/copy the sensitive data there, encrypt them with file encryption sw and than move/copy them to the real computer/OS and exit the virtual one.

You said you encrypt mainly TXT, DOC, PDF, JPG. I think you should be a little bit concerned about "known plaintext attack". For example known headers of Word files can be used for this type of attack. I tried to find some info but unfortunately I am still not really sure what the ultimate countermeasure is.

Just some ideas. Like I said I am no security expert so do not rely 100% on my answers. Smile

(Excuse my English.)
Back to top
View user's profile Send private message
bhvm
Just Arrived
Just Arrived


Joined: 18 Feb 2010
Posts: 0


Offline

PostPosted: Thu Apr 08, 2010 4:58 am    Post subject: hi Reply with quote

Your Knowledge about PC security is commendable. keep it up.

What you did was say what to do... now what remains is How to do...

Do you have any ideas which tools and tricks can I use to wipe temp files etc and clear my tracks?>

Your post has really got my mind buzzing about it.

is it even Possible to view and recover data from pagefiles?
Back to top
View user's profile Send private message
parallax
Just Arrived
Just Arrived


Joined: 11 Jul 2009
Posts: 0


Offline

PostPosted: Wed Apr 14, 2010 2:10 am    Post subject: Reply with quote

Thank you, but my practical knowledge isn't that great. I just read few things from time to time.

I think someone experienced or with the right tools would actually recover a lot of data we think aren't even there. Including data from page file etc.
I think the best countermeasure is to encrypt the whole disk with operating system.
But it depends what do you want to achieve and when are your data most vulnerable.

Take a look at this thread, quite interesting discussion in there: http://www.computerforensicsworld.com/modules.php?name=Forums&file=viewtopic&t=304&postdays=0&postorder=asc
Back to top
View user's profile Send private message
bhvm
Just Arrived
Just Arrived


Joined: 18 Feb 2010
Posts: 0


Offline

PostPosted: Wed Apr 14, 2010 3:43 am    Post subject: Reply with quote

Excellent discussion...Thanks

Would you like to share a chat online someday?
Where do you live?
Back to top
View user's profile Send private message
parallax
Just Arrived
Just Arrived


Joined: 11 Jul 2009
Posts: 0


Offline

PostPosted: Wed Apr 28, 2010 4:39 am    Post subject: Reply with quote

Hi, sorry for the late reply.

Of course we can chat. As far as IM is concerned I use only Jabber (XMPP) at the moment. What IM protocols do you use?
I might look into IRC as well.

I am from Czech Republic.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register