Am I doing this right? (encryption)

Networking/Security Forums -> Cryptographic Software and Hardware

Author: bhvm PostPosted: Thu Feb 18, 2010 5:19 pm    Post subject: Am I doing this right? (encryption)
    ----
Hello all,

I work as an accountant and deal with sensitive files all day.
My natural choice is to encrypt them.
So i use 7 Zip to create an encrypted archive with AES 256.

Some of the articles i read made me give this a second thought.....

1>How secure is 7 Zip encryption anyways? Are there any Backdoors etc for some hacker/Security agency to exploit?

2>Most of such softwares use a sort of TEMP folder for working....Which means plain text copies of my work can be found here. (could'nt successfully recover them tough). What could be the solution?.

3>7 Zip creates a .TMP file in the current folder, then deletes it on completion of task. Can this .TMP be recovered and Files discovered?

4> Where Should i wipe other 'traces' of my data... Eg... Temp folders... Pagefile...Prefetch folder etc....?///

My data mostly consists of TXT, DOC, PDF, JPG etc...

Author: bhvm PostPosted: Sat Feb 20, 2010 2:38 pm    Post subject:
    ----
Anyone? please.

Author: parallax PostPosted: Thu Apr 01, 2010 1:23 am    Post subject:
    ----
Hi, as for the 1, question: I don't trust the encryption of the various archivers so I rather pack the file(s) without compression or encryption (using WinRAR) and then encrypt the resulting RAR archive with GPG via GPGee (which is Explorer extension).
Maybe a double encryption (first with RAR/7-zip/etc. and then with GPG) could be done to secure the files even more. But I am not sure if it would make any difference at all.

http://www.gnupg.org/

http://gpgee.excelcia.org/

(I am no security expert though. Hopefully someone more knowledgable will correct me if I am wrong.)

Author: bhvm PostPosted: Thu Apr 01, 2010 3:41 am    Post subject:
    ----
Thanks,

Do you have any idea how to 'Wipe the traces'
once the encryption is done?

Where would be the sketches of files hiding? Swap Files? prefetch? temP folders?

Author: parallax PostPosted: Thu Apr 01, 2010 6:34 am    Post subject:
    ----
3> Can the 7-zip be set up so that it doesn't delete the .TMP file? If yes, then it would be good because then you could delete it much more thorougly yourself. For example I use Directory Opus file manager which has the option to securely wipe the files (it overwrites them up to 32 times) but there are other various specialized utilities for that.

2> Maybe you could create a special small partition on your disk and then set up the programs which create temporary files to save them on this partition (or possibly move the Windows temp folder there). Then if you wanted to get rid of the traces you could launch for example some disk managing app (I use Acronis Disk Director for this) and securely wipe the whole partition (Acronis DD possesses this option) so even previously deleted data should be rewritten in order to be unrecoverable. Again there are specialized tools for this too. Maybe there could be some problems though if temp folder contained some data that are still in use/useful.

4> As for the pagefile unfortunately I don't know much about it (how insecure it is etc.) but if it's potentialy dangerous I believe you could securely wipe it too from some Live CD etc. before booting Windows.
As for the Prefetch, I am sorry, I don't know about it enough to be of any help.


Another option could be to set up some virtual wholy encrypted computer and it would be used just for this purpose, you would move/copy the sensitive data there, encrypt them with file encryption sw and than move/copy them to the real computer/OS and exit the virtual one.

You said you encrypt mainly TXT, DOC, PDF, JPG. I think you should be a little bit concerned about "known plaintext attack". For example known headers of Word files can be used for this type of attack. I tried to find some info but unfortunately I am still not really sure what the ultimate countermeasure is.

Just some ideas. Like I said I am no security expert so do not rely 100% on my answers. Smile

(Excuse my English.)

Author: bhvm PostPosted: Thu Apr 08, 2010 4:58 am    Post subject: hi
    ----
Your Knowledge about PC security is commendable. keep it up.

What you did was say what to do... now what remains is How to do...

Do you have any ideas which tools and tricks can I use to wipe temp files etc and clear my tracks?>

Your post has really got my mind buzzing about it.

is it even Possible to view and recover data from pagefiles?

Author: parallax PostPosted: Wed Apr 14, 2010 2:10 am    Post subject:
    ----
Thank you, but my practical knowledge isn't that great. I just read few things from time to time.

I think someone experienced or with the right tools would actually recover a lot of data we think aren't even there. Including data from page file etc.
I think the best countermeasure is to encrypt the whole disk with operating system.
But it depends what do you want to achieve and when are your data most vulnerable.

Take a look at this thread, quite interesting discussion in there: http://www.computerforensicsworld.com/modules.php?name=Forums&file=viewtopic&t=304&postdays=0&postorder=asc

Author: bhvm PostPosted: Wed Apr 14, 2010 3:43 am    Post subject:
    ----
Excellent discussion...Thanks

Would you like to share a chat online someday?
Where do you live?

Author: parallax PostPosted: Wed Apr 28, 2010 4:39 am    Post subject:
    ----
Hi, sorry for the late reply.

Of course we can chat. As far as IM is concerned I use only Jabber (XMPP) at the moment. What IM protocols do you use?
I might look into IRC as well.

I am from Czech Republic.



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group