DriveCrypt Plus Pack: encrypt only boot partition? And general DCPP question.
I'm using DriveCrypt Plus Pack 3.9 with one hd, which has 2 partitions c:\ (boot) and d:\ (data)
(XP Pro)
1. I've read different things about encrypting partitions with dcpp. Some say it's highly recommended to encrypt ONLY c:\ some do say c:\ and d:\ should be encrypted. (Remember it's one hd)
What do the experts think about it? Should I encrypt one or both partitions?
2. I do use Bootauth with 2 passwords to gain access. Both passwords do have a length of app 25 (numbers, chars, signs)
As the hd is encrypted with AES256 and this is know to be pretty safe, but what about the passwords? A length of 25 (using 2 passwords) is nice, but when someone wants to gain access, he hasn't has to decrypt the hd, he has "only" to brute-force the 2 passwords. (Or am I wrong here?) And to brute-force 2 passwords should be more easy than decrypting a hd which is AES256 encrypted.
Respectfully yours,
sun :)
(XP Pro)
1. I've read different things about encrypting partitions with dcpp. Some say it's highly recommended to encrypt ONLY c:\ some do say c:\ and d:\ should be encrypted. (Remember it's one hd)
What do the experts think about it? Should I encrypt one or both partitions?
2. I do use Bootauth with 2 passwords to gain access. Both passwords do have a length of app 25 (numbers, chars, signs)
As the hd is encrypted with AES256 and this is know to be pretty safe, but what about the passwords? A length of 25 (using 2 passwords) is nice, but when someone wants to gain access, he hasn't has to decrypt the hd, he has "only" to brute-force the 2 passwords. (Or am I wrong here?) And to brute-force 2 passwords should be more easy than decrypting a hd which is AES256 encrypted.
Respectfully yours,
sun :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Q90887 I've used the normal drivecrypt myself fort a couple of years.
Now I'm using the free vmware server and keep the image in a truecrypt archive.
I no longer need full harddisk encryption, for being secure. So this was just an idea no recipe how to handle the "problem".
---
Regarding security @ boottime:
* Anti dictionary and brute-force attack mechanisms (due to the nature of DCPP, it is the most difficult system to attack compared to anything else available.)
@sun: If you really want to be secure: I suggest you get a Rainbow iKey 1000 USB-based two-factor authentication token, also available from Securstar (1) That way one cannot force you to tell them the DCPP password, since you simply don't know it.
(1) http://www.securstar.com/products_usbtoken.php
Tolomir
Now I'm using the free vmware server and keep the image in a truecrypt archive.
I no longer need full harddisk encryption, for being secure. So this was just an idea no recipe how to handle the "problem".
---
Regarding security @ boottime:
* Anti dictionary and brute-force attack mechanisms (due to the nature of DCPP, it is the most difficult system to attack compared to anything else available.)
@sun: If you really want to be secure: I suggest you get a Rainbow iKey 1000 USB-based two-factor authentication token, also available from Securstar (1) That way one cannot force you to tell them the DCPP password, since you simply don't know it.
(1) http://www.securstar.com/products_usbtoken.php
Tolomir
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Nope just truecrypt and drivecrypt.
Honestly securstar (drivecrypt) pissed me off by needing to confirm my order payed by credit card (just another year's maintenance) by a phone call.
I said WHAT????
Deinstalled that stuff, used truecrypt and it's smooth and I've even donated some money via paypal.
---
Here is some comparison:
http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
Tolomir
P.S. regarding keyloggers: it's wise to keeps a part of the password on an usbstick. This leaves a keylogger quite helpless. That way the passphrase consists of a password and some filecontent, in truecrypt this could be some mp3 file, all that counts is data....
At least Truecrypt and Drivecrypt comes with that feature...
Honestly securstar (drivecrypt) pissed me off by needing to confirm my order payed by credit card (just another year's maintenance) by a phone call.
I said WHAT????
Deinstalled that stuff, used truecrypt and it's smooth and I've even donated some money via paypal.
---
Here is some comparison:
http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
Tolomir
P.S. regarding keyloggers: it's wise to keeps a part of the password on an usbstick. This leaves a keylogger quite helpless. That way the passphrase consists of a password and some filecontent, in truecrypt this could be some mp3 file, all that counts is data....
At least Truecrypt and Drivecrypt comes with that feature...
What hapends if I lose the usbstick?
Well it is just a file.
I.e. you give truecrypt a password + a file. Both could be stored anywhere.
You could even use c:\boot.ini as file. In that case you better make sure it is never changed :-)
I.e. you give truecrypt a password + a file. Both could be stored anywhere.
You could even use c:\boot.ini as file. In that case you better make sure it is never changed :-)
Besides, TrueCrypt DOES NOT encrypt the Operating System.