Avatar of jkeegan123
Flag for United States of America asked on

Full Disk Encryption - Now that TrueCrypt has been "compromised" what is everyone using?

Now that we have the big question mark regarding TRUE-CRYPT, what is everyone using for whole disk encryption?
EncryptionStorageStorage Hardware

Avatar of undefined
Last Comment
Natty Greg

8/22/2022 - Mon

To answer this, you would need big statistics and those, no one has access to.
You might find some increase in downloads of other open source encryptors like "disk cryptor" or "veracrypt", but we cannot say "now most are using...".

the thing is: who would you want to trust? Would it have to be open source? And what is keeping you from continuing to use TC? If it were found out that it has major problems (now-unknown), then I could understand your concerns.
Dave Howe

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

How about managed full disk encryption?  Where systems have to check in or lose access to the data, like for field laptops.  I've heard of systems like this but have never seen any in action....are there open source answers to this, or are there only commercial solutions?

Forget remote wipe. Imagine I steal your laptop and my intention is to read your data - do you think I don't know about remote wipe? I take out that drive and that's it. There's no way remote wipe will be initiated after that.
Not sure where this thread is heading but it seems you don't use a managed solution (which is advisable if you have a larger number of computers). Or do you ask just for a few machines?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

For both, I've never had to have this for a lot of machines, but I just picked up a healthcare client that has a lot of field laptops with NO encryption, which sent my HIPPA meter off the charts ... was trying to decide on a stand alone or managed solution.  Not so much remote wipe as someone not turning in a HDD after being let go, and they just lose access to it after a set amount of time.

Let me draw a sketch of the decision process if I were you:
Do you trust microsoft? If yes, consider to use bitlocker IF you have a windows OS that qualifies for using it. If you don't, ask yourself what management features you need:
-how should the authentication work?
-do you wnat to be able to enforce password changes/key changes?
-do you need several keys to the machine (one for the admin, one for user A, one for B...)?
-do you trust the users not to offline attack the machine in order to get local admin rights? (because if you don't, I am sure you would need a TPM-aware solution)?
-would the setup have to be automated?
-how would the backup and recovery process work?

Some of those decisive questions might require scripting knowledge if you try to use open source solutions... if you don't think you have that know-how, it might be better to buy a solution unless you qualify for bitlocker.

if you fear Truecrypt, use an alternative : Bestcrypt http://www.jetico.com/products/personal-privacy/bestcrypt-container-encryption
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Natty Greg

the best encryption is education
Natty Greg

other than that true-crypt still
Rich Rumble

Also note that HIPAA does not mandate Full Disk encryption... before I get into that, have a look at my article here:
Horses mouth ->http://www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/2001.html TLDR; you don't have to use encryption unless a security assessment says you do. Most probably will, but you can have compensating controls that can make it so it's not required. HIPAA is better handled by those who have handled or are certified in HIPAA. Everyone has to start somewhere so I'd start on the hhs.gov page (like I did years ago :)
Managed encryption btw is much better using tools like BitLocker, PGP or Wave if using hardware FDE drives.
TC is still good if you need something free and unmanaged, it's moved to CipherShed now: https://github.com/CipherShed/CipherShedBuilds/blob/v0.7.3.0-20141231/builds/c7b806f658895da0229a9e9557008aee729f5730/pyeron%2Cjason/1420054199/src/Release/Setup%20Files/CipherShed%20Setup%200.7.3.exe
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Dave Howe

HIPAA does mandate using appropriate protection for the data. Each possible class of protection has different use cases; FDE (and self-encrypting hard drives, which are effectively FDE in hardware) protect only against attacks on "cold" systems - that is, machines that are shut down.  Use case is usually removable media and/or portable devices (such as laptops) which are in transit and not currently being used. If a device is physically secure (such as in a cage in a datacenter), then FDE isn't needed, and if its virtualized, cloud-based or otherwise subject to software attacks on the running system, then FDE isn't going to help so shouldn't be considered for that use scenario.

So first step is *always* to do a security review, establish the attacks you need to defend against, and select the most cost-effective solutions to cover all those attacks (many technologies cover more than one, of course)
Natty Greg

backup to an online or cloudbase source is the safest way. well you can try briefcase the files that are used regularly is mapped to a briefcase file then the nightly from anything modified in the briefcase is backup to the real backup server via admin only