Disk encryption

>hurr durr, i have no technical knowledge. i learned everything i know from watching x-files and mr. robot.

>t. brainlet

Nothing is unbreakable (for ever). The day after is different from today which is the difference in the world. Everything is a cat and mouse game.

Today you have no idea (even the fbi) has no idea what the winning lotto number is (and it's only 6 numbers). Tomorrow they know with certainty.

People in jail hide shit in a small ass room and when people search it they miss shit even though it's a relatively easy thing to check. Until you know you know nothing.

Need to keep doing different shit and different tactics. Got to keep moving.

Yeah, this is vague as fuck but if you don't get what I"m saying by now you probably won't get it in a single thread.

the government doesn't use encryption on anything other than databases and maybe 4-digit passcodes on smartphones/PCs.
the people with confidential/top-secret accesses get screened regularly instead, so security thru obscurity

>believing this shit

i worked in a state level government agency. they most certainly encrypt their mobile devices.

And with what then

>unlocks hardware backdoor

heh, nothin personnel kid

this was ~10 years ago...symantec endpoint encryption. LOL

i don't recall what the encryption method was under the covers. i'm sure i could figure it out if i bothered to look it up.

do it, the public demands it

Let me ask you. If I gave you the key to my house and inside that house you found another locked room how could you get inside THAT room if I didn't give you the key?.

hit you with a wrench until you provided the key. or just kick the door down.

Yeah well you can't brute force a password longer than 10 in this day and age. Forget about it.

FDE works at the block level which turns out to be really restrictive for encryption. Decryption needs to be random-access, which by itself limits you to a small subset of ciphers. But worse, you can't store nonces/IVs on the disk itself, because they add unacceptable overhead, so pretty much the only viable cipher mode is XTS. XTS is pretty cool for what it does, but it's vulnerable to EBC-style attacks in the time domain. So if an evil maid can spy on your disk I/O, they can likely break it given enough samples of the same sector.

That said, FDE WILL protect you in the scenario where your disk is stolen, because then the attacker only gets to see one version of the ciphertext. So it's not completely useless.

>kick a hardrive's door down to get the info

>“Children under five also have elevated levels of the pheromone Blink-182, produced by the part of the liver known as the Rita Ora. This allows nerve reflexes to travel along the Cardi B neural pathway to the Wiz Khalifa 40% faster, saving time and saving lives.”

>i am 12 and what are metaphors

>full disc encrytion that protects you from three letter agencies

Search "Any AMD CPU", good knowledge about reverse engineering, OPAL certified ssd's. 128 AES encryption and you're already secure for almost any attack as long as you dont put windows 10 with closed source Nvidia drivers. Especially Nvidia has lots of memory allocation and tasks to perform without your knowledge and will make your computer vulnerable in some future (0day) leak.

They're not going to waste time bruting a password. They're just going to torture you and your family's lives until you give it up. There's a man right now that has been held in prison for 3 years now for refusing to decrypt his electronics.

Walk in through the backdoor that was forcibly added to the house to allow law enforcement in.

If there were backdoors to the encryption for android/ios or known software like bitlocker; wouldn't it be obvious?

someone would have been tried with data recovered from a disk said person didn't unlock for them?

has that happened?
I don't recall any such headlines regarding TrueCrypt or VeraCrypt or Bitlocker...

they have all the time in the world to break shit open

First off, only authorities have access to said backdoors. Second, it was already proven NSA has backdoor access into Bitlocker.

wouldn't it be in the agencies' best interests to keep these headlines out of the papers?

truecrypt is no longer maintained...bit locker is not to be trusted due to MS relationship with government. uncertain of the status of veracrypt.

right, and what is the purpose of authorities to access these backdoors if not to prosecute people?

When has someone gone to jail for what was on their locked bitlocker drive?

Usually such "evidence" is used as indirect clause to enter people's homes and confiscate actual incriminating stuff as most judges and lawyers would simply ask the agencies to disclose how they broke the encryption because the opposition can claim deniable encryption or claim falsehood of the contents of the decryption.

no, but it protects your bobs and vagine from your mom

b-but what about my plausible deniability, user?

it not being maintained doesn't mean it doesn't work. the vulnerabilities the audit listed were all practically useless.

>When has someone gone to jail for what was on their locked bitlocker drive?
We wouldn't know, because they never directly mention what software was used for encryption. What's the point of mentioning the suspect used Bitlocker if they can completely bypass it?

Lets say you hide illegal documents on a HDD and used Bitlocker to encrypt. If you were to be arrested and convicted, the court documents will simply state illegal documents were found on your computer. No mention of Bitlocker is needed.

I work with a state level agency now, they use full-disk RSA encryption with keyfobs that change the passcode every 60 seconds.

We're also required to encrypt all emails with attachments going out of the local network and either use one-time passwords, or provide a password in a separate email.

Its to protect your from Jamal, not the FBI.

This can so why can't that?

Attached: incognito-2231825_960_720.png (960x523, 47K)

>only authorities have access to said backdoors
This isn't a ylyl bread, Timmy
youtu.be/6RNKtwAGvqc?t=6m2s

the defendant would eventually have the opportunity to tell somebody their bitlocker drives were unlocked?

plain old pgp

3 letter agencies? But I am just trying to keep Tyron from accessing my bank info and all the other sensitive info on my laptop

It doesn't matter.
The public already knows Bitlocker has a backdoor thanks to Snowden. There was literally a powerpoint slide made to show they had it.

anybody have experience with ZFS encryption on *BSD?

store it in a passworded archive.
thats enough to stop a tyron.

>ITT

Attached: security.png (448x274, 26K)

Just because M$ can fingerprint and scrape data from anything on your hard drive dosen't mean the 3 letter agencies have a back door. Why would they need one if they all ready know what's on the drive?

Show proof that explicitly states 3 letter agencies have back door access to bitlocker.

That's where the second amendment comes in

lol. no, you moron. you mean the 4th.

Exept I dont live in hamburger land and have human rights that I cannot sign away from. Like not having to contribute towards my own indictment. Or being beaten half to death over a few encrypted memes.

keep telling yourself that.

4a is more of an often-violated guideline, and the gubmint can revoke it in any moment. 2a will take a civil war to revoke and has actual weight.

LOL

you fucking fat, inbred deplorables.

>protection from gubmint? nothing but my gawd givun rite to own mah guns!

>M$ can fingerprint and scrape data from anything on your hard drive
No they can't.

>Show proof that explicitly states 3 letter agencies have back door access to bitlocker.
cryptome.org/2014/11/ms-onedrive-nsa-prism.htm

>bitlocker keys are backed up to onedrive automatically if you are signed into the windows device with a microsoft account
You may be able to bypass this by setting up a local account, but at that point why risk trusting Bitlocker?

>inbred deplorable
I'm not even from the US, you illiterate statecuck leftard
>>protection from gubmint? nothing but my gawd givun rite to own mah guns!
Literally yes.

Lurk moar

Attached: 1533194887698.png (1425x1258, 127K)

I also distinctly remember a leaked slide mentioning them having direct backdoor access to it. Not going to waste my time proving it to an user that's just going to bury their head in the sand.

back to Jow Forums with you.
enjoy your "die hard" hero fantasy that gets your cock so erect.

backdoor access means they can get into any bitlocker at any time

what you showed me is they have access to a key(s) that are uploaded to onedrive and futhermore you can disable this key backup

I'm more worried about corporate espionage and that suspicious looking guy who keeps driving around my neighbourhood stealing my equipment.

all the more reason to be a freetard, amirite?

>run out of arguments
>better call him a poltard
gr8 b8 m8

Someone doesn't know how dictatorships come into action.

All modern dictatorships were born from democracy. People willingly gave up the rights of other people for their own doctrine. In venezuela there isn't an army to fight. Only food shortage, disease and violent protests.

shhh. he's enjoying fantasizing about taking his mw4 skills into battle against seasoned military personnel (and out strategizing, manuevering, and shooting).

fucking gun fetishists

If they were to break my encryption then they can't use anything found on that hardrove as evidence, just like they can't use evidence from a home if they break in illegally

Parallel construction.

They break your encryption, claim they got access to 'certain files' via alternative methods.

You're fucking stupid if you think these people will be outsmarted by some idiot like you.

>statecucks in vergüenzuela let themselves get fucked in the arse by the state and made an example
>this it's perfectly fine to get fucked in the arse
Let me guess, you're berniebros-turned-hilldawgs, are you?
>im thomas gage and what is a 1775

You are the retard here
If they are going to break the law then wasting so much time breaking encryptions would be the last thing they'd do
Much easier to just beat the shit out of you or plant cp or whatever

Government agencies use bitlocker to protect their data.

>fbi spends all its time illegally stealing your data and decrypting it
Thats the cia, fbi actually has to follow the law to some degree because they have to take it to a judge to prosecute.

nice try fbi

People uniroically believe this

Hello fellow copyright infringementer, also to be perfectly clear, the government isn't spying on you and even if they were they can't do anything about it because of the laws, now if you don't mind me asking, can I get your name, address and the names copyrighted content you've been downloading? ;3

No because withholding my encryption keys is a crime in my country.

As for the encryption itself, bitlocker is NCSC approved as full disk. You'd want to switch it from the default AES128 to 256 though before encrypting.

Name on time the fbi prosecuted someone without a judge. They aren't above the law. They have to have a warrent to raid your home and take your hard drive, and they need a judge to charge you of crimes.

Government agencies have had free reign to spy on and blackbag people without trial since the Patriot Act as long as they're deemed an enemy of the state. They're not going to do that because of weird fetishes encrypted on a drive tho.

>ZFS
nobody has any input on this? no experience or anecdotes? no righteous indignation?

>for tyrone, no need for encryption, just use encryption

You know that all archieving applications use encryption aswell, right?

Encryption beats no encryption every day. If I wanted people looking at my PC, I would email my nightly hard disk backup images to the FBI at the end of my backup script

mfw there are retards in this thread who dont know of evil maids

Stops a burglar from getting my data if they break in and steal my computer while I'm away.

Government agencies are not my threat model. They would bug things if they really gave a shit, or subpoena me, and then I would give them the means to obtain an unlock passphrase because really, what practical choice do I have.

Theft is my threat model.

what do you choose to use, user?

For my threat model recent versions of Bitlocker work fine for my Windows desktops: AES-128-XTS, TPM-backed symmetric keys, real EPROM on the TPM so it actually zeroises (virtual TPMs do work however, if you're not so bothered about that). I don't really store much of anything on my desktops, however.

For Linux, LUKS, using aes-128-xts - or for the one machine I have which doesn't have aes_ni because Intel are silly and don't include it on all SKUs, serpent-256-xts because Serpent was an AES candidate finalist with an acceptable margin of security and it has a bitsliced implementation which is surprisingly the fastest of its peers (considering it was The Slow Finalist in the AES competition!).

Passphrases which protect encryption keys are 10-word Diceware. Hardware tokens. U2F. Remote server unlock uses custom daemon based on the Noise_KK exchange that runs in initramfs (overkill but self-contained and reliable).

If you're wondering why aes-128 and not aes-256 and you have some vague ideas about something quantum-shaped, if someone with a quantum computer is part of your threat model you were already fucked. None of my data will be relevant (to the extent that any of it even is) within a timeframe where any practical quantum computing will be available to anyone.

Depends on the agency, ultimately most three letters hate each other because each thinks they’re the legitimate us government, so they’re not going to share zero days and backdoors meaning different hardware is differently vulnerable.

Of course assuming the us is actually smart and still has intellegence agencies/groups/projects that do not legally exist like it did during the cold war that all goes out the window and you’re always 100% fucked.
Fortunately they’d assumedly exist for high level international espionage and not assfucking neets.

Signature faggot

detailed. good stuff.

ZFS is fucking slow. add block level encryption on top of (below) that...forget about it.

I double-rot13 encrypt everything. That's completely unbreakable.

>ZFS is fucking slow
as if i have anywhere to go

I don't bother with it cause I don't got anything illegal on my hdd. So what if I got a ton of porn? I'm a fucking adult and it's all legal shit. Nothing that anyone ain't seen before. Porn is mainstream anymore. Not like the old days when it was kinda seen as a "perverted" thing to do and pushed to the fringe of society. If someone tells you "I ain't seen porn online" they're full of shit (unless they're like 50+ and computer illiterate)

Porn may be widely accepted, but there are still many people who would be freaked out to realize you look at it, particularly if you look at something other than the top categories on pornhub. But true, you usually don't need full disk encryption to hide it from a roommate or whatever who might use your computer.

Serpent has actually 100x stronger security than Rijndael (AES).

it failed on everything else thought.

it is a bit aggravating, i'll let you know.

so you can sit there with nothing to do but wait for shit to load.

>do you jackoffs actually think this protects you from the government agencies?
No but it protects me from Jamal and Tyrone who broke into my house and stole my laptop.
It also protects me from Officer Barbrady and his clueless TSA shit at the airport.

It wouldn't ever protect me from the NSA or CIA, but that's not what it's for.

lol. don't be an arab and move to a better neighborhood, fucko.

FDE key stored in memory
Intel ME has full access to memory
Stays on even when you power down your laptop
If your laptop battery isn't removed/dead, it keeps a copy of your key

unironically 10/10 response