💾 Archived View for sbg.one › gemlog › 2014 › 11-22-Encryption-Security.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
22 November 2014
Recently, I've taken the added steps of security and began encrypting all of my digital life devices. The primary reason I've done so is for added data protection in the case of burglary or losing a piece of hardware. What if, someone breaks into my home and steals my laptop or other computer gear like my external RAID array's or external Time Machine drive where my computers run their backups to? Or, what if I have one of my USB flash drives with me when I'm at the mall and I manage to lose it?
In those cases, anyone who takes my gear and plugs them in or turns them on could potentially have access to my data, no matter how important or trivial the data may be. Yes, I have passwords on my computer accounts, but that wouldn't stop someone, who may have stolen it, from removing the SSD or HDD from my computer and attaching it to another computer as a secondary device and getting into my data stores that way, bypassing my login credentials. If someone found one of my USB flash drives, they could just plug it in and see what's on it.
Another reason to encrypt my stuff is to protect against government snooping - not that I'm really afraid of it or overly concerned. I don't have anything to hide and anything they probably would want to know, they already know about me. They have my fingerprints and security background check information from my US Marine Corps security clearance I once held and as well as for my current career. Any other data I have would be trivial I expect from their point of view. That's regarding the US Government. Now a foreign government getting a hold of my data would be a concern, though I doubt China or Russia is really targeting me. But, the government doesn't need to be snooping around my data anyway without probable cause and encrypting it will keep them honest.
I read a lot of news articles about computer and website security breaches, exploits and patches as well as reports of malicious hacking attempts and the whole NSA/Snowden thing and I want to be extra careful with my data.
I've gone ahead and encrypted all of my Mac computers using Apple's built-in FileVault encryption and that includes my external hard drives as well. The Time Machine backups are also encrypted and so are the iPhone and iPad backups.
For my portable USB flash drives, I'm using TrueCrypt to encrypt them because I frequently use them on both OS X and Microsoft Windows and I need that cross-platform functionality. Now I know that the TrueCrypt developers suddenly, and without a stated reason, stopped development in May 2014 and shut their whole site down. This came in the midst of an independent security audit on their software and fresh off the NSA snooping business that hit the news in 2013. Whether or not any of that played a role in them quitting after ten years of work is anyone's guess.
That doesn't mean, though, that the software is unsafe to use. The last update it received was in 2012 and no new bugs have been found since then so as far as everyone knows, it is still safe to use.
Steve Gibson of the Gibson Research Corporation has a nice page on his website explaining the whole thing the best he can and offers the latest download repositories of the app.
With that said, I've encrypted my USB flash drives with TrueCrypt and put the data back on them that I normally carry around with me. I've also formatted a separate USB flash drive and put only the TrueCrypt installation and PDF files on it in an unencrypted format. I carry this one around too because for my job, I frequently help others out with problems and need to use things on those flash drives. The unencrypted drive is used so I can install TrueCrypt on my clients computer so that I can decrypt my other flash drive and get to the files or apps I need to help them.
Also, I've gone to change all of my major passwords for my computers and LastPass account to pass phrases which are far more difficult to crack. The one I've chosen could take literally trillions of centuries to crack according to the Password Haystacks calculator on GRC.com.
I also use Dropbox to store a lot of my stuff locally and online, as is what their service does. Certain files and folders in there are encrypted using GPGTools. Dropbox claims that no one can get into their customers data stores except a very small number of employees who have the rights to access them when needed, but they promise not to snoop. Plus they're subject to government subpoena's for information and must turn over data if requested. So I don't fully trust my data being there unencrypted, which is why certain things are encrypted by me before adding it to the Dropbox folder. I am going to look at finding a way to encrypt the whole Dropbox folder with TrueCrypt if I can.
Lastly, any online site or service I use that has 2FA (two factor authentication) available, I ensure that I enable and make use of it.