Add group to favorites
Back to post list
Send new message to group Search:
Post Subject:
Portable hard drive through airport security?
Re: Portable hard drive through airport security?
In message <4607a1b9$0$16398$88260bb3@free.teranews . com > "RAK"
<raknews@gmail . com > wrote:
>Actually it is almost trivial to open an encrypted Word or Excel file if you
>encrypt using the built-in MS system. There are plenty of programs which
>will open these files. I once used one to open a file in the office where
>someone had forgotten the password, but I forget which one I used.
Three letters: EFS. (Encrypted File System)
--
Insert something clever here.
In message <4607a1b9$0$16398$88260bb3@free.teranews . com > "RAK"
<raknews@gmail . com > wrote:
>Actually it is almost trivial to open an encrypted Word or Excel file if you
>encrypt using the built-in MS system. There are plenty of programs which
>will open these files. I once used one to open a file in the office where
>someone had forgotten the password, but I forget which one I used.
Three letters: EFS. (Encrypted File System)
--
Insert something clever here.
Re: Portable hard drive through airport security?
On Tue, 27 Mar 2007 12:56:46 -0600, DevilsPGD
<spam_narf_spam@crazyhat . net > wrote:
>In message <4607a1b9$0$16398$88260bb3@free.teranews . com > "RAK"
><raknews@gmail . com > wrote:
>
>>Actually it is almost trivial to open an encrypted Word or Excel file if you
>>encrypt using the built-in MS system. There are plenty of programs which
>>will open these files. I once used one to open a file in the office where
>>someone had forgotten the password, but I forget which one I used.
>
>Three letters: EFS. (Encrypted File System)
With Windows? How do you make sure you export all the key(s) and
other data used for the encryption so that they don't fall into the
wrong hands or get lost if your boot drive is ever corrupted? I'm a
bit paranoid about any sort of encryption that's Windows-based, about
how much the encryption is tied to a particular user account or some
other odd values uniquely chosen and hidden away in the registry or on
the boot drive. For instance, services like iTunes, the new Napster,
MovieLink, and CinemaNow do this for their media files.
How physically secure is EFS anyway?
* w w w .elcomsoft . com /aefsdr.html
"With AEFSDR (Advanced EFS Data Recovery), protected files can be
decrypted, even when the system is not bootable so you cannot log on,
or when some encryption keys (private or master) have been tampered
with."
On Tue, 27 Mar 2007 12:56:46 -0600, DevilsPGD
<spam_narf_spam@crazyhat . net > wrote:
>In message <4607a1b9$0$16398$88260bb3@free.teranews . com > "RAK"
><raknews@gmail . com > wrote:
>
>>Actually it is almost trivial to open an encrypted Word or Excel file if you
>>encrypt using the built-in MS system. There are plenty of programs which
>>will open these files. I once used one to open a file in the office where
>>someone had forgotten the password, but I forget which one I used.
>
>Three letters: EFS. (Encrypted File System)
With Windows? How do you make sure you export all the key(s) and
other data used for the encryption so that they don't fall into the
wrong hands or get lost if your boot drive is ever corrupted? I'm a
bit paranoid about any sort of encryption that's Windows-based, about
how much the encryption is tied to a particular user account or some
other odd values uniquely chosen and hidden away in the registry or on
the boot drive. For instance, services like iTunes, the new Napster,
MovieLink, and CinemaNow do this for their media files.
How physically secure is EFS anyway?
* w w w .elcomsoft . com /aefsdr.html
"With AEFSDR (Advanced EFS Data Recovery), protected files can be
decrypted, even when the system is not bootable so you cannot log on,
or when some encryption keys (private or master) have been tampered
with."
Re: Portable hard drive through airport security?
In message <c9lj03puflvsvq2i5bv982t7n69ap7m73q@4ax . com > BubbaGump
<BubbaGump@localhost> wrote:
>On Tue, 27 Mar 2007 12:56:46 -0600, DevilsPGD
><spam_narf_spam@crazyhat . net > wrote:
>
>>In message <4607a1b9$0$16398$88260bb3@free.teranews . com > "RAK"
>><raknews@gmail . com > wrote:
>>
>>>Actually it is almost trivial to open an encrypted Word or Excel file if you
>>>encrypt using the built-in MS system. There are plenty of programs which
>>>will open these files. I once used one to open a file in the office where
>>>someone had forgotten the password, but I forget which one I used.
>>
>>Three letters: EFS. (Encrypted File System)
>
>With Windows? How do you make sure you export all the key(s) and
>other data used for the encryption so that they don't fall into the
>wrong hands or get lost if your boot drive is ever corrupted?
How do you make sure you export all the keys? A sticky note on the
drive reminding you to export the keys. Once it's done, it's done, it
only takes a couple minutes.
Exporting the keys isn't tough, and there are a number of options, but I
would simply encrypt the drive, then send the key via a different method
when traveling if the goal is to prevent a physically compromised drive
from being accessed.
For example, if you're traveling between offices, simply transferring
the key via SSL and storing it within the LAN of the destination office
should be sufficient (this is roughly the technique I use when traveling
with confidential data, although I actually leave the key behind and VPN
in to retrieve it the first time, afterward the key is stored on both my
workstation at home and in the office, but not on the laptop physically
traveling with the removable drive)
>I'm a
>bit paranoid about any sort of encryption that's Windows-based, about
>how much the encryption is tied to a particular user account or some
>other odd values uniquely chosen and hidden away in the registry or on
>the boot drive. For instance, services like iTunes, the new Napster,
>MovieLink, and CinemaNow do this for their media files.
It's not exactly hidden, the key is stored in the certificate store. You
can easily import it, export it, move it around, create recovery paths,
whatever else suits your fancy.
The upside is that it's completely transparent for day to day use, once
properly configured, and you can encrypt your %temp% directory and any
other places where data may end up unencrypted. The reason I'm not a
fan of PGP-style solutions is that it requires me to save an unencrypted
version of the file first and then encrypt it, which might leave
recoverable traces on the drive. There is also a chance I'll be in a
hurry and forget to encrypt something. It's also simple enough that my
mom can use it (although she doesn't know she the technical details
about what she is using, or why it works, just that her data can't be
accessed on any PC other then her regular workstation at work without
calling IT)
>How physically secure is EFS anyway?
>
> * w w w .elcomsoft . com /aefsdr.html
>
>"With AEFSDR (Advanced EFS Data Recovery), protected files can be
>decrypted, even when the system is not bootable so you cannot log on,
>or when some encryption keys (private or master) have been tampered
>with."
Funny, you can decrypt PGP with the a copy of the keys too. In short,
EFS allows recovery agents to decrypt files as well, which helps out
when users don't bother to backup their keys (typical in a large network
environment)
Recovery Agents don't happen by accident, only by explicit administrator
action prior to when the files were initially encrypted and/or when the
original key was lost.
(In other words, if you don't do it in advance, you won't be able to
recover the data after you lose your key)
As I understand it, EFS is essentially considered unbreakable in
practical senses (the whole "heat death of the universe would occur
first" problem), as long as the keys are properly secured, assuming
there are no logic flaws in the implementation.
--
Insert something clever here.
In message <c9lj03puflvsvq2i5bv982t7n69ap7m73q@4ax . com > BubbaGump
<BubbaGump@localhost> wrote:
>On Tue, 27 Mar 2007 12:56:46 -0600, DevilsPGD
><spam_narf_spam@crazyhat . net > wrote:
>
>>In message <4607a1b9$0$16398$88260bb3@free.teranews . com > "RAK"
>><raknews@gmail . com > wrote:
>>
>>>Actually it is almost trivial to open an encrypted Word or Excel file if you
>>>encrypt using the built-in MS system. There are plenty of programs which
>>>will open these files. I once used one to open a file in the office where
>>>someone had forgotten the password, but I forget which one I used.
>>
>>Three letters: EFS. (Encrypted File System)
>
>With Windows? How do you make sure you export all the key(s) and
>other data used for the encryption so that they don't fall into the
>wrong hands or get lost if your boot drive is ever corrupted?
How do you make sure you export all the keys? A sticky note on the
drive reminding you to export the keys. Once it's done, it's done, it
only takes a couple minutes.
Exporting the keys isn't tough, and there are a number of options, but I
would simply encrypt the drive, then send the key via a different method
when traveling if the goal is to prevent a physically compromised drive
from being accessed.
For example, if you're traveling between offices, simply transferring
the key via SSL and storing it within the LAN of the destination office
should be sufficient (this is roughly the technique I use when traveling
with confidential data, although I actually leave the key behind and VPN
in to retrieve it the first time, afterward the key is stored on both my
workstation at home and in the office, but not on the laptop physically
traveling with the removable drive)
>I'm a
>bit paranoid about any sort of encryption that's Windows-based, about
>how much the encryption is tied to a particular user account or some
>other odd values uniquely chosen and hidden away in the registry or on
>the boot drive. For instance, services like iTunes, the new Napster,
>MovieLink, and CinemaNow do this for their media files.
It's not exactly hidden, the key is stored in the certificate store. You
can easily import it, export it, move it around, create recovery paths,
whatever else suits your fancy.
The upside is that it's completely transparent for day to day use, once
properly configured, and you can encrypt your %temp% directory and any
other places where data may end up unencrypted. The reason I'm not a
fan of PGP-style solutions is that it requires me to save an unencrypted
version of the file first and then encrypt it, which might leave
recoverable traces on the drive. There is also a chance I'll be in a
hurry and forget to encrypt something. It's also simple enough that my
mom can use it (although she doesn't know she the technical details
about what she is using, or why it works, just that her data can't be
accessed on any PC other then her regular workstation at work without
calling IT)
>How physically secure is EFS anyway?
>
> * w w w .elcomsoft . com /aefsdr.html
>
>"With AEFSDR (Advanced EFS Data Recovery), protected files can be
>decrypted, even when the system is not bootable so you cannot log on,
>or when some encryption keys (private or master) have been tampered
>with."
Funny, you can decrypt PGP with the a copy of the keys too. In short,
EFS allows recovery agents to decrypt files as well, which helps out
when users don't bother to backup their keys (typical in a large network
environment)
Recovery Agents don't happen by accident, only by explicit administrator
action prior to when the files were initially encrypted and/or when the
original key was lost.
(In other words, if you don't do it in advance, you won't be able to
recover the data after you lose your key)
As I understand it, EFS is essentially considered unbreakable in
practical senses (the whole "heat death of the universe would occur
first" problem), as long as the keys are properly secured, assuming
there are no logic flaws in the implementation.
--
Insert something clever here.
Re: Portable hard drive through airport security?
"Flash" drives are those little "thumb" drives you can carry in a
pocket. He described an external hard drive -- the newer ones run
through the USB port, but it's a full-sized external drive.
just to clarify
"Flash" drives are those little "thumb" drives you can carry in a
pocket. He described an external hard drive -- the newer ones run
through the USB port, but it's a full-sized external drive.
just to clarify
Re: Portable hard drive through airport security?
On 26 Mar 2007 08:43:58 -0700, "JimL" <Jim2929@gmail . com > wrote:
>"Flash" drives are those little "thumb" drives you can carry in a
>pocket. He described an external hard drive -- the newer ones run
>through the USB port, but it's a full-sized external drive.
>
>just to clarify
Right. Actually, I have both kinds. I keep private information on
the small thumb drives (passwords, receipts from online transactions),
and I'm planning on keeping public information that might take a while
to rebuild or redownload on the larger floppy-sized hard drives
(source code, pdf specs, music, porn).
On 26 Mar 2007 08:43:58 -0700, "JimL" <Jim2929@gmail . com > wrote:
>"Flash" drives are those little "thumb" drives you can carry in a
>pocket. He described an external hard drive -- the newer ones run
>through the USB port, but it's a full-sized external drive.
>
>just to clarify
Right. Actually, I have both kinds. I keep private information on
the small thumb drives (passwords, receipts from online transactions),
and I'm planning on keeping public information that might take a while
to rebuild or redownload on the larger floppy-sized hard drives
(source code, pdf specs, music, porn).
Re: Portable hard drive through airport security?
On Mar 26, 8:43 am, "JimL" <Jim2...@gmail . com > wrote:
> He described an external hard drive -- the newer ones run
> through the USB port, but it's a full-sized external drive.
> just to clarify
thanks for the clarification. I saw the word "USB" and my brain just
read flash/thumb drive.
I have brought an external HD through airport once, didn't cause any
issue.
On Mar 26, 8:43 am, "JimL" <Jim2...@gmail . com > wrote:
> He described an external hard drive -- the newer ones run
> through the USB port, but it's a full-sized external drive.
> just to clarify
thanks for the clarification. I saw the word "USB" and my brain just
read flash/thumb drive.
I have brought an external HD through airport once, didn't cause any
issue.
Re: Portable hard drive through airport security?
In article <ng6e03t0sn1a2lsfh55rc4h7m1ckh2a4tq@4ax . com >,
BubbaGump <BubbaGump@localhost> wrote:
> I'm considering moving across the country and trying to plan some
> details of the move. I have a portable USB hard drive that contains
> some confidential info (I.e. passwords) that somehow needs to get from
> where I live now to where I'll be moving. -- First, don't anyone say
> not to store passwords on a portable drive because I use a different
> one for each account, for security, and I have way too many too
> remember them all. -- I figure the most secure way to store the drive
> is to keep it either locked away or with me at all times, rather than
> with whatever moving service I use.
>
> I'm not worried about the metal detector. What I'm wondering is if
> security will let the item through. It would be a drive by itself, so
> I'd have no way to demonstrate it working, like I've heard is often
> asked of laptop users. Would they simply let it be X-ray scanned then
> allow it through?
Metal detectors cannot harm hard drives, but its always a good idea to
keep a backup copy of your information. You should also encrypt your
password file.
In article <ng6e03t0sn1a2lsfh55rc4h7m1ckh2a4tq@4ax . com >,
BubbaGump <BubbaGump@localhost> wrote:
> I'm considering moving across the country and trying to plan some
> details of the move. I have a portable USB hard drive that contains
> some confidential info (I.e. passwords) that somehow needs to get from
> where I live now to where I'll be moving. -- First, don't anyone say
> not to store passwords on a portable drive because I use a different
> one for each account, for security, and I have way too many too
> remember them all. -- I figure the most secure way to store the drive
> is to keep it either locked away or with me at all times, rather than
> with whatever moving service I use.
>
> I'm not worried about the metal detector. What I'm wondering is if
> security will let the item through. It would be a drive by itself, so
> I'd have no way to demonstrate it working, like I've heard is often
> asked of laptop users. Would they simply let it be X-ray scanned then
> allow it through?
Metal detectors cannot harm hard drives, but its always a good idea to
keep a backup copy of your information. You should also encrypt your
password file.
Re: Portable hard drive through airport security?
On Mon, 26 Mar 2007 21:38:51 -0400, Shawn Hirn <srhi@comcast . net >
wrote:
>In article <ng6e03t0sn1a2lsfh55rc4h7m1ckh2a4tq@4ax . com >,
> BubbaGump <BubbaGump@localhost> wrote:
>
>> I'm considering moving across the country and trying to plan some
>> details of the move. I have a portable USB hard drive that contains
>> some confidential info (I.e. passwords) that somehow needs to get from
>> where I live now to where I'll be moving. -- First, don't anyone say
>> not to store passwords on a portable drive because I use a different
>> one for each account, for security, and I have way too many too
>> remember them all. -- I figure the most secure way to store the drive
>> is to keep it either locked away or with me at all times, rather than
>> with whatever moving service I use.
>>
>> I'm not worried about the metal detector. What I'm wondering is if
>> security will let the item through. It would be a drive by itself, so
>> I'd have no way to demonstrate it working, like I've heard is often
>> asked of laptop users. Would they simply let it be X-ray scanned then
>> allow it through?
>
>Metal detectors cannot harm hard drives, but its always a good idea to
>keep a backup copy of your information. You should also encrypt your
>password file.
Encryption is a good idea. I just encrypted everything with PGP using
gpg. I now store my private key on two floppies with an ASCII version
of the key printed on a piece of paper and all 3 items kept in a safe
place. I suppose I should find another physically separate place to
keep them in the event of a fire.
In any event, I think I'm going to let one copy of the encrypted data
be moved with all my other stuff and FedEx another copy to my own new
address. I'll take the floppy and paper keys with me. If for any
reason the floppies become damaged, I should be able to retype the
ASCII version of the key (half a page of text).
paranoia = data security + data integrity
:-)
On Mon, 26 Mar 2007 21:38:51 -0400, Shawn Hirn <srhi@comcast . net >
wrote:
>In article <ng6e03t0sn1a2lsfh55rc4h7m1ckh2a4tq@4ax . com >,
> BubbaGump <BubbaGump@localhost> wrote:
>
>> I'm considering moving across the country and trying to plan some
>> details of the move. I have a portable USB hard drive that contains
>> some confidential info (I.e. passwords) that somehow needs to get from
>> where I live now to where I'll be moving. -- First, don't anyone say
>> not to store passwords on a portable drive because I use a different
>> one for each account, for security, and I have way too many too
>> remember them all. -- I figure the most secure way to store the drive
>> is to keep it either locked away or with me at all times, rather than
>> with whatever moving service I use.
>>
>> I'm not worried about the metal detector. What I'm wondering is if
>> security will let the item through. It would be a drive by itself, so
>> I'd have no way to demonstrate it working, like I've heard is often
>> asked of laptop users. Would they simply let it be X-ray scanned then
>> allow it through?
>
>Metal detectors cannot harm hard drives, but its always a good idea to
>keep a backup copy of your information. You should also encrypt your
>password file.
Encryption is a good idea. I just encrypted everything with PGP using
gpg. I now store my private key on two floppies with an ASCII version
of the key printed on a piece of paper and all 3 items kept in a safe
place. I suppose I should find another physically separate place to
keep them in the event of a fire.
In any event, I think I'm going to let one copy of the encrypted data
be moved with all my other stuff and FedEx another copy to my own new
address. I'll take the floppy and paper keys with me. If for any
reason the floppies become damaged, I should be able to retype the
ASCII version of the key (half a page of text).
paranoia = data security + data integrity
:-)
