Personal computing discussed
Moderators: renee, mac_h8r1, Nemesis
peartart wrote:What do you want to use encryption to protect from?
NovusBogus wrote:http://xkcd.com/538/
This answers the question of whether double-encryption would make a difference.
just brew it! wrote:As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".
just brew it! wrote:As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".
The only legitimate reason I can think of for doing this would be if you don't trust anyone, and want to require that two specific people be present in order to decrypt the data. Give one of the passphrases to each person, and neither one can decrypt the data themselves. But you could also accomplish nearly the same thing by encrypting the data only once, and giving half of the passphrase to each person.
Flying Fox wrote:peartart wrote:What do you want to use encryption to protect from?
This is the exact reason why thread-spawning is not helpful.
OP: As mentioned in your original thread, there is no "100% absolute secure" encryption. Poor key management and other attack vectors (including the much more effective social engineering one) are always in effect. You can really just increase the time+effort+cost of brute-force decrypting the data against people who are doing it brute force. And for that, unless you are dealing with state-sponsored agencies, tools like TrueCrypt are usually good enough. I use TrueCrypt as well with key and password, and I make sure I keep them separate during transport (seriously all bets are off once the data is decrypted on the other end, unless the other end is not connected and you can erase the memories of the operator who touches the system).
dan99t wrote:If so what is the solution ?
Flying Fox wrote:Fry+scramble your brain cells so even you don't remember what the data is (if you just kill yourself may be there are residual patterns that can be extracted from the dead brain cells), or may be, just vapourize yourself. That will be 100% absolute.
Sargent Duck wrote:Or even better, go back in time and erase yourself from existence.
NovusBogus wrote:http://xkcd.com/538/
This answers the question of whether double-encryption would make a difference.
dan99t wrote:All of the software we discussed do only File System Encryption OR Folder Encryption & not encrypting the files themselves.
In his other thread, dan99t wrote:So the OP worries about ease of use, copying, and on the other end when the other party "work on it".When you open Fully encrypted disk OR a Partition that is encrypted, is data now decrypted and act just like regular non encrypted data ?
Also if I copy some data from encrypted partion to another HDD or removable media, is that data in decrypted form & act like regular data ?
Also how vulnerable is the disk that was encypted but you opened it to work on it ?
Ryu Connor wrote:FWIW, layering encryption to increase the time to compromise is what 3DES does.
just brew it! wrote:Ryu Connor wrote:FWIW, layering encryption to increase the time to compromise is what 3DES does.
Yes. But there's not much point unless you're using an obsolete (and therefore easier to crack) form of encryption like DES in the first place.
Ryu Connor wrote:My point is that layering encryption has precedent as a method to improve difficulty. Taking 3DES and applying it to 2013 misses my point.
Captain Ned wrote:just brew it! wrote:Ryu Connor wrote:FWIW, layering encryption to increase the time to compromise is what 3DES does.
Yes. But there's not much point unless you're using an obsolete (and therefore easier to crack) form of encryption like DES in the first place.
For the record, 3DES is now officially deprecated in the financial institution world. Doesn't mean it isn't still used, but it's day job time to go hunting for existing implementations and nicely ask them to get rid of it.
Ryu Connor wrote:FWIW, layering encryption to increase the time to compromise is what 3DES does.