Personal computing discussed

Moderators: renee, mac_h8r1, Nemesis

 
dan99t
Gerbil First Class
Topic Author
Posts: 169
Joined: Thu Jan 19, 2012 8:19 am

Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 1:38 am

Hi,

I just tried encrypting a Partition twice using two methods & it did so with no problem but is it really more secure ?

I used "Folder Lock" software to create a container & put the entire partition data in it.

Then I encrypted that partition using Windows BitLocker with a different password & it it all went smooth.

Then I tried to decrypt both of them to make sure that I do get all my data back & I did.

Thus this was a case of encrypting an encrypted container which made me think, is it more secure if I used two different password for each encryption ?

Need opinions please.

Thanks
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 9:06 am

Who ever is trying to decrypt the data would have to start over on the decryption process. The two methods should use two different salt keys, which should produce two different results, assuming the algorithm is well designed. Ideally two different algorithms should be used between the container and the partition encryption.

Yes, you should use two different passwords. :)

Have you tried moving the disk to a different computer to make sure you can still decrypt the data? Preferably, a fresh one that can be destroyed after the test. DBAN is a good way to wipe a hard drive if you don't want to destroy it.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 9:44 am

As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".

The only legitimate reason I can think of for doing this would be if you don't trust anyone, and want to require that two specific people be present in order to decrypt the data. Give one of the passphrases to each person, and neither one can decrypt the data themselves. But you could also accomplish nearly the same thing by encrypting the data only once, and giving half of the passphrase to each person.
Nostalgia isn't what it used to be.
 
peartart
Gerbil
Posts: 43
Joined: Wed Mar 21, 2012 3:01 pm

Re: Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 9:48 am

It's not likely to be less secure, but that doesn't mean it's enough of an improvement to make it worth the trouble of a second password to keep track of. Also the standard recommendation is full disk encryption, which I think BitLocker can do, since then you don't need to worry as much about quirks in the operating system foiling your attempt to encrypt files.

What do you want to use encryption to protect from?
 
Flying Fox
Gerbil God
Posts: 25690
Joined: Mon May 24, 2004 2:19 am
Contact:

Re: Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 11:55 am

peartart wrote:
What do you want to use encryption to protect from?

This is the exact reason why thread-spawning is not helpful. :-?

OP: As mentioned in your original thread, there is no "100% absolute secure" encryption. Poor key management and other attack vectors (including the much more effective social engineering one) are always in effect. You can really just increase the time+effort+cost of brute-force decrypting the data against people who are doing it brute force. And for that, unless you are dealing with state-sponsored agencies, tools like TrueCrypt are usually good enough. I use TrueCrypt as well with key and password, and I make sure I keep them separate during transport (seriously all bets are off once the data is decrypted on the other end, unless the other end is not connected and you can erase the memories of the operator who touches the system).
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
NovusBogus
Graphmaster Gerbil
Posts: 1408
Joined: Sun Jan 06, 2013 12:37 am

Re: Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 6:51 pm

http://xkcd.com/538/

This answers the question of whether double-encryption would make a difference. :)
 
Airmantharp
Emperor Gerbilius I
Posts: 6192
Joined: Fri Oct 15, 2004 10:41 pm

Re: Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 8:13 pm

NovusBogus wrote:
http://xkcd.com/538/

This answers the question of whether double-encryption would make a difference. :)


Yup- two levels of encryption is still just one factor of authentication.
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Double Encryption possible but is it more secure ?

Thu Apr 25, 2013 11:01 pm

just brew it! wrote:
As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".


He hasn't asked about blind drops and obfuscating communications or the origin of a package, so I don't think he's reached paranoid just yet.
 
Rübenschwein
Gerbil In Training
Posts: 7
Joined: Tue Dec 11, 2012 4:28 am

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 3:39 am

Does it get harder to decrypt?

Regarding plain old theoretical cryptographical attacks, i.e., a nice playing attacker that has your encrypted data and also knows some bits of the plaintext: Yes, somewhat.

- Does it make sense in real life? Only if you consider attackers at the level of large governmental institutions like the NSA, GCHQ, Mossad and whatever the Russians have. SUPPOSING those institutions have a VERY HIGH interest in your data, we are talking state secrets and nuclear launch codes here. If they do, you obviously have other problems.

- Would it make a difference? Do you have the (military) power to protect you from them physically? If not, see http://xkcd.com/538/.

Stop trying to evaluate the most secure way to encrypt some data. Any product you can use worth its salt will implement secure enough crypto. If you have enemies motivated enough to go for that data, they will NOT attack the crypto. They will attack:
- your PASSWORD (it's not your birthday is it?),
- your systems, i.e., your network or even your PCs directly by installing a trojan or w/e,
- YOU.
 
FireGryphon
Darth Gerbil
Posts: 7729
Joined: Sat Apr 24, 2004 7:53 pm
Location: the abyss into which you gaze

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 5:05 am

Double encryption can work, but if you Do It Wrong then it becomes easier to crack. It's best to use a reliable method of regular, single encryption.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
 
dan99t
Gerbil First Class
Topic Author
Posts: 169
Joined: Thu Jan 19, 2012 8:19 am

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 7:24 am

just brew it! wrote:
As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".

The only legitimate reason I can think of for doing this would be if you don't trust anyone, and want to require that two specific people be present in order to decrypt the data. Give one of the passphrases to each person, and neither one can decrypt the data themselves. But you could also accomplish nearly the same thing by encrypting the data only once, and giving half of the passphrase to each person.


You are right about giving half of the paraphrase but that is not what I had in mind.

More I read on this subject, less I am getting convinced that there is one single software that will do the job.

Can you comment on following ?

All of the software we discussed do only File System Encryption OR Folder Encryption & not encrypting the files themselves.

If so what is the solution ?
 
notfred
Maximum Gerbil
Posts: 4610
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 7:29 am

It doesn't really matter when the root kit is just copying your data in the clear over the Internet...
 
dan99t
Gerbil First Class
Topic Author
Posts: 169
Joined: Thu Jan 19, 2012 8:19 am

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 7:38 am

Flying Fox wrote:
peartart wrote:
What do you want to use encryption to protect from?

This is the exact reason why thread-spawning is not helpful. :-?

OP: As mentioned in your original thread, there is no "100% absolute secure" encryption. Poor key management and other attack vectors (including the much more effective social engineering one) are always in effect. You can really just increase the time+effort+cost of brute-force decrypting the data against people who are doing it brute force. And for that, unless you are dealing with state-sponsored agencies, tools like TrueCrypt are usually good enough. I use TrueCrypt as well with key and password, and I make sure I keep them separate during transport (seriously all bets are off once the data is decrypted on the other end, unless the other end is not connected and you can erase the memories of the operator who touches the system).


Thread spawning wasn't my intent at all & I sincerely apologize if it came out like that.

I am just exploring & experimenting this subject with true intent of learning & eventually using ideas from this great forum.

I am learning a lot from every response & am truly grateful to you all.
 
Flying Fox
Gerbil God
Posts: 25690
Joined: Mon May 24, 2004 2:19 am
Contact:

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 7:41 am

dan99t wrote:
If so what is the solution ?

Don't connect to the internet. Don't send HDDs over mail/courier. Don't tell the other guy your secret. Don't even record the information electronically. Fry+scramble your brain cells so even you don't remember what the data is (if you just kill yourself may be there are residual patterns that can be extracted from the dead brain cells), or may be, just vapourize yourself. That will be 100% absolute.

But if you have to go that far, what's the point?
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
Sargent Duck
Grand Gerbil Poohbah
Posts: 3220
Joined: Thu Mar 13, 2003 8:05 pm
Location: In my secret cave that has bats

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 7:54 am

Flying Fox wrote:
Fry+scramble your brain cells so even you don't remember what the data is (if you just kill yourself may be there are residual patterns that can be extracted from the dead brain cells), or may be, just vapourize yourself. That will be 100% absolute.


Or even better, go back in time and erase yourself from existence.
No matter how bad the new homepage sucks or how bungled the new management is...

To all the original writers/contributors and volunteers, please know that I have nothing but the deepest love for you and the work you've done.
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 7:55 am

Sargent Duck wrote:
Or even better, go back in time and erase yourself from existence.

Only happens when you get hit by the light from the cracks in the universe.
 
dan99t
Gerbil First Class
Topic Author
Posts: 169
Joined: Thu Jan 19, 2012 8:19 am

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 7:58 am

NovusBogus wrote:
http://xkcd.com/538/

This answers the question of whether double-encryption would make a difference. :)


Information with entertainment. What more can I ask for.

Please keep it coming.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 10:19 am

dan99t wrote:
All of the software we discussed do only File System Encryption OR Folder Encryption & not encrypting the files themselves.

Not sure what your point is here. With products like Bitlocker, the entire file system (the disk partition, actually) is encrypted; therefore the files it contains are implicitly encrypted as well.

Are you saying that you would rather have something that lets you encrypt individual files, possibly with different passphrases for different files?
Nostalgia isn't what it used to be.
 
Flying Fox
Gerbil God
Posts: 25690
Joined: Mon May 24, 2004 2:19 am
Contact:

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 11:41 am

In his other thread, dan99t wrote:
When you open Fully encrypted disk OR a Partition that is encrypted, is data now decrypted and act just like regular non encrypted data ?

Also if I copy some data from encrypted partion to another HDD or removable media, is that data in decrypted form & act like regular data ?

Also how vulnerable is the disk that was encypted but you opened it to work on it ?
So the OP worries about ease of use, copying, and on the other end when the other party "work on it".
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
indeego
Gerbil First Class
Posts: 110
Joined: Thu Feb 27, 2003 8:42 am

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 12:01 pm

Focus on the weak aspects of encryption: Humans. Focus on how you store your keys. Who has physical access to any device you use?

These are areas that will be penetrated far faster than any modern tested encryption method.

It means a lot of hassle, too. Who really has full ownership 24/7 of those keys except memory? And then who really checks ports/software for keyloggers every use?
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 12:11 pm

FWIW, layering encryption to increase the time to compromise is what 3DES does.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 12:42 pm

Ryu Connor wrote:
FWIW, layering encryption to increase the time to compromise is what 3DES does.

Yes. But there's not much point unless you're using an obsolete (and therefore easier to crack) form of encryption like DES in the first place.
Nostalgia isn't what it used to be.
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 12:58 pm

just brew it! wrote:
Ryu Connor wrote:
FWIW, layering encryption to increase the time to compromise is what 3DES does.

Yes. But there's not much point unless you're using an obsolete (and therefore easier to crack) form of encryption like DES in the first place.

For the record, 3DES is now officially deprecated in the financial institution world. Doesn't mean it isn't still used, but it's day job time to go hunting for existing implementations and nicely ask them to get rid of it.
What we have today is way too much pluribus and not enough unum.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 12:59 pm

Keep in mind the age of DES. 1979 for 56bit DES and 1998 for 3DES.

40 and 56bit was still relevant even in the late 90s. It wasn't until 2000 or so that the limited export of cryptography was lifted allowing for 128bit encryptions or greater to leave the US. It wasn't until October of 2000 that AES finally won the competition to replace DES.

My point is that layering encryption has precedent as a method to improve difficulty. Taking 3DES and applying it to 2013 misses my point.

Since such pedantry is in the air, let me also detail that my statement doesn't mean I condone what dan99t is doing.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 1:08 pm

Ryu Connor wrote:
My point is that layering encryption has precedent as a method to improve difficulty. Taking 3DES and applying it to 2013 misses my point.

Perhaps you missed my point -- i.e., provided you're using a good (and current) encryption algo to begin with, there's generally no reason to double- or triple-encrypt. So unless he's worried about keeping the contents of this drive secure for several times the likely lifetime of the drive itself, there's little benefit.
Nostalgia isn't what it used to be.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Double Encryption possible but is it more secure ?

Fri Apr 26, 2013 1:09 pm

Did I not just state that I don't condone what he's doing?

I fully understand the relevance of your point. It doesn't negate my point nor does it imply that I condone his actions as sound.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
shodanshok
Gerbil
Posts: 28
Joined: Thu May 31, 2012 3:39 am
Contact:

Re: Double Encryption possible but is it more secure ?

Sat Apr 27, 2013 8:12 am

Captain Ned wrote:
just brew it! wrote:
Ryu Connor wrote:
FWIW, layering encryption to increase the time to compromise is what 3DES does.

Yes. But there's not much point unless you're using an obsolete (and therefore easier to crack) form of encryption like DES in the first place.

For the record, 3DES is now officially deprecated in the financial institution world. Doesn't mean it isn't still used, but it's day job time to go hunting for existing implementations and nicely ask them to get rid of it.


Hi,
while AES is a more secure and newer encryption standard, 3DES should be more that enought to protect even classified data: it provide 112 bit of security that, combined with the intrinsic resilience of the DES algorithm, should be very difficult to crack.

Do you have any reference pointing to the financial institute migrating away from 3DES? In my experience, while AES-128 is both stronger and faster then plain software based 3DES implementation, many mid-large corporation uses VPN-concentrators with hardware 3DES acceleration and so are reluctant to swith to other protocols.

Regards.
www.ilsistemista.net - test & bench :)
 
shodanshok
Gerbil
Posts: 28
Joined: Thu May 31, 2012 3:39 am
Contact:

Re: Double Encryption possible but is it more secure ?

Sat Apr 27, 2013 8:14 am

Ryu Connor wrote:
FWIW, layering encryption to increase the time to compromise is what 3DES does.


Sure. Moreover, standard GNU C crypt(3) function use a 25-fold DES encryption scheme, among other protocols as well (MD5, SHA1, ecc.).

http://en.wikipedia.org/wiki/Crypt_(C)
www.ilsistemista.net - test & bench :)
 
Krogoth
Emperor Gerbilius I
Posts: 6049
Joined: Tue Apr 15, 2003 3:20 pm
Location: somewhere on Core Prime
Contact:

Re: Double Encryption possible but is it more secure ?

Sat Apr 27, 2013 9:38 am

I feel that the primary purpose of data encryption is to keep honest people, honest. It will not stop a determined group or individual from obtaining your data or at least the destroying the data (denial of service) and if you are paranoid enough you will probably have no back-ups.

Unless you have state and trade secrets on hand. You shouldn't have to go to great lengths to protect and encrypt your data. The vast majority can get by with standard encryption schemes and suites to protect their personal information as long as you deal with parties that you can trust. Don't deal with shady emails and groups (phishing schemes).

Physical security the final and most important layer of defence. It doesn't matter how good your encryption scheme is. An attacker who has sufficient motivation will circumvent the encryption or destroy the data out of spite.
Gigabyte X670 AORUS-ELITE AX, Raphael 7950X, 2x16GiB of G.Skill TRIDENT DDR5-5600, Sapphire RX 6900XT, Seasonic GX-850 and Fractal Define 7 (W)
Ivy Bridge 3570K, 2x4GiB of G.Skill RIPSAW DDR3-1600, Gigabyte Z77X-UD3H, Corsair CX-750M V2, and PC-7B
 
NovusBogus
Graphmaster Gerbil
Posts: 1408
Joined: Sun Jan 06, 2013 12:37 am

Re: Double Encryption possible but is it more secure ?

Sun Apr 28, 2013 1:08 pm

One thing you could do if you just really want more than single-password encryption is look into TrueCrypt's hidden volume feature, where you can have an encrypted file/drive/whatever whose empty-space 'noise' is actually a second drive and which one you get when you mount the drive depends on which of two passwords you feed TrueCrypt. The idea is that you can load the outer volume with things that are embarrassing or socially deviant but not (or less) illegal in your jurisdiction so that if/when you are forced to reveal the password you can convincingly say that this is what you have. The crypto is never the weak point so plausible deniability is infinitely more useful than fretting about fancypants algorithms.

Another thing you could look at depending on how much data you've got is an enterprise-class secure USB stick with a hardware-based security system. I have a 4GB Lexar drive (sadly discontinued it seems) that bricks itself after five incorrect attempts, it's not very big but great for passwords and financial stuff. Obviously you need to be triply careful to remember the PW with one of these since you can't just guess until you get the right one.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On