On Mon, 5 Apr 2010 20:33:01 -0700, Grant. wrote
(in article <Grant-me-that-0504102@Grant.Grant>):
> In article <20100406010806.E785581461@fleegle.mixmin.net>, The Lookout
> <the_lookout@nym.mixmin.net> wrote:
>
>> Travis The Dragon AKA insane for boys wrote:
>>> On 2010-04-04 05:58:10 -0500, The Lookout <the_lookout@nym.mixmin.net>
>>> said:
>>>
>>>> "_C'0-SM-oS," <oezse@sats.com> wrote:
>>>>> Hi lookout
>>>>>
>>>>> Interesting reading and thanks for the heads up note,
>>>>>
>>>>> I am not sure but this seems to relate to a computer that is up and
>>>>> running but locked by the user
>>>>>
>>>>> Not sure if it works with ones that have been off or/and the drives
>>>>> dismounted
>>>>>
>>>>> What is your understanding of the claims of the Software Company?
>>>>>
>>>>> Cosmos
>>>>>
>>>>>
>>>>> One more example for not leaving a computer running and UN attended
>>> even
>>>>> if its screen locked
>>>>
>>>> Hi Cosmos,
>>>>
>>>> It does require that the encrypted volume be mounted. I was thinking
>>> about
>>>> how many of us rely on a passworded screensaver or 'Windows-L' when
>>> leaving
>>>> our computer unattended for only a couple of minutes.
>>>>
>>>> We should make it a habit of dismounting and clearing cached passwords
>>> each
>>>> and every time we step away.
>>>>
>>>> Take care,
>>>> The Lookout
>>>
>>> Here's a thought: Truecrypt allows you to use files as keyhashes
>>> instead of an actual password. So what if you, for example, use 10
>>> mp3's as keyhashes and have say, 5 mp3's burned on one disc and 5 on
>>> another? When you want to mount, you just copy the mp3's onto your
>>> harddrive and after you dismount, delete the mp3's.
>>
>> Hi Insane,
>>
>> I'm afraid that the result would be the same if the keyhash/passphrase
>> is cached. It really isn't the mathematics behind the encryption that
>> they are defeating, it's the decryption key/passphrase stored in memory
>> that is being copied. That attack requires that your encrypted volume
>> be mounted, even though your computer is screen locked (Windows key+L).
>>
>> It's best to just dismount and clear cached passwords to be safe when
>> stepping away.
>>
>> Take care,
>> The Lookout
>>
>>
>
> I never liked the idea of a whole encrypted drive. What happens if the
> file system develops a problem such as can happen with a OS crash or if
> the drive gets disconnected "accidentally" without dismounting it
> first? Disk repair utilities couldn't fix it or recover files.
> Everything would be lost!
>
> I didn't see anything about encrypted containers which can be copied
> and backed up to other drives. Would the same things they warned about
> apply? What about the swap file? MacOS has the option to encrypt the
> swap file but I don't know how secure that is when the computer is on
> or off. Are unsaved passwords cached in MacOS memory like in Win?
>
> Turning your computer off when you don't use can be a hassle but there
> is another problem that can be much more serious. If you are raided
> while you are in the same room as your computer how *fast* can you turn
> it off before they grab you? A wise friend advised the computer and
> external drives be on a power control center or strip with an off
> switch you can reach in an emergency when are you are sitting at your
> computer or standing in the room. A little practice can make your
> reactions faster. It is a little more complicated with a notebook comp
> that uses a battery but you get the idea.
> I don't have anything seriously illegal in my comp but I do have a
> problem with more than average risk of my notebook being stolen. My
> danger with the law isn't as much as with some people here (mp3s
> anybody? LOL) but I don't want strangers messing with my personal info
> anymore than anybody else does!
>
>
I think with an iMac you can just pull the power cord and with a notebook,
the on/off switch itself is a kill switch if held down for about 4 or 5
seconds. Shouldn't that be sufficient in an emergency?
I'm curious also if true crypt passwords are cached on MacOS. If they were
in what cache would they reside? Some cache locations are easier to empty
than others. Some shut-down routines can automatically empty some chache
storage on power down, but not all have that feature and I'm not sure it's
all cache locations or only those from a selected list.
Any thoughts?
|
| Follow-ups: | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
|