Please Scroll Down to See Forums Below SweOldSchool
New member
I used to encrypt all the "bad" files with PGP but it takes so long time so I just created an PGP-disc (256 encryption) wich I can mount and unmount. will this be just as safe as encrypt files for files?
PGP encryption
- Thread starter SweOldSchool
- Start date
For the most part, yes. There hasn't been any statistical failures of the PGP algorithm to my knowledge. However, Windows likes to hide all sorts of files in all sorts of odd locations. Temp file directories, XP's autosystem backup or whatever it's called. Cookies, browser cache, etc, etc. I'm pretty familiar with most OS's and I don't feel comfortable saying that under a professional forensic examination, someone couldn't find something I didn't want them to find. Even using PGP.
If your using Windows 98 you might consider looking at http://scramdisk.clara.net It's a pretty popular program with it's own newsgroup full of people discussing it. It's free, uses quick proven ciphers and even had the source code available at one time.
Another great program I found made by the same people as above is Diskcrypt. This is the Windows NT/2000/Xp version of the above software. It isn't free. They also make another product called Disk Crypt Plus Pack which encrypts your entire drive including the OS which does decryption in real time. I've been using both of these products for about a week and I'm very happy. I haven't done any testing yet to see if any information can be recovered from the drive but I feel pretty safe in recommending it. I do watch the newsgroup and there are plenty of people on there with more experience than me who don't have any complaints.
There are others on here who will recommend using Eveidence Eliminator to "clean" your drive. I don't recommend this. I've heard too many negative things to trust this company and thier "magical" product. There are other programs which do similar functions I think you'd be better off with.
Good luck.
If your using Windows 98 you might consider looking at http://scramdisk.clara.net It's a pretty popular program with it's own newsgroup full of people discussing it. It's free, uses quick proven ciphers and even had the source code available at one time.
Another great program I found made by the same people as above is Diskcrypt. This is the Windows NT/2000/Xp version of the above software. It isn't free. They also make another product called Disk Crypt Plus Pack which encrypts your entire drive including the OS which does decryption in real time. I've been using both of these products for about a week and I'm very happy. I haven't done any testing yet to see if any information can be recovered from the drive but I feel pretty safe in recommending it. I do watch the newsgroup and there are plenty of people on there with more experience than me who don't have any complaints.
There are others on here who will recommend using Eveidence Eliminator to "clean" your drive. I don't recommend this. I've heard too many negative things to trust this company and thier "magical" product. There are other programs which do similar functions I think you'd be better off with.
Good luck.
SweOldSchool
New member
thanks a helluvalot daemon for taking time 
I will have a look at that prog you recomended.
"However, Windows likes to hide all sorts of files in all sorts of odd locations. Temp file directories, XP's autosystem backup or whatever it's called. Cookies, browser cache, etc, etc."
I'm using win98 and use Evidence eliminator (which you don't recomend) to delite all this cookies, writeing over free space etc etc every night when I turn off the computer. but this isn't enough you say?
I will have a look at that prog you recomended. "However, Windows likes to hide all sorts of files in all sorts of odd locations. Temp file directories, XP's autosystem backup or whatever it's called. Cookies, browser cache, etc, etc."
I'm using win98 and use Evidence eliminator (which you don't recomend) to delite all this cookies, writeing over free space etc etc every night when I turn off the computer. but this isn't enough you say?
SweOldSchool said:thanks a helluvalot daemon for taking time
"However, Windows likes to hide all sorts of files in all sorts of odd locations. Temp file directories, XP's autosystem backup or whatever it's called. Cookies, browser cache, etc, etc."
I'm using win98 and use Evidence eliminator (which you don't recomend) to delite all this cookies, writeing over free space etc etc every night when I turn off the computer. but this isn't enough you say?
I'd be lying if I said that it didn't work. Honestly, I don't know. I've heard that it doesn't. I've read about all the newsgroups they spam to. I've seen the numerous websites they've put up to promote thier own company. Lastly, I've read the warning you get when you install that tells you if your using a "blacklisted" serial number, the product will appear to be working but won't or will fail in random ways (in other words you have no way of knowing if it's working right). All this leads up to a company and product I don't feel safe using especially for it's intended purpose. In the end, if I got raided and had been using evidence eliminator, I'd still be shitting my pants when they took my computer.
Read this: http://evidence-eliminator-sucks.com/eesucks/ make your own decisions.
oneandthesame
New member
I agree I too have EE and I don't even use it anymore. I too have scramdisk and love it. It is free if your using windows 98. I would also recomend using blowfish and remember that your passphrase is what determines how good your stuff is protected: short easy passphrase = easy access by a password sniffing program
SweOldSchool
New member
okay I've downloaded scramdisk and started to use it..but I can't really figur out why it is better/different than PGP?
oneandthesame
New member
the reason a mounted disk is safer than individually encrypting files is simple. When you take a file and encrypt it there is still the unencrypted copy of that file which is hard to get rid of. On the other hand with a container you can download stuff right into it and it automatically encrypts it on the fly. In other words you create a say 4 gigabyte container then you put your browser and all your pertinant programs like email programs etc, etc. Now everything you do is encrypted decrypted on the fly in real time. You should note though that the swap file will do you in though. You should fix the size of your swap file and then proceed to wipe it with every session and too pieces of info can and are logged into many temp type files these must also be wiped clean. You can learn all this by visiting websights related to security and privacy. Such as the scramdisk sight which is in this thread a few up. good luck
SweOldSchool
New member
okay so I should put all files/programs that can provide any form of evidencein a mounted scramdisk-disk? like explorer, the windows map etc.. but that you can do with pgp too, right? I have now one E: (scramdisk) and one E: (PGP) and both I can encrypt decrypt.. why would scramdisk be better..? sorry if I put stupid questions.. I've read the link and a few other security pages but my english isn't that good..
oneandthesame
New member
bro both are good I'd reccomend either - just remember to make your password very complex and Don't use words out of the dictionary to make up your passphase- try to use number letter special charachter combinations
good luck
good luck
creep
New member
I'm sorry guys but I won't trust any of them. They are good products for keeping "normal" people out of your files. Most friends and family members won't be able to access your files. However if the feds get a hold of your Hard Drive I don't care what software your running they'll get in. I'm a novice and can crack a lot of the freeware thats out there. Imagine what a trained professional can do? I wish I had some good news for you but the best most expensive encription software out there can be cracked.
oneandthesame
New member
creep said:
blowfish cannot be cracked not by the feds of course nsa maybe, but he wouldn't have to worry about them over this stuff
creep
New member
I'm not familier with blowfish but anything can be cracked. It's been proven time and time agian. Everything out there was "crack proof" untill it got cracked. Maybe the feds can't crack it yet but give them time. Rembember they have the time, the money and the resources to do what ever they want. I'm not trying to disencourge anybody from using these products. Just be aware that you not 100% safe and to take precautions.
creep said:
First off, I'm not necessarily worried about the feds. They've got better things to do then waste thier time on me. I haven't done anything worthy of them getting involved in my life.
Your right in the sense that I wouldn't trust ANY computer program out there if I was to get raided by some large gov't agency. There are too many factors to consider.
As to your assertation that crypto algorithms are crackable. I think your bieng overly dramatic. Popular algorithms have undergone years of peer study by some of the brightest people in the world. Unless a significant scientific advance comes, in line with the ability to factor large prime numbers, the algorithms are sounds and definately unbreakable by todays technology. The government wouldn't endorse something like AES and let the countries largest businesses use a flawed algorithm. If they see a weekness then the possability exists for others to see the weekness which in turn could cause catastrophic consequences to our nations financial infrastructure. In the end, flaws are usually found in the implementation rather than the algorithm.
SweOldSchool said:
Scramdisk isn't necessarily better. The reason I used it was because it was free and it was faster.
Without fully encrypting your windows bootdisk you won't be getting everything. You have your swap file, windows temp files, registry entries, etc, etc. If your just storing things like text documents or pictures, you'd probably be okay. If your start installing programs or use programs which cache information.... your fighting an uphill battle.
An inconvenient but safe way to do things is to completely wipe your drive. Use a multiple overwrite program from a dos bootdisk. Reinstall the OS with all the applications you'll use. Image the drive. Do what you want to do. Occassionally rewipe the drive, restore from the image and your back to a known clean state. It's a pain in the ass but it's generally safe.
SweOldSchool
New member
daemon said:
that's sounds like somehing I would like to do.. is it hard? I just don't want anyone (feds or other) to see my swap file, windows temp files, registry entries, etc, etc... nor I wouldn't like them to see some documents that I have or the stuff I say (write) on IRC (irc might be impossible).. I'm a bit dumb when it comes to computer so can I create a mounted disk with scramdisk and put the c:\windows map and mIRC and my documents in that disk? or am I way off?
btw about that password I use "fart" do you think I sould add a number to increase the secutriy?
Scramdisk calls the windows API's related to security, so no information about your passphrase whould ever be paged out (or swap out for win 9x).
Blowfish is a good crypto, it wass one of the final canidate to replace DES. I don't know the spelling but something ryjell won and is now know as AES or advanced encryption standard.
All of these can be brute force hacked, its just a matter of time and money (CPU time on big systems costs $). Most locals will not spend the $ to send it to the FBI for processing. They may run some tools themselves, but if you use a large complex passphrase they will prob. give up.
Depending where you live (country) a court could require you to supply the passwords etc.
Blowfish is a good crypto, it wass one of the final canidate to replace DES. I don't know the spelling but something ryjell won and is now know as AES or advanced encryption standard.
All of these can be brute force hacked, its just a matter of time and money (CPU time on big systems costs $). Most locals will not spend the $ to send it to the FBI for processing. They may run some tools themselves, but if you use a large complex passphrase they will prob. give up.
Depending where you live (country) a court could require you to supply the passwords etc.
Absolutely. So much that I've given up trying.SweOldSchool said:
IRC is a joke. If the feds are interested they'll simply tap your connection from your ISP. True they won't be able to access what you typed from your computer unless you save log files but, it's much simpler to tap your line. If you become a target of an investigation, I'm almost positive they'll go that route.
The only way I know to encrypt the windows partition is to use something like drive crypt plus pack.
Uhm.. yeah. For scramdisk at the very least you should be using two line passphrases.
Rijndaelvoodoo said:
From the Rijndael FAQ:
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
Similar threads
