
Encrypting Your Laptop Like You Mean It - etiam
https://firstlook.org/theintercept/2015/04/27/encrypting-laptop-like-mean/
======
nickysielicki
I think the best / most secure computer you can use today is a libreboot GM45
thinkpad with FDE, including /boot. The implications of this are big, both in
security and in plausable deniability. Look at the case of Jeff Feldman [1],
and how having a detectable OS made him liable for the hard disk. If they
can't show that the drive contains some kind of OS or that it's not gibberish,
you cannot be forced to unencrypt them (don't quote me on this, I'm not
entirely sure if I'm speaking the truth.)

But if I'm right, having a visible /boot partition is enough to show that
there is some kind of OS.

With Grub2 written to the board itself, you can get around that. [2]

[1]: [http://arstechnica.com/tech-policy/2013/05/28/in-reversal-
ju...](http://arstechnica.com/tech-policy/2013/05/28/in-reversal-judge-orders-
child-porn-suspect-to-decrypt-hard-drives/)

[2]:
[http://libreboot.org/docs/gnulinux/encrypted_trisquel.html](http://libreboot.org/docs/gnulinux/encrypted_trisquel.html)

~~~
greggyb
I don't see how the article you linked to [0] indicates a detectable OS in any
way shape or form.

Rather, the issue is that if it cannot be shown that you _do_ know the
password, then ownership of the drive cannot be determined. Entering the
password is equivalent to admitting ownership, and therefore would be self-
incriminating.

The article indicates that the FBI decrypted one drive and found evidence that
it belonged to Feldman:

>According to the order (PDF), after devoting “substantial resources” in the
case, FBI agents apparently have been able to decrypt one of the drives. The
government argued that because it had found “numerous files which constitute
child pornography,” “detailed personal financial records and documents
belonging to Feldman,” and “dozens of personal photographs of Feldman,"
Feldman therefore has “access to and control over” the set of drives.

Edit: Forgot link.

[0][http://arstechnica.com/tech-policy/2013/05/28/in-reversal-
ju...](http://arstechnica.com/tech-policy/2013/05/28/in-reversal-judge-orders-
child-porn-suspect-to-decrypt-hard-drives/)

~~~
pooper
In an adversarial judicial system, can a judge trust the prosecution to not
tamper with digital evidence? What can the defense do in a situation where the
prosecution plants an identical storage device (hard disk drive, ssd, flash
drive) that contains cp specimen?

Does the judge simply take prosecution's word? If so, why can't they just take
the defense's word that they don't know the password?

~~~
dragonwriter
> In an adversarial judicial system, can a judge trust the prosecution to not
> tamper with digital evidence?

The judge doesn't have to trust the evidence, the judge just allows the
prosecution to present it, and allows the defense to present whatever they
have to rebut it, including challenges to its provenance, counterevidence,
etc.

------
mr337
Recommending BitLocker and OSX HD encryption I feel is a diservice to the
public. I wouldn't put it past them to already have backdoors built in. Let
alone they are both proprietary and not open to public audit. I guess we are
suppoed to take their word [1]???

[1] [http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-
backd...](http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/)

~~~
brandon272
I'm a typical developer and I think I speak for the vast majority of people
when I say that my concern is not with top level government agencies
decrypting my hard drive. My concern is with me losing my computer or having
it stolen by a petty thief, in which case I feel that the proprietary built-in
encryption tools offered by Microsoft and Apple are perfectly suitable.

~~~
DanBC
> when I say that my concern is not with top level government agencies
> decrypting my hard drive.

It's great that you have risk-assessed your needs.

It's a shame that the title says "like you mean it", and not "for tamper
resistance against most people, but probably not well funded government
agencies".

~~~
brandon272
The title is off, but typically sensational. I wonder what disk encryption
look like if you don't "mean it"?

~~~
DanBC
"Enclosed but not encrypted" is a nice article about bad encryption.

[http://www.h-online.com/security/features/Enclosed-but-
not-e...](http://www.h-online.com/security/features/Enclosed-but-not-
encrypted-746199.html)

> A new generation of inexpensive disk drive enclosures using hardware
> encryption and RFID keys do not fulfil the promises of their publicity. The
> adverts claim 128-bit AES hardware encryption, but they don't tell us how it
> is used

She does a nice write up.

------
barrkel
If you're crossing borders with electronic stuff, simply don't bring anything
personal. Access it remotely. You'll only be out hardware should the hardware
be confiscated, and you'll have no big privacy breach should you have to boot
the machine to show to customs.

Clear cache / cookies beforehand, or use the browser in a mode that clears on
shutdown. Use suspend / hibernate when not crossing borders, but do a proper
shutdown when going through borders.

Carrying valuable data around then trying to protect it by encrypting it,
while simultaneously going through borders, is just asking for trouble IMO.
You'll look like a complete freak should you be picked on, very suspicious.

~~~
jmnicolas
Well it's probably easier and cost effective for "them" to access your remote
data (and they probably already have with their dragnet surveillance programs)
than to decrypt your laptop.

------
paulannesley
> But unfortunately, laptops have ports that have direct memory access, or
> DMA, including FireWire, USB, and others.

USB doesn't exposes DMA.

“Examples of connections that may allow DMA in some exploitable form include
FireWire, ExpressCard, Thunderbolt, PCI and PCI Express.” –
[http://en.wikipedia.org/wiki/DMA_attack](http://en.wikipedia.org/wiki/DMA_attack)

~~~
paulannesley
Related from 2006:

Schneier on Security — Hacking Computers Over USB
[https://www.schneier.com/blog/archives/2006/06/hacking_compu...](https://www.schneier.com/blog/archives/2006/06/hacking_compute.html)

The block-quote incorrectly mentions DMA over USB, but the described attack
uses Windows AutoRun. The comments discuss a demonstrated FireWire iPod based
DMA attack, and that USB doesn't expose DMA.

------
geographomics
For those who use BitLocker: although it is set up to use numeric-only PINs by
default, you can configure this to allow any character - which would
presumably increase the search space of brute force attacks against the PIN.

The relevant Group Policy setting is "Allow enhanced PINs for startup", and
can be found in Windows Components → BitLocker Drive Encryption → Operating
System Drives.

~~~
MichaelGG
The big question is: is your PIN used only for TPM access? Or is the PIN
itself combined after unlocking the TPM?

How it should work is that one hash of your PIN is used to unlock the TPM.
Then another hash of the PIN is used to mix into the key the TPM provides.
That way directly compromising the TPM doesn't provide full access.

This is probably strictly obsolete by using a long PIN. But it feels nice to
have a TPM, as it's one more piece the attacker needs. If they steal the disk
or fuckup the TPM, then the data's gone, even if you reveal your PIN.

(ATM, I use Bitlocker, then encrypt my VMs with EFS keyed off a certificate
stored on a smartcard. Then I Bitlocker the VM drive itself. It's silly, but
that way I get a range of hardware plus brain-stored password. [I don't need
it any more, it's just a leftover setup from my BTC experiments.] I also put
tamper proof seals all over my laptop, but it requires active work to check
them and note the serial number on each one.)

~~~
geographomics
I wondered that too - apparently in Vista the PIN was only used to
authenticate to the TPM and retrieve the volume master key (which in turn
protects the key used to actually encrypt the drive).

More pleasingly however, in Windows 7 and onwards it is used to encrypt the
volume master key as well, in pretty much the way you describe.

Microsoft's submissions for FIPS validation have some good detail on this -
Windows 7 [see section 7]:
[http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/1...](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1332.pdf),
others:
[https://www.google.com/search?q=site:csrc.nist.gov+inurl:140...](https://www.google.com/search?q=site:csrc.nist.gov+inurl:140sp+microsoft+bitlocker)

------
SEJeff
I'm a Linux desktop/laptop user and just wanted to point out that LUKs
encryption is built right into the RHEL / Fedora installer and works like a
champ.

------
ethana
Just when I though I know everything about how computer works, here they are
talking about freezing ram attack. I didn't even imagine this as a
possibility.

~~~
gnud
So, it's obviously hard to defend against a freeze attack when the computer is
sleeping - because the key is still needed.

But I feel like disk encryption software should, when the computer is being
shut down, prepare some random data and write over the encryption key to
prevent information leakage in the moments after shutdown. This, combined with
some hardware intrusion detection system would help a lot, wouldn't it? Or am
I missing something?

~~~
MichaelGG
There's a neat implementation of AES that uses only registers and never has
the key in RAM after boot. I forget the name right now, but it's pretty
fucking awesome. IIRC it puts the key into debug registers, then disables
access to those registers. It calculates the key schedule on-the-fly for each
block it encrypts, and it performs decently with AES-NI. So neither the key,
nor any of intermediate pieces, are ever in RAM, just in registers.

Edit: Here it is: Tresor: [http://www1.informatik.uni-
erlangen.de/tresor](http://www1.informatik.uni-erlangen.de/tresor)

------
rainwolf
Note that with FileVault on, backups are not automatically encrypted. Time
Machine is a smooth backup experience, but should be encrypted as well.

------
lawl
> _Unlike in Windows and Mac OS X, you can only encrypt your disk when you
> first install Linux._

That is obviously simply not true. There is no user friendly GUI way to do it,
but it is definitly doable, and that's what they should have written.

Also, recommending BitLocker, and not having the main guide for something more
user friendly and open source?

~~~
raesene9
out of curiousity, what would you recommend as a user friendly open source
disk encryption product in place of Bitlocker?

~~~
lawl
Well, back when I used windows TrueCrypt was still a thing.

Depending on your threat model, probably still TC though. If your threat model
is the NSA, I'd advise you to not use windows anyways. Plus, if it does turn
out TC has a major flaw, someone abusing it might make a noise. And as far as
I'm aware the TC audit also hasn't found anything serious so far.

If you aren't betting your life on it, I think you're still fine with
TrueCrypt, Plus, encrypting your full drive with it is something my mother
could do. Next, next, next done, at least that's how I remember it.

Edit: Thinking about it, this is firstlook.org, maybe they know something we
don't, but recommending BitLocker over TC sill seems like a stretch.

~~~
nhayden
TrueCrypt doesn't support EUFI which pretty much all laptops use these days.

------
bbcbasic
The other approach is to not leave anything on your PC that you care about
someone else having access to.

This could mean keeping a lot of data encrypted online, with keys being
remembered (and possibly backed up in a safe at home incase you forget)

~~~
sanqui
This would at minimum leave your cache exposed...

------
zaroth
How's OPAL support looking on Linux these days? Last time I looked all I could
find was: [https://github.com/r0m30/msed](https://github.com/r0m30/msed)

------
toddsiegel
Are any major computer vendors enabling this by default? Phones are encrypted
by default, seems obvious to do the same for laptops and such.

~~~
raesene9
Some phones are encrypted if you add a passcode, but won't be unless you do.
Also AFAIK android still isn't by default event when a passcode is set.

One of the problems with doing it by default is the consequences of a lost
password. On a consumer device (where there's unlikely to be an admin backup
password) a lost/forgotten password can result in the user losing all their
data.

Once people get to the point of storing all personal data off machine (e.g.
OneDrive / icloud) it would make more sense to have this kind of thing enabled
by default.

------
evolve2k
What are people thoughts on where to keep your encryption password? Is it fine
just to keep it in lastpass/one pass?

------
JustSomeNobody
And slow it down like it's 1999.

~~~
raesene9
with hardware support for encryption in CPUs and directly on the drives
themselves the hit on performance isn't anything like as bad as it used to be
with pure software solutions

