OT:TrueCrypt
Jim March
1.jim.march at gmail.com
Mon Dec 8 15:54:43 MST 2008
On Mon, Dec 8, 2008 at 2:59 PM, Matt Graham <danceswithcrows at usa.net> wrote:
> From: Alex Dean <alex at crackpot.org>
>> I used TrueCrypt to do full-disk encryption on an 80GB external USB
>> hard drive on a ThinkPad T40 (1.4 GHz Pentium M) running Xubuntu
>> 8.04. Any time I had the disk attached, it pegged my CPU and was
>> nearly unusable. I gave up at that point, though there may have been
>> more tweaking I could do to get it running better.
I use the whole disk encryption process as built into the installers
in Fedora 10 (at the moment) and Ubuntu (alternate install CD) when I
use that (and I'll likely be jumping back to Ubuntu but that's a
different issue).
My lappy is a low-grade dual-core chip (Intel "Pentium dual core")
from about five months ago, a $500 Dell. I have 2gigs RAM. Whole
disk encryption isn't slowing me down.
My laptop is a felony to possess in the (US) state of Georgia and
possibly others because I have actual Diebold vote-tally software in
my XP virtual machine. That's why I take encryption seriously. I
encrypt external drives with Truecrypt.
I find no performance penalty with encryption.
In the US, court cases so far say that you can refuse to divulge
passwords based on the 5th Amendment, even under a subpoena to reveal
them. The US is in the minority in this view. Since my travel in
election reform is purely stateside, I do "in your face" encryption
with obvious password requests, rather than the "hidden encrypted
volume" routine possible in Truecrypt where you can hide the fact that
you're doing encryption at all, at the expense of some disk space and
more annoyance in getting to the encrypted data.
If you're taking encrypted disks to places where passwords can be
forced from you (or you rot in jail until you cough 'em up) then you
need to look at hidden encrypted volumes. This includes Canada and
Britain last I heard, and probably Mexico.
Whole-disk encryption has advantages if you regularly piss off the
politically powerful. If somebody sends you a link in EMail that
turns out to dump to kiddie porn, and you back out of the site, you
still have kiddie porn on your hard disk, in the browser cache. If
the police then pound on your door 20 minutes later as the second part
of the setup, you can just power off and without even worrying about
where on the disk that crap is, you know it's heavily blocked.
Partial-disk encryption of any type is about protecting those things
you PLAN on protecting by copying them there; whole-disk encryption
blocks everything from an assailant who has gained physical access to
your machine and in a few rare cases that can save your butt.
Jim March
Member of the board of directors,
blackboxvoting.org
More information about the PLUG-discuss
mailing list