Secure settings

Ring · **Posted:** February 28th, 2012, 8:21 pm

This is related to truecrypt.

I have several concerns with this.

1: I want to make sure the settings I use are the most-secure, or super super^1000 secure.

2: I have a Mac. And the point is, encryption does no good if the original file isn't truely deleted. Is there a way to make sure the file is acually gone/ isn't cached anywhere? I use secure empty trash, and I frequently zero my machine. I don't want the data I periodically encrypt to be readily available via cache/undeleted "delete files". How should I go about this?

The settings I use:

- Standard volume
- AES-Twofish-Serpent Encryption
- RIPEMD-160 Hash
- Really really really (trillion trillion trillion etc.. centuries to crack at a hundred trillion guesses / sec) (Tested with https://www.grc.com/haystack.htm )
- I usually take the files I want to keep safe (school documents, pictures, content to back up) and drag into the truecrypt volume. I then delete the original and secure empty trash, and dismount. As I mentioned earlier, I want to make sure said files are not existant anywhere outside of the TC volume. (For example, I don't want a document's "versions" to ve cached in textedit, if that Is a document I want to protect)....

P.S - I am not doing anything wrong, I just want to be secure.

Images:

Shot at 2012-02-28

Shot at 2012-02-28

Help would be appreciated, I am a security-alert novice.

Adbot · **Posted:** February 28th, 2012, 8:21 pm

Thomas · **Posted:** February 28th, 2012, 8:33 pm

You have to overwrite where the file originally was on your hard drive with new data. When you delete something, it is still there until you run out of space and overwrite hidden data. My best suggestion would be to have a small boot partition where you keep important stuff, and periodically install/uninstall things in that partition, so that things get wiped often enough. If this doesn't work for you, you could try hiding your info-dumps from 4chan in a confusing maze of filesystems. (from this point out, this is advice a senior gave a bunch of my friends on how to hide porn the other day, out of the blue, during lunch) No one uses the contacts feature of their computer, so go into the contacts folder, then make a personal folder, then make an old contacts folder, then make an "old contacts" folder in that, and then have a "contact us" folder, then a bunch of blank folders, then you pr0nz.

Ring · **Posted:** February 28th, 2012, 9:06 pm

Thomas wrote:

You have to overwrite where the file originally was on your hard drive with new data. When you delete something, it is still there until you run out of space and overwrite hidden data. My best suggestion would be to have a small boot partition where you keep important stuff, and periodically install/uninstall things in that partition, so that things get wiped often enough. If this doesn't work for you, you could try hiding your info-dumps from 4chan in a confusing maze of filesystems. (from this point out, this is advice a senior gave a bunch of my friends on how to hide porn the other day, out of the blue, during lunch) No one uses the contacts feature of their computer, so go into the contacts folder, then make a personal folder, then make an old contacts folder, then make an "old contacts" folder in that, and then have a "contact us" folder, then a bunch of blank folders, then you pr0nz.

1: The image won't show..

And 2: How do I know that any sensative documents aren't stored in a cache somewhere? Like if I have a "password file" in truecrypt, and I made it in text edit before dragging to truecrypt, how do I know textedit doesn't have that info cached? (Without digging through every file in the bloody filesystem)

And no, I'm not encrypting porn.. I don't even like porn

Pfkninenines · Global Moderator 12/4/08

In terms of encryption and being secure, the best way is to have just one OS installed, and the full HDD to be encrypted.

If you're uber paranoid, this is the only way.

For transferring files back and forth between school, I wouldn't worry about it. The computers at school are likely reset at each boot, and the other computer (yours) could be encrypted as described above. If you're paranoid about the school computers, then you've got other issues than something being left in the cache. Just secure your own hardware. That's the only thing you can do.

Thomas · **Posted:** February 28th, 2012, 9:38 pm

Firering401 wrote:

And no, I'm not encrypting porn.. I don't even like porn

Never said you were, just gave advice based on someone who was hiding porn. I did imply that you were hiding 4chan info-dumps though, surprised you didn't call me out on that.

Paul is right, you either ENCRYPTFUCKINGEVERYTHING, dig around in your filesystem, or stop worrying about encryption.

You could try encrypting everything on a separate computer, then hopping it to your computer via USB, but you'd then have to wipe, rewrite, then reformat everytime you did that.

Also, congratulations, I've never met someone who did like sexy photos before (Shane doesn't count because we all know he does, and if he really doesn't, then this confirms my suspicious that Shane is a robot with a disposition for saying "No nononononono").

Ring · **Posted:** February 29th, 2012, 1:22 pm

I can't secure everything, I have a Mac:

- Filevault 2 (Apple's full disk encryption) was cracked, meaning any hacker or anyone with proper tools can get into my data
- Apple's filevault is not open sourced, which means it is NOT trustworthy. Apple probably have left backdoors in the encryption for government agencies, such as the FBI (or for copyrightscum agencies such as the RIAA and MPAA)
- Truecrypt doesn't encrypt an OSX partition, if it did I wouldn't be concerned (because it is open source)

Adbot · **Posted:** February 29th, 2012, 1:22 pm