[NCLUG] Good news from the hardware front

Chad Perrin perrin at apotheon.com
Sun Mar 30 12:29:37 MDT 2008


On Fri, Mar 28, 2008 at 11:56:19AM -0600, Jim Hutchinson wrote:
> 
> Thanks for the tip. I don't claim to know all the ins and outs of data
> protection, but I think keepass (and keepassx in Linux) is a pretty secure
> way to store passwords. If you want to have passwords be portable at all,
> then something like this a good defense. By the time someone could crack it,
> I can probably change all the passwords - assuming I know it was taken. Of
> course, the first defense is to not lose it :). I think using two flash
> drives just increased that possibility. I do have a second one I can use for
> sharing files and such that doesn't contain anything sensitive. I never loan
> out or share my main one.

Part of the problem is that everything on your USB flash drive can be
copied off it without you ever knowing it happened.  The first time you
plug it into a computer you are not 100% certain you can trust
completely, it's time to change all your passwords, if changing your
passwords is your defense against it being copied off and cracked.

That's completely ignoring the fact that any passwords you actually use
may be captured by a keystroke logger, et cetera, when entering them on
computers you don't control.

There are certain things I simply will not do from computers other than
my own.

Good to know you keep your flash drive uses separate like that, though.
That's more security awareness than I'd expect from most people.  I think
that, for most, this stuff is profoundly counterintuitive.  Then again,
most people seem to buy into a theory of a vast conspiracy amongst
governmental agencies and politicians to do things for the good of we the
people.


> 
> Along the same lines is truecrypt which allows you to encrypt part or all of
> a flash drive and store documents and such securely. I'm sure there are
> other tools out there, but I just wanted to point out that there are
> solutions to keeping data both safe and portable.

On-the-fly disk encryption is always a good idea for protecting such
things, especially when the disk in question (or flash drive, or
whatever) is going to be connected directly with computers you don't
trust.  It can indeed significantly reduce your exposure.

Ultimately, everything's a matter of trying to balance convenience with
security.  After all, if I was going to protect myself 100% against all
possible threats I've encountered, I'd have to do anything even remotely
sensitive entirely within a Faraday cage with a non-networked computer,
since I wouldn't want to be subject to van Eck phreaking and I can't
afford a TEMPEST-certified laptop right now.  Frankly, I don't have room
for a Faraday cage at home.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Dr. Ron Paul: "Liberty has meaning only if we still believe in it when
terrible things happen and a false government security blanket beckons."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.nclug.org/pipermail/nclug/attachments/20080330/713a5c94/attachment.pgp>


More information about the NCLUG mailing list