aspose file tools*
The moose likes Security and the fly likes encryption software Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "encryption software" Watch "encryption software" New topic
Author

encryption software

Monica Dark
Greenhorn

Joined: Feb 20, 2008
Posts: 2
hello all!

i'm new here so please be nice, my question is this:

i'm interested in DriveCrypt from SecurStar, specificaly in it's traveler mode feature. i have been looking for a ong time for a software that has this kind of feature and i finally found it in this DriveCrypt software.

my question is: has any of you used this software? i know that the SecurStar people offer a 30 days free trial for the software so you can test it yourself but it is after all an encryption soft and i am not very experimented with this kind of programs.

i appreciate any response, thanks!
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Security is a difficult subject. We hava a forum for security, I have seen some very informed answers there.

To respond to the website's claims:
  •   Full Disk Encryption Necessary.
  •   Pre-Boot authentication Correct.
  •   Strong 256bit AES encryption Contemporary.
  •   USB-Token authentication at pre-boot level See comment below.


  • 256-bit AES is today's standard. Full-disk encipherment is needed so that the whole disk is protected. I don't know about USB - I am having problems with usb and there are issues.

    The problem is that if the password is lost, all the data on the drive is lost. People lose passwords or have to write them somewhere to remember them. Similarly, anyone who would have a need for system this secure needs to have a long acclimatization in the use of the software. If not, the results are not nice.

    I did not see the traveller mode feature. If you ask about that in our security forum there are professionals in that field. I personally believe that the normal human mind cannot remember a password of sufficient strength to provide the degree of protection this package provides, thus one is likely to store the password on the device.

    averyfiveatmydomain is not a password.

    This, is a password:



    "The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
    Ulf Dittmer
    Marshal

    Joined: Mar 22, 2005
    Posts: 41816
        
      62
    I personally believe that the normal human mind cannot remember a password of sufficient strength to provide the degree of protection this package provides, thus one is likely to store the password on the device.

    I disagree. Pass phrases are easily strong enough using ciphers of sufficient strength (of which AES-256 is one), so that should not be an impediment.


    Ping & DNS - my free Android networking tools app
    Bear Bibeault
    Author and ninkuma
    Marshal

    Joined: Jan 10, 2002
    Posts: 61198
        
      66

    Originally posted by Nicholas Jordan:
    averyfiveatmydomain is not a password.
    Rubbish. See above.


    [Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
    Nicholas Jordan
    Ranch Hand

    Joined: Sep 17, 2006
    Posts: 1282
    Monica, as you can see some discussion happend now that we are in the security forum. I understand what Ulf and Bear are saying, and in normal settings what they say is totally true.

    In an arena where equipment of the strength you cite has utility, I respond that a pass phrase should be used for the 'secondary' system. AES-256 relies on 16, 24, or 32 bytes of information for the key. This has to be stored somewhere on the machine for symmetric ciphers. It is the protection of these keys that is at issue in their response to my post. Using a sentence buried deeply in a work you are fond of is likely memorable and will achieve effectiveness.

    For what it is worth, I suggest that acclimatizaton to the use of such equipment overrides whether I or my repondents have achieved effectiveness in assisting you. Mistakes such as encryption soft and i am not very experimented for "encryption software and I am not very experienced" will eventually obliterate any sensitive data you store on the machine.

    TrueCrypt Foundation.
    Keep in mind that most programs do not clear the memory area (buffers) in which they store unencrypted (portions of) files they load from a TrueCrypt volume. This means that after you exit such a program, unencrypted data it worked with may remain in memory (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off*).


    Every bit real protection arrives as a result of years of highly specialized work, do you have further questions?
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: encryption software