jump to navigation

Steal My Laptop, I Dare You March 18, 2008

Posted by Tim in : Technology , trackback

Okay, well don’t really steal my laptop. I’d rather not have to deal with the hassle of either buying a new laptop or tracking you down and kicking the crap out of you for stealing my laptop. You think I’m joking, but I really would do that. Buy a new laptop, I mean.

But aside from the hassle, let me tell you why I don’t care if you steal my laptop: you can’t get my data. I am so confident of that fact that I would be fine with popping the drive out of the computer, handing it to the NSA, and daring them to try and get my bank account numbers from my Microsoft Money file. In case you’ve never heard of it, the National Security Agency is the U.S. government agency that deals with cryptography. What does that mean? It means they’re in the business of coming up with secret codes that even a Little Orphan Annie decoder ring couldn’t crack. It also means that they’re in the business of cracking those same kinds of codes so that they can obtain the information they need to defend against bad guys.

So now you’re thinking I’m pretty pompous for saying that not even the NSA could get my data. Well I assure you, I don’t say that because of anything I’ve come up with. I give all the credit for me being able to make that statement to a program called TrueCrypt. TrueCrypt is software designed for the protection of data. It does this by encrypting the data. Without going into a lot of painful geek-speak, encryption is essentially the process of taking files on your computer and then shifting, mixing, and jumbling them around until you’re left with nothing more than an unrecognizable mess. Of course, if you know the password, then you can reconstruct that unrecognizable mess without issue and the files work just as they normally would.

I could go on and on about the many benefits of TrueCrypt, but I want to focus on one specific feature that was added to the latest version. Plus, there are people far more qualified than myself to give you the real nitty-gritty of how it all works. For a good in-depth review of TrueCrypt, you should listen to Leo Laporte and Steve Gibson in Episode 41 and Episode 133 of their “Security Now!” podcast. That should be enough geek for all but the geekiest of you. Also, since this is a fairly complex topic to cram into one blog post, please feel free to email me if you would like to find out more.

The new feature that I want to point out is System Encryption, which allows you to encrypt the entire hard drive partition on which you have Windows installed (basically, your C: drive). To encrypt your system partition, TrueCrypt employs something called pre-boot authentication. That means that you have to provide a password before your system will even attempt to boot into Windows. That password is required whether you have shut the computer down, or if you have put it into hibernation. If you don’t provide that password then the entire drive contains nothing but garbage. So even if somebody connected the drive to another computer and tried to get the data without booting into Windows, they would see only random bits.

Now when I say random bits, I really mean random bits. TrueCrypt employs the most sophisticated encryption that is currently available. To give you an idea of what that means, if you use an appropriately strong password and you assume our current level of hardware, then in order to brute force the password (try every possible combination of upper and lower case letters, numbers, and symbols), it would likely take a bad guy more years than the age of the universe to stumble upon your password. I’m going to go ahead and assume that after another 13 to 14 billion years, I won’t really care who suddenly gains access to everything they need in order to steal my identity.

Now I know you’re thinking to yourself, “Well that’s just great, Tim. I’m sure with all the countless millions you rake in by posting your thoughts to a web page that you can afford to have the best encryption available. What about the rest of us?” First of all, if you happen to run across those countless millions, please pass them this way because I certainly don’t have them. Secondly, you don’t need countless millions. In fact, you don’t need counted pennies. TrueCrypt is absolutely free. It is open source software which means you can download, install, and use it all you want without paying a thing unless you’d like to make a donation. It’s also worth pointing out that while I can only attest to the Windows version; there are also versions available for Mac and Linux.

Another benefit of the software being open source is that anybody who wants can download and examine the code that was used to create the software. That’s important in this situation because it means that other security experts could determine if there were secret backdoors programmed in to allow somebody to get around the encryption if they know a “master” password or something along those lines. I’ve looked through the source, but that was more for amusement. It’s not my area of expertise, so I trust the developer community to have vetted all the code to the point that I can be confident in the finished product.

Bottom line, if you have a laptop, I highly recommend using the System Encryption offered by the latest version of TrueCrypt. It is far too easy for those types of computers to get lost or stolen; a fact that has been learned the hard way by more than one government agency in more than one country. As I said in the beginning, nobody wants the hassle of a missing computer, but wouldn’t it be nice to know that none of your personal data would be compromised if it did happen?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments»

1. Igor - April 7, 2008

Let me guess, Security Now?

2. Igor - April 7, 2008

Oh shit, I should make it a habbit of read the entire blog post before leaving stupid comments. Didn’t see you mentioned the podcast above.