Full Disk Encryption is it really enough to protect your Privacy?

[HyperAlpha]

So I was watching a DEFCON 21 video and I was surprised actually how flawed full disk encryption can be I always had the idea that when you encrypt a hard drive you can't break into it but there is actually allot of method's that can be done:

How do you protect your hard drive and encrypt it with the intention it can never be broken into or I guess just enough to feel safe from another person if they try to break into it?

I will also add a cool github with a program/code that allows your hard drive to be deleted when it is taken away from a sensor since its sorta relative to this discussion. defuse/swatd

[barry99705]

If a TLA wants into your laptop/computer, full disk encryption most likely won't keep them out for long. Unless you're being arrested by one, then pretty much any full disk encryption will keep 99.99% of folks out of your stuff. You can never encrypt a drive so it can't be broken into. It might take a long time, but eventually it can be brute forced. Someone will find a flaw, or computers will just get fast enough. Besides, xkcd said it best.

[cooper]

When you do a full encrypt of your harddisk, the only way your privacy is protected is by 'them' not being able to read your files after they've stolen your laptop. You could argue that they could've taken it from you, made a copy and put things back again, but given the apparent fact that you're aware sensitive information is on your laptop I think it's fair to say you're keeping an eye on it already. And even a half-gig SSD still needs several minutes to copy in full.

I would argue that if you're this worried about your data being stolen, you shouldn't keep this in a laptop but instead on a piece of hardware you keep on your person (external HD/USB stick) at all times, plus that is the drive that actually gets encrypted. Check out the USB Armory for one possible solution. I'm also fairly confident that the number of people that genuinely need to do this is less than 50.000 worldwide... and I highly doubt you're one of them.

So my suggestion to you is: Specify in excruciating detail what the threat is that you feel you need to be protected from, and what measures you've taken to protect yourself. Put just a brief bit of text next to each of those measures to identify the attack vector it blocks. I'd be quite interested with what you'll come up with.

Edited May 19, 2015 by Cooper

[barry99705]

One of my coworkers had his laptop stolen from a client site, that's why I encrypt my laptop. I've also painted the screws that go to the hard drive with glitter nail polish. Once it dries you take a good macro picture of it. If you suspect any tampering you take another picture and see if the glitter is the same. No way to replicate the pattern, so hardware tampering is out. I run linux, so at the moment viruses are out as well. Pretty sure I'm going to see that hardware keylogger hanging off my laptop, so that's out. Also using luks nuke, with several "easy" passwords, so if someone were to start trying to brute the password it wouldn't take long for it to wipe the keys off the drive which effectively secure wipes the drive. Even if they make an image of the drive, it never does anything differently when one of these passwords are used, so it all comes down to how long I can tolerate being beaten with a $5 wrench.

[cooper]

I would say it all comes down to the actual value the data on the machine represents and how badly you want 'them' to not have it.

[barry99705]

I would say it all comes down to the actual value the data on the machine represents and how badly you want 'them' to not have it.

Exactly. For me "them" is that average tweaker that wants to sell a stolen laptop. I have VPN settings to my clients on my laptop, so encryption is good enough to keep the average Joe out. They'll either kill the keys trying to use a few easy passwords, or just sell the laptop as is.