We need reform and I would be very happy to help here. I have detailed files that explain how "wiping" works. There isn't any scrambling involved. the read/write head writes 0000000 then 11111111 then 10101010 then 010101010101 and many more random numbers to the hard drive. The idea is that the magnetic surface of the hard disk has changed magnetic states so many times that is impossible to tell what the previous magnetic state was 7 writes ago. Generally "zeroing" a drive is good enough to defeat normal forensic analysis. If you are worried about magnetic force microscopy use the multiple writes. They crack open the hard disk in a sterile room (million dollar lab) and use a microscope and can "try" to read the margin of error on the multiple writes but it's nearly a fool's errand, if it's encrypted they just get more impossible to solve math problems, if you encrypt and do a 7 pass wipe it's safe. Once again I don't want to hide behind big words but I can give you the "real" scoop on this, and computer guy is just plain wrong -- there are a lot of bad products but PGP and TrueCrypt have been developed to make sure you're getting good cryptography. No one trusts their data to anything but this. Go find some no BS NSA guys or professional cryptographers (hard to find these guys) and ask them. There are a lot of computer guys that think they know cryptography but it's a separate and special science of its own. If you had used my suggestions the cops would have been crying at headquarters. I intend to put together a set of files, military and academic that really explain how cryptography works as part of my fan club. It's serious reading but serious players can read it and make up their own mind. Give me one instance where PGP or TrueCrypt have EVER been broken (it must have been installed and used correctly) surely there must be an article somewhere?
Breakable encryption : 40 bit, 56 bit, DES Potentially breakable / might be too hard 64 bit DESObsolete but still unbreakable triple DES 128 bit current and absolutely unbreakable AES 128 / 192 / 256 etc.
(DES = Data Encryption Standard)Several applications do contain encryption algorithms that are INTENTIONALLY WEAKENED to be export approved. The US Department of Commerce allows certain cryptographic products to be sold overseas. These products use short key lengths, have precompiled rainbow tables (a shortcut to attacking encryption) and so forth. Whenever you see products 128 bit and larger they are almost always a FELONY to export out of the US without a license. That is because THEY CANNOT BE EASILY DECIPHERED. If you're curious as to the cryptographic strength simply ask "Can this be exported?" if the answer is yes, put it back on the shelf.
Phil Zimmermann was ARRESTED for writing PGP and releasing it on the Internet. THAT'S BECAUSE IT WAS THE REAL DEAL. The charges didn't stick and he was eventually released. Don't compare .22's to SAM 7 Anti Aircraft missiles, it's certainly not a fair comparison.In England it is a CRIME to refuse to give up the password to an encrypted file. If it's so easy why the law?
Why did Louis Freeh (former FBI director) get up in front of congress and ask to make encryption illegial?Brute Force Key Attacks Are for Dummies
Philip Zimmermann, developer of PGPTrueCrypt does not contain any mechanism or facility that would allow partial or complete recovery of your encrypted data without knowing the correct password or the key used to encrypt the data. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or millions of years depending on the length and quality of the password/keyfiles, on software/hardware efficiency, and other factors.
We use TrueCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?Yes. Note that there is no "back door" implemented in TrueCrypt. However, there is a way to "reset" volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume.
NOTICE this requires the equivalent of tampering before you start using the system. If you have someone issue the machine to you and make a password reset CD they can reset the password. If you are doing the installing and do not make a password change disk there is no security risk. THERE IS NO BACK DOOR. There isn't even a company! These are computer nerds who get together and give this software away for free. EVERYONE can download the computer source code and review EVERY line.What do you think the US Army / CIA / etc. are using? ALL THEIR SHIT IS ENCRYPTED. So their shit is invincible and whatever we can get has backdoors? Bullshit. That's THE WHOLE REASON YOU CAN VIEW THE SOURCE CODE: TO PROVE THERE IS NO BACK DOOR.
Here is the closest you can get to NSA backdoors.... security analysts like Bruce Schneier jump their case whenever anything weak is introduced into the commercial market. Look at this, the NSA tries but FAILS to do that. Everyone finds out quickly and refuses to use their code.Security experts: NIST encryption standard may have NSA backdoor
Cryptography expert Bruce Schneier is warning software developers that a random-number algorithm documented in a NIST encryption standard may be susceptible to a backdoor planted by the NSA.The security researchers have raised concerns about a potential backdoor in the Dual_EC_DRBG algorithm, which is documented in NIST's 800-90 publication about deterministic random bit generators.
DBAN.org: Darik's Boot and Nuke (commonly known as DBAN) is an open source project hosted on Sourceforge.[1] The program is designed to securely erase a hard disk until data is permanently removed and no longer recoverable, which is achieved by overwriting the data with random numbers generated by Mersenne twister or ISAAC (a PRNG). The Gutmann method is included with DBAN.
DBAN can be booted from a floppy disk, CD, DVD, or USB flash drive and it is based on Linux. It supports IDE, SCSI and SATA hard drives. DBAN can be configured to automatically wipe every hard disk that it sees on a system, making it very useful for unattended data destruction scenarios. DBAN exists for Intel x86 and PowerPC systems, making it usable on virtually any Windows, Linux, or Macintosh system.Its been alleged that there are programs that the government can obtain from the makers of these products that allow them to decrypt files that had been encrypted by a user. That is completely wrong. I supply the following articles to back up my statements;
The first article deals with a case from Italy in which police seized 2 Psion Pda's belonging to the Red Brigades terrorist organization. Both were encrypted with PGP and unreadable by Italian police, who sent the devices to FBI HQ in Quantico VA and requested assistance decrypting the device. The FBI failed to break the encryption and the Italian case is going down the toilet. If there was any way for those files to be cracked, the FBI would have cracked them.PGP Encryption Proves Powerful
If the police and FBI can't crack the code, is the technology too strong?The next article is about a case of a guy arrested crossing the Canadian border into the US with a laptop computer. When customs looked at the computer they saw Kiddie porn and arrested him. However they made the mistake of shutting the computer down. When they restarted the computer later the files were now encrypted with PGP and unreadable and therefore useless as evidence. That case is proceeding in Federal court and a Federal judge has issued a ruling ordering the defendant to supply the password to decrypt the files saying he has no 5th amendment right to withhold the password. The reason they need the password from the defendant? Federal law enforcement was unable to break the encryption!
Judge orders defendant to decrypt PGP-protected laptopIf Federal law enforcement couldn't decrypt PGP in order to pursue the Red Brigades or a child pornographer then they simply can't break it or they would have! If PGP or Truecrypt is properly installed on a clean machine and proper security precautions are used by the owner then it is unbreakable to anybody.