Somewhat OT, encryption question

Robert Moskowitz rgm at htt-consult.com
Wed Nov 26 23:33:42 UTC 2014 

On 11/26/2014 04:58 PM, Bill Oliver wrote:
> On Wed, 26 Nov 2014, Joe Zeff wrote:
>
>> On 11/26/2014 12:47 PM, Bill Oliver wrote:
>>>  Now let's say that flash drive is stolen, lost, etc. *and* the
>>>  passphrase is compromised.  I want the data on the flash drive to be
>>>  available *only on one computer* even if the passphrase is known.
>>
>> What happens when (not if) some piece of hardware dies without warning?
>>
>
> Then I'd rely on decrypted backups, which are stored under physical 
> lock and key. Or, if necessary, I'd simply go back to the client and 
> get the data again.  I do that a lot with paper files, since I burn 
> them when my consultation is finished.  Occasionally, the client will 
> come back for more help, and I'll have them resend the information.  
> My problem is *not* loss of data.  It's security.
>
> Since I do investigative work and litigation support involving violent 
> deaths occurring in multiple countries, including evaluation of 
> possible human rights abuses and assassinations (though most of what I 
> do is much more mundane), I have *boxes* of confidential material in a 
> safe in my home.  For example, one of my coworkers recently returned 
> from Gaza, looking at deaths of children there.  As you might expect, 
> the information and imagery she brought back might be inflammatory, 
> and until the final report is released, there are significant issues 
> with data security.  But the fact is that she can lose her working 
> copies of stuff because the archival copies are in a secure place.
>
> If someone is willing to break into some place and dynamite a safe, 
> then that's the breaks.  However, I also have the problem of folk 
> constantly attempting to gain access to materials electronically.  
> More recently, I lost a flash drive that had sensitive data on it.  
> While the drive is encrypted, and I believe that it was "really" lost, 
> not picked up, I'm not overly concerned.  But that started me thinking 
> about trying to fix it so that even if someone had my passphrase, they 
> could still only open it on my secured computer.

You need to look into serious professional security software.  THERE are 
such things used by ngos that are as safe as anything can be from 
backdoors.  Check out Bruce Scheiner's site for recommendations, for 
example.  Go with something that needs a token to decrypt; "something 
you know and something you have" is what we say.

I work days in secure communications.  I do not do secure data, or only 
some limited cases, so I would have to do some digging myself.

More information about the users mailing list