The Evil Eyebrow

Encryption, Security, Passwords

Written by

Bill Ruhsam

in

,

If you are a hip, with-it, web 2.0 person, you probably have more online IDs and passwords than you can shake a stick at1. I do. Sitting here in front of my computer, I can think of 15 without breaking a mental sweat. To simplify my life, I’d been basically keeping the same user ID and password for everything, to avoid having a long list of passwords sitting around for someone to find. Unfortunately, there are numerous websites that don’t allow my standard password (which has special characters2). Some modifications were called for. To date, I’d really only needed to remember 3 or 4 different variations on my password theme.

Then I read Little Brother, by Cory Doctorow (great book, by the way), and I kicked off a huge security revamp on my online life. I generally now have different passwords for everything, although I’m keeping the same user ID.

This raises the question of how I’m going to remember all of these (strong) new passwords. An example of one I use would be “yelling@OutLoud294&+”, which is hard to figure out but easy to forget. Thankfully, TrueCrypt, a free, open-source encryption software lets you encrypt bits and pieces of your hard drive where you can place those passwords.

But wait! What happens if you’re travelling and you want to log in to your bank account? Therein lies my woefully unused thumb drive, pictured here.

Passwords

After ridding the drive of the terribly annoying U3 software3 I turned half of the 1gb thumb drive into an encrypted volume that lets me use it like a regular drive space once I’ve “mounted” it with the encryption password. So, I essentially have a 1/2 gb thumbdrive worth of free space for regular document transport and a 1/2 gb thumbdrive to which I need a password for access. Remembering one crazy password is easier than 15.

One of the nice things about TrueCrypt is that you can load the executables onto your portable drive; whatever computer you plug into won’t need to have TrueCrypt installed as long as you have those files.

So, now you know where to go to find all of my passwords. You still need to torture me for the encryption key, though.

1What does that phrase really mean, anyway?
2This list includes some finanicial websites that really should know better: Bank of America, American Express, Fidelity, US Department of Education, for a few. Not permitting me to use strong passwords does not give me a warm fuzzy about my security.
3This software crashed my home computer every single time I plugged in.

Comments

One response to “Encryption, Security, Passwords”

  1. Vince Avatar
    Vince

    Yup I use Truecrypt everytime, I installed my database, my source code, banking notes, whatever… all in different partitions totally encrypted.
    And I even encrypt encrypted data! LOL!

    Still, there’s a wekness, I can get your master password if I have immediate access to the computer as some MIT sudents showed recently!
    Actually truecrypt stores the master key in RAM which doesn’t disappear get flushed (as many believe) immediatly after shut down, you have an certain amount of time (minutes I guess) to open the box and hard copy the RAM content then analyze it when back home. More than this, I can spray on the central unit some very cold fluid (some nitrogen or cfc) to lower the speed of disintegration of data in Memory (yep the more time goes , the less data you can snap, very volatile).

    Still I added a feature, a small plugin to truecrypt to flush that area when I log off my session, dismount a volume or halt my computer suddenly (resident prog with higher priority than halt). All other scenarios go through the dismounting process and thus memory gets flushed.
    Now, I NEVER NEVER leave a mounted volume and lock the screen to go and get a coffee, because someone can still steal the memory content.
    Last thing truecrypt doesn’t protect you from evil worms who know how to dump the truecrypt location for master keys without truecrypt’s knowledge and thus get access to … well everything. This means you still need to be careful where to stick in your usb stick lol 🙂
    cheers!
    Vince

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts