Author Topic: DiskCryptor 1.1.846.118 released  (Read 29818 times)

Morthawt

  • Newbie
  • *
  • Posts: 36
Re: DiskCryptor 1.1.846.118 released
« Reply #15 on: April 10, 2015, 10:54:07 pm »
So you think it is more secure and better for DiskCryptor to specifically not include UEFI support, thus specifically not allowing everyone who has modern store-bought computers to securely encrypt their data with the software? To allow people to go through the entire process only to find out that their computer is broken because it let them encrypt only to find out it does not work? That sounds like a really idiotic position to take. Not including UEFI support is not going to magically make UEFI vanish from their systems. A small percentage of us PC techies or even enthusiasts build our own computers. EVERYONE ELSE has store-bought machines, pre-build, pre-installed systems and all of them these days have UEFI and most have secure boot enabled. If the DC developer takes your suggestion a whole ton of people will break their systems by trying to use this software and at the end of the day either way have no ability to use it.

I think you should rethink your position on this topic because there are clearly some serious holes in your position.

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: DiskCryptor 1.1.846.118 released
« Reply #16 on: April 11, 2015, 07:43:04 am »
It would be awesome if ntldr could make UEFI go away.  It is bad for so many reasons.  Still, I would like for Diskcryptor to have a UEFI bootloader option.

UEFI doesn't help to secure consumer computers.  UEFI is a bootloader located in hardware that is configured by firmware.  If you have UEFI, your bootloader is saved in your motherboard instead of on your disk drive.

If cyber-criminals decide that they want to mess with victims' bootloaders, they will be writing viruses that reflash the UEFI firmware of infected computers.  Their attempts to gain control of computers by means of such viruses could get the computers bricked.

Before UEFI, the way to prepare for bootkits was to keep binary copies of your hard drive.  Now, you have to make binary copies of your hard drive and your system firmware.  I still have not learned how to back up and reflash my system firmware, unfortunately.

Consider this:

Keeping binary backup copies of an encrypted hard drive may constitute a cryptologic security risk called "key reuse".
« Last Edit: April 11, 2015, 08:01:59 am by Italick »

Morthawt

  • Newbie
  • *
  • Posts: 36
Re: DiskCryptor 1.1.846.118 released
« Reply #17 on: April 11, 2015, 08:35:55 am »
I still have not learned how to back up and reflash my system firmware, unfortunately.

Consider this:

Keeping binary backup copies of an encrypted hard drive may constitute a cryptologic security risk called "key reuse".

You just download the firmware from your MB brand's website and use the supplied tool to flash it back. Or in Gigabyte's case (which is why I exclusively don't use any other board) there is a backup built right into the motherboard so if anything goes wrong and either settings/virus/failed update brick your system it will after 1 or 2 reboots reflash your main bios/UEFI with the original one that came installed on the MB when you got it. No external backups or techniques needed.

Also, as for keeping backed up copies of encrypted drives is not a problem because if the data is the same and the crypto is the same, it makes no difference if there are more than 1 drive (think cloned drives). If you have different data in a drive using the same cloned crypto then even though the drive is using the same key with different data, that is no different than having 1 drive and putting different data in it. It would be advisable to use freshly created drives/partitions/containers within an encryption software, just as a best practice and highest security precaution but realistically I do not believe it constitutes a high risk. If we were talking about Vernam cypher I would of course agree that key reuse is insanely bad and should never be done. With modern crypto, using the same key mainly constitutes a problem if the key gets cracked in one instance then it can be used to decrypt all instances of where that key was used. Maybe also if an attacker has decrypted access to your system (at which point you are screwed any way...) they could write known plain text in the various drives that use the same key and attempt to cryptanalysis their way into cracking the key but like I said if they have that level of access you have more important things to worry about, namely how the hacker/whoever got access to the system while the drives were mounted. Trojan? Software exploit? Physical access? etc.

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: DiskCryptor 1.1.846.118 released
« Reply #18 on: April 11, 2015, 09:02:55 am »
I keep multiple binary copies of the encrypted system in an encrypted storage volume, so that the encryption is cascaded.

I don't know how good that idea is, but I prefer it over keeping multiple snapshots of the drive without putting additional encryption over the group of them.

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: DiskCryptor 1.1.846.118 released
« Reply #19 on: April 11, 2015, 03:59:39 pm »
Heh, I have time, let's play.

So you think it is more secure and better for DiskCryptor to specifically not include UEFI support, thus specifically not allowing everyone who has modern store-bought computers to securely encrypt their data with the software?
I know, that it's more secure, and better to not have a security risk.
I know, that it's more secure, and better to not have an encryption software running on a platform, with security risk so near the "heart", for the user, and the author alike (false sense of security, and "bad rep" you're so concerned about, respectively).
I know, that so called "progress", isn't always a good thing, and forces to make hard\bad decisions, makes people miserable, etc.
I know that, contrary to popular believe, you can't have everything.
I don't know what's better for DC, or it's creator, but I think "ridding" current niche is good.

To allow people to go through the entire process only to find out that their computer is broken because it let them encrypt only to find out it does not work? That sounds like a really idiotic position to take.
Sound like you have a problem with eyes, reading:
But (like I've wrote in my "petition"), information about that "limitation" should be posted on main, download page for all to see.

Not including UEFI support is not going to magically make UEFI vanish from their systems.
1. I'm not concerned about their systems, it's their problem.
2. No, it's not. But not supporting it, telling the truth about it, maybe will make it go the way of Digital Compact Cassette, or at the very least, it's not gonna be "in" DC.

A small percentage of us PC techies or even enthusiasts build our own computers.


EVERYONE ELSE has store-bought machines, pre-build, pre-installed systems and all of them these days have UEFI and most have secure boot enabled.
Maybe in your country. If it's so, here's a "box" to put your complains in:
http://www.uefi.org/contact_us

Also, majority of those people clearly isn't very concerned, aware of security issues, so put down your "armor", its "shininess" just distracts.

If the DC developer takes your suggestion a whole ton of people will break their systems by trying to use this software and at the end of the day either way have no ability to use it.
0. Who forces them to ?
1. A lot of people already broke their systems with UEFI, without DC.
2. A lot of people already broke their systems with DC, without me.
3. No. If DC developer takes my suggestion, only: "I know better"\"I'm a "techie"", "Nobody tells me what to do", people will break their stuff, because there will be big, honkin' warning that says:
DC AND UEFI-GPT DON'T MIX.

I think you should rethink your position on this topic because there are clearly some serious holes in your position.
I think you're projecting.


P.S.
Ability to "build" computer from parts, makes you a "techie", as much as as ricer is a racer.

Morthawt

  • Newbie
  • *
  • Posts: 36
Re: DiskCryptor 1.1.846.118 released
« Reply #20 on: April 11, 2015, 05:48:23 pm »
I said "A small percentage of us PC techies or even enthusiasts build our own computers." I am a CompTIA A+ techie. Which is why I also included the non-techie "or even enthusiasts" to cover both instances. Please try and pay attention. I do not agree with your position, let's leave it at that because this is going nowhere and circles are not always a good thing. The fact is using DC on a system with UEFI enabled will brick the system as far as an end user goes. Therefore the very minimum should be a check in the software that prevents system encryption if UEFI is detected. Having software like this let people trash their systems does not give the software a good name. An end user wouldn't know UEFI from an IOU. It is the responsibility of the software designer to protect users from something like this crippling their system. It should never even get that far.

Truecrypt installed the bootloader, made you reboot and verify that you were able to type the password in and then upon successful boot with the real password it would allow you to encrypt your system. That is a well thought out process for allowing function while protecting users.

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: DiskCryptor 1.1.846.118 released
« Reply #21 on: April 12, 2015, 03:06:04 pm »
I am a CompTIA A+ techie.
If you wanted to impress people, you should've used something more recognizable, and not from an "entry level". And if yo used, for example, Cisco Certified Architect, you could say that you're so "above it", that creating a PE is beneath you.
But at least for me, it wouldn't mean much because I know it doesn't really matter what "paper" you have, or how many "funny letters" before your name. What matters, is what you have "in your head", and more important - what can you do with it.
Since you can't even make a DC PE...

Please try and pay attention.
You too. And get of your high horse, because it's just a pony, and very young one at that.

I do not agree with your position, let's leave it at that because this is going nowhere and circles are not always a good thing.
It's not a position, it's a fact - UEFI is a security risk.
This is going nowhere, because you thought that you're dealing with someone like you - PR based, not fact based. And now, you can't bring yourself to admit that you were wrong. Instead you just try to find new ways to cloud the issue, prove your point, make me go on the defensive with eristic tricks, etc.

The fact is using DC on a system with UEFI enabled will brick the system as far as an end user goes.
If you took your own advice about paying attention, you'd know that UEFI bricks stuff, even without DC. So maybe you should look at the "source" ? Just a thought.

Therefore the very minimum should be a check in the software that prevents system encryption if UEFI is detected.
I don't like "nag screens", but I have to partially agree - a warning, but if a user wants to, then he should be able to, it's his* computer after all.
Although I would settle for that big, honking warning, or "*" under supported OS.

An end user wouldn't know UEFI from an IOU.
Well, that's the real problem isn't it ? People doing things they know nothing about, shouldn't.

It is the responsibility of the software designer to protect users from something like this crippling their system.
It's the responsibility of the user, to know what, how, and why he's using. User level of knowing - I mess with disc, so I can mess up the disc.

It should never even get that far.
I agree, (U)EFI should've "died" years ago.

Truecrypt...
Another one...
Then simply use TC, if it's so much better.

Morthawt

  • Newbie
  • *
  • Posts: 36
Re: DiskCryptor 1.1.846.118 released
« Reply #22 on: April 12, 2015, 03:16:43 pm »
So now it is a talent contest? I should have lied and say I am a Cisco Certified whatever, just to try and impress people? I said I am a techie and that I was not able to make one of the live CD's by following the instructions. Everyone else that I know have failed also because I asked them to try. One got the live CD to work but DC would not work. But whatever. I go through phases of trying different crypto software. I am moving on to something else now that I have been using DC for months.

Speaking of high horses... Re-read your replies.

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: DiskCryptor 1.1.846.118 released
« Reply #23 on: April 12, 2015, 03:58:18 pm »
So now it is a talent contest?
You tell me. You started writing about you being a "techie", and tried to "shine" that certificate of yours.

I should have lied...
You should've stick to the matter at hand.
You should've simply admit failure with creating a PE, and not trying to make it look like it's a "rocket science".

I said I am a techie and that I was not able to make one of the live CD's by following the instructions.
No, you said:
I am a techie and I could not even make one.
Using "techie", and "even", implies what I've wrote earlier.

Everyone else that I know have failed also because I asked them to try.
And what that says, since other people, not "techie", or with fancy certifications, did it ?
Not to mention our forum "magician" Italick, managed to "graft" DC onto Macrium Reflect PE, and I didn't see him mention being a "techie", having any certificates. Don't even know if he is\has.
Italick sir, do you have something that will explain your "magic" ? Dragon blood ? Hogwart graduate ?

Speaking of high horses... Re-read your replies.
I try to level with person I speak to, so I suppose, sometimes there could be some seeping.

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: DiskCryptor 1.1.846.118 released
« Reply #24 on: April 12, 2015, 07:04:32 pm »
Quote
Italick sir, do you have something that will explain your "magic" ? Dragon blood ? Hogwart graduate ?

What I have is mainly a combination of mania with free time, from being unemployed.  I earned a BSEE many years ago, but it was not a career enhancer for me.

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: DiskCryptor 1.1.846.118 released
« Reply #25 on: April 12, 2015, 08:38:05 pm »
One of the great aspects of Diskcryptor is that its bootloader is highly adaptable to many different start-up and dual boot scenarios.  If Diskcryptor had a mechanism to prevent an installation that would make a computer unbootable, it would either have to take into account a very large number of possibly intended configurations, or Diskcryptor's boot options would need to be less flexible.

If Diskcryptor were mine to change, I would include a warning in the software indicating that Diskcryptor is not designed to prevent the changes that it makes on hard drives from leaving a computer unbootable, or from making the OS unusable.  The warning would suggest making a Diskcryptor WinPE and backing up headers of encrypted volumes.  It would also suggest that, in preparation for the need of a recovery, users learn how to use hard drive imaging/cloning/recovery software and make preparatory backups before installing Diskcryptor.

The need to learn how to make backups could cause some people to lose interest in Diskcryptor.  Diskcryptor is targeted toward a security conscious user base.  Data security consciousness includes the willingness to learn and implement plans to recover important data if they are damaged.  Diskcryptor does not do everything, so users will have to look to something else to do backups and recovery.  If somebody does not want to be bothered with data backup plans, Diskcryptor might not be his or her kind of thing.

I would have only one warning like this in the software.  I would have a single big warning that appears in a window when the user initiates changes.  I would make it easy to change the program preferences to opt out of the warning.  I might include a PDF document with important practical notes in the download.

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: DiskCryptor 1.1.846.118 released
« Reply #26 on: April 13, 2015, 01:45:25 pm »
What I have is mainly a combination of mania with free time, from being unemployed.
OCD, yep sort of "IT guy" prerequisite.

I earned a BSEE many years ago, but it was not a career enhancer for me.
And you didn't feel the need to bring it up "every" conversation ?
"Strange" ;)

One of the great aspects of Diskcryptor is that its bootloader is highly adaptable to many different start-up and dual boot scenarios.
Yeah. Had to remove my Linux distro, because TC\VC didn't "like" all of those bootloaders, "juggle" between OS-es, because you can't simply encrypt OS volume from under other OS, and encrypt, and add bootloader later, and it STILL WOULDN'T FUC*ING ENCRYPT, OR ANYTHING, because something, something.
FFS...

I really don't understand the TC\VC "fad". Simple encryption of one volume, in my case, required "wasting" one OS, would require "wasting" another, and FSM only knows what else (left nut, firstborn).
The only things that I see, that makes TC\VC worthwhile, are containers, and the bit about "fake" OS.

The warning would suggest making a Diskcryptor WinPE and backing up headers of encrypted volumes.  It would also suggest that, in preparation for the need of a recovery, users learn how to use hard drive imaging/cloning/recovery software and make preparatory backups before installing Diskcryptor.
My "petition" still waits for supporters:
https://diskcryptor.net/forum/index.php?topic=5114.0
:)

Diskcryptor is targeted toward a security conscious user base.  Data security consciousness includes the willingness to learn and implement plans to recover important data if they are damaged. Diskcryptor does not do everything, so users will have to look to something else to do backups and recovery.  If somebody does not want to be bothered with data backup plans, Diskcryptor might not be his or her kind of thing.
QFTT

I would have only one warning like this in the software.  I would have a single big warning that appears in a window when the user initiates changes.  I would make it easy to change the program preferences to opt out of the warning.  I might include a PDF document with important practical notes in the download.
You really think that people, who didn't read those few words in the nice, and "blingy" box:

would read some .pdf ?

nammy2

  • Newbie
  • *
  • Posts: 2
Re: DiskCryptor 1.1.846.118 released
« Reply #27 on: April 03, 2016, 01:54:36 pm »
Hi. I installed the last version. Crypted my system properly reading all the Doc first. Sadly, i didnt see anywhere some chars were not allowed in password in AZERTY ... I know its there... I was blind... And the program let me use it without any warning.... Now, my whole drive is crypted. And i cant fucking enter an @ symbol into my pass field on boot... Si im locked out... Is there any way to bé able to enter that idiotic symbol please or AM i really dead as i think? Example by hardcoding the password in bootloader manually by défaut via any third party bootable program? Or change kb layout to QWERTY while on the 'enter password' screen?


PS. You maybe should add à password check when setting it so it doesnt allow you to use something that is not allowed... Thanks for reading me
« Last Edit: April 03, 2016, 02:23:22 pm by nammy2 »

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: DiskCryptor 1.1.846.118 released
« Reply #28 on: April 03, 2016, 03:50:27 pm »
Hi nammy2.  The way to deal with that is to load a rescue environment and change the password.  Or connect the drive to another computer and change the password.  Use only letters and numbers in the password of a bootable volume.

nammy2

  • Newbie
  • *
  • Posts: 2
Re: DiskCryptor 1.1.846.118 released
« Reply #29 on: April 03, 2016, 04:32:32 pm »
Hi italick,
Thanks for jour answer. I have a hbcd live USB stick. It contains diskcryptor environnement. So i changer password in no time! Thanks again