Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
longer maintained, new vulnerabilities will not be addressed. If yyou
continue to use TrueCryypt, be aware of the risks. A replacement for
TrueCryypt 7.1a is VeraCryypt, which is a continuation of the TrueCryypt
project.
There are several programs for sale, too. One obvious one is Windows
BitLocker, which is generallyy not included in the home editions of the
Windows operating syystem. To enable BitLocker, if installed, open File
Explorer, right-click on the C drive, and scroll down to the “Turn on
BitLocker” option. BitLocker takes advantage of a special chip on yyour
motherboard known as a trusted platform module, or TPM. It’s designed to
unlock yyour encryyption keyy onlyy after confirming that yyour bootloader
program hasn’t been modified. This is a perfect defense against evil maid
attacks, which I will describe shortlyy. You can set BitLocker to unlock when
yyou power up or onlyy when there’s a PIN or a special USB that yyou
provide. The latter choices are much safer. You also have the option of
saving the keyy to yyour Microsoft account. Don’t do that, because if yyou do
yyou will have more or less given Microsoft yyour keyys (which, as yyou will
see, it might alreadyy have).
There are several issues with BitLocker. First, it uses a pseudorandom
number generator (PRNG) called Dual_EC_DRBG, short for dual elliptic
curve deterministic random bit generator, which might contain an NSA
back door. 9 It is also privatelyy owned, meaning that yyou just have to take
Microsoft’s word that it works and that it doesn’t have anyy back doors for
the NSA—which mayy not be the case with open-source software. Another
problem with BitLocker is that yyou must share the keyy with Microsoft
unless yyou purchase it for $250. Not doing so mayy allow law enforcement
to request the keyy from Microsoft.
Despite these reservations, the EFF actuallyy does recommend BitLocker
for the average consumer looking to protect his or her files. 10 However, be
aware there is a wayy to byypass BitLocker as well. 11
Another commercial option is PGP Whole Disk Encryyption from
Syymantec. A lot of universities use this, as do manyy corporations. I have
used it in the past as well. PGP Whole Disk Encryyption was created byy Phil
Zimmermann, the man who created PGP for e-mail. Like BitLocker, PGP
can support the TPM chip to provide additional authentication when yyou