How to have better data security than the UK Government - use TrueCrypt
Monday, January 21, 2008
Update 9th March 2008: Truecrypt 5 was released last month. It can now carry out whole disc encryption amongst a host of other enhancements. The BBC reported this week on research from Princetown University showing that the contents of RAM memory (including encryption keys) can be recovered for up to several minutes after the power to a computer is turned off, thus enabling a disc to be decrypted. The implications of this are explained on the Truecrypt website. The important point to note is that in everyday practice, (as opposed to controlled laboratory conditions) this is a very very small risk given that the RAM only retains the information for minutes after the power is off, and providing (on Windows) that Sleep, Hibernation and System Restore are disabled on your laptop, so it cannot be rebooted with data in RAM. A thorough discussion on this topic with the Princetown researchers is also available.
This data retention in RAM memory has been known about for several years, and some commentators claim that the presentation of phenomenon is being over dramatized in order to attract further funding. For example:
“Also, it is slanderous to call this a “flaw in encryption software”. This has nothing to do with disk encryption software in specific, and telling people to “check with the maker of your disk encryption software to find out how to protect yourself” as is done at the end of the video, is sort of like telling people to call Toyota to complain about potholes. It smells like someone needed to prove they’re worthy of their grant, or is fishing for new ones.”
Original Post: Oh dear, another shed load of personal data has been lost by a UK Government institution. First of all in October 2007 it was Her Majesty’s Revenue and Customs copying a database with 25 million peoples details onto a CD and sending it by snail-mail from HMRC offices in Gateshead to the National Audit Office in London. It never arrived. The £25,000 reward is peanuts compared to what criminals would pay for the information. Then last week the Royal Navy had a laptop stolen from a car. The laptop contained a database with details of 600,00 forces personnel including passport numbers, National Insurance numbers and bank details. It has now been revealed that two similar laptop thefts have taken place since 2005. The head of the Civil Service has today told Whitehall staff not to remove laptops with sensitive data from their offices. What a shambles!
Continue reading How to have better data security than the UK Government - use TrueCrypt
↑ Back to top ↑
