In todays world there are few places that violate ones right to privacy more than the internet. Let's try and MAKE SECRETS STAY SECRET! by Frater Ignotius This article may be a little heavy for some of our not so computer literate readers but it should give all a sense of how important it can be to your health, secrecy and security to be aware of the dangers out there. There are many reasons to hide something on a computer. You may want to make sure other users aren't able to read your documents and mail .You may want to hide your pr0n from your boss, or maybe even make sure that if your loving government kicks down your door, your stash of sensitive information is not compromised. Easy. some say. Use encryption and you're safe. Well, OK. A partition or file encryption scheme might keep your files safe from your wife or boss or kids or whatever. But what happens when you've been up hacking all night and finally decide to get some sleep and just dozing off at 0700, a dozen policeman and/or three-letter-agency operatives bust down your door and have you in handcuffs before you can even turn off your computer? Or what if your hardcore software firm gets a visit from some "art students" who really only wants to steal your data to pass on to your competitor or somewhere else? Even if you close your encrypted drives or files or maybe even logged out and shut down you still might be in trouble. "Why? " you ask. "I use XYZ encryption and that's unbreakable!" Sure the encryption scheme may be unbreakable in a mathematics sense (although I wouldn't count on it just because the read me file or web page says so). But have you considered that the software implementation itself might not be a secure as you would want and that, in any case, your operating system might also give you away? Consider this: when a piece of encryption software starts, it will need the key and the passphrase for decryption. Per default many, if not most, simply store the key on your hard drive. And even if you keep your key in a super safe place that no one would ever find, it will still need to be loaded to memory in order to decrypt, no? The same goes for the password. While it might only exist in your head at the time of boot up, the second you type in that password , chance are it's going into RAM. Now, what happens to things in RAM? They get swapped to disk. Also do you have any idea what temp files your encryption software makes? And what they contain. Are they properly erased or just removed from the allocation table (leaving the actual data still on the drive) the way a regular "del" or "rm" would? For all you know, the encrypted file might be written in plain text to the disk, then after you close the encryption software, the file either stays in place or is just deleted in the regular fashion, meaning that the unencrypted data is still intact and can be retrieved using "undelete" software Someone who wants to seize a computer for evidence gathering (forensics) or to steal your secrets (espionage) could for instance run a small program that would bluescreen (BSOD) your windows box or make your Linux kernel dump core. Then the box would be powered off, opened, and the hdd would be extracted and hooked to a gizmo or computer that does a bit to bit copy, very much like the dd command on *nixion would. There are handheld devices made just for this, with IDE (or whatever) connectors and a fast hard drive. They can copy a disk perfectly in minutes. This could leave the intruder with a complete dump of your RAM and an exact copy of the entire file system. If the key and password are available in any way, shape or form, assume THEY will find it. And that will make your secure encryption scheme nothing more than an amusing puzzle for the spy or forensic expert - even though you memorized a 40 random character password and used a key length that even NSA would consider overkill. So what can you do to safe guard against this? It's not a cut thing, and I certainly would not claim to be intimate enough with the internal processes of any OS to propose a solve all solution. However, there are some simple steps that I believe will improve the odds. Concoct a solution that secures YOUR scheme. 1. When opening an encrypted file or volume, do the changes you need to do, then close it and reboot. Make Sure you completely flush the RAM and overwrite your disk cache. Don't leave the software running or the file or volume open when you're not using it. 2. Turn off any and all memory/core dumping function in your OS, unless you're actually using them for something. Turn off hibernation and what not in XP. Make sure there are no processes dumping your RAM to disk or making "backup" copies of any relevant system files or the files associated with the encryption scheme. Use a tool to see what files your encryption scheme opens while running, note where they are kept and their names, and see if they are deleted properly or if they can be recovered. 3. In Windows XP, take a look in %System(arrow)Root%/Minidump and observe that there is per default one (albeit) small memory dump from each of the countless BSODs you surely have had since installed. Go turn the damn thing off (found MY computer>Properties>Advanced>Startup and recovery settings). 4. Move your temp/tmp folders to a proper place if you use Windows. Regardless of OS make sure you properly delete your temp files each boot and/or shutdown, using a secure deletion program that actually overwrites the sectors of the disk, as opposed to a regular del or rm. with the win 2k, w2k3 and XP Pro. Turn on complete memory dumping set. HKEY_LOCAL_MACHINES?SYSTEMS\Current-ControlSet\services\i8042prt\Param eters\ CrashOnCtrlScoll to 1, hit CTRL+SCRLCK SCRLCK and windows will dump the memory. Analyze with a hex editor and see if you can't break your own scheme. The same thing is done in Linux by configuring magic sysrq in the kernel. This may seem paranoid but if you have something you really want to hide from people with big resources, you have to be paranoid or you'll be at risk. The safest thing to do may be to have a dedicated box that handles the encryption and to make the box so sensitive to irregular activity that it shuts like a clam if something happens. For instance, a Linux server with StegFS (http://stegfs.sourceforge.net (http://stegfs.sourceforge.net/)) and the aforementioned considerations about memory dump take you a lot farther towards true security than something like PGPDisk (http://www.pgpi.org (http://www.pgpi.org/)) which would be highly susceptible to dump attacks. But that is not to say that you can't the latter safely. Even if you manage to force your OS not to dump the memory the intruders might have their own software or even hardware to do just that, so make sure you find a routine that flushes any sensitive data such as a key and passphrase out of RAM and of the HDD. In any case, make sure you're not already storing multiple copies of both in various temp folders already. There is surely more to be said about this, and now it's up to you to in investigate how you can safeguard against this on your OS and with your encryption scheme. Remember to share your info.