- Status
- Jul 26, 2008
- 4,544
- 1,162
- 24,840
Truecrypt is ~meh~ at best. What you realize is that the dev's are rather biased on encryption. They refused to support Via Padlock for years but supported Intel's HW based encryption with great fanfare. Having used both Intel's and Via's I can say that the Via implementation is much much cleaner. It's just a small extension of the x86 instruction set and can be implemented in any code base.
For a better solution use,
http://en.wikipedia.org/wiki/DiskCryptor
Originally based on Truecrypt but branched into a different direction, its more standardized and works with both Intel and Via HW based encryption.
This is what I run on my home AD / DNS / File server (Via Nano 1.6Ghz + 2GB of memory coupled with eSata 4TB RAID). Encrypts / Decrypts at full speed with no performance hit.
Seriously Toms, ya'll treatment of the Via platform is impinging on your journalistic integrity.
For a better solution use,
http://en.wikipedia.org/wiki/DiskCryptor
Originally based on Truecrypt but branched into a different direction, its more standardized and works with both Intel and Via HW based encryption.
This is what I run on my home AD / DNS / File server (Via Nano 1.6Ghz + 2GB of memory coupled with eSata 4TB RAID). Encrypts / Decrypts at full speed with no performance hit.
Seriously Toms, ya'll treatment of the Via platform is impinging on your journalistic integrity.
I LOVE TrueCrypt and use it on ALL my computers. Bitlocker, however, is essential in commercial environments where tens to thousands of devices need to be secured AND recoverable. Imagine being an admin facing a CEO who can't access their stuff because of security measures, even though "it worked yesterday" and he/she "hasn't done ANYTHING to change it".
More seriously: I have been using Folderlock for quite some years now. This paid for application is also 256 AES. Its chief disadvantage is that it will not encrypt the System drive. Its chief advantage is that encrypted portable drives can be unlocked on any PC without having to install it on that system first. TrueCrypt will not do this. This means that encrypted portable drives can be used on machines where I do not have administrator privileges. There are security issues in doing this and TrueCrypt explains why they do not do this in their documentation. See under portable mode 'http://www.truecrypt.org/docs/'.
However the Folderlock encrypted memory stick is very secure and can be run on systems where running executable files (*.exe)are locked down by the administrator. Very handy indeed.
I shall now use both... thanks for the great article.
However the Folderlock encrypted memory stick is very secure and can be run on systems where running executable files (*.exe)are locked down by the administrator. Very handy indeed.
I shall now use both... thanks for the great article.
Your choice of SSD actually doesn't remove the drive from the equation. Sandforce drives do real-time compression to hit those 270 MB/s speeds, if the data isn't compressible they drop off to about the 150 MB/s you saw. Encrypted data isn't compressible. If you did the comparison with a different controller (Intel or Crucial drive), I suspect you'd see the same losses on IOMeter loads but the sequential transfers wouldn't be affected. Same conclusion, different results.
Also, you used Lynnfield's specs for the CPU caches. Pretty sure i5-661s don't have 4x256k L2 cache.
Also, you used Lynnfield's specs for the CPU caches. Pretty sure i5-661s don't have 4x256k L2 cache.
WyomingKnott
Legenda in Aeternum
- Aug 29, 2006
- 13,249
- 3
- 51,960
I don't know who this guy Ed is, but I disagree with him. There are scads of psychological studies showing that human behavior, and particularly when risk-taking is involved, is not rational. Our brains and minds did not evolve to deal with a world of logic; so far, no part of the world that we know runs according to the rules of logic. And I include research institutions (which can come close) and academia.
I have been amused for years by comparing human behavior to what game theory would dictate for the same situation. I can see selfish behavior reducing the selfish individual's payoff compared to the "right" answer. One glaring exception was traffic in Providence, RI, in the 1990s. The streets were (still are?) so narrow that one double-parker could shut down many square blocks. There, people followed the rules, and the throughput of the system was optimized.
Just as well Osama Bin Laden never read any of this or if he did and implemented it then all the arguments about the hardware not currently being capable of brute force decrypting are obviously not the case depending on who wants your data.
justiceleague
Distinguished
- Jul 12, 2011
- 1
- 0
- 18,510
The 2630QM does support AES-NI, only some faulty BIOS images disable it at boot, see here a screenshot of 2630QM with fixed BIOS: http://imgur.com/viyVB
[citation][nom]memadmax[/nom]alidan,hackers use bruteforce as last resort as it takes so long.Now they do the sneaky worm into your keyboard with a keylogger most times. Or if they are really targeting you, or want you bad, they will dig in your garbage....Net Security 101...[/citation]
A good technique is to use the first letter of a phrase you like. For instance: "I don't believe in secure passwords, because I forget them" yields Id'bisp,bIft. You can also add a number to your phrase.
A good technique is to use the first letter of a phrase you like. For instance: "I don't believe in secure passwords, because I forget them" yields Id'bisp,bIft. You can also add a number to your phrase.
- Status
TRENDING THREADS
-
Question No POST on new AM5 build - - - and the CPU & DRAM lights are on ?
- Started by Uknownflowet
- Replies: 13
-
-
-
-
Facebook
Twitter
Instagram