Vex Star

What happens if i use this program but don’t disable pagefiling?

for the uninformed:

It allocates all of the space when you create the encrypted file, so it won’t overwrite it with the the page file.

If you create a 4gb encrypted drive, it will create a 4gb file.
If your whole OS (and all your drives) is encrypted, it will be too. Otherwise it depends where you put it.
Depends whether you encrypt the entire system drive or just make a small encrypted volume with it. If you encrypt the whole drive, you’re fine. If you don’t encrypt the entire drive, then theoretically somebody could extract the key from you page file.

I shudder to think how much slower your machine will run if everything is encrypted, using software encryption no less. At least DoD hard drives have hardware encryption.
For what it’s worth, the TrueCrypt guys suggest buying more ram and turning of the pagefile. There’s no good solution to encrypt the page file.
at my last job, all laptops had to have their drives encrypted. pretty bad hit to performance.

if this is a PC, could you put in a second drive just for your page file? or could you create a second partition on your hard drive just for the page file? i know that isn’t generally a good idea because it forces the head to jump around more, but it would probably be better than an encrypted page file.

The best solution is to have the computer erase the pagefile every time you shut down. It takes longer, though.

Except there’s no way to securely erase files. Even those file overwriters that supposedly conform to DOD level standards, a computer forensics expert can recreate shit using an MRI machine. I read a few articles about it once, pretty cool stuff.

Expensive, but if you’re really worried about security, you can’t have the page file enabled.
hey zanyspy, what exactly are you looking for this level of encryption for? is it just due to paranoia or do you have a legitimate reason for it? would it be ok to just encrypt your data instead of encrypting everything?

I tried it a not too long ago and only noticed it during file transfers, but I have a quad-core and 4 gigs of RAM so I suppose that helps.

I ended up doing away with it because I have no reason to encrypt my desktop. I could see it being very useful on a laptop, though.

If you can afford to equip all your machines with an assload of RAM (preferably sterilized first), then that’s fine.
Old article, but worth reading:

EDIT: Link to item:

EDIT: Another link, this one’s 7200rpm:

Interesting. We are doing tests on some new Seagate FDE enterprise drives. I don’t know if they are SATA/SAS/FC or what though. Friend of mine here does a lot of our drive certification and was telling me some about them.
it is kind of funny that the OP just abandoned his thread. he asks a question at midnight, doesn’t get a response within the hour so he answers his own question and that’s it. lol.

This is C&P, we don’t need the OP in order to discuss his/her question.

no, i know, but i’m interested in what the purpose of encrypting the system was. i find it stupid that people come in here very late at night, throw a stupid question out there and then get annoyed when no one responds immediately.
If he wasn’t a real techie, chances are the idea wasn’t thought through that well, and he was only looking for the first solution, not the best solution.
I originally misread his concern as that the pagefile would overwrite stuff on his encrypted drive

For a whole drive, going with a HD that uses hardware encryption really is the best bet.

But then you have to deal with RAM. Whatever was in it last when you shut down will still be there, unencrypted.

yes/no

i work for DoD, we have tools.

a tool in the common though is BC wipe, you can set it for as many passes, and write whatever char. you want to the drive and the pattern (ie. 1111 or 1010 or 0000 ect)

…Yes, I understand this. However, using an MRI machine, a forensics expert can recreate the passes used to wipe, based on the magnetic strength, or something like that. It was beyond my understanding, but the cliffnotes version is that no matter how many times you wipe over it, they can still recreate the original data, with enough effort.

Last I checked, DoD wipes the disk 7 times, then microwaves the platters, then runs them through a shredder, then puts the bits into a locked safe until the info on the disk is declassified.

Even an MRI isn’t going to read that, not least because it’s locked in the geometric center of a secure, military-guarded building.

The key to DoD’s approach is a good idea for regular users, too — if nobody ever gets their hands on the disk, nobody can ever read the data. If you have important data on a disk, stick it in a box in your attic and don’t throw it out until the info is totally irrelevant and overcome by events.

Mine feels no different, especially with TC6. Multi-threaded, it’s capable of decrypting/encrypting on the fly much faster than my drive can dish out.

The microwaving/shredding/locked up bits is what does it. Lots of disk wipers claim to be DoD level, or something, which is pretty dishonest.

Related posts:

1. *help* getting my PC to reconize my PS3 hard drive via USB so my PS3 had a overheating/fan failure and now it...
2. Help with Excel charts? So, I have a chart I created. X axis comes...
3. Win XP password question Got a stupid question. My mom was given a computer...
4. End-to-end performance monitoring? We're experiencing some pretty bad performance issues on a few...
5. google apps? any of you guys use this at your office? we...

October 18th, 2008 | Tags: Department of Defense, encryption, hardware encryption, MRI, paranoia, software encryption, using software encryption | Category: general | Subscribe to comments | Leave a comment | Trackback URL