T60 & Truecrypt

[selector]

Hi,

Has anyone installed Truecrypt with full system drive encryption on their T60?

I have a T60 with pretty much all of the IBM/Lenovo software installed (via System Update).

- Fingerprint software applied for bootup and login
- ThinkVantage button enabled on bootup to access hidden partition

Have any of these caused any problems or am I safe to proceed?

Thanks!

[pae77]

I haven't tried it yet, however, from reviewing the Truecrypt user guide, I came away with the impression that the TC's boot loader would kick in after the hardware stuff and before windows boots.

[o1001010]

if you want security i simply recommend that you go with aes 256 encryption, 7 zip does that free of charge.

[pae77]

FYI TrueCrypt is totally FREE, and does a heck of a lot more in the security department than 7zip.

[o1001010]

i do understand it is opensource and automatic.
but it is subject to cold boot attacks. which easily defeats the scheme.

http://en.wikipedia.org/wiki/TrueCrypt

7zip with 256 aes is on demand, which only encrypts the file he needs, and if you use passphrases, it will probably be your best bet,

do undestand that nothing is absolute secure. it is all about how badly someone wants your files. nsa probably already cracked aes.

[pae77]

I was aware of the cold boot vulnerability due to recent tech news reports on it. Nevertheless, I don't agree that the scheme is defeated "easily." From what I understand, a "cold boot" attack is not something just anyone can do. And even if one is concerned about a technically sophisticated attacker who might have the ability to exploit that particular vulnerability, all one has to do is use a TrueCrypt container for particularly sensitive material (in addition to or rather than encrypting the entire system) and 5 minutes after it's been dismounted, that kind of attack won't work, if I'm understanding how it works correctly. And even on an encrypted system volume, there is only a 5 minute window of vulnerability after shut down, so long as the system is not placed on standby.

So for me personally, that means I will continue to use a TrueCrypt container for any very confidential material even if I decide to use TrueCrypt to encrypt the entire system volume and when I am particularly concerned about the security of my system, for example, when I'm traveling, I won't be using standby as much.

So while it is important to be aware of that particular vulnerability, I really don't think it is that big of a deal, as there are simple ways to protect against it and therefore I don't think it is a valid reason to abandon TrueCrypt. Jmo.

From the above referenced Wikepedia article:

"Truecrypt, alongside with all other programs tested by Princeton University, is susceptible to cold boot attacks. These allow the encryption/decryption keys (used to secure data) to be determined without the password, by reading this information directly from memory after rebooting the computer[4]

However, preventing physical access to the DRAM memory during ~5 minutes after shutdown or hibernation will prevent this attack, assuming you hibernate to an encrypted volume. On the other hand, 'sleeping' the computer leaves the memory accessible and thus vulnerable[5].

It should be noted that when properly dismounting a TrueCrypt volume, it securely erases[6] the master keys to the volume. This prevents an attacker from gaining access to the master keys if the encrypted volume has been properly dismounted. The cold boot attack is only used if the machine has a mounted TrueCrypt volume currently accessible, and the machine itself is unsecured. [7]"