# Digital Image Encryption



## rooky (Apr 4, 2008)

I am not sure what area to post this in or even if there is one but I figured the digital area cant be too far off, so anyway......

I wanted to mention that in case *some *of you have never used it or are not aware of it, there is a great free encryption program out there that I use and I'm sure quite a few others do as well. It's called true crypt. It is awesome!!!! I highly recommend it if you have images or pictures or files you might want to keep away from prying eyes. 

Here is the link:

http://www.truecrypt.org/

I use it alot to store all my sensitive info in and also to store those pics you might take that you dont want to fall into the wrong hands.lol

Note: True crypt is a the real deal. Make sure you read the readme before trying the program or you might mess up. Once stuff is locked in it and you forget the password, you're screwed. 

And also, I'm sure many of you know that anything you delete on your computer isn't really gone using the recycle bin. It's merely semi-permenantly misplaced, so to speak. If you need to delete a photo or any sensitive files and never want them recovered... use a shredder... something that will over write it one the HD with 0's and 1's permanently!
Here is a good free choice. Here is a good shredder thats free too:

http://www.handybits.com/

Oh yeah, one more thing. If you do delete something, like a picture using the recycle bin and u'd like it back, try this software. There is a free trial version here:

http://www.r-undelete.com/

This wont do you any good if you have shredded it. lol

Let me know on this thread if this helped anyone. Nice to know the info was helpful to someone. Thanks.


----------



## Garbz (Apr 4, 2008)

Just a note I wouldn't use a permanently mounted encryption solution like truecrypt's virtual disk if my data was really sensitive. There are methods to very very easily extract this data from memory if the computer is on, in standby, or easier still hibernate.

Sensitive information should just be encrypted in individual files where the decryption key is not memory resident.


----------



## rooky (Apr 5, 2008)

* Resolved incompatibilities:*

On computers with certain hardware configurations, resuming from hibernation failed when the system partition was encrypted. Note: If you encountered this problem, the content of RAM may have been saved unencrypted to the hibernation file. You can erase such data, for example, by decrypting the system partition/drive (select _System_ > _Permanently Decrypt System Partition/Drive_) and then encrypting it again.  (_Windows Vista/XP/2008/2003_)

Remark: As Microsoft does not provide any API for handling hibernation, all non-Microsoft developers of disk encryption software are forced to modify undocumented components of Windows in order to allow users to encrypt hibernation files. Therefore, no disk encryption software (except for Microsoft's BitLocker) can guarantee that hibernation files will always be encrypted. At anytime, Microsoft can arbitrarily modify components of Windows (using the auto-update feature of Windows) that are not publicly documented or accessible via a public API. Any such change, or the use of an untypical or custom storage device driver, may cause any non-Microsoft disk encryption software to fail to encrypt the hibernation file. We plan to file a complaint with Microsoft (and if rejected, with the European Commission) about this issue, also due to the fact that Microsoft's disk encryption software, BitLocker, is not disadvantaged by this. 

[Update _2008-04-02_: Although we have not filed any complaint with Microsoft yet, we were contacted (on March 27) by Scott Field, a lead Architect in the Windows Client Operating System Division at Microsoft, who stated that he would like to investigate our requirements and look at possible solutions. We responded on March 31 providing details of the issues and suggested solutions.] 
Workaround for a bug in the BIOS of some Apple computers that prevented users from entering pre-boot authentication passwords and controlling the TrueCrypt Boot Loader.   (_Windows Vista/XP/2008/2003_)


----------



## Garbz (Apr 5, 2008)

Dodgy. But the point remains. Any type of encryption that requires constant access to an encrypted portion of a disk such as an encrypted virtual drive requires the key resident in memory. There's no way around it unless you want to take MASSIVE performance hits.
There was an awesome video on hackaday where someone showed how easy it is to take a laptop, freeze the memory while it's running, reboot it, and extract the keys since the memory didn't self clear. Not sure which software they were exploiting but it apparently so far worked on every full disk / virtual disk encrypted file system.

Lesson of the day, if you use this do not use hibernate or suspend. Shut it down and your problems are solved and your secrets protected.

Btw I can see what you are doing. It won't work. Your avatar will not be able to control my mind


----------



## rooky (Apr 6, 2008)

What you are referring to is in case of improper shutdown and/or hibernation while the volume is mounted and such.  If you open true crypt and put files into it and then immediatly dismount it, all keys are wiped clean and there is no way to recover it without the password.  

So in essence, use it and close it.  dont let it sit open or mounted when u dont really need it.  too easy.  and yes it is secure.


----------



## Garbz (Apr 7, 2008)

Yep exactly. It's only secure if it's unmounted regardless if the computer is locked or not. A lot of people don't realise that which is one of the key caveats of this encryption type.

The general thought is if my computer is in standby they can't pass windows password, the encryption takes care of them pulling the hdd out to access the files from another computer.

But if windows is running or the contents of the ram are stored on the HDD while the partition is mounted it's officially game over.

Question for you. Do you know of any good digital shredding programs? I have found a few that look like they work well but they are all part of something. Like an opensource 7zip includes a secure delete option, PGP has one, no doubt truecrypt has one too, but do you know of any standalone programs?


----------



## rooky (Apr 8, 2008)

I know a lot of people user Eraser and PGP.  I use the handybits shredder listed at the top.  I'm not sure which is better, but I'm sure they are all fairly good and certainly better than nothing.  

Even if they all leave some form of residue, it isnt usually enough to do anything with.  Or at least thats my impression.


----------



## Garbz (Apr 8, 2008)

Ahhh Eraser is perfect. Cheers for that.


----------

