Is this more secure?

snazzyconnor

Estimable
May 28, 2014
12
0
4,560
Obviously only as strong as the weakest link but I'm assuming that if i had a drive or folder encrypted with Truecrypt (or similar) and had a file in there encrypted with axcrypt (or similar) a potential attacker would have to get past both layers if I have different passwords for both right? I know its currently not feasable to brute force 128 or 256 bit but if theres other loopholes which make the protection of having two negligible
 
Solution

The "extra security" comes down to what scenario you're talking about. From the perspective of an attacker cold-booting your laptop to extract data, the extra encryption layer might prevent cold-boot attacks from reading both encryption keys (both TrueCrypt and AxCrypt use the RAM to store...

ronintexas

Honorable
Dec 10, 2012
265
0
11,210
It literally depends upon who you are trying to keep from viewing the files. If you are referring to general hacking via the internet, if you keep your operating system updates installed when they come out AND you install the latest patches for your browsers and plugins, the chances of you being hacked are a lot lower (it is estimated that about 33% of people don't update either).

If you are worried about online hackers - store your files in an external hard drive that is disconnected from the computer when you are online.

Programs that encrypt data make it more difficult to get the data in a usable format. Remember - the passcode and password utilized to encrypt data should be a long and mixed case, alpha numeric, special characters and at least 11 characters long - example: d0wNtH3RoaDisDang3r!
 

Skylyne

Estimable
Sep 7, 2014
405
0
5,010

The "extra security" comes down to what scenario you're talking about. From the perspective of an attacker cold-booting your laptop to extract data, the extra encryption layer might prevent cold-boot attacks from reading both encryption keys (both TrueCrypt and AxCrypt use the RAM to store your keys). Now, you can clean your memory of the AxCrypt key, so (in theory) this would prevent a cold boot attacker from cracking the second encryption layer; but is it worth the risk? Up to you. Personally, until they start using CPU-based encryption, instead of RAM, I'm not terribly interested in using encryption services that are not on an amnesiac operating system (like TAILS).

In all honesty, you might be better off using steganography tools to protect sensitive information. You can hide practically anything in a jpeg, or FLAC audio file... you just need the right tool to work with whatever you're making a cover file out of. For example, there's a hidden text file, encrypted with 128 bit AES, inside the jpeg in this link- http://i.pgu.me/7xuC1sNo_original.jpg. You can reverse engineer that whole file, but you won't find anything beyond an encrypted file inside of it; and even then, you're stuck with decrypting 128 bit AES. If I never said anything, and you were a guy breaking into my computer, would you have bothered making a copy, and reverse engineered it? I didn't think so. If you're trying to protect sensitive information, encryption is a secondary tool... steganography tools will be your friend in protecting very sensitive information (usernames/passwords, PIN numbers, banking information, tax records; just about anything you want kept safe from prying eyes). If you don't want your computer to have traces of this type of activity, to minimise suspicions, either stash a USB drive somewhere with your steg tools on it, or burn a CD (best choice, as it prevents the spread of computer infections). Steganography tools are like hollowed out books for computers... accept they are practically impossible to detect under normal conditions, and it takes more than opening the book [file] to know there's something different about it. "Cover files" will be perceived as ordinary files, whether they are images, audio files, or whatever else you decide to use. Cover files act like the original file used as a "cover," and have nothing suspicious about them to an untrained eye; even then, it takes a lot of dedication to really know if a file is being used as a "cover" for something. As one article put it, "Steganography is the dark cousin of cryptography," and it's so much more effective in my books.

If you're looking for a good way to secure your files, encryption is a decent option, as long as you take steps to protect your weak points. If you want to hide your information (in plain sight, or not), not draw attention to it (unlike normal encrypted files, which throw up red flags), and still be secure, steganography is your best option. Just be sure to properly wipe the free space of your disks when you start using steg tools (it may take a while to do a sufficient 3-pass wipe), and use a proper method of erasing the original files you then hide in your cover files; I believe AxCrypt gives you an option called "Shredding" that does this. Both options (encryption and steganography) will be fairly inconvenient, but each one has its strong points. I have switched to using steganography for hiding important information; and I'm only going to use encryption for uploading sensitive data to cloud hosting, and for full HDD security from brute force attacks.

Side note: The image I linked does not have sensitive data, but it does have a hidden file in it. While I'm not worried about the information in the hidden text file, I don't need to draw attention to an image that is hiding sensitive data. If you want me to give you an actual demonstration file, I can do so :)
 
Solution