Hardware encryption

It's better then software encryption for sure. I want a hardware encrypted USB but they're pretty fucking expensive for a decent one.

I am a reverse engineer.

Hardware encryption is very, very seldom any good.

I've seen "256-bit encryption" turn out to be trivially vulnerable RSA-256. I've frequently seen "AES encryption" turn out to be, well, AES, but with a shitty block cipher mode and a static key, or at the very least awful key management.

I've even seen people make stupid mistakes, or have stupid backdoors, in products that passed expensive and supposedly hard-ass FIPS certification.

I haven't analysed that particular thing, but my snake-oil sense is already tingling.

If you're on Linux, use dm-crypt/LUKS with AES-256 in XTS mode. If you're on Windows, use Windows 10 Pro with Bitlocker encryption in XTS mode and don't save the recovery key to OneDrive when asked (you're trusting MS anyway if you run their software; it was legit and not backdoored when I last disassembled it; and nothing else handles all the various power state transitions without possibly accidentally dumping keys to hiberfil.sys, except maybe VeraCrypt but eh, build process and I have some difficult questions about their integrity).

Software encryption is infinitely more auditable, testable, and has been fast enough to have essentially no performance impact at all for over 2 decades.

If you genuinely want to use hardware encryption, to do any better you either want something open-source and currently in early beta (cryptech.is) or you want something that you can see multiple positive audits on which has successfully passed FIPS 140-2 Level 4 or EAL 7 augmented with no caveats. I know of only one unit that fits the bill, and you have to ask for the price - that is for people who are running CAs and the DNSSEC root, and it has huge disadvantages too.

>>59860884
Which ones were you interested in and how much are they?

>>59860790
if it dies you and your data are fucked
like literally, anally penetrated by six hundred sandniggers

>>59861088
https://www.amazon.com/iStorage-DatAshur-256-bit-Hardware-Encryption/dp/B015DBY6CI/ref=sr_1_32?ie=UTF8&qid=1492023511&sr=8-32&keywords=hardware+encrypted+usb

This one, it's fucking excellent. Water proof, tamper proof, along with many other things.

>>59861062
Underrated_post::thanx()

>>59861062
Was literally this moment browsing and considering some SEDs, thank you for this excellent post.

I have a followup question, how crazy would it be to layer both veracrypt AND bitlocker (for either whole disks or containers)? The theory being that an attacker would have to find implementation flaws in two seperate fairly reputable products. Might that be infeasible for performance reasons, or is there anything else you can think of that would make this a bad idea?

File: 1486512224071.jpg (12KB, 359x363px) Image search: [Google]

12KB, 359x363px

>>59861062
>Recommending Bitlocker

>>59861312
>how crazy would it be to layer both veracrypt AND bitlocker
honest to god question, what are you storing that you need to go through that to be safe? And it's ok if you tell me you need to keep a text file with your grocery store list away from anyone but isn't it a bit too much?

>>59861062
>thanks for your answer

for FIPS 140-2 Level 4 is it trustable ?

S othe only trust device is FIPS passed ?
some ex ?

What about stack encryption process ?
like making Luks Volume inside a hardware disk or key ?

>>59861526
I do a lot of random stuff, experiment with malware kits, test security tools, browse tor sites, etc. Nothing ever even slightly immoral but its hard to know what might appear from the outside to be technically illegal.

My fear is to be caught up in some bullshit investigation for some bullshit reason e.g. https://www.google.com/amp/amp.dailydot.com/layer8/justin-shafer-fbi-raid/ and have LE find a cp thumbnail from a tor site I visited by accident years ago, or some similar thing. I also have sex pics of me and my wife which I dont wish to share with the FBI.

>>59861092
Just back up your data on Microsoft one drive, its only a few $s for a tb >>59861092

>>59864042
>I also have sex pics of me and my wife which I dont wish to share with the FBI.
can you share a couple of sfw ones with us here?

About as useless and stupid as hardware RAID.

>>59861347

it's better than sophos faggot

>>59864399
>Just back up your data
>To somebody elses computer
>That you have no access or authority over
>Thousands of miles away
You're a fucking retard

>>59861062
Have you taken a look at those WD My Passport?

>>59861062
>recommends closed source MS BitLocker over open source VeraCrypt that's based on TrueCrypt
wew lad

>>59860790

>numpad

that shit's gonna be bruteforced in 2 seconds

>>59861062
What about SW encryption on a drive with HW encryption?