Up until recently quantum cryptography thought to be secure to transmit cryptographic keys. Any attempt to eavesdrop the transmission could be easily detected (based on Heisenberg uncertainty principle). This was proved wrong by the team of researchers from the Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light in Erlangen. The team developed a quantum eavesdropping technique that remotely controls the photon detector. The researchers wrote that someone “can attack the systems with off-the-shelf components, obtaining a perfect copy of the raw key without leaving any trace of her presence.”
Vadim Makarov, one of the researchers, said that “The security loophole we have exposed is intrinsic to a whole class of single-photon detectors, regardless of their manufacturer and model.”
]]>Latest update: Truecrypt Shut Down. The sourceforge page informs Truecrypt users to migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
BitLocker and TrueCrypt are data encryption software packages. The question is which one to use and why? BitLocker comes with Windows 7 Ultimate edition. It is also available in Windows 8.1 Pro, Windows 8.1 Enterprise editions and Windows Server 2012 R2. TrueCrypt is free open source software. As of this last update, TrueCrypt does not support Windows 8. You can find the supported operating systems here.
Michael Pietroforte at 4SYSOPS has two very interesting articles. In the first article he comparesTrueCrypt 5 vs. Bitlocker. There are no significant speed differences between the two programs. The second article is a discussion about Windows 7 BitLocker. Good news is that with Windows 7 using BitLocker is much easier comparing with Windows Vista.
With BitLocker if your computer does not have a Trusted Platform Module chip the start up key in a USB stick. On the other hand TrueCrypt wants to only to memorize a pass phrase.
Which one to use?
BitLocker:
TrueCrypt:
From the above discussion, I believe that for large corporations the preferred solution would be BitLocker. For smaller businesses or for your personal computer or laptop TrueCrypt offers a really great solution.
For the security perspective there is the ‘Evil Maid’ attack that can be used to TrueCrypt to acquire the pass phrase. BitLocker uses trusted boot that can be attacked too. So, what is the ‘Evil Maid’ attack? In a nutshell the attack is as follows:
The attack, along with the software is explained by Joanna Rutkowska. There is also a very interesting discussion about “Evil Maid’ in Bruce Schneier’s blog.
As a conclusion, both BitLocker and TrueCrypt are excellent programs that can encrypt data. Now that you know the pros and cons of the programs and also the attack methods I hope it is easier to select the appropriate one for your needs.
My personal preference is TrueCrypt for the simple reason that is open source. Being open source makes it very difficult to add a backdoor. The code is visible, anyone can spot it. This might not be the same with commercial products.
(Update April 2014) US consultancy iSEC has completed on April 2014 a detailed two – person code audit of the software seeking security holes. The audit has turned up a dozen bugs in the code that is TrueCrypt, but not signs of backdoors or other critical security holes. You can access the full report in pdf fprmat here.
]]>Is there hope? Yes, but not for the time beeing. The GSM opearators have to switch to A5/3. A much stronger algorithm which for the time beeing is secure.
My comment: Do not say things over your mobile phone that you do not want someone to hear.
]]>I have a great interest in quantum cryptography. The above presentation proves another technological assumption wrong.
]]>More information:
http://www.nature.com/nphys/journal/vaop/ncurrent/abs/nphys1255.html