Home » Jolly Roger’s Security Guide for Beginners » WHOLE DISK ENCRYPTION AND FILE SHREDDING
Click Here To Hide Tor

WHOLE DISK ENCRYPTION AND FILE SHREDDING

Welcome back again!

Now that we have PGP figured out, hopefully, I want to remind you that using PGP whenever possible, is very very very important. One of the pitfalls of Silk Road 1, is that some of the administrators, including Ross himself did not always communicate using PGP encryption. Once Ross was busted, they had access to his servers and his computers and anything that wasn’t encrypted was wide open for them to look at. Most users on Silk Road 2 believe that Ross had stored personal information about some of Admins and Moderators on his computer in plain text that was used to make 3 more arrests of Silk Road users.

One of the reasons why I would suggest for you to store your PGP keys and other sensitive data on a SD card, is that if that day comes when you are compromised and you get a knock at your door, you have time to dispose of that SD card or USB drive quickly. Even better, if you have a micro SD card that plugs into an SD adapter, then you can snap it with your fingers or at the very least hide it. USBs would need to be smashed into pieces and it might not be easy to do this in the heat of the moment, so do what you feel best about. But always prepare for the day they might come for you.

But our next topic brings us to something called Whole Disk Encryption or Full Disk Encryption. From here on out I will refer to it as FDE (Full Disk Encryption). Tails has a FDE feature built into it, which is another reason why I encourage the use of Tails. It has many of these features to protect you. Essentially FDE will protect your drive, whether SD or USB from the people who may come for you one day. The method in which it does this is it formats your drive and rewrites the file system in an encrypted fashion so that it can be only be accessed by someone who has the pass phrase.

If you lose your passphrase, just like in PGP, there is no recovery. Your only choice is to format the drive and start over again. So make sure you remember it! And please for the love of God, Allah, Buddah, etc… don’t store the passphrase on your hard drive somewhere. The tutorial on how to do this is located at the following webpage.

https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html

Again, always prepare for the day they come knocking, encrypt everything. Use PGP when communicating with others and always shred your files when finished with them. Which brings me to my next topic. File shredding.

File shredding is extremely important and here is why. If you delete a file from your computer, you are only deleting where it is located on the drive. It is still on the actual drive, just it’s location data has been removed. If you take a file recovery tool you can recover virtually any file that you have recently removed. File shredding combats this by overwriting files instead. The idea is that instead of removing the file’s location, you need to overwrite the file with random data so that is becomes unrecoverable.

There are a lot of debate happening on whether you can overwrite a file once, or if you need to do it multiple times. Supposedly the NSA recommends 3 times, supposedly the Department of Defense recommends 7 times, and an old paper by a man named Peter Gutmann written in the 90’s recommended 35 times. Needless to say, I personally think between 3-7 times is sufficient, and several people out there believe 1 time will get the job done.

The reasoning behind this is that some people believe the drive may miss some files the first time it over writes them and to be more complete, you should do multiple passes. Do what you feel most comfortable with, but I even think 3 passes would be sufficient, although it wouldn’t hurt every now and then to run 7 passes and just leave it overnight.

The programs that can do file shredding are ones you will want to run from Windows or whatever operating system your computer is running. These programs can delete your files from your Recycling Bin, delete your temporary internet files and even Wipe your free disk space to make sure everything gets cleaned up. You always need to think, did I have any sensitive material on my hard drive? If so, maybe I need to shred my free disk space. When empting your Recycle Bin, you should always use a shredder. When only deleting under 1gb at a time, you can easily do 7 passes pretty quickly.

To put this in perspective, the leader of a group called LulzSec name Topiary has been banned as part of his sentence from using any type of file shredding applications so that if the FBI wants to check up on him, they can. File shredding keeps your deleted files actually deleted.

Here are some file shredding applications you can use.

http://www.dban.org/
http://www.fileshredder.org/
https://www.piriform.com/ccleaner

Next we’re going to talk about removing harmful metadata from files, and some other topics as well.

4 comments

  1. If you are going to be using a micro SD card for the Virtual Box + Tor and PGP etc, how big does the micro SD card need to be?
    Would 64GB be sufficient or should I spend 3x more for 128GB?

  2. You do realise that sdcards and USB flash drives use flash memory more specifically nand and nor memory. This memory wears out quite quick, supposedly, and manufacturers use wear leveling techniques to prelong the life of the memory. For instance when updating/erasing a data block its just marked as invalid and a new block is used to write data. Something to keep in mind!!

  3. THE PARANOID CORNER:
    -Every most used commercial encription apps “potentialy” have backdoors.
    -PGP it’s hypothesized that has NSA backdoor.
    -Filevault2 Osx, have 2 way to be decripted.
    -Truecript was compromised.
    -Your password can be extrapolate via “Coold Boot attack.
    -4096-bit RSA pass, can be obtain via “Acoustic Cryptanalysis”.

    Memento
    If is assumed that something have a backdoor, when the hypothesis is refuted by public statement by FBI-NSA etc, then it’s “almost” sure, that there is actually a backdoor.

    how to encrypt an HDD in safe mode, and sleep well? I have no idea…

  4. I use Veracrypt which is based on truecrypt but with added security such as PIM passwords. (If someone tries to beat the crap out of you to gain access to, let’s say your btc-wallets.. Then you can type in a passphrase that will completely lock the entire disk so not even you can ever access it again. This comes up as a pop-up. That no matter what, the content of that disk is gone forever.. Kinda nifty little add-on. Is is open source, of course. And free from any NSA tools as far as I can see.. (Don’t remember which version I use.. Can check. But it is your safest bet if you can’t get a hold of a REAL Truecrypt software 7.0 or under. But that’s kinda hard since I don’t think the original SHA hash key is left to verify.. (Please correct and redirect me if I am wrong!)

    Go for VeraCrypt.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *