> The obvious problem is that I _don't_ want security by
> obscurity - I want security by tried and tested algorithms
> such as AES. You seem to confuse "obscurity" (as in "I want
> to hide how it is done") with "secrecy" (I'll happily tell
> you how it is done because you won't be able to do anything
> unless you discover my secret key"). The distinction between
> these two is the reason why e.g. TrueCrypt works.

As I understood it this thread was about trying to obscure data
on systems that you do not control. If you want a truly secure
system then that was already covered in my article:
http://www.firebirdsql.org/index.php?op=doc&sub=whitepapers&id=fb_meta_security

It tries to tell you that the _only_ way to implement real
security is to maintain control over the computer (hardware,
program and data files). This advice applies to Firebird,
TrueCrypt and anything else you may use.


TrueCrypt can help you protect against the physical theft of
the computer or its hard drives (it is usually difficult to
steal them while they are still running), by storing valuable
data on volumes that are loaded at startup and the passphrase
entered manually.

[If the computer is later recovered you should NOT trust the
TrueCrypt installation any more, indeed you probably not trust
the operating system any more. Re-install known good system
and other software before loading encrypted volumes.]


To the best of my knowledge TrueCrypt works as designed, but
that does not automatically make it a perfect security system.

Send someone an encrypted volume file and they will not be able
to access the data held within it. However sit in front of a
computer on which the TrueCrypt volume has already been mounted
and you can simply copy the files off the loaded volume to an
unencrypted location. This is nothing against TrueCrypt, just
the truth that it was not intended to protect against someone
that has direct access to your computer while the volume is
loaded.

Given more time and continuing access to the computer and it
would be possible to replace the good copy of TrueCrypt with
a patched version that will output the password(s) or key
information ready to read.

That is: Direct access to the system on which TrueCrypt is
running gives the _same_problem_ we are discussing with respect
to direct access to a computer running Firebird.


With TrueCrypt have a dedicated encryption program that not
only uses AES but also allows a mix of encryptions. I am
guessing that its encryption capabilities are amongst the
strongest possible at this time. But if you use it incorrectly
none of that strength means a thing.

Dont try to attack the encryption directly. Simply attack the
weak spots in the overall security system, there are usually
quite enough of them to let you bypass the encryption, it is
so much faster and it does not take a genius to do it.

--
Geoff Worboys
Telesis Computing