What's the best (free) software to protect my data?
Encryption
Other urls found in this thread:
bunniestudios.com
youtube.com
twitter.com
1. LUKS/cryptsetup/dm-crypt
2. GPG
3. Some basic knowledge of opsec.
A good, modern SSD that's usable as a SED drive (Samsung or Intel), a TPM module with extended pin (passphrase), and trustedgrub + LUKS + bitlocker for Linux and Windows 10.
You'll have literally zero performance impact, and be secure from everyone other than the NSA.
Roll your own. Open source encryption is inherently insecure.
also this, what's with the surge of idiots believing FOSS = security?
Nothing's secure. The question is, who do you need to be secure from, and at what cost? Zero cost and secure from everyone but government-level spying sounds ok for the box I use for shitposting and jailbait.
I didn't think your post could get any more retarded after the first sentence, but you literally doubled the retardedness by the end of it.
my encryption software written in rust
you can run but you can't hide
...
This is only for a live system though. For offline backups, archives, usb drives consider using DAR (Disk Archiver) with encryption.
This
(btw wtf is opsec ?)
(You)
You should follow this example
Best software to protect data is by not storing data in the first place. Anything else you read in this post comes after this.
Wiping protection: DeGauss and shred drive physically.
Any solid state drive you store data on is permanently stained. Deleting, shredding, overwriting, cannot be guaranteed to remove what you have stored on it - since there is a microcontroller interface that decides where you data is put.
e.g. Your 4Gb USB drive with hentai porn is actually a 16Gb drive with overworked microcontroller shuffling your data into the most useable 4Gb of the 16Gb it knows about.
Air gaps have been breached, so TEMPEST shield if necessary with other OpSec measures. You are trusting the manufacturer you got the hardware from isn't pozzed anyway they are so good luck.
Ladies and gentlemen, your average Holla Forums-illiterate person.
Except it's not. 4 GB NAND Flash IC is a 4 GB NAND Flash IC. Controller is there just to throw stuff in and out.>>777663
Did you dissolve the chip case and set up a test rig to check that?
No lad. That's not how things work at the low level. Many SSD elements are recycled chips. Not all silicon is created equal at 100% quality, so even in brand new quality branded products you could be buying recycled silicon. The microcontroller owns your data.
I suggest you get informed by watching the video at the end of this blog post - it is about an hour long iirc, but well worth it.
bunniestudios.com
youtube.com
Your faith in hardware is just that - "faith" i.e. blind trust.
A small but useful excerpt (Ibid.)
It is the microcontroller that reports to you it is 4Gb. Whatever the microcontroller (πππ₯πkeeper) tells you is behind its doors you have no way of verifying.
You may have 16Gb of low quality flash die with an overworked microcontroller firmware programmed to report 4Gb to you since -from its error correction algorithms - only about 4Gb is reliable enough for your needs.
This is part of why the whole issue of reprogramming USB firmware from drives bought on Ebay exists.
The salient part of the excerpt I included is the following:
i.e. You could have a 4Gb reporting itself as 4Gb, or you could have a 16Gb (with 75% bad sectors) reporting itself as 4Gb.
Furthermore, a direct refutation of your statement is made by the speaker at the Chaos conference at 4:15-5:00 in the video I linked.
When you throw in other issues such as wear levelling it further emphasizes the point I was making - if you have put data onto a solid state drive it is stained permanently.
This is regardless of your feels, or what you read in the marketing blurb that caused you to buy the device. (There is another entire malaise of web-like minor company interactions from companies that you've never heard of producing chips, firmware, etc that are behind the single brand company that you interact with during the purchase - an unsettling experience to uncover when dealing with reprogramming said firmware)
you can encrypt the whole ssd with strong random key and effectively destory the data on it, no need for zeroing or erasing the drive, I think its the only secure solution
DeGauss and destroy physically from orbit - it's the only way to be sure.
It's the same with magnetic as they have a huge number of spare sectors that get swapped in as the drive ages where copies of your data wind up remapped into inaccessible areas. Just don't let unencrypted data ever hit the drive.
Yes, this should be sufficient but may require an uncommon setup to be certain no writes are made to disk prior to strong encryption of the data. There are low level rootkits that subvert disk activities.
Will [this] work?
Basically it's hardware-level encryption.
Without the [hardware] your drive will be read as corrupted.
NAND flash have limited amount of write cycles so user was right.
4GB = 4x4GB and it automagically selects which sector to write your shit. This is why most NAND shits get corrupted it is because they read the other 3x4GB (by lazily basing it from terrible RAID-like ECC)
Fake RAID-like ECC:
4gb 1 0
4gb 0 0
4gb 0 1
4gb 0 1
real bit = 1 0, read as 0 ? (now corrupt) because the three of them says it's a zero. Something like this...
If the computer and any rootkit on it cannot interface with the hard drive then yes, it should work - since, in rudimentary terms, the extra interface buffer is acting like a firewall to the data.