San Francisco - A team including the Electronic Frontier Foundation (EFF), Princeton University, and other researchers have found a major security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure.

"People trust encryption to protect sensitive data when their computer is out of their immediate control," said EFF Staff Technologist Seth Schoen, a member of the research team. "But this new class of vulnerabilities shows it is not a sure thing. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker."


more (http://www.eff.org/press/archives/2008/02/21-0)

Since I use my laptop exclusively, how serious is this for the average laptop user?

It's not worth fretting about unless you take it with you and entrust it to others, e,g., at airports. Even then, it's unlikely. IAC, if you have data that you don't want read, get a third-party encryption program and use passwords or keys that are not easily guessed or deduced.

I use AxCrypt (http://www.axantum.com/AxCrypt/), which is freeware and quite good. But don't lose the passcode. It you do, your files are gone.

If you have stuff that you absolutely can't afford to have discxovered, don't store it on the machine. Get a USB flash drive or an external hard drive to store it. And save it in more than one place, just in case one of them is lost or damaged.

Thanks doc! I have an older P1 Thinkpad that I'll dedicate to my accounting stuff and not use it for anything else and use my cd burner for backup.

Doc, whatever happened to PGP? Is it still used?

How does AxCrypt compare?

PGP (http://www.pgp.com/) is still alive and kicking, although it has gone commercial. All of the common programs use at least 128-bit AES encryption. AxCrypt is a freebie that is good for consumer use. It can encrypt/decrypt files and folders. It shreds the originals when it encodes them so that the unencoded files go away foreever.

It adds itself to the right-click context menu:

http://img.photobucket.com/albums/v349/DocDoom777/CompTech/AxCrypt.png

It's a basic utility with no bells and whistles, but it does the job well. Note that it includes an option to shred a file or folder when deleting it so that it can't be recovered without great effort. It gives a fair warning in case of an accidental click of the shred & delete oiption.

Here's the faq page: FAQ - Frequently Asked Questions (http://www.axantum.com/AxCrypt/faq.html)

The price is right.

Wow, thanks Doc, when I'm saving WEP codes, this is where they're going crypted.

Don't lose the passcode. ;)

You mention WEP--perhaps someone who knows a little more than I do can clarify, but I was pretty sure I read that WEP encryption is pretty weak in the first place, and someone who knows what they're doing can break through it in a few minutes.

The same information indicated that a WPA/TKIP encryption standard was much more powerful, and most wireless routers can support it. For some reason most ISP's have their customers use WEP. Not sure why.