Wednesday, January 17, 2007

TrueCrypt to mitigate phishing attacks

As we all know, phishing attacks are on the rise, one solution to this problem is to use encryption.

I came across a cool open source software TrueCrypt (4.2) which does the work for you. It supports Windows and many flavors of Linux. According their web site, following are the main features.

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire hard disk partition or a storage device such as USB flash drive.
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

    1) Hidden volume (steganography – more information may be found here).

    2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
  • Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish.
    Mode of operation: LRW (CBC supported as legacy).

One feature that is not yet available is boot sector encryption, which is available in Microsoft windows Vista.

No comments: