Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create multiple nested secure disk images' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create multiple nested secure disk images
Authored by: larkost on Jan 14, '05 12:02:28PM

AES 128 is rated by the US government for Secret (but not Top Secret) documents. That means that is is unreasonable to think that someone without extraordinary resources (think NSA level resources) could break the encryption within a reasonable amount of time (think days of work) with current common hardware.

Putting one disk image inside another is not really going to get you any more real security. It is a "see how cool I am" move. The proper way of getting this done would be to use hdiutil's -encryption [crypto_method] call to set the encryption method to AES 192 or better (Top Secret rated). At that point we are well into tinfoil-hat range.



[ Reply to This | # ]
Create multiple nested secure disk images
Authored by: leopold on Jan 14, '05 12:25:15PM

And, WHAT exactly is wrong with my tin-foil hat?



[ Reply to This | # ]
Create multiple nested secure disk images
Authored by: bluehz on Jan 14, '05 12:29:11PM

This brings up a good point no one seems to know - what are the option switches for "crypto_method" used with hdiutil -encryption? How would you go about making an AES 192 encrypted image. I have searched far and wide for that info and can't find it anywhere....



[ Reply to This | # ]
Create multiple nested secure disk images
Authored by: Tidris on Jan 14, '05 01:30:57PM

All one needs to do to break an ordinary encrypted disk image is guess a single password. Given the way most people choose their passwords, the task of correctly guessing them is well within the reach of the average hacker. AES-192 is no more secure than AES-128 if your password is "hello".

The nested disk images force a hacker to guess multiple passwords that need to be applied in the right sequence in order to get to the sensitive data. Also note the hacker doesn't know how many nesting levels / passwords you have used. That uncertainty should be very demoralizing to a hacker and could very well make the hacker quit after just the outermost password has been guessed. This would result in a huge non-linear increase in security due to psychological factors.

If you look at Triple DES, which is considered much more secure than plain DES, you will see that it is similar in principle to what would be achieved by using 3 levels of encrypted disk image nesting.




[ Reply to This | # ]
Create multiple nested secure disk images
Authored by: szabesz on Jan 18, '05 09:55:32AM
just a short comment on this: "Given the way most people choose their passwords"
Anyone trying to protect their files should use good enough passwords in the first place! Why do you suppose that those who take the time to nest their files deep inside encrypted disk images does not take the time to use a good password?
I use only simple AES-128 protected disk images (4380 MB so they fit on a DVD), but with a 16 character long, randomly chosen string as a password. Next step would be to use a few more characters, and.....

ps: never use the AES protected sparseimage format! It gets corrupt in case of a system crash never to be mounted again!

[ Reply to This | # ]