Being a lazy Saturday, we enjoyed our time around the house. I balanced the checkbook and did the monthly automobile asset depreciation. What I do is (mostly) every month, I check the Kelley Bluebook value of our cars given the current mileage and update the car's asset-value in Money with the new amount. This ensures that the car is valued correctly when taking into account our overall assets. Some might consider this to be excessive but I like to be accurate.
I also did the quarterly backups. I take data retention very seriously and in addition to doing daily backups locally, I also make sure that we have 'offsite' quarterly backups on external HDs that we store somewhere else. This ensures that if we have a total disaster ( i.e. house burns down, nuclear event), we are at most only three months behind.
Next, I did some tinkering with a couple of new programs that I've been wanting to play with for a while. The first program, KeePass, is an ecrypted database to store passwords and other secure information. A common problem that most people face with multiple logins is that they usually end up only using one of a few passwords and recycle it everywhere. This is very dangerous because if that password is compromised, odds are that multiple secure points are compromised as well.
One of the many useful features of KeePass is that it will generate random passwords for you. You can specify the length and content of the passwords. For example, if you want a 32-character alphanumeric password, it can do that for you. If you need more variety (like special charcters, high-ascii characters, etc), it can also do that for you too.
Another really cool feature of KeePass is that it can 'autocomplete'. What that means is that once you specify a username/password combination for a website, for example, it can (with a keyboard shortcut) automatically post the username/password & log you in. This is really cool.
All of this is protected by a 'master password'. So you only need to worry about knowing one secure password to gain access to a database full of passwords. The database is encrypted with AES (or Twofish) level encryption which is pretty sure.
Next is a program called TrueCrypt. It's also very slick. It can create a 'realtime' encrypted volume. Like KeePass, it uses a 'master password' and optionally a 'keyfile' to unlock the encrypted volume. I decided to create a small, ultra-secure, encrypted volume to hold the KeePass database along with some other things. Instead of using 'just' AES-level encryption, I went with a triple-level ciper which is a layered approach with the serpent, twofish, and AES ciphers. I protect it with a strong-password and secret keyfile. The keyfile is some 'random' file on the hard drive that only I know about.
So an attacker would need to know more than just my password to gain access – they would also need to know the 'secret' keyfile as well. Now this is probably overkill and I might change it down the road, but for now it is fun.
Using my newfound knowledge and appreciation for encryption, I decided to encrypt the external HDs I use to backup our data for the quarterly backups. I use a keyfile that lives only on the ultra-secure truecrypt volume I created.
By doing this, the contents of the HDs are garbled unless they are unlocked with the password and keyfile. This also ensures that on one can access the data on them if the HDs were to fall into the wrong hands.
0 Responses to “too much encryption”
Leave a Reply