In real life this will not work as most Windoze hard disk encryption schemes can't encrypt the OS disk - and this is where the temp/cache stuff goes.
You can change both where your browser caches stuff off the web and the temp folder so that's ok, but this doesn't work well because temp has to be available when you login, but since you haven't yet logged in, you couldn't have unlocked your crypto drive. Even more so, the registry, your pagefile, and if you've got a notebook - hybernation file, all go to naked disk. These can have more than enough info to reveal what's on your crypto disk (ie. shortcuts to url's you've recently visited, recently opened documents, etc...) At least with a unixish OS you can mount your crypto file systems up at boot time before the OS really starts up (before the system goes to multi-user mode for example (at the end of /etc/rc1.d and before the rc2.d init starts.) So far I've yet to see something that encrypts an entire hard drive - OS and all - except unless you're willing to go with something like VMWare or Bochs and keep the OS that you do your work from on an encrypted volume. You can probably hack some SAN-like thing together and have the SAN box do the crypto - so long as the disk provided by the SAN looks like any other IDE or SCSI disk, it'll encrypt everything - but such things are insanely expensive. It may be possible to do this via USB2/Firewire if your BIOS supports it, and you have the ability to build a SAN that talks USB2/firewire... but haven't seen this on the market... likely a small SBC with the proper ports and drivers to make itself look like a disk are the way to go. Think Archos Multimedia Jukebox and iPod with rewritten OS + a way to enter the key not into your PC but in the jukebox. Or if you've got the coding skills and brass cajones, write your own hard disk driver for windblows that can query either a USB fob or keyboard or whatever for the passphrase during OS bootup. Even so, if there are any vulnerable services - i.e. autorun enabled CD, drive shares, web server with security hole, all the crypto in the world won't keep your data private. Add to that any hardware key catchers, mini-camera in the ceiling watching your keystrokes, etc.... ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net ------------ On Thu, 6 Feb 2003, Tyler Durden wrote: > I've got a question... > > Will this work for -everything- that could go on a drive? (In other words, > if I set up an encrypted disk, will web caches, cookies, and all of the > other 'trivial' junk be encrypted without really slowing down the PC?) > The reason I ask is that's it's very easy to imagine that, say, FedGroup X > wants to take out some outspoken or otherwise questionable person by > secretly introducing some kiddie porn or whatnot onto the drive. 15 minutes > later they burst through the door and grab the PC. > If I buy PGP off the shelf, will it make the ENTIRE drive encrypted? (And > will I wait half an hour for "Hard Drinkin' Lincoln" to download?)
