[AccessD] Encrypting your stuff was offsite backup

jwcolby jwcolby at colbyconsulting.com
Mon Nov 19 08:59:24 CST 2007 

Truecrypt is also able to encrypt entire volumes is you so desire.  I have
never done so since I like the ability to copy the file for backup.  I may
experiment on doing that however.


John W. Colby
Colby Consulting
www.ColbyConsulting.com 
-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of
max.wanadoo at gmail.com
Sent: Saturday, November 17, 2007 4:33 AM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] Encrypting your stuff was offsite backup


Hi John,
Yes, this is something that I will now set up, especially for my laptop and
memory stick.

FYI I also use cGeep to encrypt sensitive emails (www cgeep com) which uses
PGP encryption plus there is a web based version for those who do not want
to install it.  It can also encrypt files/directories directly which avoid
the need to mount a volume.  But what is great with TrueCrypt is that it
will run apps or all kinds directly from the encrypted file without storing
any decrypted data anywhere other than in memory.

All in all, in a few weeks I will have great encryption right across the
board.

Another trick which is easy to remember is "positioning" keys. Ie,
"qazwsxedcrfvtgbyhn" which if you look at a keyboard you will see that it
just traverses up/down across the key pad.  As long as  you remember
whatever positioning you use, then you actually do not need to even remember
the passphrase.  Needless to say, this positioning example is not my one
<smile>.  Throw a couple of other keys in with the alpha keys then it just
won't make any sense if terms of "real words" for brute force decryption
(although I think the TrueCrypt mention something like a billion years to
decrypt with a  supercomputer, so pretty safe really).

Max
 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Friday, November 16, 2007 9:46 PM
To: 'Access Developers discussion and problem solving'
Subject: [AccessD] Encrypting your stuff was offsite backup

I use this for my own protection.  My laptop contains an encrypted file that
contains my Colby Consulting stuff (books, etc).  I have another encrypted
drive that contains all client projects.  Thus if the laptop ever does take
a hike, all data is encrypted.  the other nice thing about this is that you
can backup all your work by copying a single encrypted file to a backup
location.  If that backup location ever takes a hike no data is exposed.

I have a usb memory stick (just 1 gb for now) where 3/4 is an encrypted
file.  If I ever need to carry anything on my person, it is encrypted.  The
TrueCrypt program is stored on the unencrypted part and can be run from
there.  Thus I can stick the memory stick into a machine, run TrueCrypt,
mount the drive and copy files to/from.  Of course you do have to have admin
rights in order to do this.

I have been using this for about two years now and it just works.

Just don't forget your password.

I use the first character from a phrase or song, along with special
characters and numbers which make it dead simple to remember when you are
first learning your password.  For example take two nursery rhymes:

Mary Had A Little Lamb His Fleece Was White As Snow MhAlLhFwWaS (use
alternating upper and lower case) Throw two numbers in front of, behind or
around it
0MhAlLhFwWaS9
Now throw two special characters in front of that !0MhAlLhFwWaS9@

That all by itself is a pretty secure password.  If you want more, do that
twice, perhaps

Jack And Jill Went Up The Hill To Fetch A Pail Of Water #8JaJwUtHtFaPoW7$

!0MhAlLhFwWaS9@#8JaJwUtHtFaPoW7$

You get the picture.  Either one is a good password, the two together are
pretty industrial strength, and dead easy to remember until you have it
assigned to muscle memory.  Pick a favorite saying, slogan, song, whatever
you already have remembered and just use the first character of each word,
plus numbers and special symbols.  

Someone (on this list IIRC) claimed they had a password cracker that would
crack any password in XX seconds.  I think not.  My password is 21
characters long using a simple system like that and takes me about 10
seconds to type in.  10 seconds is not too much to ask for an industrial
strength memorable password.

http://www.lockdown.co.uk/?pg=combi&s=articles

John W. Colby
Colby Consulting
www.ColbyConsulting.com

More information about the AccessD mailing list