Originally Posted by error10;13466337
Sure, if you get a keylogger on your system then you're screwed.
And, just because you don't find something useful, doesn't mean it's not useful for everyone else.
It's not that, it's just the nature of software encryption. With hardware encryption you have to find how how they implemented it. Even then they might have modified the original design, that's if they even bought a patent to a design. If they made their own design you have to get the data sheets and figure out where things are going. It's probably a lot easier to bypass hardware encryption but a lot harder to get the specifications for each manufacturer.
 That's opposed to BitLocker/TrueEncrypt, the only two major players in software encryption. There are more, but then the smaller the company which turns into less funds and the possibility of design flaws. Not that they would be poor coders but rather it's easier for a group of coders to work on this, so work gets double checked. You also can afford a larger team to "break" the software, which is easier with the bigger players.
Originally Posted by aweir;13467297
In in order for the bootkit to work, the hacker has to get sequential access to the computer and you should know enough not to leave it on. what are the chances some having access to your computer? No one can install the bootkit and instantly have your passwords, that's not the way it works. And all this talk about keyloggers is silly. What are the chances that the person who is going to have access to your computer is going to be able to get you to install the keylogger in the first place or be able to install it if himself if the computer is off?
I understand what your saying, though essentially don't they have to have access to your computer to get this data anyways? If they are going through the net it would be more likely that they would use something a little more fishy that you won't notice. A keylogger in that instance would be the best bet once they realized you had an encrypted drive elsewhere. Really once a good hacker ever got in he's not going to be noticed nor is he going to care. So it goes back to having physical access, which still leaves a keylogger very possible.
The other problem is, do you unmount your drive and shut off your computer? If you don't do a full power down sniffing dram isn't a problem, your password becomes useless.
If you have a lot of personal info on the drive and take it places as an external then I could see it as a feasible solution (though you have to haul your personal pc around). Just having your data drive encrypted at home isn't really that useful or practical. A simple password scheme will usually deter the general population. Either way software encryption has a larger soft spot than hardware. That's all.Edited by mushroomboy - 5/11/11 at 4:29pm