This project has moved and is read-only. For the latest updates, please go here.

Securing devices that belong to multiple users

Topics: Feature Requests, Technical Issues, Users Discussion
Apr 16, 2015 at 3:03 PM
Edited Apr 16, 2015 at 3:04 PM
Hi.

Our scenario is quite common: our company needs to keep employee A from seeing employee B's data. Now A and B (and C and...) share some laptops which they may borrow for a few days to work on the road. Those laptops are fully encrypted (not yet with vera crypt, hence the question!).

Question: what would keep user A from taking out the drive at home and mounting it? He could then see/modify any data of other users, make himself admin, install malware, whatever he likes.

With bitlocker (which is what we use now), he cannot do that since BL utilises the TPM chip. He would only have the bitlocker PIN and thus, could only boot the drive in a defined environment and not take it out and mount it anywhere (which would require the BL recovery key).

Since vera crypt development seems not to like tpm very much, I wonder how this scenario could be overcome without. Please advise.
Apr 16, 2015 at 4:03 PM
Keep it simple:
  • System partition including software is / can be encrypted, every user knows the password.
  • Every user uses a different encrypted file container which only he can mount.
  • You only have to be sure that nobody writes data to the system partition and that the cache and temporary folders are wiped at logout.
Apr 16, 2015 at 10:16 PM
Hi. Sorry, I don't see your point and I am pretty sure, you don't see mine :)

If the whole system partition itself can be mounted read/write by anyone that has a password, you have already lost - and this is what vera crypt cannot prevent, while Bitlocker or other encryptors that utilize a TPM can. Let me take your system with containers, mount it offline, install a keylogger to get your user's container password and there you have it.

And that is the most common setup. Any business computer will have at least two users, the second always being the admin. Do admins like the thought that users could manipulate the whole system offline? I don't think so and that is my point. Has nothing to do with not keeping it simple ;)
Apr 17, 2015 at 8:38 AM
Hi, I see your point and sorry, I sort of missed the bitlocker-part.

I don't like tpm myself and i don't like to have another person having access to my laptop; but I'm lucky, everybody has his own equipment, the admins are for servers only and we use scripts to backup the data.
As everywhere, you can't have perfect (paranoid) security or you have to use equipment with no internet, no usb or other ports, no optical drives and a software installed inside a chip which you can't change. The usability will be way below optimum...
Jul 5, 2015 at 4:24 PM
I am disappointed to see that no developer picks up the ball. How on earth should this be considered a serious product if this aspect isn't covered at all?