Is Bitlocker secure enough for portable storage devices?

I have recently lost a U drive, which contained some important information. Fortunately, it was protected by Bitlocker. I felt the compulse to ask exactly how secure it is. Most answers on this site related to Bitlocker seem to be about built-in storage on a computer. This answer says there was a possible cold boot hack. Is it more secure to protect a U drive with Bitlocker, since you cannot use that kind of hack on a U drive? Also, that answer is 6 years old. There must have been some new developments. With the current technology that Bitlocker uses, do I need to worry that the information on my U drive could be decrypted?

Space-efficent storage of a trie as array of integers

I’m trying to efficiently store a list of strings in an array with the following constraints:

  • All strings consist of 8-bit characters (0..255).
  • The final trie is static, i.e. once it is built, no strings have to be inserted or removed.
  • Looking up a string of length $ m$ must be done in $ O(m)$ with a constant factor as low as possible.
  • The only available memory structure to store the data is an array of integers. In particular, there are no pointers or dynamic memory allocation.
  • Once an array is allocated, it cannot be resized and its memory cannot be released anymore.
  • Memory is rare, so the final data structure should be as compact as possible and no unnecessarily long arrays should be allocated.
  • Computation time is not important for the building phase, but for memory usage the consraints above apply.

Preface

My current approach is a trie that is stored in the array with the following structure:

$ $ \fbox{$ \vphantom{^M_M} \;i_0 \;\ldots\;i_{255}\;$ }\, \fbox{$ \vphantom{^M_M} \;i^*_0 \;\ldots\;i^*_{255}\;$ }\, \fbox{$ \vphantom{^M_M} \;w\;$ }\, \fbox{$ \vphantom{^M_M} \;\mathit{last}\;$ }\, \fbox{$ \vphantom{^M_M} \;B_0\;$ }\,\fbox{$ \vphantom{^M_M} \;B_1\;$ }\,\ldots $ $

where $ i_k$ is a mapping from each unique input character $ k$ to an integer $ 1 \leq i_k(c) \leq w$ with $ i^*$ being the corresponding reverse mapping of $ i$ . Each node in the trie is stored as a block $ B$ of size $ w+1$ . The mapping $ i$ is used to reduce the size of each block, because not the whole character range has to be stored but only the number of characters actually used. This comes at the expense of having one more indirection when looking up words. (The field $ \mathit{last}$ here is used as a pointer to the field after the last block in the array, used to find the next allocation point.)

Each block looks like this:

$ $ \fbox{$ \vphantom{^M_M} \;b\;$ }\, \fbox{$ \vphantom{^M_M} \;c_1 \;\ldots\;c_w\;$ } $ $

$ b$ is either 1 if the word represented by that block is in the trie, and 0 otherwise. $ c_i$ represent all unique input characters (after the $ i$ mapping). If the value of $ c_i$ is equal to 0, there is no entry for this character. Otherwise $ c_i$ is the index into the array at which the block to the following letter starts.

To build the trie, the first step is calculate the bijection $ i$ /$ i^*$ and $ w$ . Then new blocks are added with each prefix that isn’t already present in the trie.

Problem

While this approach works so far, my main problem is memory usage. The current approach is extremly memory expensive when only few words share longer prefixes (which is usally the case). Some tests show that the typical number of non-empty fields is only about 2-3% of the whole array. Another problem is that the final number of needed array fields is only available after the trie has already been built, i.e. I have to be conservative when allocating the memory to not get out of memory while adding new blocks.

My idea now was to use a compressed trie/radix trie instead with two types of blocks: 1) the ones above that represent nodes with several children, and 2) compressed blocks (similar to C char arrays) that represent suffixes in the trie. For example, when the words apple juice and apple tree should be stored in the tree, there would be seven normal blocks for the common prefix apple and a compressed block for each juice and tree. (Perhaps that would also allow to merge common suffixes for words with different prefixes.)

The problem with this is that is may lead to gaps in the array while building the trie. Consider the situation in the above example, in which only apply juice is stored as a compressed block in the trie. Now apple tree is inserted, which would lead to a removal of the apple juice block and addition of juice and tree blocks instead, which will not fit into the left hole in general.

Under the given constraints, can anyone see an algorithm to store strings most efficiently in the array while keeping the linear lookup time?

Why does Samsung access my contacts and storage if I use their store?

If I want to access the Galaxy Store on a Samsung Galaxy phone I have to agree to a set of terms (Legal information). These terms are excerpted below:

All content made available to you by the Samsung Galaxy Store is subject to the terms and conditions set forth below…

In order to provide you with and further improve relevant services, the Samsung Galaxy Store accesses Phone, Contacts, and Storage. It also collections your device information (e.g. IMEI and model name) and service usage history…

I understand why it would collect “device information”, as any software downloaded and installed on your device would operate best if the software is tailored for a specific device/OS version etc. I assume these are the same reasons why a web page is given the operating system and browser you are using to access that page.

However can anyone give a good reason why Samsung would access my contacts? I’m not exactly comfortable with this, especially as I don’t see any reason for it for the purposes of making an ordinary app work. Also, when it says that it accesses my storage, does that mean that Samsung has access to my media stored on my phone? By that I mean documents, videos, photos etc?

Also I’m not sure if this question should be asked at another SE site maybe instead of here?

Credential Storage for Partner/Vendor Accounts

We work with many other companies to do data exchange. As an example, we might work with COMPANY A to send them sensitive data over SFTP. This would be done by them giving us an SFTP Host/Account/Password. We configure our side for the connection and have a process to push those on an interval.

My question is not about how we store that in our application, but rather, if/how those credentials should be stored in case of need for future reference. We typically put those in a password manager like KeePass, which is in our own network in the office behind locked doors on computer that require passwords, access/permissions and another password for KeePass.

Is it considered ok to store such usernames and passwords in this manner if it’s been provided by another company, but for us to connect to them? Or is there some reason we should enter the info into our app and never see it again without asking them to verify it themselves?

Storage of SSL private key in load balancer VS HSM

I have a setup whereby the SSL certificates are terminated at the load balancer (i.e. Load balancer to web server is in plaintext). In order to do the SSL termination, the private key is stored on the load balancer itself. I do have a HSM in a data center.

I was told by security guys that best practice is to store the private key in a HSM.

I have read Should SSL be terminated at a load balancer? and I understand that there is nothing wrong in terminating SSL encryption at the load balancer.

However, should the private keys be stored in the load balancer itself (from a security perspective)? Are there any technical challenges in storing the SSL private keys in a central HSM instead?

What are the main attack vectors on USB storage drives on Windows 10?

I am trying to understand what generic risks are there in using my thumb drive to transfer files to some untrusted machine and plugging it back to my Windows device. Specifically I am interested in generic threats when I plug my USB Drive to external machine is compromised (like public image printing shop).

As far as I understand 2 main risks are:

A) Malicious files are copied to my pen drive from a compromised system and than

  1. I open them manually on a personal computer.
  2. Viruses are run automatically on usb drive plug in. (obsolete unless autorun is enabled manually on target machine)
  3. Malware is executed without user interaction and with autorun disabled. Such example would be something like buffer overflow in windows image thumbnail generator (CVE: 2010-3970). As far as I understand no user interaction will be needed and machine can be infected on it`s own (besides inserting USB drive, and browsing the folder of course).

B) Automated BadUSB firmware reprogramming. With all the further consequences that BadUSB deliver. But generally this kind of attack is not present in form of generic attack as it would require to support huge amounts of different peripheral manufacturers with different devices.

So my questions are:

Are there any other generic (non-targeted) threats that are similarly widespread in the wild?

In respect to risk 3 – how common are such almost no user interaction vulnerabilities in the wild?

Storage HD can’t be mounted at booting

Ubuntu 16.04 desktop

Hi

I have 2 WD HDs solely for storage.

WD HD1-4TB

WD HD2-2TB

About 1 day before both of them could be mounted automatically at booting and their icons appeared on the left vertical menu. I just found that only WD HD2-2TH could be mounted at booting and WD HD1-4TB unable to be mounted for unknown reason.

⟫ sudo fdisk -l

Disk /dev/sdc: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: gpt Disk identifier: 75CD82BD-3AF3-44B0-A04D-B4C97B6A381C

Device Start End Sectors Size Type /dev/sdc1 34
1987 1954 977K Linux filesystem /dev/sdc2 1988 7814037118 7814035131 3.7T Linux LVM

Partition 1 does not start on physical sector boundary. (in red color) Partition 2 does not start on physical sector boundary. (in red color)

Please advise how to fix the problem. Thanks in advance.

VALVPS LLC : Cheap VPS SSD And Storage VPS – LA|NY| Lease IP /22 |$350.00

VALVPS LLC – The Best Support
https://www.valvps.com

24/07 Support
07 Day Money Back Guarantee
99.99% Uptime
KVM Virtualization
SSD PURE
UNMETERED BANDWITH
NEW JERSEY – LOS ANGELES
IP ASIAN OPTIMIZED AVAIABLE
MORE 07 YEARS ON LINE

VALVPS : 07 YEARS ONLINE

NODE LA : XEON E5-2650v2
NODE NY : XEON E5-2603V3

Dedicated Server

Intel Xeon E3-1220v5
8GB DDR4
1TB SATA
Port 1Gigabit
5TB Bandwidth
256 IPS

From $ 99.00…

VALVPS LLC : Cheap VPS SSD And Storage VPS – LA|NY| Lease IP /22 |$ 350.00