The bad thing about Truecrypt

[Tomwa]

I'm sure anyone who regularly re-formats their computer (and uses Truecrypt) understands where I'm coming from here. I have to decrypt ~800GB of data so that I can re-install windows. It didn't use to be a problem (I had two hdds one for storage and one for OS) and both were encrypted (Though seperately) but when one began to die and I had to back everything up on to my main drive (I have a network drive I'm currently using for backups now) the entire system was encrypted meaning I have one drive that currently contains all my data. Thus in order to re-install windows (For my regular formats) I have to decrypt my entire drive.

Now I just have to wait 36 hours.

[TheWindBringeth]

Quote:

Originally Posted by Tomwa

...I have a network drive I'm currently using for backups now...

If you have a backup of your data, why must you decrypt your large system partition that holds OS and that data?

[Tomwa]

Only the OS is backed up the rest of the data is simply things I have and would not like to get again (Large image archives etc.) furthermore the Network drive is not large enough to back up the non important data.

[Technical]

Why reformating?
Why don't you consider using virtualization technology (virtual machines, sandboxing, etc.)?

[Noob]

800GB encrypted?
Holy Cow, that's a LOOOT, more than all my drives together.

In my case, i only encrypt around 1GB of information. ONLY the important things.

All my media files (Which is around 75GB of Photos and Videos) are not encrypted, i don't see why it would need to be encrypted.

[Tomwa]

Quote:

Originally Posted by Technical

Why reformating?
Why don't you consider using virtualization technology (virtual machines, sandboxing, etc.)?

I use virtual machines (VMWare) and Sandboxes (Sandboxie) but I've never used anything like bitdisk or returnil. Im not sure why I haven't used it maybe i'll try some programs out like that sometime. The main reason I reformat is that I've noticed that by about every 6-8 months my computer has slowed down (as opposed to after I've installed everything upon re-formatting) I don't remember the actual percentage I tested and received I just know it was well worth the time and effort of re-formatting (It also leaves a nice clean feeling). The main slowdown is Kaspersky, I kid you not it will literally go from starting in less than 5 seconds to more than a minute (as it is now) this happens after quite a while and has happened for KIS 2010, KIS 2011 and KIS 2012.

Please note that this is with daily maintenance (Everything is updated, temporary files are cleared, old program left overs are manually removed, etc.)

Quote:

Originally Posted by Noob

800GB encrypted?
Holy Cow, that's a LOOOT, more than all my drives together.

In my case, i only encrypt around 1GB of information. ONLY the important things.

All my media files (Which is around 75GB of Photos and Videos) are not encrypted, i don't see why it would need to be encrypted.

It doesn't need to be encrypted for 2 reasons:

1) It's already encrypted. Remember the archives? Yeah they're password protect which means they're already AES encrypted (I used WinRAR which agitates me as it is no longer my main compression tool) but this wasn't done to "Protect" them from prying eyes but to instead keep Kaspersky from scanning every SINGLE FILE over and over again. Time for a full scan Kaspersky says I'll scan everything and as my total file count after a scan is in the millions and it takes ages as is. Passwording the archives as I came across the files was simply the best alternative to infinite Kaspersky scans.

2) It's nothing important literally just stuff I've accumulated over many years (There are actually entire web sites scraped down in there that are no longer accessible) some of them I received from friends like the collection of Music on DVDs (I have an entire music collection of Burned DVDs at this point) I also have just about every game CD converted to an ISO at this point (So that the games disc doesn't have to be damaged or god forbid LOCATED) as well as patches for the game so I can install and then go straight to version x.xx, though steam has stopped this trail in its tracks. Other than that not a whole lot is in the archives.

The second drive was actually encrypted BEFORE the other stuff was placed on it.

Edit: Also 9 hours remaining

[Technical]

@Tomwa: seems you have an issue with Kaspersky. Maybe you should consider this and change an application and not having to format the computer.

About Returnil, I think it could be an issue when it tries to restore/touch/change avast! files. Antivirus make anything to protect their files (and, consequently, the computer health). Also, it could have some incompatibility with the antivirus part of Returnil. Sometimes, disable is not enough and the conflict appears at low level (drivers, services, etc.).

[Tomwa]

Quote:

Originally Posted by Technical

@Tomwa: seems you have an issue with Kaspersky. Maybe you should consider this and change an application and not having to format the computer.

About Returnil, I think it could be an issue when it tries to restore/touch/change avast! files. Antivirus make anything to protect their files (and, consequently, the computer health). Also, it could have some incompatibility with the antivirus part of Returnil. Sometimes, disable is not enough and the conflict appears at low level (drivers, services, etc.).

Kaspersky is my favorite anti-virus due to the ability to fine tune the rights of applications in regards to not only programs, and system files but the internet as well. Every year when the new versions come out I reformat and try various AV products (I always give BD another shot) and Kaspersky has yet to be passed in that aspect (Worst has always been Norton its like its built to not be controlled by the user). Kaspersky is also not the only program which becomes slow it is just the worst offender.

I apologize I did not know Returnil had a Anti-virus component (As I said I'd never used it) I was simply mentioning it sort of a Restore software. If the AV's protection of it's components is an issue Kaspersky's Self Defense is easily disabled though I would rather not mess with my kaspersky.

[Technical]

The conflict was just a speculation from mine. I'm not sure.
But, seeing your signature, I see various layers of network traffic manipulation in a way or another (KIS, SpywareBlaster, Sandboxie, WinPatrol, PeerBlock, Tor, OpenDNS, HostsMan).
Isn't it overkilling?

[Tomwa]

Quote:

Originally Posted by Technical

The conflict was just a speculation from mine. I'm not sure.
But, seeing your signature, I see various layers of network traffic manipulation in a way or another (KIS, SpywareBlaster, Sandboxie, WinPatrol, PeerBlock, Tor, OpenDNS, HostsMan).
Isn't it overkilling?

I'm sure I could be secure with just KIS, Sandboxie, and common sense, but so long as additional protection doesn't affect stability or performance I see no harm in mitigating the risk. Most of the tools mentioned above serve entirely different purposes.

SpywareBlaster simply affects the restricted zones of the browser and WinPatrol actively monitors the System for changes, while PeerBlock is just an IP blocklist, Tor is for privacy when browsing (Non important pages), OpenDNS + DNS Crypt is not only security but performance as well as Charters DNS leave a lot to be desired. and HostsMan is a blocklist of bad webpages (Though I use only the trackers and ads).

I'm just approaching the problem of security from different angles while ensuring I don't reduce my system to a stand still.

[tomazyk]

Quote:

Originally Posted by Noob

800GB encrypted?
Holy Cow, that's a LOOOT, more than all my drives together.

In my case, i only encrypt around 1GB of information. ONLY the important things.

All my media files (Which is around 75GB of Photos and Videos) are not encrypted, i don't see why it would need to be encrypted.

Yes, I have similar setup - only one 1 GB container, where I store really private stuff (mostly financial records). Everything else is unencrypted. I just don't see a reason to encrypt the whole system partition.

[0strodamus]

I got tired of waiting 30 minutes plus to save sector by sector image backups of my system partition before I reinstalled to a smaller drive/partition. I can't imagine waiting 36 hours on a semi-regular basis. Wow!

[TheMozart]

I wouldn't bother encrypting the whole hard drive, I just encrypt a 10GB Container and keep all my Portableapps and private data on that, and leave the rest of the system running normally. That way I only ever need to back up a 10GB Truecrypt file

[redcell]

Truecrypt is now the main target of forensics investigators, so much so they even have passware/cracker dedicated against it (eg. TrueCrack, Encase Enterprise v7).
http://www.dfinews.com/article/encas...on-7-announced

In my view, Truecrypt's decoy full disk encryption concept is already flawed because investigators know it's using Truecrypt just by looking at the partitions. Also, Truecrypt creators simply refuse to customize destruction password, giving lame excuse that it's security vulnerability.

[chronomatic]

Quote:

Originally Posted by redcell

Truecrypt is now the main target of forensics investigators, so much so they even have passware/cracker dedicated against it (eg. TrueCrack, Encase Enterprise v7).
http://www.dfinews.com/article/encas...on-7-announced

Useless if the password is strong.

Quote:

In my view, Truecrypt's decoy full disk encryption concept is already flawed because investigators know it's using Truecrypt just by looking at the partitions. Also, Truecrypt creators simply refuse to customize destruction password, giving lame excuse that it's security vulnerability.

How can looking at the partitions let you know TC is being used?

[mirimir]

I don't understand waiting 36 hours to decrypt 800GB. One of my old quad core machines contains ~1.4TB data on a 2TB RAID10 array with encrypted LVM2 (Ubuntu). I could copy that across LAN in ~16hr at ~25MBps. If I could fit a 2TB SATA in that box, copying to that would probably take less than 10hr. I've seen similar throughput for 500GB Truecrypt volumes. What am I missing?

PS Maybe there's contention for disk access, because you're copying data from one place to another on the same disk.

[redcell]

Quote:

Originally Posted by chronomatic

Useless if the password is strong.



How can looking at the partitions let you know TC is being used?

I'm referring to the Truecrypt decoy and hidden OS method. Read here http://www.shortinfosec.net/2009/02/...stem-with.html

Truecrypt has the unique design of partition setup for those implemented the decoy/hidden OS method. It's so unique that no similar design found on other full disk encryption.

http://www.truecrypt.org/images/docs...ing-system.png
We can see the data openly on partition 1 (decoy). But partition 2 appears scrambled.

If I'm a forensics investigator, I'll know immediately Truecrypt is being used.

[LockBox]

TC has never claimed to be able to keep anybody from knowing you're using TC for system encryption. The bootloader gives it away. Truecrypt volumes are another story. They are seen as random files and they cannot be proven to be TC files.

If you're using Truecrypt for reasons that are on the up and up, I suggest using the hidden partition for one reason: to include a single text file saying that you are not using the decoy feature except to include the note. Forensic examiners know that only one hidden partition can be created. It prevents any kind of rubber hose - or other measures - as it proves you aren't using the feature.

The above is important for many because the hidden partition feature it is well-known and there can sometimes be an assumption that you are using it - when you are not.

[PaulyDefran]

I'm on the up and up and *only* use hidden volumes. In a due process society, they can *assume* all they want. They need to *prove* one is there, and they need to *prove* that what is on there is illegal. My job isn't to cow-tow to an agent of the state, or make their job easy. Encryption isn't illegal where I live. If you live in a repressive society, then disregard and do what you need to do. But that *is* a good tip for users who want to adopt that model.

PD

[happyyarou666]

+1 for paulydefran ,of course theyre gona know youve used truecrypt as already mentioned but who cares? just tell them you use it for keeping your data safe from possible theft ..and finish , its not like youre the only person that uses tc ,alot of people do so to secure theyre data, should you find a program that beats tc please do tell until then either be safe or sorry in the long run


p.s: and they can impossibly tell that you use a hidden volume exspecially if you switch between decoy and hidden os every so often to update the timestamps,so unless YOU tell them you wont have a prob , its up to YOU how important your data is and how much rubber hose cryptanalysis your willing to go through

[PaulyDefran]

*You* should tell them nothing...you're lawyer should. But as LockBox said, if you live in a country where they will kill you, you may need to modify you're approach...I don't know where he lives. So far in my country, no citizen has been beaten for a pass phrase in an official capacity, and one US 11th Circuit Court of Appeals decision even protects it.

PD

[hashed]

Quote:

Originally Posted by PaulyDefran

*You* should tell them nothing...you're lawyer should. But as LockBox said, if you live in a country where they will kill you, you may need to modify you're approach...I don't know where he lives. So far in my country, no citizen has been beaten for a pass phrase in an official capacity, and one US 11th Circuit Court of Appeals decision even protects it.

PD

Well, that we know of anyway, but then you did say official

[Tomwa]

They moved my thread so I didn't know about new posts. I'm going to attempt to catch up here.

@mirimir
It didn't take the full 36 hours (That was the estimate placed by TrueCrypt), though it did end up taking ~12 hrs. I do not know about the performance rate of the drive or the decryption. My disk was without any doubt the bottleneck though.

Finally purchased a new drive though so won't be such a problem in the future. It'll be stored on an unencrypted drive as Truecrypt only supports decryption of FDE'd drives which is retarded.

[happyyarou666]

yeah thats what i meant paulydefran, YOU talk through your lawyer only of course , my bad for not completing my sentence

p.s: if you live in a totalitarian state then you might as well kill yourself right now or gtfo as soon as possible OR get rid of anything pc or technology related, might as well move to the woods build a shack and get back to the good ol pen and paper and morse codes for phoning home , dont forget the tinfoil hat they can hear your thoughts xD , anyhow since encryption itself is reason enough to get you behind bars for quite

some time nowadays , in those countries, theres no privacy permitted, but thank god most of us dont live in those type of countries, so enjoy your encryption = privacy & security, as long as you keep your mouth shut and use some common sense, and staying updated on the latest and greatest thanks to wilderssecurity forums , rubber hose cryptanalysis shouldnt even be able to touch you no matter how bad the laws get/are getting, and remember TC is only a part of the entire puzzle, takes alot of research and patience , good luck

[mirimir]

Quote:

Originally Posted by Tomwa

@mirimir
It didn't take the full 36 hours (That was the estimate placed by TrueCrypt), though it did end up taking ~12 hrs. I do not know about the performance rate of the drive or the decryption. My disk was without any doubt the bottleneck though.

OK, that's more reasonable. But still, I think that decrypting a drive in place (to itself) will be slower and riskier than copying what you need to another drive.