TrueCrypt - HUGE Changes in New Version

Discussion in 'privacy technology' started by LockBox, Dec 13, 2007.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's what I thought also : double backups, too much work for me. :)
     
  2. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,034
    Location:
    Hawaii
    You don't need to make unencrypted backups. TrueCrypt can be run in traveller mode directly from a CD, DVD or USB flash drive and you can mount your encrypted backup on any computer that you can logon as admin, so you're not locked out of your data if you lose your main volume.

    There are plenty of good ways to back up encrypted data. You can create an encrypted partition on removable media or use container files (which are much more flexible for this purpose). I prefer to merely copy my container files to an external drive, as this is very quick and convenient. Periodically I make a second copy to CD and I always include the TrueCrypt traveller files on the CD. I can take my backup CDs anywhere and run them on any PC that I have admin privileges on.
     
  3. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    I'm using containers, and I backup them. I keep a long history of backups, so if my container sudently become corrupted my last or above backup will work.
    There is no point encrypting data if you make unencrypted backups, IMO.

    Regards,
    gkweb.
     
  4. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Agree with gkweb and dantz. I backup all encrypted data - but still in encrypted form. Backing up Truecrypt headers is all important as well.

    If it's too much trouble, encryption isn't for you. True security never comes easy.
     
  5. TECHWG

    TECHWG Guest

    This new version seems very good indeed! I am still waiting for the raw cd/dvd images myself. Why do they always shut down the forum over the period before and after a new version release?
     
  6. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    This time, they're making some changes. The forums will be swamped with the addition of whole disk encryption - and a MAC OS X version.
     
    Last edited: Dec 24, 2007
  7. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I am curious if TrueCrypt WDE will work along-side Rollback RX :S
     
  8. TECHWG

    TECHWG Guest

    If it uses a boot loader, then probably not, the drive would not decrypt, because the boot loader would be replaced.
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Great tipps dantz,
    Exactly this is really true, very important that this is written down here.

    Mrkv. hopefully this knowledge will help you to not be that cheeky in future.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Cheeky?

    My data = my rules. Anyone can backup the data any which way. I believe in good ole as many copies as possible everywhere. If I could bother, I'd also print everything - and engrave it in stone.

    The idea of keeping all my data encrypted - ONLY - makes my bowels twitch. It's entirely personal. Kudos to anyone brave enough to keep all of their data in encrypted form.

    In my case, it's mainly against theft - on portable devices.

    Mrk
     
  11. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello Mrkvonic,

    You are talking directly or indirectly about two points, and I will give you my opinion on both.

    1 - Encryption can lead to data loss and is therefore risky
    2 - If we use encryption we must keep an unencrypted backup somewhere

    It is true that when we encrypt something, if the container becomes corrupted everything inside it is lost. However, by using a simple backup strategy, data loss is a risk eliminated. For instance always keep an history of backup containers and "volume header" in the case of TrueCrypt (Tools menu -> Backup Volume Header), and put your backups accross multiple drives, and places if you can. Using this backup strategy, you cannot loose what is encrypted because you will always have a working version at hand. If you loose those drives, it does not matter they are encrypted or not.

    Then, about keeping unencrypted backups, we should keep in mind why we encrypted data in the first place. We encrypt data to strongly prevent other people to access it, no matter these data have an emotional or financial value. However, if someone breaks in your house and steal everything he finds including external USB HDD where unencrypted backups are, I doubt he will try to decrypt an encrypted TrueCrypt container while he has the plain unencrypted data. If you keep unencrypted backups in a bank safe instead, one have to wonder of what is stronger between the bank safe box and encryption (a rogue employee could open it, or criminals might break it, whereas none of the both could decrypt it).

    To sume it up, by using an organized backup strategy you cannot loose more data because they are encrypted, or else your backup strategy is wrong. Secondly, if for you the risk of unencrypted backup stealing is acceptable, then it should be acceptable too to not encrypt your data at all.

    The bottom line is that encrypting data leads to a risk of data loss, however the steal of these data unencrypted would be worse, and data loss can be eliminated using backups.

    That being said, merry christmas to everyone :)

    Regards,
    gkweb.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Good and valid points, all.

    I mainly use TC volumes - rather than containers. ALL of my backups sum to up approx. 150GB give or take, so backing up this backup this can be a little tricky. I do backup the headers, but that does not reduce my paranoia regarding physical damage.

    Now, the risks:

    Theft - well one can never be really sure what thieves could take, but the chances are they'll go for portable stuff rather than DVDs labeled with markers.

    Damage - this is the most likely cause of failure of anything digital - plain simple damage or death of the device, in which case restoration of data, partial or full, can be several orders of magnitude more complicated it it's encrypted.

    So this brings me to my point of bulk plain backups:

    Plus, the cost - 120 DVDs = 500GB cost 15 dollars, 1 500GB HDD costs 150 dollars. The likelihood of all 120 DVDs getting damaged simultaneously or stolen or broken is much lower than the chance of a single device gong bad.

    Furthermore, salvaging partial data from a physically damaged encrypted drive is much harder than unencrypted one.

    I think encryption is not meant to hide you from the world - merely make things slightly more difficult for potential thieves - because they might also steal your birth certificate and the passport, and you can't encrypt these.

    If someone really bothers to go after your private data, it's a whole new level of theft protection. But if a casual thief gets hold of a USB drive or a laptop, well then he/she might want to browse the data out of pure curiosity, in which case some encryption is useful.

    Hey, you might even lose a USB drive at your workplace and someone might plug it in and take a look. Digging through hundreds of CDs, DVDs to get to a disk labeled "my backup 18-03-01" is not really the most common scenario. TVs and laptops fish a much better price.

    gkweb, I think you're talking about a different level of encryption protection, which is different from what I had in mind.

    Mrk
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    You have valid points too :)

    Indeed, if we simply want to protect as home user our data against "casual" thieves, it is a different context than confidential data at work against spy pr criminals. I perfectly understand your point.

    Talking about the risks, I talked of thieves, but admittedly what happens 99% of the time (and it happened to me several times) is a physical damage (HDD not working).

    Regards,
    gkweb.
     
  14. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Sometimes I wonder in these threads on encryption exactly what I need to encrypt. Data loss incidents get a lot of publicity, but how many around here have to really worry about losing a big database? I suppose Trucrypt is going in the right direction as the emerging standard is full disk encryption.

    It reminds me of the threads on hard drive erasure and how many pases you need, when one pass will stop everyone but a three letter agency, and then only if it is really important will they bother.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Thanks Mrk for confirming my suspicions all along. Not that such would happen overnight or over some time, but truth is all software can malfunction for whatever reason and an encrypted drive without first an unencrypted backup IMO would be the same as playing on blind trust nothing would ever go wrong.

    Good Advice.
     
  16. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    Good points on encryption.

    I've been playing with various encryption software just out of curiosity, and it occurred to me that I don't really have anything on board that anybody would want. I don't do anything online that would necessitate a need for encrypting anything. To me, that's the only genuinely safe way.

    Still, encryption software is an area I've never fooled with, and it interests me.
     
  17. OneBee

    OneBee Registered Member

    Joined:
    Dec 25, 2007
    Posts:
    6
    I saw that up there yesterday. I dont see any mention on the home page. Is that new or has it been there a while?
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    That is a good strategy too if it is really so but many people have sensitive informations. Probably all people have passwords, then we have software developpers, authors... to care about encryption is always useful.
     
  19. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Yes, it's on the home page, toward the bottom of the page you'll see:
    " Next release 5.0 scheduled for: January 2008" with a link to the page that lists all the changes (major!) in 5.0.
    ------------
    As for the worries about encryption, I have worked with hundreds of TC containers and partitions, ever since version 1.5 and have never had data corruption. It's rare. Of course when it happens, you'll read about it on the TC forums. But, really, the risk is minimal. Backup a container and you're safe. You won't have two corrupted containers - just won't happen. I think if you feel you must keep unencrypted backups - use the bank deposit box scenario, that's a good, safe option.

    As for what is worth encrypting? Many people don't realize how much on their computer could be used for ID theft and many other things. Think about how more and more of our lives are being kept on our computers. Social Security numbers, credit card numbers, bank passwords, medical records, scanned material (leases, mortgage papers, wills, etc.), databases with much personal or work-related research. Especially with laptops, without encryption, you risk so much. It will one day be routine and an accepted part of owning a laptop.
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    All of the docs you mentioned, Gerard, should NOT be on a PC.
    Cheers,
    Mrk
     
  21. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Not on an unencrypted one, for sure. I definitely agree - that's basic. But, there's nothing at all wrong with these being on a PC with encryption. In fact, it's safer than sitting in a drawer at home.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    OK, but my question was why should you keep the actual credit card number or any password written anywhere? The same goes for other personal country/state/govt-issued documents.

    I can understand scanned docs, like wills and such - but these are really much better off in an attorney's office or such. At worst, you can encrypt single files, where you take the risk of potentially losing this data - but where it won't really matter, more a privacy precaution that actual productivity loss.

    Mrk
     
  23. NeilC

    NeilC Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    31
    This simply isn't true.

    Depending how you set it up, you have two seperate versions of the same data in two places. If one is damaged then you still have the other one. There is little difference between this and a non encrypted system in terms of a complete drive failure.

    The way I and many others do it with TC is to create two encrypted drives - one on the PC and one on a backup drive. You mount both drives and use any common back up application to back up from one drive to the other. You can keep copies of the truecrypt headers on both drives, an unencrypted drive, or anywhere else (like an online email account or something).
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    This is been my deepest concern all along where it involves encryption. IMHO there are already too many deficiencies floating about in microsoft O/S's, adding encryption just increases this fatal potential, no matter the general percentages.

    While it may prove a useful concept and idea privacy/protection against compromise for many, including governments, they had better be prepared ahead of time with some solid safe provisions for backing up the entire system FIRST, because the past & present track record of $M O/S's don't exactly encourage reasonable trust in something as integrate as code scrambling.
     
  25. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Thank you. Of course, you are exactly right and all the fear-mongering over Truecrypt is truly ridiculous. As you said, using two Truecrypt drives it is no different than using two regular hard drives with no encryption and risking hard drive failure. It boggles the mind how uninformed so many people here are regarding encryption and yet - post about it! Not understanding is fine, Not understanding but spreading disinformation and fear is not so easily overlooked.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.