Tutorial: Windows system drive encryption using DiskCryptor (TrueCrypt Alternative)

Discussion in 'privacy technology' started by Morthawt, May 31, 2014.

Thread Status:
Not open for further replies.
  1. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Video link: https://www.youtube.com/watch?v=HaQEzA2ye4U
    (Watch in HD/fullscreen to get maximum quality and better viewing)

    With all the turmoil going around about Truecrypt being killed, I went on the hunt for TrueCrypt alternatives that are similarly free and open source (FOSS). I have made this video tutorial to show everyone how it works, to demonstrate it step by step and showcase it's ability to encrypt Windows system drives. I cover encrypting the system and boot drives, changing the password and showing the difference between booting up with and without the bootloader and the difference between using passwords vs keyfiles for system encryption.

    I hope this will help you and your friends/family in deciding if this is the software you want to use as your alternative to TrueCrypt.
     
    Last edited: May 31, 2014
  2. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Just a note: I'm note sure what you mean with "similarly free and open source". Although DiskCryptor IS FOSS, TrueCrypt is not FOSS, not even OSS.
     
  3. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Truecrypt has always been open source. That is why there is a project right now to audit the code to ensure it is safe. It is just a shame now TC has shutdown before it could even be completed.
     
  4. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
  5. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Ah I see. Well I have always looked at it in strict terms of is the source open for people to scrutinize. However if people are ascribing other aspects to "open source" then I was not aware of that. Either way it is looking more and more like DiskCryptor is a very good solution indeed. I especially like how I can make a boot cd that will work the next time when I format my system and re-encrypt because it is merely a conduit to type in the password, whereas truecrypt created unique system-locked boot discs every time. I like that you can choose to make one like that with DC but you can choose a password style and your same boot cd will work just fine. That saves resources instead of having to waste more cd's.
     
  6. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Well it's not like "people are ascribing other aspects", that's kind of always been what it means. That's why TrueCrypt is basically just "source-available"...

    https://en.wikipedia.org/wiki/Open-source_software#Open-source_vs._source-available

    Yes, the general public does not differentiate between those two terms, and essentially think that "Open Source" literally just means "the source code is available". And as usual, this is mostly due to media ignorance. (They know nothing about anything, especially technology, so they usually get stuff wrong.)

    ..but in the tech community where those terms basically originated (and where they are most widely used, and of course, what we're actually talking about), "Open Source" and "free software" have very defined meanings.

    https://en.wikipedia.org/wiki/Free_software

    https://en.wikipedia.org/wiki/Open_source

    This is also why there is a term "freeware". Something that is free (as in beer) is not always free (as in speech).
    Some freeware may also be "free software"...but they are nowhere near the same thing.
     
  7. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Well that is interesting indeed. I had only been basing it off the TC website that called it open source and since I found the source for download numerous times that made sense to me. So if you had to summarize what "Open source" means in a small statement what would you describe it as?
     
  8. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Admittedly, there is debate among the community on exactly what those terms entail, so if you're interested I would recommend checking out those Wikipedia pages to get the full story.

    But you might just go to the actual sources for straight up definitions:

    "The first formal definition of free software was published by FSF in February 1986 [...] In the late 1990s, other groups published their own definitions that describe an almost identical set of software. The most notable are Debian Free Software Guidelines published in 1997, and the Open Source Definition, published in 1998."

    Free software:
    https://en.wikipedia.org/wiki/Free_software#Definition

    Open Source:
    http://opensource.org/osd-annotated

    As for the differences between those two:
    https://en.wikipedia.org/wiki/The_O..._Definition_versus_The_Open_Source_Definition

    That last one is why the term "FOSS" and its variants came about. It is specifically to attempt to identify a piece of software as both "free software" and "Open Source software"...namely that it is accepted by both organizations in their respective license libraries.
     
    Last edited: May 31, 2014
  9. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    @Morthawt

    Good video and tutorial!

    A few minor comments.

    Should you decide to revise same in the future, you might wish to recommend to your viewers that they do a full system backup prior to encrypting same.

    You might also wish to direct your viewers to https://diskcryptor.net/wiki/LiveCD where the DiskCryptor developers advise users, "Prior to encrypt the system partition, it is strongly recommended to create a bootable Windows CD/DVD disk (LiveCD) with DiskCryptor.That will allow you to gain access to data in case of any emergency (being unable to boot the system), and also allows for partition encryption and decryption operations to be performed."

    Your viewers might also be interest to know that DiskCryptor includes a "Decrypt" function that will preform an in-place decryption of the user's system in the event that user changes their mind about system encryption.

    Again, great job on the informative and educational video tutorial. And thanks.

    __
     
  10. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Thank you. I do plan on making another one to cover the CD/DVD encryption ability at some point where I could mention about the LiveCD. The reason I did not include it was that I could not get that to work myself, as a techie if I cannot get it to work in vmware I wouldn't recommend it to typical end users. So I recommended they make a backup BootCD instead so that they can always boot up from that cd to get access to the system.

    However, if you think it is worth at least a mention I may bring it up in the next video. I will cover the decryption option as well either in that DVD encryption video or a dedicated video on decryption.
     
  11. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    @Morthawt
    Might also consider doing a how-to compile.
     
  12. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Compile the source code? Unfortunately I am not a programmer so I do not know anything about that. My experience of compiling starts and ends with AutoIt scripts I make.
     
  13. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    I absolutely agree that it can be a real pill to make that CD or DVD <grin>. Probably the easiest way I have found is to use the Acronis True Image software setup which provides everything one needs to make a Live CD/DVD incorporating Acronis True Image, and includes the ability to provide other add-ons (like Dcrypt). Somewhere on the Diskcryptor site one can download the DiskCryptor BartPE plugin that can be added to to the Live CD to achieve this function. But this approach requires availability of Acronis True Image with Plus Pack.

    If you ever do successfully get the darn LiveCD successfully made, its a great thing to have.

    There's also a user thread posting a modified Hirens CD with Dcrypt capabilities in the Dcrypt forum.

    Your alternative approach is great btw! But you might avoid various possible complaints simply by noting the developers' recommendations. Not a big deal.

    Regards.
     
  14. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    I will mention it in my next video or I may add it to the description of the current video since that would be more relevant, but that will be about all I can do regarding that since I could never get it to work.
     
  15. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
  16. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Yeah I guess I should have warned you about that. Sorry lol

    As you can probably tell, there's a lot of religiosity (religilous? religiousness? cult-like?) around this kind of stuff.

    Personally I'm not really invested either way, but I do see a point in establishing a way to define the difference between something that is "free" (of charge) and "free" (of restrictions). When people just go around saying something is "open source" simply because the code is viewable, or calling it "free software" simply because you don't have to pay money to use it, I think it diminishes the whole spirit behind truly free (as in libre) works.

    Maybe they should have thought of better (i.e. more original) terms. But I guess that's why we have entire Wikipedia articles like this:

    https://en.wikipedia.org/wiki/Alternative_terms_for_free_software
     
  17. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Well I cannot speak for other people but I have always been told open source means the source code is available. But now I see descriptions and "commandments" of what open source "should" be. So it is all very confusing. I will probably stick with the original term that it means the source code is available for scrutiny. So software that costs nothing to use for anyone and any usage that has the source available is FOSS to me.

    Closed source vs open source is a simpler concept when you take extra-licensing points out of the whole thing. One has the source locked away and hidden, the other makes it available to anyone and everyone.
     
  18. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Well, FOSS actually is a term that came out of the OSI/FSF term wars, and has no prior meaning than to say something fits both of the official definitions.

    https://en.wikipedia.org/wiki/FOSS#Naming

    So if you're going to knowingly reject the tech-community definition of those terms, then you might at least stay away from that term, because it has no other origin or meaning, and will get you into trouble (as it did in this thread).

    Anyone who isn't familiar with the term will have to ask you what it means, and you'll end up having to explain that you use it to mean something the tech community doesn't, and someone who is familiar and does know what it means will end up confused because they'll think you mean one thing when you mean something else.

    Personally if all you mean is that the code is viewable, then I just say "source-available." There's no question and no dispute as to what that means. And if you mean free of charge, then just say "freeware". Again, no real dispute on that one and no need to explain as pretty much everyone knows and understands that one.

    Notice the TrueCrypt Wikipedia page calls it "source-available freeware"...

    https://en.wikipedia.org/wiki/TrueCrypt

    When you want to designate something as libre, then FOSS would be more appropriate.
     
    Last edited: May 31, 2014
  19. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Makes sense.
     
  20. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
    The FOSS brigade will argue about which direction you cross the Ts in the licence.. write it to say "you can use it, modify it, but there's some other tiny restriction" like TrueCrypt did.. and you're in danger of starting a jihad

    Seriously, I think if you took one of the standard "free" licences and added a clause stating you could only print it with a font size greater than 12pt. so it was readable Debian would put it in non-free and send the boys round to break your arms...

    "Religious" isn't even close.
     
    Last edited: May 31, 2014
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    That was truly wonderful. What a fine job!
     
  22. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I agree, great job Morthawt!
     
  23. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Thank you. I appreciate that. It always helps to see something in action rather than jump into the unknown.
     
  24. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    thanks very well put together video never considered using keyfiles or iso/cds

    Surely a usb pen perhaps combined with a password for extra protection could be a good option also?
     
  25. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Thanks. Yes, you can choose to set up a USB as a bootloader so you could indeed boot from that in place or as an alternative to cd/dvd. The functionality is no different, just an extra choice of how you want to boot up :) Much more flexibility than TC ever had. One thing I hated about TC was every time I formatted I needed to burn yet another recovery disc, whereas I can make use of the same disc because a password disc lets you use passwords and if it matches what encrypted the drive it just works flawlessly. Similarly if you use key files and you keep the same key file, you can set it up next time to use the same key file and the previous boot disc will work perfectly. I am really liking this software.

    You can imagine the resource saving for a big company using FDE on their systems and the sysadmin only needing 1 or 2 discs that can be used to bootup a system with a corrupted boot record or what ever it is that stores the bootloader.

    Also, one interesting thing I experimented with, you'll like this, you can generate a keyfile, embed it into the bootloader as a password + keyfile and set it to not treat empty passwords as a failure, then you can use that disc to boot up a system using that keyfile and a password as well as boot up a system encrypted with just the keyfile and no password. You simply boot up and press enter rather than typing a password and BOOM it boots up. That is really a nice thing that I doubt is made very publicly known.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.