2TB Drive, TrueCrypt, AES and Yubikey.

I have recently purchased a yubikey because I always thought it was cool and given the level of security it provides I always wanted to configure it with my passpack account just so I have peace of mind whenever I’m not at home. Considering the fact that the yubikey provides 2 configurable slots (usually the first is already configured with the yubico OTP) and the second is empty so you can configure it with whatever static password you wish, and since my Hard Drive contains a lot of sensitive data from work, I was thinking of encrypting the data using truecrypt (since you can also use the yubikey with truecrypt). I have a 2 TB internal hard drive divided into 4 partitions, 500 gb each. Initially I wanted to encrypt the system partition only (C:\) and also to create an encrypted volume of about 150 gb on the last partition so I can move everything that is work-related in there. But then I realized that since the place I moved the files from is not covered by the encrypted area, it would be possible to view file names /maybe recover some of the files with data recovery software. On that note, I concluded that the safest way to go would be to encrypt the entire hard drive. Initially I wanted to use AES-TwoFish-Serpent, but given the fact that encrypting 2tb with cascading ciphers would take virtually forever, and also given the fact that even if I would get it done, it would dramatically limit read/write speeds and thus performance, I decided that AES should do the trick, since it has the highest benchmark speeds, and it is still very safe to use. Therefore, provided that I don’t have a lot of experience with truecrypt, I had a few questions I wanted to ask you guys, before I do anything stupid.

1) Should I also include the host protected area (hpa) in the encryption process? (I don’t have a brand PC so there are no utilities that would access the hpa prior to boot – I don’t have RAID enabled since I only have one 2TB hard drive – my machine was built from scratch with components I bought so I don’t think that encrypting the hpa would be a problem – but it’s always good to double-check.

2) The Yubikey Personalization Tool offers two options when it comes to configuring your static password on the second free slot as follows:

- The first option is called Scan Code and it allows you to manually input any password you wish and the yubikey will use it as your static password (limited to maximum 38 characters).
- The second option is called “Advanced” and it allows you to generate a random alphanumeric static password based on 3 random hexadecimal keys (limited to maximum 64 characters).

Here’s where it gets tricky: I read that the longer your password is, the harder it is to decrypt the data.
The random generated alphanumeric password can have a maximum length of 64 characters and it would look something like this: !TAAeqepbeweybqebpnaeersdebwewerwe12we8qwqtyhyfewq

After I checked the password’s quality rating (using a function that passpack provides) – I discovered that the value is 157 (estimated in bits).

However, if I use the “Scan Code” option which allows me to configure my password manually, it enables me to use symbol characters such as ^/%(#$\)_@ but it limits my password to only 38 characters, instead of 64 with the automatically generated alphanumeric password. However, the 38 characters password has a significantly higher quality rating – around 250 (estimated in bits). So given the circumstances, which one do you think would be a better choice? Longer alphanumeric password but weaker, or shorter with ascii symbols but stronger in bits?

NOTE: I realized that even though yubico limits the characters to 38 on the manual symbol password, I can still do the following trick – first, I input a sequence of characters from my mind – ~!*#)(@!\ + push the yubikey button and the rest of the 38 chars static password is attached to the first portion I wrote. That would also work as a two factor authentication and would prevent anyone from doing any harm should they steal my yubikey, and best of all, it would further strengthen my password quality higher towards an estimated value of 300 bits.

3) after I encrypt my entire drive with AES (including the C:\ system partition), let’s say I want to reinstall windows at some point. can I just log in, pass the pre-boot login screen, and then enter my Windows DVD, perform a clean install (within the huge encrypted volume) and then start using the new OS? Or do I have to decrypt everything, reinstall windows and then re-encrypt it again?

4) after I encrypt my entire hard drive, should I open truecrypt and save a backup of the header? (I think yes).

5) I noticed that only the RIPEMD-160 Hash Algorithm can be used for system encryption – as it seems SHA-512 and Whirlpool are not supported – I know Whirlpool would be better but I can’t use it since I get an error that it’s not supported – I use windows 7.

Thank you in advance and sorry for the very long “case study”.

 

If you're worried about the HPA, you can wipe it with the trial version of BCWipe Total Wipe Out.

For the Yubikey, I memorize 32 and have it input 32. But whatever works for you is fine. Just realize that if the YK is confiscated/stolen, they now only have to attack you're memorized phrase. That's why I like 32/32.

I would think a Windows install would over write the TC boot loader, so your reinstall method wouldn't work...but I could be wrong.

I keep backups of all headers on different machines.

RIPE-MD is all you can use...so it's all you can use ;-)

PD

 

If you encrypt the entire drive, it will encrypt everything.

I have no experience with tokens like Yubikey so I cannot answer this.

When TC "encrypts" the drive, all it is doing is filling the drive with random data. This is why the initial phase takes so long. Once you start putting data on the drive, it encrypts that data *only*. This is how disk encryption works -- it only encrypts data that you put there. The rest of the drive is simply filled with random 0's and 1's (much like you would do with a disk wiping program).

So let's say you have 50GB of real data on the drive and 450 GB of "empty space." The 450 GB will not be encrypted, it will only be random data. There is no difference (from an attacker's perspective) between random data and encrypted data. Encrypted data, by default, looks like random data. This confuses a lot of people and it's really only a technicality, but when TC is "encrypting the drive" it is not really encrypting anything. It is only filling it with random data. It isn't until you actually start putting data in the container that AES starts getting used to encrypt it with your key.

Now if you get ready to reinstall Windows you do not have to go through the long "random data writing" process again. You can choose the "quick format" option and be perfectly safe. The rest of the drive will still have that same old random data on it that it had the first time. The TC docs warn against using quick format *unless* you have already encrypted the whole hard drive before or overwritten it with random data.

As for whether you can open the container and reinstall Windows without "re-encrypting" I don't know for sure. I don't see why not. But either way, even if you do have to "reencrypt" a quick format will be fine the second time around.

Yes. See the TC docs for how to do it. It's easy and should be done.

Hash algorithms are not used for encryption. All the hash does is help derive the header key. From the TC docs:

So basically, it really doesn't matter whatsoever which hash you choose.

 

Hello and thank you for your replies on such a short time. I have learned a great deal from you guys and I will start the drive encryption today. Will keep you posted on the result.

 

I normally recommend that users shrink their OS partion to a more reasonable size such as 25 to 50 GB (based on what's installed and how much space is actually needed) and then use system encryption to encrypt just that partition. The other partitions can be encrypted separately. If desired things can be set up so that all partitions use the same preboot password and will all mount at once. (Not sure how this would tie in with a Yubikey, however).

Advantages: 1) If you ever need to decrypt your system partition (for repairs, reinstallation, upgrades) it'll go much faster. 2) It'll be much easier to image the system partition and restore the system partition from an image if needed. 3) Your encrypted data partitions will be stand-alone rather than being linked to system encryption, and thus they will be easier to access and recover in the event of problems. 4) Your encrypted data partitions will have headers that can be individually backed up, unlike system encryption. 5) For additional security, you can dismount an individual partition whenever desired if you don't need to have access to it right then.

Disadvantages: Your encrypted data partitions will be more vulnerable. If you ever try to use partitioning software to change their sizes they will probably break. If you reinstall Windows it might mess with them and might overwrite their headers, so you will need to be quite certain that you have saved the backup headers.

Use data-wiping software as needed.

I'd say no. There is normally no user data in there. However, I have to ask why you even have an HPA in a home-built PC. If it doesn't serve any purpose then you should have removed it right from the start.

I can't address the Yubikey issue, but I will say that you'd better be very certain that you can provide the entire password without the Yubikey being present, as you will probably need to do this some day.

Decrypt. Anytime you boot to a CD/DVD (such as a Windows installation disk, or any of various bootable utility CDs) that you want to use to write to the disk you must decrypt first. Another good reason to shrink the system partition to a reasonable size and encrypt it separately.

System-encrypted partitions or drives don't have headers that can be individually backed up using the same techniques that you would use on non-system encrypted partitions, drives or files. The only way to back up the header of a system-encrypted partition or drive is to burn another copy of the rescue disk, or at least store another copy of the TC rescue disk.iso file.

 

IIRC, HPA and DCO are on all spinning disks (SSD too?). They are used by the drive mfg for things like spare sectors, etc... They are inaccessible by the BIOS or OS. The worry is that you had sensitive data, un-encrypted, that was swapped when a sector went bad. Miniscule worry, yes, but there just the same. I've used the trial of BC's Total Wipe Out and it does do a one pass zero fill on those two areas.

I second having the Yubikey characters backed up somewhere. Buried in a National Park sounds good

PD