A couple of questions on encryption...

Discussion in 'privacy general' started by fannymites, Sep 21, 2005.

Thread Status:
Not open for further replies.
  1. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    I have never tried tried any encryption software before but I've been messing around with TrueCrypt which is very easy to use but I would like to be able to encrypt an entire Windows partition and boot it from the linux grub bootloader and have it ask for the password on booting. TrueCrypt doesn't seem to be able to do that, unless I've done something wrong.
    Are there any freeware encryption programs that would allow that?
    I've done a little reading on encryption but I find things easier to just jump straight in and learn as I go along.
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    The only free full disk encryption product I know of is Compusec. I don't know if it will boot Windows from grub, you might check the site.

    Other full disk encryption is commercial software. There is Safeboot, SafeGuard Easy, DriveCrypt, PGP and I might forget one or two products. Search this forum for the others.
    I don't know if these products boot from grub!
     
  3. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    Thanks, that seems like just the sort of thing I was looking for. I'll give it a try.
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Just be carefull... I know of someone who used an encryption tool just to never be able to recover his own data ever again...

    So: at least backup your precious data and

    Report back later !
     
  5. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    Thanks for the advice. I don't actually see any reason why I would need encryption, it's just something new to fiddle with and learn about.
    I've copied my main windows partition on to another one which I will be using to try this out so I'm not worried about losing anything.
     
  6. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I tried Compusec on my old computer a year ago. It worked perfectly, until I tried to install Faronics Deep Freeze on the same machine. After that, the system would keep crashing without any chance to work on it for more than a couple of minutes, and the Deep Freeze software only half-installed (no chance to set a password, nor to reboot in a thawed state). I had to reformat the whole drive (without even a chance to try to remove Deep Freeze by booting from a floppy, as the whole drive was encrypted!). So, don't try these two softwares together; I like both, they just don't go along well.
     
    Last edited: Sep 22, 2005
  7. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    WOW What a nightmare! I'm totally locked out of my hard drive. I installed and used the default setup so it encrypted my hard drive and was set to ask for password before booting. I assumed it would only encrypt the one partition I installed it on not the entire hard drive but, fair enough, that was my mistake.
    When I came to boot up the computer I was greeted by the CompuSec login which asked for my user ID and password. I entered the default user ID, which CompuSec said was start123, then entered my password -
    "You have no access to this computer"
    Strange I thought, maybe I mistyped my password so I tried another 3 times and still no good.
    So then I chose to reset the password, it asked for my user ID and then the password reset code - "You have no access to this computer".
    I have not made any mistakes with my password, I specifically chose very short and easy to remember password and password reset codes while I was trying it out, just in case of something like this.
    WTF?!

    [EDIT] I've just looked at my windows partitions in linux and nothing on that drive is even encrypted, so I'm being locked out for nothing.
     
    Last edited: Sep 23, 2005
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Wow. Are you sure it started the encryption process? I remember it took a few hours when I used it (it asks you if you want to encrypt before booting or while Windows is on). If you can see the Windows partition, then clearly something is terribly wrong, either with the installation or this version of this software. :eek:
     
  9. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Encrypting does take some time, depending on disk size. So, you will notice.

    Safeboot takes about one hour on a 30 gig disk. Safeboot encrypts in the background and you can even stop the process and continue later.

    If nothing is encrypted, you might restore the master boot record o_O
     
  10. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    Well after I connected my linux drive to check the partition and rebooted, it turns out the linux bootloader completely bypassed the CompuSec one so I got back into windows again. I've tried changing the Compusec settings to try again
    but it asked for the security dat file I had saved when installing but it says this is from a different version of Compusec!!!
    I can't uninstall it or anything.
    I'm going to try using RegSeeker to remove all traces of Compusec and maybe try again and go through the entire process, VERY slowly.
     
  11. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    Well this goes from bad to worse. I couldn't get rid of all traces, even with RegSeeker. I tried re-installing with the same settings as before and this time it said it couldn't install and to defrag my drive. I defragged all partitions and tried again but got the same error. After rebooting it turned out it had wiped out my linux boot loader, despite me telling it to leave the first hard disk alone, so I couldn't boot windows or linux.
    After much messing around I've finally managed to fix the mbr's on both disks and got them booting ok.
    So I tried installing again but without the boot authentication so I should be able to encrypt just the one partition but after the reboot, there's a tray icon and services running but I can't do anything. There are no options anywhere to do anything.
    I've tried reading documentation on the website and FAQ describes options while installing that don't even exist!
    This is the worst thing I've ever installed.


    As things stand I can't get rid of the damn thing so I have to reformat that partition but at least the other ones are ok now.

    Does anyone else have any experience of this program and can advise me where I've been going wrong?

    [EDIT] I must be a masochist or something. I reformatted the offending partition, re-installed windows to it then installed CompuSec again.
    I found some info that said I needed to install the Compusec driver on both my windows partitions if I wanted to be able to boot them both, I thought this would mean one would be encrypted and one wouldn't but no, the entire disk is still encrypted.
    This time the boot login worked fine with no problem but now when it gets to the windows user login screen it's telling me THAT password is wrong and I know it isn't. AAARRGGHHH!!!
     
    Last edited: Sep 23, 2005
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I remember having no problems whatsoever when I used Compusec (apart from the Deep Freeze incompatiblity); it is definitely a very intrusive software (like any "whole disk encryption") and if something goes wrong during some steps it's going to cause endless problems, but I experienced none when I used it. This is a different version than the one I used, but I'm really surprised it caused all these problems for you.
     
  13. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    Well it was certainly very buggy for me at times. The last problem I mentioned with the the windows user password not being accepted for instance, I tried rebooting and re-entering the same password 3 times and the final attempt it accepted it.
    I must admit though, the original problem I had where the CompuSec login wouldn't accept my password turned out to be completely my fault, I had miss read something while installing and when I mentioned it wasn't encrypted, that was because I couldn't login so it didn't get a chance to encrypt the drive.
    I did eventually get it working ok in the end and the drive was encrypted.
    Since it could only encrypt the entire hard drive and not a single partition it wasn't really what I wanted so I decided to try uninstalling again.
    Once again it kept telling me the previously saved security file was incorrect but at the third or fourth attempt it did finally accept it and uninstalled fine.
    The problems were very frustrating at times but the whole point of me doing this
    was to try out and learn about different ways of encrypting so I've calmed down now.
    I'm not sure I would try this program again though, purely because of the reluctance to accept passwords and the security file at the first attempt.
     
  14. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    You might contact the compusec firm about your problems, perhaps they can use your information for others users.
     
  15. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
    That would be enough to thwart a snoop who had the correct password. He/she likely will assume the password has been changed or that it was incorrect after a couple of attempts. It would also thwart password cracking software that only tries each one once and moves on to the next.
     
  16. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    Very good point actually.
    I have done some searching and found that a lot of people have similar password related problems with CompuSec.
    I have contacted CompuSec and asked if this is intentional and also suggested their documentation could be updated a little and made clearer.

    All in all, despite my problems the program did what it was supposed to do in the end and I don't want to put people off from trying it.
     
  17. zoppe

    zoppe Registered Member

    Joined:
    Mar 28, 2005
    Posts:
    2
    I keep hearing about how DES encryption is not considered “secure”. However, it is one of the encryption options on Drivecrypt (all versions) and is still being listed as an option on DCPP. What gives…. Or have I got it wrong. I hope Securestar is not pushing an unsecured encryption format for the sake of diversity….
     
  18. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    What you heard is right: DES is definitely not secure. It wasn't secure even 10 years ago, it's not secure now. So any programs that use DES should be avoided (unless they use Triple-DES, not DES).
     
  19. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    1) No that is not possible ..
    2) i'haven't seen those yet ...


    The problem with a crypted drive and tools like shadowUser or Deepfreeze
    are always there this is logical.
    You can't use them together.
    ShadowUser , Illusion, DeepFreeze and Watch-It etc. can never work with
    tools like Drive Crypt (and Plus Pack), TrueCrypt lock'n'go Deslock etc. etc.

    And both Grub and LILO doesn't support Crypted Drives.
    and from the faq:
    Q: Can one use partitioning tools like Partition Magic with DCPP ?
    A: No. DCPP encrypts the whole partitions and partitioning tools are not able to understand the DCPP format.

    There lots of tools that can create containers and logical drives from/in a container but to completely crypt a windows disk like Drive Crypt Plus Pack? I have not seen that yet. (but perhaps there are or will be soon).

    One of the reasons why you can crypt the whole OS in DCPP is that there is a special tool/window for pre-boot which ask you for your key etc.

    Another thing is that if your are going to test with tools/programs mentioned above i can advise you to use Acronis True Image version 8
    (i've tested this personally and know that this works).

    If you use Shadowuser , GO OUT of shadowmode, and you can backup
    all partitions mentioned above (yes also DCPP).

    If something goes wrong, after that you can always restore your settings.
    And it is of course clever to create several images started from BEFORE
    you are starting to encrypt your logical drives etc.

    Another thing is that you can in fact have GRUB or LILO and
    multiple OS-es (linux/FreebSD/Solaris/Windows XP) and have DCPP running
    but this is not a easy setup!

    But it can be done!





    .
     
  20. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    PGP Desktop Pro can also encrypt the entire Windows boot partition, but it is not freeware either.
     
  21. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Does anybody know if there's a program that will encrypt traffic leaving your computer but will not cause a problem for a recipient on the other side of the internet? Like, say, I want to send my friend a file and I want such a setup (to encrypt the traffic) but I want him to be able to open the file no problem? Is such a product even possible? Thanks for responses.
     
  22. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    You can send an encrypted file with lot's of tools, by making it an executable.

    The only thing that the recipient has to do (he needs no software do decrypt it), is start this executable and enter the password or passphrase or key.

    I like CryptoSuite of GhostSecurity (this forum) very much,
    it is very easy to use (for both sides) and is very safe.

    You can ALSO zip the mentioned file (not with CS) and place an extra password on it.
    This because some mailclients or mail environments don't allow people
    to receive .exe files as attachments.
     
  23. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
  24. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
    There's Zero Footprint Crypt or FineCrypt that will create a encrypted self-executable file, and have compression tools also. With ZFC first create the PW protected self-executable then compress it. I think FineCrypt has the option to combine the two tasks in one step.
     
Loading...
Thread Status:
Not open for further replies.