Is data loss more common with Truecrypt than with dm-crypt LUKS?

Discussion in 'privacy technology' started by mirimir, Nov 28, 2013.

Thread Status:
Not open for further replies.
  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Questions about data loss with Truecrypt seem to be much more common than such questions with dm-crypt and LUKS.

    Is that just because Truecrypt is far more popular than dm-crypt and LUKS?
     
  2. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Perhaps questions on TrueCrypt are also more common because it's used for more difficult/more vulnerable scenarios with TC users going for plausible deniability/hidden volume?
    Also, with LUKS, users are likely to have some linux proficiency and LUKS is imo pretty much 'set and forget' with LVM. TrueCrypt users better read some man pages before going all the way.
    I'd say LUKS is what you use against 'common' data theft/peeking eyes, while TrueCrypt is often used for more extraordinary scenarios.
     
  3. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Two good explanations already suggested. So many more people using Truecrypt than dmcrypt. And the questions asked seem that many people using Truecrypt trying complicated setup, like hidden volume, probably much more than with dmcrypt.

    Also Truecrypt is mostly use with Windows. Windows has its nasty habits about bootloaders/mbr but dmcrypt use for linux and linux is more forgivable.
     
  4. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    I don't know the actual numbers, but I would expect data loss to be much less common when using dm-crypt and LUKS because the Linux OS "plays nice" with them and knows not to mess with their encrypted partitions, unlike Windows, which considers 3rd-party encrypted partitions and disks to be corrupted data in need of repair.

    TrueCrypt users who choose to encrypt partitions can reduce the odds of Windows attacking their data by changing the encrypted partition types to Linux rather than NTFS, as Windows typically leaves Linux partitions alone. (Certain other partition types will also work, but I haven't done any sort of exhaustive testing on this). And I would still recommend making a fresh backup of an encrypted partition right before performing an OS reinstallation or upgrade.
     
  5. HopelesslyFaithful

    HopelesslyFaithful Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    65
    Location:
    IL
    So a 3TB drive being encrypted in windows is better off just being a 3TB file container? I also read that TC doesn't even support GPT yet if i understand it correctly?
     
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Although some TrueCrypt users do choose to create gigantic file containers, and for the most part they seem to work ok, I personally find the idea unappealing. I guess I just don't like the thought of creating a humongous, relatively unmanageable file which would almost certainly be non-contiguous because its very size forces it to span the partition's MFT and other file system structures.

    My approach would be to either divide the data into a bunch of smaller, more manageable file containers (and I would locate them within a dedicated partition that was used only for storing file containers) or I would make use of TrueCrypt's partition or disk encryption features and take the usual precautions (e.g. I would make header and data backups).

    For partition encryption I would also take some advanced precautions such as changing the partition type to Linux, backing up the partition table, and noting down the exact starting and ending offsets of the encrypted partition, just in case that information was needed later in the event that the partition table somehow became lost or damaged.

    Of course, you would need to be a relatively advanced user to be able to do those sorts of things. This is another reason why I feel that TC partition and disk encryption should not be undertaken by beginners, unless that is they have enough caution and forethought to back up all of their data first.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    There's a little Catch 22 there, because the only safe way is backing up into other encrypted volumes. But I guess that one could start with file containers on external drives for backup, and then attempt the FDE and hidden OS magic.
     
Loading...
Thread Status:
Not open for further replies.