Is there a way to make Paragon Hard Disk Manager 2009 Suite work with Truecrypt?

Discussion in 'Paragon Drive Backup Product Line' started by connect4, Dec 10, 2009.

Thread Status:
Not open for further replies.
  1. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    I've purchased this program and it has been excellent. It has worked flawlessly for me to backup and restore images of my c:\system drive


    However, I began to start using Truecrypt to encrypt my system drive.
    Example: c:\system drive is now fully encrypted.


    This also creates a "Truecrypt boot loader" on startup, which asks for a password before it loads Windows XP.


    Now Truecrypt encryption is great, but it seems to have complicated:
    the task of backing up my c:\drive's image.


    Is their a way to seamlessly backup my encrypted system c:\ drive into => an image file, and to restore it?


    I've tried to backup my c:\before it was encrypted, into => an image file.
    Then I would use Truecrypt to encrypt my c:\drive.
    Next I would log into windows, and use Paragon Hard Disk Manager to restore using the image file, and windows would not load up any longer.

    Is there a correct way to do this?
    If I backed up my c:\while it is encrypted, and just restored from that image file, would this work?


    Lastly, I've noticed that when you create a backup image file:
    that password protection is not encryption level protection. Does the professional version allow you to encrypt your backup image files vs regular password protection?
     
    Last edited: Dec 10, 2009
  2. Paragon_Tommy

    Paragon_Tommy Paragon Moderator

    Joined:
    Aug 10, 2009
    Posts:
    918
    You ran a backup, then encrypted the hard, and initiate a restore? If you are restoring an operating system to the same Windows partition, it should prompt for a restart which I think is where the program got into trouble. You might want to try to restore from the recovery CD.

    I don't have experience with TrueCrypt and how it works, but if you perform the restore outside of Windows, it will overwrite anything in its way.

    You mentioned that TrueCrypt has some kind of boot loader that precedes Windows? Most likely Truecrypt wrote an entry in the MBR to boot to their loader first, before redirecting back to Windows.

    Restoring from the recovery CD will overwrite the existing partition, encrypted or not, and writes a new MBR.

    Paragon's password protection is 256bit encryption.
     
  3. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    Thank you for your responses and help Tommy, I will give your suggestions a try.


    Also do you think you can find out exactly what type of encryption Paragon uses for that software? Blowfish 256 Bit encryption? etc etc.
     
  4. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    No, the above steps you mentioned are not the correct way. First encrypt the hard disk or partition and then image it with Paragon. Now when you restore the image, you will not have any problems.

    Keep in mind that when the hard drive or partition is encrypted, Paragon will not be able to determine which are the data areas and which is free space. It will also not be able to exclude pagefile and hibernation file etc. The image will be of all sectors of your hard drive or partition and will consume significantly more space.
     
  5. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    An addendum to the previous post. If Paragon is installed inside the encrypted system partition, and you are currently logged in the OS and you run Paragon from inside the OS, then Paragon will not have any problems in excluding free space, page file etc.

    In this case you should be able to image and restore successfully as Paragon will not be aware of the outer Truecrypt envelope. It will just see the system partition and its mbr and will image those. The restore should be okay as well. I am assuming you have also encrypted the mbr through Truecrypt right? It is the default setting.

    If you image and restore from outside windows, through the recovery cd, then the previous post is applicable to you.

    I have never encrypted a whole system partition before. You will need to perform a couple of tests with paragon to see if it works.

    Make sure you encrypt the Paragon image as well, otherwise there is no point in encrypting the system partition.
     
    Last edited: Dec 10, 2009
  6. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,278
    To backup an encrypted system partition, the obvious solution would be to clone it, using a boot disk. Slow process and big image.
    But I think is better to keep all sensitive information outside of the system partition, making it unnecessary to encrypt it.
     
    Last edited: Dec 10, 2009
  7. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101



    Thank you Raza0007, your posts have been helpful.


    So what you are saying is I have 2 options:

    1. Backup entire encrypted c:\drive outside of windows which takes up a lot more space and time. (Your Post #4)


    2. Log into Windows OS, Run Paragon to backup encrypted c:\drive and later on restore c:\drive through Paragon boot up software?
    (This method takes much less time + less space) (Your Post #5)


    Is this correct?


    Now option #2 is much more convenient since it takes much less time and space to create the image files... but if I took this option to Restore my c:\drive, would my restored c:\drive be in the same 100% fully encrypted state as before?

    Example:
    a) C:\drive is my system drive
    b) Use Truecrypt to encrypt entire c:\drive
    c) Log into Windows, Run Paragon inside of windows to backup c:\drive=> Image File + MBR
    d) Run Paragon Boot up software outside of Windows, to restore c:\drive

    Would this c:\drive now be in the same fully 100% encrypted state as it was before we restored the image file?

    I am under the impression that outside of Windows c:\drive would be fully encrypted, but once you type in your password and log into Windows, wouldn't c:\drive be mounted and not fully encrypted? Please correct me if I am wrong.
     
  8. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    No. If you create a backup from inside windows, you will need to restore from inside windows as well.

    If you create a backup from bootdisk then you need to restore from the bootdisk as well.

    The reason is this:

    If you take a backup from outside windows through a boot disk, Paragon will not be able to decipher your data as the data is encrypted. It will just create a sector-by-sector image of your entire partition. Now, when you restore from outside the windows through a bootdisk, Paragon will restore all the sectors of your partition in the encrypted form. This is the best possible solution if you are concerned with data security, as your partition is not decrypted during backup or restore. The resultant image will be quite large, almost the size of your current partition.

    If you take a backup from inside windows, you have already provided your credentials to truecrypt and you see your partition in a decrypted form. Now if you initiate a backup with Paragon, Paragon will create the backup in its decrypted form. If you store your image on another partition or hard disk, make sure you enable encryption feature inside Paragon, otherwise your image will be unencrypted. In order to restore this image you will again initiate the restore process from inside windows, Paragon will ask you that you need to reboot. When you reboot, you again enter your credentials and truecrypt decrypts your partition. Then Paragon will automatically load before windows and restore your partition. Since, I have never encrypted my system partition so I do not know whether there will be problems like truecrypt bootloader being over-written. You will need to test this procedure once to be certain.

    I do not know whether truecrypt provides this feature, but Windows own Bitlocker encryption creates a small 100 mb reserved, hidden partition just before your system partition. This prevents Bitlocker being overwritten in case of a restore of the system partition.

    I hope this helps....

    Also, try posting your question under this thread here. https://www.wilderssecurity.com/forumdisplay.php?f=48
    It is frequented by experts who no doubt have experience doing this before and will be able to help you more.
     
  9. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101


    K I just tried Option #1 and it worked like magic thanks to your fix:

    I ran the restore from inside windows as you suggested and it asked me to reboot, passed TC loader entered my pass, and it restored. I even checked and it appears to have retained the encryption so I didn't have to re-encrypt c:\ all over.

    Now this is great that it works, but I really liked Paragon's Rescue Boot and Restore without needing Windows running:

    Example: You can literally buy a new motherboard + new hard drive:
    Use your Paragon Boot Disk + To Restore your System Image
    and have your entire original OS up and running in 10 minutes.

    However, because of the TC boot loader and system encryption, you would have to already have a windows system partition up and running to be able to restore your encrypted OS image (Using Option #1).



    Now I think I've found a solution to this:

    Backup a non-encrypted Windows OS that would be able to restore on a Brand new HD.
    Backup encrypted Windows OS, Inside of Windows with Paragon (Option #1) + Backup MBR

    (Later on if your HD Crashes, or you need to format etc etc.)
    Buy your brand new HD.
    Restore your non encrypted Windows OS
    Load Non Encrypted Windows
    *Restore your Encrypted Windows Image OS inside of Windows (+ Restore TC MBR I believe)

    Do you think this would be the correct solution?


    Also I will try to post a new thread in your suggested URL if I can't find something here.....
     
  10. Paragon_Tommy

    Paragon_Tommy Paragon Moderator

    Joined:
    Aug 10, 2009
    Posts:
    918
    Sounds like a good plan. One comment thought, if your non-encrypted backup is larger than 50% of the entire partition capacity, it's better to run one backup outside of the OS from a boot cd with raw-processing rather than 2 images of the same thing. Of course, restore will have to also be done outside of Windows from the recovery CD.
     
  11. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    connect4,

    I think you are overly complicating this thing. Let me explain.

    First, there appears to be a terminology difference between us, so let me clarify that.

    When you are inside windows, your partition is in a decrypted form (not encrypted) as you have already entered your password and TC has decrypted it for you.

    When you are outside windows, before you enter the password in TC, your partition is in an encrypted form.

    --------------------------------------------------------------------------

    So, now if I understand correctly, you backed up your partition from inside windows and then you restored your partition from inside windows and everything worked fine.

    Now you are thinking that this will work fine as long as you do not have a hard disk failure, as you will not be able to restore such an image from outside windows, on a new hard drive, right? And you want to create multiple images for such a scenario?

    Well, if you have a hard disk failure, and all you have is the image that was created from inside windows, all you need to do is to restore that image on the new drive using the Paragon bootCD. Then you need to correct the mbr. You can use either Paragon or your original windows installation CD for correcting the mbr. Then you should be able to boot into your OS. Inside the OS, reinstall Truecrypt and re-encrypt your partition again on your new hard drive.

    In my opinion this would work. If you have a spare hard drive you can test it to see if it works.

    Let me know how it goes.
     
  12. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101

    I tried this method and it also works. Its much simpler than creating 2 images, Thanks Raza0007.

    Although one thing I don't understand is why there is a difference in outcome for the following methods:

    1) restoring an unencrypted paragon image to c: inside an encrypted windows with paragon => restores c: to be 100% encrypted (Post #5 method)
    2) restoring an unencrypted paragon image to c: inside an unencrypted windows with paragon => restores c: to be 0% encrypted (Post #11 method + once inside unencrypted windows, instead of re-encrypting c: drive, run paragon inside windows to restore c: drive using same image)


    Anyhow, the most important thing is it works so I am happy that there is a solution for Paragon Imaging Software + Truecrypt / System Encryption that works hand in hand.
     
    Last edited: Dec 13, 2009
  13. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    Thank you for your help and support Tommy, I wanted to ask you if you don't mind:

    You said that Paragon's password protection is 256bit encryption. Can you find out exactly what type of encryption Paragon uses and all the specifics so we can determine the actual strength of Paragon's password protection? (Specifically for Paragon Hard Disk Manager 2009 Suite)

    Example:
    http://www.truecrypt.org/docs/?s=encryption-algorithms

    I am no expert on encryption, but I know that if I use Truecrypt's default encryption AES 256 Bit (with its other security encryption variables) + strong password, my data is pretty much secure and most likely cannot be hacked.

    I just want to make sure that my Paragon password protected images are similarly equivalent to that level of protection.
     
  14. Paragon_Tommy

    Paragon_Tommy Paragon Moderator

    Joined:
    Aug 10, 2009
    Posts:
    918
  15. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,278
    A 1970 Soviet relic in a 2010 software?
     
  16. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    It has to do with the way Truecrypt encrypts and decrypts your data.

    1) When you are inside windows, and you run Paragon, Paragon can not tell whether your partition is encrypted or not. It just sees an unencrypted partition. So, when Paragon reads the data, Truecrypt decrypts that data in real time in RAM. The data in the resultant Paragon image is unencrypted data (unless you use Paragon's own encryption algorithm to encrypt it). During restore, from within windows (within Truecrypt's envelope), when Paragon writes to the partition, Truecrypt re-encrypts the data in real time as it is being written. So you get a partition that is encrypted.


    2) When you restore the image from outside, using a bootdisk, you are outside the envelope of Truecrypt. So, Truecrypt can not re-encrypt it. Thus after the process you get a partition that is not encrypted.

    I hope it is clear.
     
  17. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    You have got to be kidding!

    GOST is practically obsolete. I do not believe even Russians are still using it. I know it has never been officially broken, but it is considered insecure, as the available computing technology nowadays can probably break it by brute force.
     
  18. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101

    So basically its not a secure encryption system?

    Tommy, you have a product called Paragon Encrypted Disk which uses a much more powerful encryption system:

    http://www.paragon-software.com/home/encrypted-disk/features.html
    "Symmetric Block Cipher Algorithms Used for Encryption

    * Data Encryption Standard (DES) with a 56-bit key length
    * Triple DES with a 168-bit key length
    * Advanced Encryption Standard (AES) with a 256-bit key length
    * Blowfish with a 448-bit key length..."



    Is there any way you can integrate and incorporate an encryption system that is as secure as your Paragon encryption software as I have referenced? Maybe in an update patch or the next build? I really do love your software, but I would really like strong encryption on my images to complete the package....

    Would this be possible?
     
  19. Paragon_Tommy

    Paragon_Tommy Paragon Moderator

    Joined:
    Aug 10, 2009
    Posts:
    918
    I think it's a better question for the developers. I'll get back to you on that.
     
  20. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    K Thank you Tommy, please let me know.
     
Loading...
Thread Status:
Not open for further replies.