True Image and Whole Disk Encryption - do they play nice?

Discussion in 'Acronis True Image Product Line' started by AnyFrickinUserName, Dec 31, 2007.

Thread Status:
Not open for further replies.
  1. AnyFrickinUserName

    AnyFrickinUserName Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    11
    I've been using PGP virtual containers but after having one go corrupt I've lost faith in PGP plus their customer service sucks.

    So I've been looking at TrueCrypt but think I will head for DriveCrypt Plus because it at least appears to have high usability (plus cost though).

    Question is how do I go about backing up a laptop with all the partitions including OS (Windows XP) encrypted? More and more clients are demanding that whole drives are encrypted so this should not be an abnormal situation for True Image to deal with.

    Here is my guess - if backing up using True Image in Windows, since all files are open, it will backup a non-encrypted copy? But if you boot using the True Image CD, it will do a sector by sector copy (and you must ensure no compression?)?

    On the restore front who knows? If it was a sector by sector copy and the restore is to a different machine, I have no idea what Acronis would do nor DriveCrypt. If it is to the same machine I expect it to work. The problem is if the machine is stolen/lost/damaged and another is acquired, you want to be sure you can get the data back out.
     
  2. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello AnyFrickinUserName,

    Thank you for your interest in Acronis Software.

    Please be aware that Acronis True Image does not officially support third-party encryption software, so it's not recommended to create images of encrypted drives from Windows. It is always possible to create a sector by sector image of a hard drive using Acronis Bootable Rescue Media though, which is the recommended method for such cases.

    Please also notice that corporate versions of Acronis True Image feature encrypting backups with industry-standard AES cryptographic algorithm (key size 128, 192, 256 bit).

    Thank you.
    --
    Marat Setdikov
     
  3. Gregor

    Gregor Registered Member

    Joined:
    Sep 27, 2007
    Posts:
    25
    As far as I know, the home versions also do.
     
  4. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    Where is the encryption option in ATI Home version 10 or 11 or otherwise? I think you are mistaken, it's not in the Home versions.

    However, encrypting a backup is not the same as being able to image an encrypted disk/partition. With an encrypted partiton/disk, the data is always encrypted, not just when its stored in a backup image. So it appears that neither home nor corporate versions support encrypted disks.


     
  5. Gregor

    Gregor Registered Member

    Joined:
    Sep 27, 2007
    Posts:
    25
    I only have the German version of ATI Home 11 here, so I don't know the exact English wording. Anyway, when you go through the process of creating an image backup with the backup wizard, you get to a point where you can choose to use the default options or you can choose to modify the options manually. If you choose to modify the options, you will see a list of options. The first one here reads (something like) "Archive Protection". There I can set a password and then choose whether I would like to have my backup encrypted and if yes, with which AES key size.

    Yes, I know the difference. I use TrueCrypt myself. TrueCrypt encrypted partitions are not recognized by ATI as having a recognizable file system format. That only leaves a sector-based image for backup purposes if you want to perform a real image. File-based backup does work with TrueCrypt encrypted partitions but as discussed previously is terribly slow compared to real imaging. I can tell that sector-based imaging of TrueCrypt encrypted partitions works but you will have the disadvantage of always having huge uncompressed images even if only a relatively small percentage of the partition is occupied by data.

    I have no experience with DriveCrypt, so I can't say anything about that.
     
    Last edited: Jan 1, 2008
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
  7. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Several strides backwards.

    I can neither comment on PGP Corporation nor SecurStar, when it comes to customer service, but when it comes to trusting which one is competent enough to get the implementation right, I think you'll be taking several strides backwards, with SecurStar. If the design decisions exhibited by their poor presentation are any indicators of what to expect, I wouldn't be too optimistic.

    Which mode of operation do you use and how do you go about data integrity?
     
  8. peter_nn

    peter_nn Registered Member

    Joined:
    Nov 10, 2006
    Posts:
    11
    using encrypted virtual disks is the best solution.
    Making an image of a normal non-encrypted system partition is a fast, easy, simple and reliable procedure. To backup a virtual disk you just burn it to a DVD.
    Making an image of a whole encrypted disk is a nightmare - very slow creation & restoration, the chances something to go wrong are many times higher, images are huge etc. (not only when using ATI, but with any imaging app). Also WDE affects system performance far more than using only encrypted containers for sensitive data.

    Any file may get corrupt, it's your fault there was no backup. If you don't like PGP, use TrueCrypt containers. But WDE is just an unnecessary complication
     
  9. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    As an alternative to WDE, are you aware that many laptops include a hard-drive password feature? This is very easy to use and it is effective against most real-world threats. When set up properly the hard drive password can't be cracked without utilizing specialized hardware of a type usually found only in commercial data-recovery labs. (This also involves paying a substantial fee, and of course you have to send them the drive.)

    My recommendation would be to use that feature (if available), PLUS TrueCrypt container files for any sensitive data. It's very unlikely that a casual laptop thief would pay a data-recovery service to crack a hard drive password, but if they did then when they got the drive back they would discover that all of the worthwhile data was still locked up in TrueCrypt containers.

    PS: Don't confuse the hard drive password (aka "drive lock", "password lock", "hard disk password" "ATA lock" etc.) with the Bios password or the Windows Logon password - these are very different animals and both are relatively easy to bypass.

    Also, be aware that it's possible to set up the hard drive password in a less-than-secure way. Read the documentation carefully and make sure to lock the disk in Maximum security mode. And of course, back up all data frequently.

    edit: typos
     
    Last edited: Jan 6, 2008
  10. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    We use Winmagic Securedoc for the encryption. It supports imaging. That is from within windows you can backup the normal way without sector by sector. You you still have encryption.

    Then they have a bartpe plugin which you can combine with the mustang bartpe plugin. This way you can even restore or Backup your system outside of the OS

    Even Disk Director will work for partitioning.
     
  11. tryseven

    tryseven Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    2
    You may want to have a look at "FreeOTFE" as well, it's got a nicer interface than Truecrypt (IMHO) and does the same thing (you can get the source to both as well, unlike drivecrypt)

    incidently, why encrypt at the partition level? all 3 systems can work with disk images in a file - even with massive disks, which makes backing up a lot safer, and is guaranteed to work with any backup software?
     
Thread Status:
Not open for further replies.