Truecrypt can't see drive

Discussion in 'encryption problems' started by Bliv, May 3, 2015.

  1. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    :(

    OS: Windows XP SP3

    I used Truecrypt to encrypt an external hard drive. I used the option to encrypt the entire drive and not just a partition. Maybe my recollection is flawed but I think I did this once before on another drive years ago and had no problem. That drive is assigned a drive letter by the OS every time I plug it in and then can be mounted in TC.

    But this time I have a problem. Fortunately there is nothing on this drive so no data will be lost. Hopefully there is a way to recover the use of the drive though!

    This time, here is what happened.

    Immediately after I encrypted the full drive with TC I was able to mount it in TC and then dismount it. That's maybe because the drive already had a drive letter assigned before it was encrypted since it was formatted in an unencrypted state in the standard way before I used TC on it? Everything seemed fine at that point.

    However, when I dismounted the drive from the computer, and then remounted it, it shows up in Windows "Device Manager," but not in "Disk Management." And, of course there is no drive letter assigned to it.

    Truecrypt doesn't see this drive now either so it cannot be mounted. Nor can it be reformatted in the usual unencrypted way because Disk Management doesn't see it either. The only place it is recognized is in Device Manager. You can use the "Safely remove" command on it and it works, but that's about it!

    Can anyone shed any light on what is going on here and how to recover the use of this drive? My knowledge of this topic is so poor, I can't figure out what to do.

    Thank you very much for any help! :D

    Edit: I think that maybe to reuse the drive I have to use software to "low level format" it and reinitialize it? Of course that would wipe out the encryption too. I'm going to guess that encrypting the entire drive with TC is wiping out some part of the drive data that is needed for Windows to recognize it? So maybe I need to not encrypt the entire drive but first create a partition outside of TC and then only encrypt that partition? I think maybe this is something related to what all the warnings are about when you encrypt the entire drive, but although I thought I understood them then, maybe I didn't fully. Is this anything close to right? I'll save the rest of any follow up questions for later. Thanks again for any help!
     
    Last edited: May 3, 2015
  2. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    You are not the only person to experience this problem.
    I wrote a reply yesterday , on this thread here.

    I thought about starting a new thread on this very topic .... but didn't.

    On a similar issue ( drive letter assigned by OS ) I got irritated by having all my flash drives always being assigned E: or F:
    so I gave them each their own letters ..... "higher" up the alphabet and these are usually reasonably " sticky".
    ie they remain the same even after dozens of mount/ unmount cycles.

    There's a useful guide here.
     
  3. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    Thank you for your reply. I don't think I have "trashed" the actual drive. I'm pretty sure I can get out of the pickle by low level formatting it. Although that would trash any data stored on it including anything that is encrypted. So obviously I wouldn't want to be in this situation if I had any data encrypted on the drive because I would have to sacrifice all the data to save the drive. Fortunately, I am just playing with Truecrypt with this old drive before I use it on a new drive to store my financial archive records on. I wouldn't want to lose those.

    I think you are right that drive letters are part of the issue. And later I may have additional questions about that. But before I move on to follow up questions, I'd like to focus on my main issue:

    1. Can you use the full external drive encryption option in Truecrypt to make a drive that can be mounted both in Windows and Truecrypt? If so how if Windows cannot see the drive or assign it a drive letter?

    2. Or do you first have to partition the drive outside of Truecrypt and then use the Truecrypt option to apply encryption to a partition in order to get it to work?

    Thanks again for any help!
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Just some basic suggestions. Feel free to take them or leave them, but know I am only providing them as I would for a friend. And for a friend I would provide guidance that leaves me out of the loop for ongoing maintenance issues. There are pro's and con's of both TC encryption models - device and file based!

    Using FDE (device based) encryption on an external drive is rock solid if handled correctly, but does come with liabilities when interfaced with ANY Windows OS. Windows loves to try and "fix things that aren't broken", simply because it doesn't understand the unavailability of a filesystem on the disk platter.

    You had mentioned that you intend to create an encrypted volume to house financial records, and you MUST be certain those don't get damaged. With that as your goal I would strongly recommend changing encryption paradigms over to file based. If you examine the TC code and flow you would know that there is NO difference as to which model is more secure. Both volume models create an unbreakable (by any known reasonable means) encryption set. Spring boarding from that fact, and in order to protect your financial records from corruption, file based encryption is clearly a safer choice for your application. You can create a volume that is almost entirely consuming of the disk space if you want a large volume. You could elect to house multiple file based volumes on the external disk too of course. By using file based volumes you will still have a "recognized filesystem" on the external disk, which will host the volumes you create. Since windows sees and recognizes the host filesystem it will smoothly handle your needs and above all ---------------- IT WILL STOP TRYING TO FIX SOMETHING THAT ISN'T BROKEN.

    Outside of the discussion in this thread is the "dirt" on the computer you are using to create and write data to these volumes. As I am reading this thread and applying the gist of what I read , it doesn't appear that you are trying to hide your activities from "the man" or anything along those lines. If I am assessing this correctly and you simply want proven rock solid encryption but have no worries about the powers that be, then file based is the way to go for you at this stage.

    I will add this paragraph in case I assessed it wrong but you don't want to comment along those lines. Use of file based volumes means there is an actual filesystem hosting them and it is resident on the external disk platter. That filesystem is ALWAYS changed when the file based volumes are being used. These are small but crucial meta data logs, records, etc.. entered in tables, which are available to forensic examiners. No one will see your financial records but access times and few other small items are logged so that an adversary could query your denial of access and leave you exposed to needing an explanation. In a model where that is a problem for you then a device based volume paradigm is the way to go. There is no filesystem available for examination (assuming you don't mount the volume for an adversary) and the external disk is clean for all practical purposes. You will have to deal with the computers using those disks, but that is another thread!!

    At this point I would simply re-construct the disk using something simple and free like Partition Wizard. Lots of good software for such a simple task. Then start over.

    If my suggestions sound good to you, enjoy! If not, I am just trying to give you many years of experience as advice.
     
  5. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    Thank you Palancar. Your comments were very useful and I appreciate your input. As little as I know, I think I at least know enough about the topic to know that you are clearly very knowledgeable.

    I'm no computer security expert, but I think my logical skills are pretty good. Even though Truecrypt made an abrupt exit from the market, and its developers are warning that it is not secure, I have chosen it as a personal encryption program for my personal financial, records, etc. archives because I have seen no evidence from any other experts that it is not at least as secure as anything else out there available to the public (the developers unsupported comments notwithstanding). In the absence of any such information, I think it is a logical choice. Even though I may be getting it with Truecrypt whether I need it or not, I don't think I really need military grade or NSA grade encryption since I don't think that anyone is all that interested in anything about me. I'm certainly not worried about being tortured for my password or having to use some kind of plausible deniability. I'm just not that exciting. If someone wants my stuff that bad they probably need it more than I do and they can have it! My main concern is to stop crooks from getting their hands on my personal information and my family's personal information in the unlikely event they even get their hands on the drives... if the house got robbed or something. At this point in time I think Truecrypt, using any of it's encryption methods is at least good enough for that because even if the government knows how to crack it, apparently that information has not been made public... at least not yet. So I doubt any crooks would be able to break it.

    So skipping all the technical analysis, which I am certainly not qualified to render, my conclusion is based on logical observation instead.

    I found a lot of what you said very useful. But if only out of curiosity, I would still like to learn more, especially about the full external disk encryption method. That part is still mysterious to me. I used that method on my test disk. But now it does not work with Windows. In my case I don't see any signs that Windows is trying to "fix" it but rather that it doesn't recognize it. Of course I do understand that in some situations if Windows cannot recognize something, it makes assumptions and tries to fix it. And I can see how that might be a problem with an encrypted drive as the "fix" can wipe out your data.

    But in my case, it simply doesn't work at all.

    So the logical question might be: What use is the full disk encryption method for an external disk if there is no way to get it to work?

    Is the answer that it won't work with Windows but it might work with some other OSs?

    Is the answer that it might work with some versions of Windows but not all?

    Also...

    When you say "file based" you are talking about "containers?"

    When you say "device based" you are talking about both whole drive and partition based encryption methods?

    If you have any interest in commenting further, I'd be thankful.

    Just as a side note, Partition Wizard doesn't see the drive either. I'm hoping something else will... I'll have to try one of the disk wipers maybe.
     
    Last edited: May 4, 2015
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    If you open and glance at the TC panel you will notice that you either Select File or Select Device to open a volume. Containers as you named them, are simply encrypted files that don't take up the entire device. These rely upon being hosted by the supporting filesystem of the host, which is a device (such as your external drive). Since the "containers (your word) are in fact encrypted files they behave exactly the same to the OS. e.g. - you can copy or move the containers exactly the same as any normal file. You just need to have enough space on the media you are wanting to move/copy the volume to.

    Device based volumes are created by TC code using the entire device. There will be no filesystem visible outside of the volume because there is no outside on the device. I am not going to enter into a partition table "schooling" here.

    TC device encryption works well with Windows. I have used device based encryption on ALL my externals for many many years, and with every incarnation from XP ------ > 7 Ult on 32 and 64 bit setups. Flawless and smooth. Much of that time was on modified code and/or was not running public binaries. I have no experience OR interest in how it works with Windows 8 or newer. I have left windows for linux and am proceeding there as a new hobby. I still use TC on every media type I have. I am just not updating any TC system disk stuff since that is windows specific.

    I might add that TC linux works smooth and still offers hidden volumes for those needing deniability!! I will also add there is some fantastic encryption available in the linux realm if you ever want to venture out! That comment is not a comparison by any means. All the products I use - in my opinion - are beyond breaking by any reasonable means.

    Its been several years since using XP with TC but it does run slick on it. As a side note; be careful using an OS that is no longer being updated. Confirm you don't have a permissions issue. Have you tried running TC as an Admin on XP?
     
  7. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    Thank you again for the info. I understand all that you said and appreciate the insight.

    TC 7.1a on Windows also refers to the encrypted files as "containers." When you use the TrueCrypt Volume Creation Wizard, you have the option to:

    "Create an encrypted file container," or
    "Encrypt a non-system partition/drive," or
    "Encrypt the system partition or entire system drive."

    My original question about why my external drive cannot be mounted using TC FDE is still open.

    If you select the "Encrypt a non-system partition/drive," option, then the "Standard TrueCrypt volume" option, you get a dialog that let's you "Select Device," which shows you the available devices and their partitions (if any).

    There are some notes on this screen that I find confusing and maybe it has to do with my original question about why when I encrypted an entire external drive it could not be used.

    Here is what it says on that screen and my questions:

    That part is clear enough.

    I think "in place" means it already has data on it. In my case this doesn't apply.



    I think this means you can encrypt an entire (hard disk) drive even if it is NOT partitioned before using TrueCrypt. But this is what I tried to do. It did encrypt the entire external drive, BUT the drive could then not be assigned a drive letter in Windows or mounted in TrueCrypt. So my question about what is going on here is still open. Why didn't what I did work?

    Finally, that screen says:

    I find this note confusing, but it seems to only apply to partitions that are encrypted "in place" which mine is not since there is no data on my device and also because it contained no partitions prior to being encrypted.

    Another question... are there any other current public user forums about TrueCrypt?
     
    Last edited: May 6, 2015
  8. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    You know the more I think about it, the more I think my smart option is not to encrypt at all in this case. It's so unlikely anyone will ever get a hold of these drives anyway. The only way I could see it is if someone breaks into the house. Maybe I'm better off getting a safe for that purpose. Of course there is stuff on the drives I probably wouldn't want family like Uncle Joe to know about if I die, like all my email archives with family members about who gets what after my death and why, but hey... I'll be dead when that happens, so how embarrassing could it be that I'm leaving my lawn tractor and collection of Grateful Dead memorabilia to my cousin instead because Uncle Joe has always been such a schmuck?

    The problem with encrypting is that you expose yourself to another layer of complication... and... as is seen here, there is no reliable support for programs like TrueCrypt if you need it. It's a crap shoot. And with external drives, there are already enough complications without that. I've used enough of them to know that.

    I guess if you are keeping national security secrets or something you should use encryption. And maybe I will use it on USB sticks and such that I take out of the house to use elsewhere sometimes so no one can use them if I lose them. I do keep some personal info like Social Security numbers, etc. on those drives, so they really should be encrypted.

    Other than that, I am still interested in this if for no other than academic reasons and I would still like to know why my FDE external drive cannot be mounted in TC. But it appears this may not be a place where I can get that answer so I'll have to try to find another forum.
     
  9. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    Why not encrypt the important stuff in a small file/container. Maybe something like WinZip, WinRAR, or Cryptea would work?
     
  10. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    I think you are right. The first two, at least are well supported and stable. And while I have no idea if they are as secure as say TrueCrypt, I don't think many people would be capable of breaking either an encrypted WinZip or an encrypted WinRAR file. I don't know a lot about Cryptea, but the same can probably be said. So either is probably at least good enough for my purpose. Thanks for the suggestion.

    I don't have any personal knowledge at all about this, but if I had to guess just out of general knowledge, and not technical knowledge, I'm betting the US government can break any of these including TC. So my guess is -- again, just a guess -- that those who think they are protecting their whatever from the US government are kidding themselves. This may sound like heresy to the encryption fanatics, but quite honestly I HOPE the US government can break this stuff. In this day and age of terrorist activity, they need all the ammunition they can get.

    But again... I am still interested in learning more about TCs FDE and why it isn't working. I would really like to understand that better. Something -- some headers, some kind of code, some setting -- SOMETHING is missing or not set right. But what? I know there are some TC experts out there who could answer that question because I saw that there have been one or two here in the past on threads about other TC topics, but not sure where to find them now.
     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    You may not like this post. It really applies to the entire encryption forum here, and everywhere that is publicly accessible.

    TC coders and compilers are generally not going to comment extensively out in the public forums anymore (my observation). You may read a post pointing you in the right direction on a general question, but dissecting and assembling code (in other words technical hand holding) is too dangerous. Its not illegal, but it draws attention to you like a magnet. Hidden servers on private forums is about the only place to meet and dialogue at that level. I don't see how a newbie just starting out in this climate would ever make it into the "club". Most of those names you refer to have shared thousands of posts over on the TC forums, but we did so under different conditions than now exist. This is NOT the fault of Wilder's, which is the best security site for the general public. Its all about the climate of concern for one's well being.

    This is my observation.
     
  12. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    I don't doubt what you say is true, and there isn't anything about your observation that bothers me at all. I'm sure there are exclusive forums where the gurus and aficionados of this kind of product gather as there are for other types of things. And I don't expect to get any access to those forums, nor do I really want to. It's not something I am interested in in that much detail. I doubt I am the first person to encounter this issue and I don't think this question really needs the level of expertise of a mathematician who specializes in encryption or a rock star level encryption software developer. I think it just needs a user who has had enough experience with using TC to FDE external drives and knows what the trick is.
     
  13. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    At the moment I am thinking that maybe the only way to encrypt an entire external drive with Truecrypt -- that can be mounted in Windows and Truecrypt -- is to start with a drive that is already partitioned with a full drive partition before using Truecrypt and then encrypt the partition. The reason I am thinking this is that I have seen a number of articles and videos online about "How to encrypt a full external hard drive with Truecrypt," and they all start with a drive that is already partitioned before using Truecrypt. So it seems that a "full drive encryption" on an external drive is not really encryption of the "drive" but an encryption of a partition that is the maximum size that can be created on the drive. It's encryption of a partition just like any other partition except it takes up the "full drive."

    This makes sense as an unpartitioned hard drive can't be assigned a drive letter in Windows AFIK.

    So even though it seems you can apparently encrypt a full external drive that doesn't already have a partition on it, I think the result is always the same result I got... you cannot mount it in Windows or in Truecrypt.

    Anyone disagree with this?

    Hmmmmm... of course I have not tried partitioning a drive, then selecting the drive (not a partition) in TC and encrypting the drive. Maybe a drive that is encrypted can be mounted as long as it has a partition on it? I don't think this is right... but it's a thought...
     
  14. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    I disagree with this, although I used Veracrypt.
    I started a drive in disk management, deleted the whole volume so that there was no partition at all, just raw disk. Then I used Veracrypt to encrypt the whole drive. No problem whatsoever.
    You can mount the drive using any letter with Veracrypt and the mounted drive always have a drive letter. I haven't met any problems yet.


     
  15. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    Bummer. So then I still don't know why my test drive with FDE doesn't mount. Of course I am using Windows XP and Truecrypt not Windows 8.1 and Veracrypt. So there are a lot of variables.

    I was surprised though to find that what several articles were calling FDE on an external drive with Truecrypt was actually encryption of a partition not the unpartitioned device itself. I couldn't find one article that actually selected the unpartioned drive to encrypt (which is what I did).

    Edit...

    Funny, after I wrote this I read this comment from another (very knowledgeable) member here (who unfortunately appears not to have been here for a long time):

    dantz wrote:

    "Now let's just hold on a second, before you go into despair. You stated earlier that your drive was fully encrypted, device-hosted, with no partitions. This may in fact be true, but let's make sure. It's been my experience that a large number of TrueCrypt users believe that's what they've done, when they've actually encrypted a pre-existing partition that was already present on the drive. It's amazing how many users think that they have fully-encrypted their drives when they haven't."

    Apparently he noticed the same thing.

    I'm convinced there is a trick to getting Windows and TC to see a device level fully encrypted external HDD with no partitions... or to identify the specific missing element that prevents that from happening. There has to be a checklist...e.g. "it requires this, this and this in order to work." But I don't know what things to check for to see why it isn't working.
     
    Last edited: May 21, 2015
  16. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I have been thinking about answering this so here goes. We'll step back and let security be our guide. My experience consists mostly of being under the hood with TC 6.3a, although I have used all versions since 5 including 7.x. First let me paste a statement out of the 6.3a manual to facilitate. I will underline the section I want to discuss further, all in general non-technical terms.

    Paste from user manual:

    When formatting a hard disk partition as a TrueCrypt volume, the partition table (including
    the partition type) is never modified (no TrueCrypt “signature” or “ID” is written to the
    partition table)
    .

    There are methods to find files or devices containing random data (such as TrueCrypt
    volumes). Note, however, that this does not affect plausible deniability in any way. The
    adversary still cannot prove that the partition/device is a TrueCrypt volume or that the file,
    partition, or device, contains a hidden TrueCrypt volume (provided that you follow the
    security requirements and precautions listed in the chapter Security Requirements and
    Precautions and subsection Security Requirements and Precautions Pertaining to Hidden
    Volumes).

    End of paste.


    First lets grab a generic external disk that has one single maximum size partition on it for our example here. Some would say the entire device is used because they are oblivious to the partition table/MBR that is fully outside of the area that their operating system can see and use. It does physically exist on the disk platter though. However we can easily access that area using any number of free software disk partitioning products such as partition wizard or similar. Using those same powerful and free products you could in fact remove all partitions leaving one huge unallocated space containing all sectors on the platter and no partitions in play. Then lets go one step further and forensically wipe the entire unallocated space and/or every sector on the disk. Now there is literally not one useable mark on the disk (for now we are ignoring the obvious bad sectors that never get written to, and are present on ALL platters). Lets just say that YOU/we are in this exact place and we now want to encrypt this external drive. Reminding you ALL is clean and ready to go forensically.

    I want to make sure that I have a device that my multiple operating systems can identify and use. Just hang in here while I ramble on some. I use a partitioning tool on my clean surface and create one single large partition. It doesn't matter what filesystem I format inside that partition because TC is going to re-write every single sector within it, when I create the device encrypted volume. As a matter of reference I use FAT32 and super fast filesystem writes using fat32format. You can even create the partition with NO filesystem formatted inside. Anything inside the partition at this point is absolutely meaningless, so I hope you see that. Lets think about the partition table/MBR that is outside the partition now. I have created it using a partition tool, and to be certain its generic and solid I'll rebuild the MBR again before starting. There are no software/or usage specific marks on that area of the disk at this point. The partition table is used by the disk and the operating system to provide an ability to be seen and handled.

    Lets refer back to my paste above. TC does NOT ever place any mark or change on the partition table when you device encrypt a hard disk (refer to the bolded underlined paste again if you need to). Therefore when I device encrypt a volume every sector within the partition is written over using my algo cascades, seeding, etc... and is completely un-breakable to an adversary if I have done my job correctly. 100% of the disk, excluding the partition table area. Hopefully you are with me at this point. Now what is the security risk to using this method? NONE. The partition table/MBR presents zero security risk and tons of benefits that other methods don't have. That area of the platter is never touched or marked on. The partition table area gives zero clue as to what is contained on the partition itself. I could wipe the partition with a wiping tool and the partition table would be the same, or I could just write plain text data in it and again it would remain unchanged. Lastly, and most importantly for this thread, is that while using TC and device encrypting the partition; its table is not touched even with one mark!

    Adversary time: Your external gets grabbed but its device encrypted via TC. They CANNOT determine that TC is on the disk at all. They gain zero clues from forensic examination of the partition table or master boot record. If a user were to buy a generic external disk and wipe it after use, then it would appear just as the one your adversary is holding. Almost nobody knows how to remove all partitions and deal with unallocated space for encryption. There would be NO security advantage either, despite claims to the contrary. As an examiner I will argue the contrary. I understand someone wanting to wipe their disk to destroy financial records and such. However; show my someone that has the skill-set to remove the partition table/MBR and wipe even there, and I'll show you someone that we'll sift over to no end.

    In either model proper encryption leaves your adversary with nothing viewable, or incriminating, other than the fact that encryption alone seems to point to guilt for some examiners. Both configurations leave an encrypted "glob" of data that could just be wiping. There is no way to know. The security concerns that you mentioned in the post(s) above don't hold water for me.

    Therefore my recommendation is to create a fully useable disk, which is totally safe as described above. Once created then use TC and you are good to go. I am not going to debate the other approach as I have studied it as well. The method I have outlined is total security in plain view. Cloaks draw attention.
     
    Last edited: May 21, 2015
  17. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    Hi Palancar. I'm really glad that you chose to respond because I found your comments and analysis extremely useful. Thank you.

    I followed almost all of what you said although got a little fuzzy near the end. Up until that point you confirmed many of the things I vaguely understood and put them together in a very useful way that solidified my understanding and was really helpful to me. It all makes sense.

    If I understand I think the gist of your comments is that given the proper implementation techniques there is no meaningful security difference between device encryption and partition encryption. Your citation from the TC manual and your very nice expert explanation did a great job explaining that key point. It seems perfectly sensible to me that you are correct and now I have a deeper understanding as to why thanks to you. Excellently done!

    If you are up for some questions I could use more clarification about a few of the parts on which I am fuzzy.

    Question 1:

    You wrote:

    "The partition table is used by the disk and the operating system to provide an ability to be seen and handled."

    OK... what I am wondering is whether this goes to my specific problem. The drive I used device encryption on was forensically wiped clean before use. AFIK I had no partition table on it when I used TC to device encrypt it. Also AFIK it was the all unallocated space "drive without a mark" you refer to before I used TC to device encrypt it. So AFIK, since I wiped it there was no MBR/partition table on the drive. This is what I have been suspecting is the problem because I thought Windows needs a partition table in order to see the drive. But I don't know if I am right about that or not. Are you confirming that is correct? If so, that's my problem! Does there HAVE TO BE an MBR/partition table on the drive -- even if the drive is device encrypted -- for Windows to see it and assign it a drive letter?

    But if it is device encrypted, wouldn't that also encrypt the part of the drive containing any existing MBR/partition table? If so, what good would having that partition table do if Windows couldn't read it anyway because its encrypted?

    As you can see I am fuzzy about this part. Any illumination greatly appreciated.

    Question 2:

    You wrote:

    "The partition table/MBR presents zero security risk and tons of benefits that other methods don't have."

    a. Does this suggest that encrypting an existing partition rather than device encryption may be preferable in your opinion?

    b. Can you elaborate on the benefits of the partition table/MBR method versus the no partition table/MBR method of device encryption?

    I realize even my questions have a fuzz factor, but hopefully you can see what I am getting at and straighten me out.

    Question 3:


    You wrote:

    "The security concerns that you mentioned in the post(s) above don't hold water for me."

    Can you be more specific? I don't think that I alluded to the relative security of the device method versus the partition method nor said anything that implied that I thought one was more secure than the other. As a matter of fact, my understanding even before your post was that both are for all intents and purposes equally as secure. Was there something else then about my concerns you see as unfounded?

    Question 4:

    You wrote:

    "Therefore my recommendation is to create a fully useable disk, which is totally safe as described above. Once created then use TC and you are good to go. I am not going to debate the other approach as I have studied it as well. The method I have outlined is total security in plain view. Cloaks draw attention."

    a. You mean your recommendation is to create a partitioned disk and then to encrypt the partition with TC? Or create a partitioned disk and then encrypt the device with TC? Or something else? Sorry, I value your recommendation because everything you said makes perfect sense to me. But I am not clear on exactly what your recommendation is.

    b. Also, what "other approach" do you refer to? Do you mean creating a TC device encrypted external drive with no partition table like I tried to do?

    ===
    Finally...

    Thank you very much for your terrific help!
     
  18. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    I'm struggling to clarify my Question #1 in the post immediately above. It's the key to the most important question I have at the moment.

    1. I have this external hard drive that mounts fine in Windows when I don't use TC on it. It shows up in "Windows Disk Management" and works normally.

    2. When I create a partition on the drive, and then encrypt the partition with TC, the drive also mounts fine in Windows, shows up in Windows Disk Manager and works normally. I can mount the partition in TC with no problems.

    3. But when I delete all partitions (and also wiped the drive although I don't know if this is a factor or not) then encrypt the entire device with TC, the drive does not appear in Windows Disk Manager or in TC and therefore cannot be selected in TC to mount. If I go back and partition it and repeat #2, that still works.

    There has to be some known reason why the device encrypted drive in #3 does not mount. I need more clarification about what TC is doing when it encrypts the external drive at the device level that is preventing the drive from appearing in Windows Disk Manager and in TC. There has to be some kind of knowledgebase on this!

    Anything anyone can add to my understanding here will be greatly appreciated!
     
    Last edited: May 22, 2015
  19. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Now I am going to confuse you completely, LOL. You can in fact use device encryption as you describe it. Glance at this link and maybe there are some other links embedded in the thread:

    https://superuser.com/questions/335457/does-an-external-hard-drive-need-to-have-partitions

    I fear it will create more questions than answers but you'll get the other side of the argument.

    With either method the end result has the same concerns, and most folks that use TC do NOT really know how to recover broken volumes. They just come here and scream help. If they would do some basic study and learn to backup and store a few things they could save themselves many hours and lost data. The time to prepare is before you break a volume. It takes a couple of minutes to backup your partition table and mbr, volume headers, etc.... Lots of ways to do it, winhex being one of them.

    TrueCrypt looks in an exact location for the bytes it needs to mount a volume and then subsequently will go to the end exact location for the embedded backup header. When windows tries to fix stuff it will overwrite/remove/break the header on the disk thinking its fixing it. Now TC can't find what it needs so you can't mount a volume. The tables are changed and then the locations don't match where TC expects things to be. Usually the data is fine IF the user kept copies of the important front section of the platter and could simply restore it in seconds, but they don't. Most have never even heard of doing so in the way I mean it.

    In honesty there are many sage users that like device encryption over partition encryption. I have done it both ways. For PD reasons I prefer a partition table with a decoy volume as I see that being more plausible. Its a more "normal user" configuration. Option 2 is device encryption where you could argue its a DBAN wiped disk and it will appear as such. Realistically, who carries around a forensically wiped disk? Maybe in a basement storage scenario, but not in a desk drawer or a laptop carrying case. I mean come on, you have to appear logical to an adversary. My .02
     
  20. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    Thanks again for the info. I looked at the link and saw a typical discussion about a topic like this where no one agrees on anything and you never find out if the person with the question ever got results. LOL But still its a good read and I learned some things from it.

    The first answer suggested that you needed to use an eSata interfaced drive instead of USB interfaced drive for it to work. That seems odd. There is no confirmation of whether that worked or not so I have no idea if there is anything to that. If there is, it would be a reason for me NOT to use device encryption because who wants to have that constraint.

    This isn't an issue that I care about much for myself, but on an academic level I think your case is a good one.

    I'm have no interest in pd for my own needs. I'm much more concerned with dependability and compatibility. So that leads me to another advantage of the partition method over the device method.... compatibility. I'm starting to get the message that partition encryption seems more compatible with more configurations, devices and OSs then device encryption. That is certainly confirmed in my case. Seems like there are more issues involved with device encrypted external devices then with partition encrypted ones. And who needs more issues? Between encryption, TC, OS and external interface issues you've already got too many issues.

    But of course that still doesn't answer my question about why the device encrypted drive cannot be mounted. I'm starting to think that's an answer that's out of reach. Somewhere, there is a list of things that Windows needs in order to see a drive and a way you can go down the checklist to see if each item is present. That's what I need. But it sure is hard to get!

    I followed most of what you said in this post and it still all makes sense. Again I am vaguely aware that backing up certain critical sections of the housekeeping parts of your drive can allow you to rebuild them and get your data back out of the encrypted TC area if they become damaged. I actually learned about that from reading past posts in this forum.

    I know you need to backup the MBR/partition table so it can tell TC where to look. But what else should you back up?

    I know that TC has tools to back up its own "headers." I assume you should make a backup of that too?

    What else should be backed up?

    Thanks again! You've got a lot of really good information!
     
    Last edited: May 23, 2015
  21. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    @Bliv

    I put an HDD in a 2.5'' USB 3.0 enclosure and encrypted teh whole disk (no partitions on it, just raw space). Then I used Veracrypt to encrypt it and Veracrypt formatted the drive in NTFS. The drive mounts and read/write well under Windows 8.1. The situation described in the superuser link provided by Palancar might be the case for someone, but definitely not for all, based on my personal experience.
    I did this same procedure on 4 different 2.5'' external USB drives, all works fine under Windows 8.1.
    What file system did you format using TC when you did whole disk encryption? Maybe XP is too old to read the file system?
     
    Last edited: May 25, 2015
  22. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Please see the attached image of my external HDD.
     

    Attached Files:

  23. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    The point of my post was to confirm that both methods of encryption work fine, at least for me (running linux systems). I prefer a partition table and a decoy volume for my configuration -------------------------- > and that preference is based upon the nightmare of facing a strong adversary someday. For all else the points are moot. You are not getting through the encryption.

    BTW - I have been looking through VeraCrypt and viewing its attributes from a distance. I may even blow away one USB flash to "raw" in linux, and play with device flash volume(s) just to see how it looks. It might be interesting to view the hex headers for similarities between VeraCrypt and TC. VeraCrypt appears to simply be TC with a few modifications, but give me some time to "test drive" it.
     
  24. Bliv

    Bliv Registered Member

    Joined:
    May 3, 2015
    Posts:
    13
    Once again, thanks to all for the discussion. It's really interesting. :)

    oliverjia...

    Thanks for that. You definitely confirmed that FDE is working for you.

    I'm formatting NTFS with TC. That should work fine on XP as it works fine with non encrypted drives and also with non device encrypted TC encrypted drives. But neither XP's "Disk Management" nor TCs drive mount dialog show the drive when it is device encrypted with TC. The drive does show up in XPs "Device Manager" though and everything looks normal there.

    Something tells me if I can figure out why it isn't appearing in "Disk Management" then that will solve the TC issue. I think its a good bet that Windows isn't telling TC it's there, so TC can't see it. If Windows sees it so will TC. Just a guess.

    TC has been around forever and pretty well picked over by millions of users some of whom are pretty knowledgeable about this genre of software. And they supposedly had that "audit" recently that supposedly deemed it pretty good (if you can trust that). VeryCrypt may well be even better than TC but it can't claim either of those benefits... at least not at this time. So right or wrong I go with TC for those reasons. Maybe someday I will change my opinion. But someday will probably be measured in years because VC has to mature and marinate with a huge user base like TC before it would win me over. As you can see with my choice of OS... I am a late adopter of all changes. PS: I haven't seen anything I can do with any higher versions of Windows that I can't do on XP that I have any need to do. :D
     
Loading...