Truecrypt entire drive possible future problem

Discussion in 'privacy problems' started by FileShredder, Jan 3, 2011.

Thread Status:
Not open for further replies.
  1. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    I've encrypted Windows on my drive. I don't have a CD drive so I saved the rescue disk iso file (Not saved as an iso image file) to a USB, put it on another computer that did have a CD-drive and then burned the image iso to a rescue disk using ImgBurn, so I'm hoping this works just as well (can buy a CD drive at a later date if need be).

    As the Truecrypt boot loader comes before Windows starts, will doing any of the following conflict with the drive encryption:

    Running Anti-Virus and Anti-Spyware programs
    Having the Windows Firewall active
    Defragmenting the drive
    Erasing free disk space with programs like Eraser and CCleaner
    Having encrypted file containers in Windows, so an encrypted container inside an encrypted drive
     
  2. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    You can create bootable USB flash drives from bootable iso images with softwares like WinToFlash (free), Flashboot (not free), unetbootin (free), MultiBootISO (for certain ISO's) and others.

    No. The inconveniences I've experienced consist of longer backups and I cannot use Rollback Rx. Also, I use a grub boot loader to optionally boot to BartPE or to boot from bootable CD (iso) or floppy (img) images, but with an encrypted system some of those iso and img files don't work anymore; and even if they do I have to be able to load (a portable version of) TrueCrypt to access the hard disk. And if I mount the encrypted system partition in BartPE, some backup programs are still only able to make a sector-by-sector or raw backups of it.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Why do this?

    Again, why do this?

    Are you afraid someone will force you to open your encrypted OS and, thus, you want plausible deniability? If they do somehow gain access to your encrypted OS, then they will see that you have an encrypted container inside an already encrypted drive. And if they see that, they will be highly suspicious even if you're using hidden volumes.
     
  4. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Yes, just an extra layer of security.

    My main concern is that someone could bypass the entire drive encryption by going through BIOS (not sure on this), and then have access to the data, so keeping the files encrypted in a container would be additional security.
     
  5. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Not sure what you mean by accessing encrypted data through the BIOS.
    The only way someone could do this is to flash the BIOS with some malicious code then capture the password after you enter it via some malware, rootkit, bootkit installed by the BIOS code. This is a form of the "Evil Maid Attack" you can read up on.
    If your data is important enough for someone to plan an attack such as that you should never let your computer out of your sight. If someone has physical access while you are not around (on multiple occasions) there is no security that can help you.
    If your fully encrypted system is stolen there is no way someone will hack in if you use a complex password.
    Think about the threat you are protecting agents and defend accordingly.
     
  6. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Well I'm not really knowledgeable about BIOS, so I maybe got this wrong, but could someone go into BIOS before entering a TrueCrypt password, then make the computer boot from CD before the HDD, and run a Windows rescue disk?

    If the computer is stolen but turned off, is there "no security that can help me"?
     
  7. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    If somebody boots an encrypted system with a rescue disk (which TrueCrypt will not prevent), s/he will only see an "unformatted" disk. I boot my encrypted computers regularly to BartPE for backup imaging and I always have to mount the hard disk/s first with a TrueCrypt plugin or the traveler (portable) version of TrueCrypt, which of course requires entering the password.
     
  8. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Ok everyone, thanks for your help, I feel more confident in Truecrypt now.

    Just for that added security, I've disabled system restore. I think the netbook came with a built in System Recovery program, so I uninstalled that too. And if they can't get in via BIOS, then I feel quite secure. This is my first encryption of an entire drive, and I wasn't quite sure how effective it would be.

    I suppose I should un-tick "Allow pre-boot authentication to be bypassed by pressing the Escape key" for good measure?
     
    Last edited: Jan 7, 2011
Loading...
Similar Threads
  1. compleo
    Replies:
    5
    Views:
    437
Thread Status:
Not open for further replies.