TrueCrypt help - headers and backup

Discussion in 'encryption problems' started by riffdex, Dec 26, 2015.

  1. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    I recently learned about TrueCrypt and have been working on setting it up so that I can protect my personal files. I am using TrueCrypt 7.1a of course, and have a 128GB Flash drive dedicated to my encrypted file container. I have it set up as a self mounting drive with a portable version of TrueCrypt installed. In this way, I am able to plug the flash drive into any computer and mount it by typing in my encryption password. I have this setup and it is working great!

    One aspect of all this that has been a bit confusing to me was the concept of disk headers. I know that it is important to back these up as it would beimpossible to access my media in the scenario of a corrupted disk header. I used TrueCrypt to make a backup of the disk header and have it backed up for safe keeping. I was wondering if it is necessary to backup the disk header periodically (to always have an updated version), or would this one copy suffice? Is the disk header something that changes as the file content of the encrypted container changes, or is it something static that will not change as long as I use the same flash drive with the current setup?

    Additionally, I have been making a periodic full backup of my encrypted flash drive, by simply copying the entire encrypted file container over to my computer every few weeks. As it stands, the flash drive is the main file that I am updating constantly, and I have a period backup on my laptop. However, I would prefer to have the main file on my laptop and periodically backup to the flash drive. I was wondering how this would work with regards to the disk header. If I were to maintain a main file on my laptop, and backup the entire file container to the flash drive periodically, would the flash drive still maintain the disk header structure necessary for proper operation?

    I am very new to all this, but I am very eager to learn. If I have done a poor job at explaining my questions, please let me know and I will try to correct this. Your help would be invaluable to me and much appreciated. Thank you.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I believe I understand exactly what you are trying to accomplish. I have some thoughts regarding suggestions, but candidly they range from basic to very advanced. Why the range of complexity? My suggestions would be based upon the "threat model" you are needing to protect the contents of the encrypted volume from. e.g. - carrying a usb and wanting protection from some punk finding your lost stick - OR - you are being monitored by a 3 letter agency and concealing data where data discovery might even cause a loss of your freedom. Extreme ends of the spectrum but the process used must meet the needs and NOT just be the easiest way if that way is insufficient to protect you.

    The TC headers do NOT change in any way unless you change a password or the algo used to derive the header. They will not accidentally change on their own. However: be aware that using a windows install disk with a FDE device inserted, can and usually will result in a damaged header on said device. Make certain to remove your usb stick before using any windows install disk.

    BTW - I see this is your first post so welcome!

    If you want to fill us in on what your needs are we can chime in and give you some help.
     
  3. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    Hey there. Thank you for replying to my question. Tbh I have no reason to think the gov would ever be interested in my files. I primarily started learning about encryption about 3 weeks ago, and the idea that I could password protect my personal documents was very intriguing to me. Before I set up TrueCrypt, I was actually keeping my personal documents in a hidden folder on the desktop (LOL). It just seemed wrong to have this data so easily accessible when there is so much software out there to protect it from prying eyes.

    Having said that, I'm a huge proponent of privacy, and I don't want anyone (government or otherwise) to have access to my files if there are simple steps I can take to avoid it. I did some research on the topic and concluded that TrueCrypt is the software I most trust to protect my data, with all the information that is available. In my eyes, any software that the government can crack (via backdoor or other methods) is software criminals can crack. The (hypothetical) method would get out sooner or later. In this regard, I am willing to take extra steps and precautions to ensure my data is viewed by nobody other than myself.

    Thank you for finally answering about TC headers. I have been searching for info on this topic for weeks, without much luck. So, just to be clear, as long as my TrueCrypt password does not change, I will never have to make another backup of the header (assuming I don't lose the backup I have)?

    As for the flash drive, does this qualify as FDE even though it simply contains a TrueCrypt container on the USB drive? I actually was under the impression FDE was referring exclusively to a computer's entire hard drive and OS being encrypted. Thank you for the tip nonetheless.
    ---------
    I have another question (I hope I'm not bothering you too much lol...)
    This link states that there are security risks for backing up an entire TrueCrypt containers via the method I described. It instead recommends mounting the TrueCrypt container and copying over files to another TrueCrypt container as a method of keeping a backup.
    http://security.stackexchange.com/questions/45345/why-not-simply-backup-the-truecrypt-container-file

    Do you believe this is a legitimate concern? Am I safe making periodic backups of my TrueCrypt container on different media? My hope was to have my main TC file container on my laptop and have GoodSync (Are you familiar with this program?) scheduled to back up the entire container to my NAS once a week. Since my NAS is very large at 4TB, space is no concern. Therefore I would have GoodSync retain the 5 most recent version of the file container. By this method, I would hope to mitigate the risk of a corrupted container causing me the lose everything. But of course this would also mean having multiple versions of the encrypted container available to a would-be data thief. What are your thoughts?
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    OP,

    You are asking basic questions, which is a good thing. Just keep learning. If you want a great read on the "headers" try going through the TC users manual. Pay attention to how the hidden volume headers are constructed and how it all works. Once you get a good handle on that (even if you don't use hidden volumes) it will provide you with much insight as to the workings of the software. Its not tough, but then I've been working with this code for a decade now.

    Its ONLY FDE if the USB is device encrypted. If you have placed a file based volume on the flash stick it is NOT FDE. If you would be kind enough to describe your volume construction (FDE or file based) it would guide my comments. I have tons of thoughts going through my head as I key this, but lacking info to direct my focus I will hold off.

    Backing up (policy) encrypted volumes takes some homework and thought. There are no incremental backups available during times when the volume is dismounted. Since you appear to be wanting to backup closed/dismounted volumes you will unfortunately be backing up ALL the volume space. e.g. if you have a 1 TB volume with 100 Gig of data in it, you will always be backing up 1TB. The manual's backup concerns you cited above have merit. For some there is virtually no chance an adversary will get hold of a volume copy to use as a baseline. Only you can decide on that issue. My larger concern and one that has burned MANY a user: having a large external drive and making multiple copies of the volume all on the same drive. Where I am going with this is its still ONE physical piece of hardware and ALL hardware will fail eventually. I'ld much rather see you use multiple pieces of hardware to make multiple backups on. Have one or two off premises (fires and theft happen every day to someone).

    Lastly, and generally, you should absolutely consider using FDE on your entire hard drive if you REALLY don't want others to ever be able to see your stuff. Even with the USB volume locked down and solid, it still leaves traces all over your operating system while you have it open and use the files inside. This is another thread and has been covered dozens of times here at Wilder's.
     
  5. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    I'm not sure if the USB is device encrypted... I don't believe it is. I took a PrtSc of the root of the USB drive and files inside it.
    http://i.imgur.com/2Q7q7pp.png

    I understand this, and I do not expect to be able to make incremental backups as I update the contents of the file container. I will be setting GoodSync up to sync the file container once a week. I understand that this would mean backing up the entire file container - not just updated files. That is okay and the file container is set around 120 GB.

    Having said that, I am not keeping my originals and backups on the same drive, that would be silly. The primary copy of the TC container will reside on my laptop SSD. GoodSync will periodically (once a week) back up the entire file container to my Network Attached Storage device. I am currently using this program to keep the following folders mirrored from my laptop ("My Documents, My Photos, My Videos, My Music") to my NAS it is constantly updated as I make changed on the laptop.

    I have considered using FDE but I do not believe this is possible using TrueCrypt on my OS (Windows 8.1).
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    1. So then I am still guessing somewhat on your threat model. Springboarding from the assumption you just want privacy and not somebody is out on the hunt for YOU. Your usb is not device encrypted so you need to be aware that file based volumes are supported by a filesystem that hosts them on the device. That means that when you mount your file based volume on the flash drive there are components on the host filesystem logs that change (without fail). Worst offender is NTFS as the device's host filesystem. For normal (privacy only) concerns this may be moot, but against a moderately harsh adversary it would spell disaster for the privacy of the volume usage. MFT tables, etc...

    2. I understand your backup as depicted by your post. Revolving backup media is the expectation for sensitive data. You seem to know what you need to do and how to regain your data if lost. That is good. Just don't trust a single piece of backup hardware - ever. During a connection/handshake with a device the data transfer can get hosed in a bad way. If it happens having access to another device outside of the TWO being used during the crash, would make data recovery guaranteed. my .02

    3. If you are going to use encryption on a windows system disk (different than data at rest such as your flash drive volume) I would recommend switching over to VeraCrypt. It is TC repaired for a few errors discovered since TC's release a few years ago. These are actually windows OS weaknesses really, but nonetheless they apply to system disk encryption. VeraCrypt or TC will actually work on Win 8.1 IF the computer hardware bios is legacy and not UEFI.

    Outside of this post you are going to find it almost impossible not to upgrade to Win 10 because M$ is likely to play hardball against you. Frankly the updates for 7 and 8.X are basically turning those OS's into Win 10 anyway.

    If you are configuring for a threat model I am not aware of this post is NOT going to cover what you need. Very few people run the systems that some of the "hard ballers" in here run. Certainly none of us have seen a windows OS in a long time. Just how it is.
     
    Last edited: Dec 30, 2015
  7. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    What might a potential hacker learn from MFT tables? And would the flash drive be more secure if I reformat to something other than NTFS?

    What modifications would you make to my current backup strategy to be more effective? Tell me what you do to protect your data because I'm very interested in learning how I can improve this.

    Tbh I'm not sure if I trust VeraCrypt over TrueCrypt but I'm open to swaying. I haven't decided yet if I will be updating to Windows 10. You don't use Windows? What OS do you use?
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I use Linux. My setup is not the place for YOU to start with Linux. So that I don't avoid your question I selected Debian as my main day in and day out host system. Its a fully custom install where I selected the "details" of how the encryption was created, along with various logical volumes. I run a fully encrypted LVM on LUKS scheme for the host Debian OS. That OS NEVER goes online in a workspace, it merely hosts the system. All workspace activity happens on virtual machines, which are various linux flavors. There are two VM's hosting separate and chained VPN's between the host and any workspace virtual machines. The workspace machines all use TOR after the initial VPNs. Sounds tougher to setup than it is, but its not the place for you to start.

    You just have some learning time to invest. ALL filesystems that support file based encrypted volumes have a weakness, although some are more pronounced. To fully answer your question on NTFS logs would be pages. The NTFS filesystem is about the most "logging" system ever created. I will simply refer you to "googling around" since there are many pages of information up for grabs. The weaknesses you will educate yourself about can become moot if you go to device based encryption WITH hidden volumes. That config allows you to offer a password if needed with NO proof a hidden volume exists.

    Lastly here, and not to scare you. If you do not have your system disk encrypted you have more holes in your armor than I can outline here. My forensic examination of windows system disks creates a virtual HD picture of what the OS has been used for and for a very long time at that. Something to think about!
     
  9. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    Okay, would you consider FDE via BitLocker an acceptable solution for me... at least until I could consider other options of OS/FDE Encryption software? You seem to be saying my data will never be 100% protected if using a Windows OS - is this correct? I'm a bit fuzzy on some of your terminology but I am taking "device encrypted" to be synonymous with FDE? Or does "device encrypted" mean hardware encrypted?

    Edit1: I have been considering a possible solution to this conundrum and I wondered if you might have some input on my ideas. Would it be possible to install some lightweight Linux distribution on a USB Flash Drive that is software-FDEncrypted? In this regard, I could keep all my most personal data contained to that OS and environment. I could boot the computer from that media when necessary, but I would have the option turn the computer off and boot from my native Windows OS if doing less data-sensitive tasks. I would recognize that using the Windows OS is inherently less secure and as such not handle personal documents on that platform. I'm not ready to give up Windows OS completely. Is this feasible?

    I can see that I have a lot to learn if I want to protect my data. I find the info you're providing to be very informative and I appreciate the guidance.
     
    Last edited: Jan 18, 2016
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Modern linux distro's ALL would easily install on a usb flash with FDE encryption of the flash device. Its virtually automatic at that. If you are considering this approach the very first thing you need to do is to confirm your laptop/computer bios can be set to boot from USB. Most do that now, but some don't. Booting from usb is a hardware requirement and if your motherboard doesn't allow it you can't make it work. Even if your computer is not set to boot from usb you likely can enable that by changing the bios boot order. Are you familiar with what I am typing here? Start at this point before attempting to download and continue.

    Who are you concealing your data from? If its basic computer theft/loss than Yes its secure with a good password.
     
  11. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    I am using a Lenovo Thinkpad X1 Carbon (3rd Gen) with UEFI bios, and I'm not sure if my bios is compatible with TrueCrypt FDE on Linux distro as I describe. Does this make sense and do you see any workarounds for my situation?

    https://www.wilderssecurity.com/thre...ws-authentication-bypass.381472/#post-2542473
    Having read this thread I'm still skeptical of using BitLocker and would prefer to focus on a method of having my Linux OS separated from my Windows environment and FDE encrypted.
     
    Last edited: Jan 18, 2016
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I have several friends running Lenovo Thinkpad X1 Carbon (3rd Gen) using Arch Linux. This is not the linux OS for you to start with, but they have confirmed the bios options can be changed from UEFI to legacy. I mentioned legacy bios because it simplifies the process for beginners.

    Option 2 is to use linux with UEFI booting. You may venture down to our linux forum here and read around. After doing so, post some questions there. Others can give you a "heads up" on which linux flavors are best for those starting out. I have opinions but spend some time online with others too and not just in this thread. Expand your mind and have fun in the process. You can easily run your linux "starting out" system on an encrypted flash drive. If you screw up just delete and start over. An 8 or 16 Gig stick should be more than enough and frankly the smaller space makes "fixing" things faster and is a breeze. If you take the time to learn this you will NEVER return to what you are using now for private surfing and "hobby" stuff. Others have differing opinions, but they would be wrong. LOL!
     
  13. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    I was just reading some discussion on the topic, and wanted your perspective
    http://superuser.com/questions/669026/how-can-i-use-truecrypt-under-windows-8-1

    A commenter to the original question seems to imply it is possible to use TrueCrypt FDE on Windows 8 if one is willing to follow this process:

    "convert your Windows disk from GPT to MBR, so it doesn't use UEFI, and turn off Secure Boot in the BIOS. This will delete all partitions and recreate an empty MBR disk to which you can reimage the Windows partition. Take care that the Windows partition will have the same partition number as before (even if you need to add dummy partitions in front of it)."

    I would like to have my Windows 8 installation TrueCrypt-FDE-encrypted in addition to still using the FDE-encrypted Linux on flash drive for more private matters. Is this process a feasible option for me?
     
    Last edited: Feb 6, 2016
  14. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Honestly I did NOT read the thread because I don't have to. It is a "cake walk" to use TC with any Win 7 ----- > 10 as long as the machine uses legacy and not UEFI. By posturing your bios to mount the USB prior to the hard drive (called boot order) the Win OS on the drive won't ever be called while you are using the flash stick and Linux. Perhaps you will start out using a flash stick for your linux. I am betting that once you get comfortable you will decide to run Linux bare metal on the hard drive because its much faster and more "peppy" than from a usb.

    Conversion from GPT to MBR alignment is child's play using numerous free software products.

    I will wait until you come back and ask on that config, but I will tell you ahead of time its easy and very very safe with minimal instructions.

    As you can tell from my tone and that of many others here, the "notion" of Windows anything and complete security are difficult to accept for us. Its fine for theft and "bathroom door" privacy, but then that might be all you need.
     
  15. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    Is it possible to convert from GPT to MBR, then perform FDE with TrueCrypt, without having to clear HDD/fresh install Windows?
    If possible I would like to perform this and see how FDE functions/get a feel for it with W8, before proceeding with setting up the flash drive with a FDEncrypted Linux OS. I am still learning about Linux and I'm not ready to jump into it yet. I just want to get my system encrypted with TC so I can then focus on Linux with peace of mind. Of course I don't have any worries about any governmental agency getting hold of my comp, I am worried about basic computer theft at the moment. While it is my long-term goal to have complete privacy (which, from what I am hearing from you would mean using Linux, and I accept that fate :p), for now I would be content with TC FDE on my Windows OS while I work towards a more adequate solution. Baby steps, as they say.

    Quick followup question: I set my BIOS to legacy mode. I was just wondering what (if any) downsides legacy mode may have compared to UEFI? Just curious really.
     
  16. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    While your questions are very basic you need to start on those baby steps you mentioned. Most of what you are asking has zero to do with encryption so consider jumping down to the forums here that are setup for helping you. You should find me there too, but if not others "live" down there and again what you are learning is basic so have fun with the journey.

    As a "parting gift" I am going to recommend you begin as step number ONE to learn how to do thorough backups of your system disk. Once your C drive can be fully restored without hesitation at that point the encryption journey makes sense. Just read through this encryption forum about how the Windows OS messes with encryption and there are no backups on hand. OR, the one millionth post of my encrypted drive is #$#$#$# and of course I have NO volume header backup, MBR backup, or TC rescue disk. It just makes NO sense to be "that guy".

    Take a look in the backup, imaging, etc... forums a bit lower on the list here at Wilder's. Great stuff down there.

    Those places will make GPT to MBR crystal clear. Thorough backups that you can rely upon without hesitation too. Go learn and develop those skills and then come back at that point and TC encryption will be so easy you won't even believe it.

    Believe me, I am recommending to you the same steps as if you were my own son. I think long term and coming into this forum without those skills down pat is a disaster waiting to happen. My opinion and some may differ.
     
  17. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    Hello again
    I have been looking into getting a Linux distro to work with. Would you recommend Linux Mint with FDE? As long as a distro has FDE, it is just as secure as any other distro with FDE enabled, correct?
     
  18. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I see you are back!

    All the major generic linux distro's are using LUKS containers for their schemes (if there is an exception I am not aware of any). I don't believe you ever answered the question of what level adversary you are fortifying against. Now while that may seem a strange question it really isn't. Many come here wanting a "FortKnox" setup with multiple "factor" authentications and beyond. But those schemes require learning and time to develop. Plus they have restoration protocol procedures that need to be mastered OR a screw up means you loss the vault contents.

    Are you planning on using the entire device (the whole hard drive) for your linux? In that case a generic linux distro like the Mint you mentioned makes installation and encryption very simple. There would be no custom tailoring but with a significantly long password you should be good to go. As your skills advance you can learn to craft the LUKS headers with additionally strong composition - longer iteration times, changed hashes, varying algo's, etc.... Then you can learn to use LVM inside LUKS while also completely removing the "startup files (/boot)" from your hard drive. I am not trying to overpower your thoughts here, just pointing out that if you are willing to, a reasonable learning curve experience will yield all these to you.

    In short, YES the generic linux encryption is fine for everyone not needing the craziness I just described. Others like me, just learn and do it even though we don't really need it. It becomes a HOBBY for many of us. Fun really!!
     
  19. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    Hello again. My intent is to protect data from any adversary, government or otherwise. You may call me paranoid but I feel that if there is a method for a government to access encrypted data, it is only a matter of time before it becomes public knowledge for all. However, I do not believe multiple factor authentication will be necessary. Although I am open to learning about that over time! :)

    My plan is to use my entire flash drive as a FDE Linux OS. I would of course use a very long (and random) passcode. How long of a passcode would you recommend? Would you consider it to be a security risk that I would use my FDE Linux OS (from flash drive) on the same computer system as is installed Windows OS?
     
  20. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    The password quality is more about entropy than length. I have seen some long passwords that contain adequate but not strong entropy. Adversaries are not breaking into encrypted vaults by brute force, except in the case of absolute beginners using encryption. They compromise devices because of poor implementation and frankly user errors!

    Lets discuss one such possibility using the example you just posted above regarding your potential configuration. I see no problem necessarily with what you want to do, but let me offer some sage advice towards your configuration. This comes from a forensic examiner's perspective so take it or leave it, that is your call. My question regards your Windows installation. Is Windows FDE? Some would say it doesn't matter but they have never had to defend against scrutiny of a disk platter. When a partition is on a disk and it is fully sector by sector encrypted it provides two levels of protection that are lacking in a conventional system disk (or any partition). A rogue malware or attacker cannot easily write data on an UNMOUNTED encrypted partition because there is no file system present with which to communicate hardware requests for the write on a sector. This tends to leave the system disk in the Windows case as unaltered. Further; while you may have complete trust of LE examining the disk, it truly prevents them from "planting" a file on the system disk and then claiming it was there when they grabbed the disk. I know it doesn't happen, yeah right! It is very true that the Linux OS you are mounting in RAM in your case SHOULD not cause the sata on the computer to open easily. But along comes operator error. I have seen careless users mount drives/partitions while running Linux. Remember that the original sata called sda will likely change to sdb once the RAM OS is brought up. Now that fully operational RAM mounted linux system can see sdb, and if a user elects to open those drives, which they can easily do, there is instant "cross chatter" and marks can be made on the relevant filesystem logs. This is an advantage when you are trying to recover lost data on a broken Windows system, because mounting a RAM based linux system allows full access and bypasses the SAM blocks that a mounted Windows system puts up. Those are gone when Windows is "cold". So advantage recovery and adversaries. Just note those pitfalls on an unencrypted system disk configuration. You can remove that from happening by denying all access to the hard drive via encryption. Still, for your own recovery, its quite easy because you can still MOUNT encrypted drives from the Linux OS and then again access all things within those vaults. But that is NOT available to an adversary without you providing relevant access credentials. Hope this makes sense to youo_O
     
  21. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    Okay, so you're saying to be fully protected I need Windows FDEncrypted and the Linux flash drive FDEncrypted. Is Windows BitLocker Encryption adequate? I cannot say that I trust Microsoft, I feel that they would provide LE access to my computer at any rate. Is there any risk that data may remain on RAM chip even with both OS's FDEncrypted?
     
  22. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    890
    If you mount a volume and watch a video from there, the beginning of the video is being loaded and your FDE-solution (TC/VC/Bitlocker,etc.) is decrypting it automatically (in RAM).
    This means, data your are working with is unencrypted in RAM.
    But on the harddisc it stays encrypted.
     
  23. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Sounds good to me!

    Modern DDR3 or newer RAM dissipates pretty quickly AFTER you shut down. Certainly 5 minutes after a shutdown you are safe, if not much faster than that! There are programs to scrub RAM if you really feel the need.
     
  24. riffdex

    riffdex Registered Member

    Joined:
    Dec 26, 2015
    Posts:
    15
    Okay I think I am ready to go forward with this. As I stated I would like to install Linux Mint (Cinnamon) onto my USB flash drive with FDEncryption. Additionally, as you suggested, I will bring my Windows installation to FDE status using built in BitLocker Encryption. I would like to ensure all of my passwords have adequate "entrophy", although I'm not sure exactly what that entails. Couldn't a random assortment of alphanumeric+special characters provide adequate protection?

    In short, I believe I understand the jist of what you have told me so far, but I do not know how I would guarantee my password has the correct level of entropy to be truly effective.

    I have already downloaded the Linux Mint 64 Bit (Cinnamon) ISO to my computer. The process to install Linux Mint FDE (from what I gather) is that I would have to install this ISO to a DVD (aka Live Disc), then boot the DVD and use that Linux Environment to install a FDE version of Mint onto my USB Flash Drive. However, I do not have a CD Drive on my laptop. Would it be possible to use a virtual drive to "mount" the ISO (using Windows) then install FDE Linux Mint to my flash drive this way?
     
Loading...