TrueCrypt

Discussion in 'privacy technology' started by ErikAlbert, Aug 24, 2006.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This is my system :
    System Partition [C:] = WinXPproSP2 + Applications including TrueCrypt
    Data Partition [D:] = personal data, emails and email-address-books (Thunderbird)
    Backup Partition [E:] = external harddisk containing .tib-files (ATI) and .arx-files (FDISR)

    I want to encrypt my whole Data Partition [D:] with TrueCrypt, but this is my very first encryption and it doesn't work. I always have troubles the first time with any software.
    I created a "Standard TrueCrypt Volume [T:] with location "\Device\Harddisk1\Partition1" and did a format
    of the complete volume.

    I don't think I did it right, because I can't access my data partition [D:] anymore.
    Don't worry about it, because I took all precautions to recover my system and data partition, the way it was.
    So I'm not in panic, I'm only trying to figure out, how TrueCrypt works.
    I thought it was easier. I don't even understand why I had to create the volume [T:], I thought TrueCrypt would encrypt my Data Partition [D:] and I could access my encrypted data after that. Obvious not.

    In Windows Explorer :
    - System Partition [D:] : I can't access it anymore and the partition name changed into "Local Disk"
    - Local Disk [T:] : I can access it, but it shows only one folder "System Volume Information"
    If I click on it I get "Access Denied".

    If I try to access my .doc-file via Word I don't see anything, same for Excel. So something is wrong.
    I would appreciate it, if somebody could give me some basic tips, so I can try again.
    Thanks in advance.
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    After my first attempt, I recovered my system/data partition with ATI, because everything was corrupted. Even FDISR was unable to save me.

    This time I created a volume file instead of a volume device.
    I have no idea how big this file has to be, so I choosed 34000 MB

    Now I have TWO data partitions [D:] and [T:] in Windows Explorer. I suppose [D:] is not encrypted and [T:] is encrypted.
    So I moved all my data from [D:] to [T:]

    Each time I boot I have to mount and give my password.
    So it isn't really "Set it and forget it". Pffft.
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi Erik,
    TrueCrypt is my first choice for on-the-fly encryption, I use it also for USBs, disks & DVDs, disk images, across platforms..., mm sorry to hear the problems you've experianced. Perhaps a file container would be better to start with in trying out TC. You've probably seen this but just for info here is a faq :
    http://www.truecrypt.org/faq.php
    this will answer alot of questions, also the beginning of the help file is v.good.
    Forum :
    http://forums.truecrypt.org/
     
  4. R3SiN

    R3SiN Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    14
    Seems you did everything correctly. When you chose to format "\Device\Harddisk1\Partition1" you erased your D drive. Try saving the Thunderbird files elsewhere and then use "\Device\Harddisk1\Partition1" for [T:], then after the format of the partition you can copy the information back over.

    This is if you only have one partition on [D:] and [D:] is "Harddisk1".

    If the above is correct then [D:] is encrypted and not accessible without TrueCrypt. If you allocate all of the partition to [T:] there cannot be any other use for [D:]. If you need [D:] to store TrueCrypt installation or anything else then you are better off using a volume file as you have now.

    It can be painfull when the volume runs out of room.
     
  5. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    If you feel inconvenienced by encryption software, it's not for you. Anyway, it's a minor inconvenience to have to put in a password each time you reboot or mount your TrueCrypt volumes.

    ErikAlbert, think of it like a regular safe in your home. Each time you want access to your protected documents you must use the correct combination and the safe opens. You can take documents in and out as long as the safe is open. When you close the safe, your stuff is again protected. When you leave home, you wouldn't leave home with the safe door open would you? No. You would close it and when you return (comparing it to a reboot or a return to the computer) and you again need access to the safe, you again put in the combination. It's all the same with TrueCrypt. If the home safe opened wide each time you simply walked into the room, without the need for a combination, it wouldn't be much protection. If TrueCrypt opened without a password at reboot, it would be the same thing. What would be the point?
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Erik,

    Definitely start with file containers rather than the whole partition.
    Then you can put just your most sensitive documents in there.
    When you need them, you open the encrypted volume file container.
    Set TrueCrypt to not automatically mount the volumes on boot. Then you only need to enter the password when you use the volume.
     
    Last edited: Aug 26, 2006
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I fully understand what you are trying to tell me, but that wasn't my original idea of encryption.

    My idea of encryption :

    1. All my data is collected on my data partition [D:], totally separated from my system partition [C:], which means I only need ONE encrypted area : my second harddisk [D:].
    In other words it should be very easy to encrypt, at least that's what I thought in the beginning.

    2. I don't like to make a distinction between
    a. files, that don't need an encryption and
    b. files, that really need an encryption.
    because I don't like to pay attention to this and I don't like to forget it either.
    So I prefer to encrypt EVERYTHING on my data partition [D:], because I like to create files without thinking about encryption.

    3. I don't mind a complex encryption with a difficult algorithm and a long password with the craziest combination of letters, digits and special symbols, as long it's an ONE-TIME operation.
    In other words : "set it and forget it" and no passwords anymore after that.

    Unfortunately, it doesn't seem to work that way.
    1. My data partition seems to be divided in two partitions : normal and encrypted.
    I only want ONE encrypted data partition [D:] and not a second partition.
    2. Each time I want to work in the encrypted data partition, I have to use my password.

    It took months to find the right registry cleaner.
    I think it will take months again to find the right encryption software and there are SOOO MANY of them. Pffft.
     
  8. R3SiN

    R3SiN Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    14
    Whole Disk Encryption may suite you better.
     
  9. R3SiN

    R3SiN Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    14
    BTW neither BestCrypt nor DriveCrypt allow to save the password.
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    This may be possible, but I haven't worked with TrueCrypt partitions, only file containers, so I can't advise you on that. You're best bet is the TrueCrypt forums unless someone here is familiar with using TrueCrypt partitions.

    This should be possible.

    Now this is security versus convenience. If you want to secure you house or vehicle, you lock it, but then you have to use a key. Inconvenient, yes, but it is secure from casual thieves. This is a reasonable trade security for convenience. The same can be said with your data. If the computer is stolen while you are away, the bastards won't be able to get the data unless you wrote down the password next to the computer somewhere.
    You don't have to go crazy with the password length, just something reasonable and not in any dictionary or list of any kind.

    Can't advise on the partition issue, but TrueCrypt is very good and very reliable. I recommend you don't go for the full disk encryption as it can complicate the backup and restore process.
     
    Last edited: Aug 26, 2006
  11. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    Eric: I work with TrueCrypt partitions everyday. The only time I need to put in the password is when I am mounting (opening) a TC partition or if I reboot. I sometimes keep my encrypted partition open for hours, sometimes for minutes, it all depends. In fact I use it exactly as you want to. All of my data is on a TC partition.

    I'm not sure I understand about "set it and forget it". What do you mean? Wouldn't you expect to have to put in the password when you reboot? Because if you didn't then anyone else wouldn't have to either. Devinco's example about the car keys and my example in an earlier post about a home safe illustrates this. I'm not sure what you're expecting from TrueCrypt that some other encryption software could give you. Maybe you could explain a little about what you want?
     
  12. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Genady,

    Could you explain the basic steps (just the main points) to use TrueCrypt with a partition as Erik wants to do?

    Does the D: partition first need to be deleted (made into free space on the drive)?

    Then you have TrueCrypt create the partition on the free space?
    This partition volume could then be mounted as the D: partition?

    Erik could then restore the data files (just the files not the whole partition image) into the mounted D: volume.

    Is this correct?
     
  13. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    That's right Devinco. TrueCrypt works with unallocated space. So the D: partition would need to be unformatted and unallocated (free space as you called it). Then, the partition is formatted and encrypted by the TrueCrypt application using whatever encrytion and hash algorithm you have selected. You would then move your data files over to the encrypted D: partition. Simple, yet powerful software.
     
  14. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    By the way, I forgot to mention that a guy at the TrueCrypt forums (b-con) has an excellent introduction to TrueCrypt which includes the pros and cons of file versus volume (partition) encryption and the pros and cons of key files of which I'm a big believer, btw. I spend a lot of time at the TC forums and this is one of the better introductions I have read. His can be found at http://b-con.us/security/truecrypt_intro.php
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Genady.
    I will check out the intro.

    I don't think we will ever be able to convince Erik to use both a password AND a keyfile! :D
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Genady and Devinco,
    Thanks for all the info and links, I will think about it seriously, because encryption fits in my global plan.
    Keep also in mind, I'm not familiar with encryption, so I'm trying to figure out how it works. I understand already a little more than yesterday.

    LOOOL. Although, I don't like passwords in general, it doesn't mean I refuse to use them.
    My on-line banking requires also a password, but this is about money, not data.

    After reading the latest posts in this thread, it seems to me that I can create an encrypted data partition [D:] without needing a second partition for data. If that is true, I'm satisfied.

    What I still don't understand about the password is this :
    If I mount my encrypted data partition [D:] does it mean that all my data is decrypted ?
    If it is still encrypted, I don't see the importance of a password, unless somebody else wants to read my data at home, my wife for instance.

    If a malware or a hacker steals something from my encrypted data partition, mounted or dismounted, will he be able to read it ?
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I was able to create an encrypted data partition [D:].
    I saved my files on my external harddisk.
    Deleted the partition in winXPproSP2 and create a device volume with TrueCrypt and the format was OK.
    After that I moved all my files in partition [D:]
    I can mount with password and get access to all my files.
    I can dismount. So everything seems to be OK.

    There is only one problem : I can't do a backup with Acronis True Image Home v9.0 build 3677.
    ATI doesn't recognize my harddisk2 [D:]. The disk2 is mentioned, but you can't select it because the select boxes (normal 3) are gone.
     
  18. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Yes, all your data is decrypted and accessible by Windows and all the programs.

    Malware or a hacker would be treated the same as any other program running on the OS. If the encrypted volume is mounted (decrypted) while the malware executes or the hacker breaks in, they will be able to access the data the same as you. If the volume is not mounted (encrypted), then the malware or hacker gets nothing. What an active malware or hacker may do however, is simply wait for you to decrypt the volume then access it. Or they may install a software keylogger to collect your password then access the volume later.

    Encryption shows its real strength against physical theft of the computer or hard drive. If the thief doesn't have the password, they get nothing from the encrypted data. Encryption fits well into an overall plan of computer security, but you still need to take basic steps to prevent malware from executing and hackers from getting in.
     
  19. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    That's good you got it working.
    You are now entering a less explored area: Making reliable backups of encrypted partitions.
    You have an opportunity to be a pioneer (read guinea pig) here.
    Whatever you do, make sure you keep your original proven data backups safe so you can restore your data if things don't work out.
    There is a solution, but you may have to experiment to find it, so keep at it.

    From what I've read, making reliable backup images from encrypted partitions with the various backup image programs can be hit or miss. Either they work or they don't using various settings. The problem seems to be that the data in the encrypted partition is spread out randomly through the entire partition. The backup image programs usually want to backup just the data that has been used rather than the whole partition including the empty space. Since the backup program doesn't recognize that the partition contains data, it doesn't recognize it. Or if it does recognize it, it doesn't backup the whole partition (including the apparent "empty space") so the backup gets messed up.

    What needs to be done is to make a backup of the whole partition bit for bit. I think Acronis calls this Sector-by-Sector mode. According to Acronis, you may have to boot from the Acronis Bootable Rescue Media in order to do this. But I am not sure as I don't use it.
    Here is a thread with a related problem: Re: Is there a workaround for backing-Up a HDD with Full Disk Encryption?
    Note that your situation is a little less complicated because they are encrypting the entire OS partition. I think the D: volume would need to be dismounted to do this type of backup (but I'm not sure).

    If you can figure out how to do this with TrueCrypt and ATI, that will be great because then your backups will be encrypted as well. Your backups may be large and take longer depending on the partition size.

    The only way that I have read that is actually proven to work with encrypted partitions is if you make a file based backup. This means you mount the D: partition (decrypt) and then copy the files over to the backup drive. ATI may be able to do File-by-File backups. You can also use synchronizer type backups like Karenware's Replicator or others. You can also just drag and drop to copy the files to the backup drive. The backed up files will not be encrypted this way.
    What you can do is make another encrypted volume on the backup drive and copy the files into it. This volume could be a file container or an encrypted partition like your D: partition. You could even make the password the same as the D: partition (although encryption purists may take issue with this). You might mount the backup file container or partition as R: (for recovery) but any other available letter will do.
    The advantage here is that only the data that is used is being backed up, so backups will go much faster. The disadvantage is that it takes a little more setup. If you decide to create an encrypted partition (instead of a file container) on your backup drive, just be careful when you repartition the backup drive so you don't erase your proven good data backups that you may still need!

    Whether other backup programs like Terabyte Unlimited's IFW/IFD or Drive Snapshot would work on an encrypted data partition, nobody seems to know for sure (actually proven that it works).
     
    Last edited: Aug 27, 2006
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Some improvement, if you can call it that way. :rolleyes:

    I have now an encrypted data partition [D:] and this time I was able to make a backup, when the partition was DISMOUNTED.
    The backup resulted in errors when the partition was still MOUNTED.

    That was the good news, now the bad news :
    The backup lasted almost 2 hours and the .tib-file was as large as the partition itself, although the partition has less than 3gb of data and that is a NEW PROBLEM.
    I hestitate to restore such a large file.
     
  21. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    You are making fast progress.
    Did you use Sector-by-Sector mode?
    Did you have to boot from the Acronis Bootable Rescue Media or were you able to do the backup while still in windows?
    Any other special settings?
    Did you verify the backup?
    How big is the entire D: partition?

    It would be good to learn if a restore would work or not.
    As long as you still keep your original proven backups, you should be fine.
    It's up to you.
    Make sure the D: partition is dismounted first.

    The backup drive is an external USB2 drive?
    What is the file format of the backup drive? NTFS? FAT32?
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Devinco,
    I'm not a very knowledgeable user, so I can't use my technical knowledge, which is equal to ZERO.
    I think like a less-knowledgeable user and I use my intuition to solve problems.
    To show you my ignorance : you ask "Did you use Sector-by-Sector mode ?". I have no idea what you are talking about. I suppose your question has something to do with the backup method of ATI.

    For the record :
    1. I use my first internal harddisk for winXPproSP2 + Applications : "System Partition [C:]
    2. I use my second internal harddisk for personal data : "Data Partition [D:]"
    3. I use my external harddisk for backup : "Backup Partition [E:]
    Internal harddisks are both "WD Raptor WD740GD HDD 74gb 10000rpm SATA 8mb Cache 4.5ms"
    External harddisk = "Seagate 160GB USB 2.0 7200RPM 8MB"
    SATA is disabled.

    I use Acronis True Image Home v9.0 build 3677 for backup/restore.

    My final goal is to get a FULL encrypted "Data Partition [D:]" and to do a daily backup with ATI, like I always did before encryption.
    So I need a device volume, no file volume.
    --------------------------------------------------------------
    So far I could create a device volume, but ATI didn't recognize it.
    For backup the source is normally my second harddisk, but the normal selection box to mark the second harddisk for backup wasn't there.
    So I could NOT do a backup at all, because I couldn't select the harddisk.

    The first time I didn't create a partition on my second harddisk.
    So I created a partition without partition letter, using "Disk Management", and without formatting, because TrueCrypt would do the formatting.

    Then I opened TrueCrypt and created a device volume "\Device\Harddisk1\Partition1" and formatted (NTFS) the whole device volume (70gb), which took 40+ minutes.
    After mounting in "D:", I could copy/paste my data from my external harddisk to my second harddisk.
    In Windows Explorer my encrypted "Data Partition [D:]" was back and working fine for all applications.

    So I tried the backup again with ATI under winXPproSP2, because that was my LATEST problem regarding encryption.
    This time the selection box appeared to select the second harddisk for backup and I was able to continue the backup wizard to create a .tib-file on my external harddisk.
    After pressing the "Proceed"-button it took about 2 hours (backup + validation) to create a
    .tib file = 72,636,725 KB = 69 GB = total volume of harddisk.
    Before encryption my .tib file = 1,916,593 KB, not longer than 5 minutes.
    So ATI didn't backup my data only, ATI did a backup of the complete harddisk and that's why it took about 2 hours, instead of 5 minutes.
    Using the Acronis Recovery CD won't make a difference, it will take even longer than 2 hours.
    The device volume has to be dismounted before doing a backup, because mounted gives errors in ATI.


    Quoting you : "It would be good to learn if a restore would work or not."
    I would like to know that too, but I hesitate to restore a .tib-file of 72,636,725 KB, not because I'm afraid to do it, but because of the time it will take and it will be alot more than 2 hours.
    After all, I have only ONE computer.
    ----------------------------------------------------------------
    Other observations are :

    If I click Start / Control Panel / Administrative Tools / Computer Management / Disk Management
    My second harddisk looks very weird :

    Volume = blank
    Layout = Partition
    Type = Basic
    File System = blank
    Status = healthy
    Capacity = 69,24 GB
    Free space = 69,24 GB
    % Free = 100%
    Fault Tolerance = No
    overhead = 0%

    If I use ATI for backup, my second harddisk also looks weird :
    Harddisk = 2
    Type = 0x6 (FAT16)
    File System = None
    Size : 69,24 GB

    Don't understand much of this, I don't even know if it is technical OK or not.

    Only in "Windows Explorer", everything looks normal after mounting and it seems to work for all applications, including email (Thunderbird).
    -----------------------------------------------------------------------
    Conclusion :
    The backup seems to work now, but it takes TOO much space and time.
    The restore isn't tested yet.
     
    Last edited: Aug 28, 2006
  23. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Erik,
    Don't sell your knowledge short. You are learning fast and setting up your data to be more secure than most of the computers used by the US government! It's been all over the news, computers being stolen left and right with millions of people's private info ALL UNENCRYPTED! This data can be misused for all sorts of bad purposes.
    So, that's pretty good for a "less-knowledgeable user". :)

    To answer your question and mine:
    This tells me that the backup was done in sector-by-sector mode.
    ATI probably selected this mode automatically because it didn't recognize the dismounted D: partition. This is good because it means there is a chance that the data will restore correctly. The validation also adds to this chance of success. But as you know, there is no proof better than doing a restore.

    By doing the 69GB restore you will prove whether or not ATI can successfully IMAGE backup and restore an encrypted partition. Note the emphasis on image, because you will always be able to backup the encrypted partition by copying on a file by file basis with the D: partition mounted (decrypted).
    A sector-by-sector backup is not going to be the ultimate solution for you because of the large size of your data partition and the time it takes.

    This experiment of restoring the 69 GB .tib file will help others with smaller data partitions who want to know if it will work with ATI. Their smaller data partitions will make the backup time more reasonable. The benefit of backing up this way (if it works) is that it is an easier way to create an encrypted backup.
    Just dismount the partition and back it up. If thieves steal the computer OR the backup, the data is encrypted. And the backup process is done in one step.

    The restore process shouldn't take longer than the backup process.
    When you restored the System Partition [C:] in the past, did it take much longer to do the restore than the backup?

    You would not need to use the Acronis Bootable Rescue Media because you are just backing up and restoring a data partition, not a system partition.
    You confirmed this when you successfully completed the backup and validation of the encrypted D: partition (but not proven yet with restore).

    Doing the 69GB restore is an experiment and there are risks as when doing any restore. It is your data, so you need to decide if the benefit is greater than the risk. Here are some things that could go wrong during the restore:
    The restored partition is corrupt and cannot be mounted. If your backup drive fails at this time for whatever reason (lightning, power surge, brownout, mechanical failure) then your data is lost. This could of course happen any time you do a backup or restore, but still it is a risk during the 2 hours or so.
    You could offset this risk somewhat by copying and pasting a second copy of your data into the C: partition temprorarily (if you have enough space for it).


    Nevertheless, your final goal is not going to be sector-by-sector backup. Towards that goal...
    In Start / Control Panel / Administrative Tools / Computer Management / Disk Management what does it say about the Backup Partition [E:]? Is it NTFS?

    You have successfully created the device volume so you only have the FULL encrypted "Data Partition [D:]".
    The next step would be to find out if ATI can backup only the contents of the MOUNTED D: partition. This is called a file-by-file backup and is very much like a simple copy and paste of your data to the backup drive.
    What you want is just the contents (the files) of the partition not the whole image of the partition.
    I don't know if ATI is able to do this simple type of backup.
    You mentioned:
    This was probably a standard image backup and ATI didn't recognize the encrypted partition format.
    But does ATI have a simple file-by-file backup mode that just copies the contents of the partition?
    If yes, this could be used while the D: partition is mounted because just the files are copied.
    If not, there are other options to achieve the goal.



    This looks good. It is what the thieves will see if they steal the hard drive, just an empty unused (unallocated) part of the hard drive. Even though it actually contains your encrypted data.

    This is because ATI can't recognize the dismounted D: partition so it just shows FAT16 as a default even though there is no formatting present in the unmounted partition. This is what switched ATI into sector-by-sector backup mode.
     
  24. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, ErikAlbert

    Yes, you did backUp Sector-by-Sector because that how Ti creates an Image of used data. :)

    I think it is because Ti see the encrypted partition as used data so on the sector-by-sector backUp the full size of the Partition is created as an Image. o_O

    Take care,
    TheQuest :cool:
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Devinco,
    OK. I will do the restore first and then try the rest. My experience tells me that it will take longer. I have USB 2.0 all the way, but I was never impressed by its speed. In practice my backup is 3 times faster than my restoration. I have no explanation for this. Maybe I don't have the ideal USB connection.

    The Recovery CD isn't any better.
    - the backup is much slower
    - the restore is the same.

    Thanks for all the tips and explanation. :cool: :)
     
Loading...
Thread Status:
Not open for further replies.