TrueCrypt

Thanks Genady. That's what I thought you meant, but I wasn't sure if there was some unwritten/hidden limit (other than the 4GB FAT32 limit).

That's one reason why I like this thread. Because it shows a real world example of the balance between security and convenience.
On one side you have security: Encrypting Data and Backup.
On the other convenience: Fewer passwords and drive letters to remember and manage, entering the password as few times as possible, and as short and easy a password as possible.

What do you think of this scenario/solution?

Sally lives in an apartment in a large city with a high crime rate. Recently there has been a string of burglaries in neighboring apartments and she is concerned that her apartment might be next. She took steps like having strong locks put on the doors and windows, had an alarm system installed, and even bought theft insurance. But she also wants to encrypt all private data on her computer so it could not be used for identity theft or other malicious purposes if stolen. She doesn't like to remember and type in lots of passwords and wants the process to be as simple as possible. Her computer setup and daily data backup plan is identical to Erik's with 3 hard drives with one partition each (1 for OS and programs, 1 for data, 1 for backup). She is willing to type in a password once per day to access her encrypted data partition. Sally backs up her data daily to the USB hard drive and wants the backup encrypted too, but she doesn't want to have to type in a password twice even if it is the same password used for the encrypted data partition.

Solution:
The Data partition is encrypted with a password only (text key). It contains all her private data and a keyfile that is used to mount a dynamic volume on the backup partition.
The Backup partition (on the USB backup drive) contains 4 things:
1. Regular unencrypted backups of the OS partition.
2. Dynamic Volume to store backups of the Data files and folders. Dynamic volume mounts with only the keyfile stored inside the data partition (no password).
3. Encrypted File Volume that contains a backup copy of the keyfile in the data partition. This File Volume is mounted only to restore the data files and folders from backup. The File Volume is encrypted with the same password used for the data partition.
4. TrueCrypt in traveller mode is also installed on backup partition should the need arise to restore the data files and folders to a different computer.

Daily use:
Sally starts computer and when the Windows desktop loads TrueCrypt asks for the password to mount the data partition.
She types in the password once and the data partition is mounted making the keyfile contained within available for what happens next.
TrueCrypt asks for the keyfile to mount the dynamic volume on the backup drive.
Since the keyfile is already available in the mounted data partition, the backup dynamic volume mounts.
She can now do her normal daily work and backups. When she shuts down, everything is dismounted and secure.
If thieves steal the computer, they don't have the password, so they get nothing.
Sally can take the USB backup drive to any computer and with the TrueCrypt traveller mode gain access to the encrypted backups.
If thieves steal the USB backup drive, they don't have the password for the file volume that stores the keyfile to mount the dynamic volume, so they get nothing.
If thieves steal both computer and backup USB drive, they still get nothing because the password is needed.
If Sally's data drive fails, she can mount the file volume(containing keyfile) on the backup drive to mount the dynamic volume and restore the data when she gets a new drive.

Probably for encryption purity, when Sally backs up the data files and folders, she should exclude the keyfile in the data partition from being backed up. But I'm not sure about this.

Opinions anyone?

 

Another option would be to use Norton Ghost 10 or Norton Save & Restore.
They both can make encrypted backups (AES 128-bit, 192-bit, or 256-bit).
So you would not need to make an encrypted volume to receive the backups.

The same way that ATI in "The entire disk contents or individual partition" (drive imaging) mode was unable to backup or restore the TrueCrypt encrypted partition when MOUNTED, I think Ghost 10, Save & Restore(in drive imaging mode), IFW, Drive Snapshot, or other "drive imaging" programs WON'T WORK either when the partition is MOUNTED. I think this is because the drive imaging programs want to directly access the drive to backup the partition that is encrypted. But the TrueCrypt driver interferes with this and displays the MOUNTED partition as decrypted so it "fools" the OS into thinking the drive contents are decrypted (they are actually decrypted OTF in memory). I haven't tested all these so I am not 100% sure. I'll try to test IFW and post results.

If my above guess is correct, that means Ghost 10 offering encryption doesn't offer any benefit over other drive imaging programs FOR BACKING UP A TRUECRYPT ENCRYPTED PARTITION. This is because it can only backup the partition DISMOUNTED which is already encrypted by TrueCrypt.
Since backing up a DISMOUNTED partition is slow and bloated, I don't think Ghost 10 is a good program for backup of TrueCrypt partitions (neither is IFD, IFW, BING, or Drive Snapshot).
Ghost 10 would be good for making encrypted backups of your other partitions like the OS and programs.

Norton Save & Restore in "drive imaging" mode should behave the same way as Ghost 10.
Save & Restore, like ATI, has another useful mode: "File and Folder".
This will allow you to backup only the used data on the MOUNTED partition so your backups will be fast and small.
Unlike ATI, Save & Restore has built in encryption so it will protect the backup without the need to setup another TrueCrypt Volume (either dynamic, file, or partition) to hold the backups.
While this intially seems good, it means you will need to type in a second password when you want to backup.
The advantage of using Save & Restore over ATI is that you could encrypt the backups of your regular partitions like the OS and Program partitions.
I don't know how important this is, because the OS and Programs on the hard drive are not encrypted, so only the backup would be.
Save & Restore is closed source and uses encryption, so if that bothers you, then don't use the built-in encryption feature.

Why ATI and Save & Restore are better than other "drive imaging" programs is that these have two modes of operation: "Drive Imaging" and "File and Folder".
This allows you to use one program to do all your backups.

The other option is to use the drive imaging program of your choice on the OS and Program partitions (like IFD/IFW/BING, Drive Snapshot).
Then on the MOUNTED TrueCrypt partition, use a file synchronization type program like Karenware Replicator to copy all the files and folders to the backup location (TrueCrypt dynamic volume, file volume, or encrypted partition).
Even a regular File and Folder backup program like Microsoft Backup may work for this purpose.
So you will be using two programs for backup.
Depending on the synchronizer/backup program, this can be made into a streamlined operation.

 

Came across this interesting TrueCrypt article at GRC.com: Security Now! episode 41 TrueCrypt.

It has answers to these questions and more:
Why should we backup the headers of TrueCrypt Volumes?
If you want to mount a volume stored on read only media like CD-R or DVD-R, what format should the File Volume be?
If you want to use the full size of a DVD to store a TrueCrypt Volume, what format should the DVD be?

 

I tested an splitting an 8GB Encrypted File Volume (dismounted) into 2 4GB chunks with Chainsaw and then merged them back together.
The Volume contained test files.
Chainsaw took 23 minutes to split the volume in two.
These individual files could be burned onto separate DVDs.
Chainsaw also creates a batch file to merge the files back together.
It took about half the time to merge them back together.
The author of Chainsaw said it was tested on files up to 11GB, but it may work with larger files.
The merged volume mounted properly and all files within were intact.
So it works if you need it on TrueCrypt File Volumes.
But it is an extra step that takes time.
For most situations I think having separate 4GB volumes would be preferable.
Or, use a backup program capable of spanning DVDs.
Even better, if it is bigger than will fit on a DVD, backup to a hard drive.

 

Mounting multiple partitions at Windows startup with one password is very simple.
It does not require the complicated setup with a nested keyfile as mentioned in an earlier post (Sally's setup).
Simply create the encrypted partitions/volumes with the same password and mount them.
Settings/Preferences...
Under Actions to perform upon log on to Windows:
Check Start TrueCrypt and Mount favorite volumes
Under Password Cache:
Check Cache passwords in driver memory
Click OK

Volumes/Save Currently Mounted Volumes as Favorite

On next reboot, one password will mount all your volumes and partitions.

 

Devinco,
I'm sure if you use TrueCrypt the right way, it can work as comfortable as possible. It's a matter of combining and testing to figure it out, those are just details.

Unfortunately it only protects me against an accidental local physical theft at home instead of protecting me against theft by millions of malwares and hackers world-wide, when I'm daily on-line and that is going to happen alot more than physical theft.
I could be wrong about this, but that's what I learned from this thread.

I don't mind if malwares or hackers steal my personal data as long nobody can read it in a million years and encryption is supposed to guarantee that.
Frankly, I'm disappointed that encrypted files can be read by anybody after they are stolen via the internet.

 

Erik,
Sorry for sort of taking over your thread. Your issues and questions about TrueCrypt have long since been resolved. I expanded this thread from "basic tips for TrueCrypt" into a search for the best way to create encrypted backups for TrueCrypt encrypted partitons.
My posts since the resolution of your concerns have not been to convince anyone, but to share ideas about using this incredible program in the most efficient/secure way possible.

You are right about this.

I understand what you mean, but a slight modification is needed.
The ENCRYPTED files ARE SECURE from malware and hackers and they won't be able to read it in a million years.
The problem is that you can't read ENCRYPTED files either so you have to DECRYPT the files to read them at some point.
It's when the files are DECRYPTED (in memory on the fly) that any active malware or hackers will have the same privileges as you to read the DECRYPTED files.
Once malware or hackers are permitted to be active on the computer, they can do anything you can. Encryption won't solve that problem. But other areas of computer security will.

 

If my encrypted partition is mounted, but none of my personal files are opened in memory and some malware or hacker steals one of my closed encrypted personal files. Is he able to read it or not ?

 

Yes, he is able to read it because when he steals the file, he simply requests the file and TrueCrypt (thinking it is you who requested it) dutifully decrypts the file.
When you mounted the partition, you gave it the password and told TrueCrypt to decrypt any file as you ask for it on demand. Hackers and malware pretend to be you when they are active and can do anything you can.
TrueCrypt cannot tell the difference between you and malware or hackers pretending to be you once they are active, so they will be able to decrypt any file as they request it.

It may be easier to understand as mounted=decrypted OTF and dismounted=encrypted.
Anything you can do on the computer, so can active hackers and malware that are allowed in.
No computer technology, encryption or otherwise (that I know of) will allow you to read personal files while at the same time prevent active malware and hackers present on the same computer from reading those same files.
For your purpose, encryption is not the right choice.

 

Devinco,
That's very bad news, at least for me. It was my original intention to make my personal files UNREADABLE for EVERYONE by using a strong encryption and the freeware TrueCrypt would make that possible in my dreams and it's indeed a dream, because it isn't possible. I would like to curse for awhile now, but my curses are always removed by the mods.
So high time for a possible plan B.

A new system setup :
System Partition [C:] = Internal Harddisk-1
This partition contains :
1. WinXPproSP2
2. Applications, including Acronis True Image + FirstDefense-ISR + TrueCrypt.

Data Partition [D:] = Internal Harddisk-2
This partition contains :
1. Personal data files without secrets
2. Emails and email-address-books

Encrypted Partition [E:] = also Internal Harddisk-2
This partition contains :
1. Personal data files with my personal secrets.
2. Personal data files with other people's secrets.
The size of this partition = 9 GB.

Backup Partition [F:] = External Harddisk-3
This partition contains :
1. .tib-files of system partition [C:]
2. .tib-files of data partition [D:]
3. .tib-files of encrypted partition [E:]
4. .arx-files of archived FDISR-snapshots on system partition [C:]

Rules
1. I have one OFF-LINE snapshot (without internet connection), which can be used for mounting/dismounting my encrypted partition [E:] 99% safely.
2. All my other ON-LINE snapshots, will NOT be used for mounting/dismounting my encrypted partition [E:].
----------------------------------------------------------------------
This was not my original plan of course and I hate to split my personal files in two groups.
I have to think about this.

 

And maybe hiring an extra employee? that's a lot of work Erik!!

a simple format and an image file would give you the same effect when having an offline hdd as backup?

I played with Truecrypt when it first came out and I loved the scrambled part (merging Reyndael-Aes, .. .. in fact using combinations) but encrypting lots of gigabytes with this algorithm just takes to much time for me .. therefor offline hdd with no internet connection. my codes are encrypted though..

 

I don't understand any of this : simple format? offline hdd? Where is my data? Where is my backup of data?

 

Encryption won't protect you from active malware/hackers. It might delay them and require an extra step or two for the attacker, but that's it.
You would be better protected if you improve your front line security so the malware never executes. Then you would not need encryption as a second line defense (which it is not).
Here's why...

Your purpose is to use encryption together with a system restore program, FD-ISR, to prevent active malware and hackers from reading your personal secret files.
Now let's say your plan B works perfectly and there is no cross-contamination or read/write access possible between the "ON-LINE" snapshot and the "OFF-LINE" snapshot internal file structure.

Malware that you accidently execute lets the mythical non-existent uber-hacker go crazy in the "ON-LINE" snapshot.
Your "OFF-LINE" snapshot gets uploaded and restored on the hacker's computer. He/she infects/alters it so it is now "ON-LINE".
Hacker downloads the ALTERED SNAPSHOT to your computer.
Next time you boot into what you think is the "OFF-LINE" snapshot will actually be the "ALTERED SNAPSHOT".
You mount the encrypted partition and the data is again accessible to hacker.

This attack is highly unlikely as most malware just wants to turn your computer into a spambot.
The encryption in this case certainly won't protect your data for a million years.
It is FD-ISR that is adding the difficulty for the hacker, not encryption.
If you follow basic security precautions, you can just as safely access the encrypted data in the "ON-LINE" snapshot.

I hate to use cliches, but they are appropriate here:
Security is only as strong as the weakest link.
Execute malware and malware may execute your computer.

 

And that is for me the end of encryption. It's not like in spy/sf movies (just kidding).

 

your backup would be on the offline harddisk (external I should have said).

format your current c. (no internet), then install everything (no internet) then import your backup made, connect to internet to install every update ...

I think this is quite safe imho.

 

But what has all this to do with encryption? You are describing a normal installation procedure from scratch. I know already how to do this.
In this thread I'm trying to find out if encryption is usefull for me or not.

 

Erik,
I think Infinity is explaining a different way to do your "plan B" using backups/restores instead of FD-ISR.
The end result would be the same though.
The hacker could upload the "OFF-LINE" backup, mount it, drop in some malware, alter connection settings, download it to your computer, you restore "ALTERED OFF-LINE" backup which is now actually online and again encrypted data will be accessible.

The idea of a totally disconnected computer (which is the ultimate version of the "OFF-LINE" FD-ISR snapshot, "OFF-LINE" backup, swappable/switchable HD) is not really practical unless the data will always be static and never change or never need updating or additions from the outside.

Encryption is excellent at protecting data from physical theft.
Encrypted connections (like SSL and SSH) are excellent at protecting online data communications from eavesdropping.

 

Hi Infinity,

You may want to try the new 4.2a version of TrueCrypt.
There have been a lot of improvements recently.

Most will not need to chain multiple encryption algorithms, any one of the ones offered will be more than enough.

One interesting thing I found is that algorithms will perform differently on Intel or AMD processors. Some algorithms run faster on AMD and others run faster on Intel.
TrueCrypt has a Benchmark in the Tools menu so you can see for yourself which runs the fastest on your computer.

 

All my backups are stored on an external harddisk, which is never on-line.
How can a hacker upload my OFF-LINE backup if the external harddisk is turned OFF, when I'm on-line ?

How can a hacker get to my OFF-LINE snapshot on my internal harddisk, if there is no internet connection ?

 

The hacker can not. By powering off the drive, you limit the time that the drive can be accessed.
The OFF-LINE.tib is stored on the same external harddisk that the ON-LINE.tib is stored.
So when you turn on the external harddisk to backup ON-LINE, the OFF-LINE.tib is also available for the hacker to upload.

I don't know exactly how the snapshots are stored on the hard drive.
They may be stored in files (similar to the backups) or they may be hidden somehow.
But the idea would be the same as the backups.
While you are in the ON-LINE snapshot, the hacker accesses the data area on the internal harddisk where the OFF-LINE snapshot is stored. The OFF-LINE snapshot may not be active, but its data has to be stored somewhere on the internal harddisk. And that internal harddisk is accessible when the ON-LINE snapshot is active.

I not saying that this is even remotely likely.
A targeted hacker attack is simply not going to happen to someone who practices basic security precautions.
Even careless users' computers would wind up as just malware infested spambots.
The backups and snapshots would probably be overlooked even if a hacker was snooping around.
I'm just saying that it maybe technically possible.

I like the idea of isolating high risk activities from important activities.
This can be done with (in order of isolation):
1. Separate computer
2. Separate switchable hard drive (with either mobile rack or hard drive switch)
3. Virtualization or sandboxing
4. Separate Snapshots
5. Separate backups (much slower to switch between backups than snapshots)

It is just the idea of having an outdated, vulnerable, off-line, computer (or snapshot, or backup) and only have data that never changes is pretty useless.
Having an online computer that is updated, online, and well secured is much more useful.

 

I think there is a misunderstanding on your side. There is no on-line.tib and no off-line.tib.
I created an off-line snapshot without internet connection.
Each time I do a backup of my system/data partition. I boot in that off-line snapshot and turn ON my external harddisk.
If I do a backup of my system partition, all snapshots (off-line and on-line) are backed up in ONE .tib-file.
After that I do a backup of my data partition.
After that I archive my snapshots.
After that I turn OFF my external harddisk and reboot in an on-line snapshot.

A hacker can only enter my computer via an on-line snapshot and break through the file structure of a snapshot to infect my off-line snapshot. Here I agree with you.
But this hacker has to be alot smarter than the average hacker. AFAIK this never happened until now.

My off-line snapshot has
- no internet connection
- no security softwares
- no softwares, that need internet, like browsers, email-softwares, ...
If everything works fine in that snapshot, I don't need upgrades.

The main reason why I created this off-line snapshot was because I was sick and tired of losing my concentration, while I was working with MS Word, MS Excel, ... due to security warnings, scanner updates, etc. ...
After that I used that snapshot also for other things that need a quiet environment, like defragmentation, backup, restore, archiving snapshots, restoring snapshots, creating new snapshots, burning CD/DVD's, ...
Everything works faster and safer in this snapshot and without any disturbements.

 

Wouldn't be my first misunderstanding.
This setup is actually very secure from the attacks on the backup provided the off-line stays clean.

All you need to do is keep the on-line from accessing the off-line.
Malware could also spread from any drive/partition that is shared between the off-line and on-line. For example, On-line your data files in the D: partition get infected. Off-line, you access those same files and the infection spreads to the Off-line.

It is not only breaking through the file structure while it is on your computer.
The off-line snapshot could be uploaded from the on-line snapshot (it is stored on the drive), modified, and downloaded to the computer.
I really don't think you have anything to worry about from the mythical non-existent uber-hacker.

That's fine and will work, but you also have no defense should malware spread over from the data partition. There is no internet connection so no direct hacker control, just malware that can't phone home.
I haven't heard of any malware that "fixes" your internet connection.
If there was, it would become a very popular utility.

Whether you have 2 snapshots or 1, I don't think you will have any malware/hacker problems because you already take the basic precautions to keep the malware out.

 

Devinco,
My biggest problem is still securing my on-line snapshots.
I have already a solution to REMOVE any malware on my system partition [C:] without using scanners and much better than scanners, but I still need a solution to stop the EXECUTION of malwares between two reboots.
So this will be my next project, since encryption (TrueCrypt) was a flop for me.

 

why not installing a behaviour blocker Erik? this will control all exe's from starting .. something like PG, SSM, AD/RD ?

just a thought though.

 

Thanks for the tips and I tried already PG, SSM and RD.
Unfortunately I don't like these softwares, which doesn't mean I refuse to use them, but I will try to avoid them.

In the Leapfrog Forum, we already noticed that FirstDefense-ISR doesn't like ProcessGuard and PG caused errors during FDISR activities, like copy/update, one of the most used functions of FDISR.