TrueCrypt6.3a on Windows XP Pro--Odd Jerky Behavior when encrypting

Discussion in 'privacy technology' started by george75, Jul 16, 2010.

Thread Status:
Not open for further replies.
  1. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    Hi Guys!

    Long time no post.

    I've been working on a full system encryption using TrueCrypt 6.3a. After about 8 partitions that went without a hitch (including the systems partition), suddenly at partition encryption time for a previously formatted partition (using Disk Manager) the True Crypt Program starts the encryption, does about 10 or 15 MB, stops for a second, starts again etc. -- rather than going very fast as it used to. I have disabled my AV and Firewall since I'm offline when doing this. Task Manager shows that the service is bouncing between 14 % CPU usage and 90 %. There are no competing programs. When the program is going slow, the CPU time is being taken up by the Idle Process. When there's LOW CPU usage the mouse is dead. The only program on my machine that causes this is TrueCrypt, and it only just started. The other programs are working just fine. Moreover, it's only this function on TrueCrypt that's acting in this bizarre manner. The other functions of the program behave normally. I can't figure out what to do. I haven't done a reinstall yet, I'm waiting till tomorrow. The encryption was using one of the three algorithms with one of the three HASH functions--i.e. not one of those complicated cascading algorithm sets. I tried changing the algorithm and the HASH function and even the file system. No effect. I tried rebooting several times; no effect.

    Is this release of TrueCrypt stable?

    Is it going to be possible to downgrade TrueCrypt to a previous version?

    Also, after system encryption I had the feeling that the system was just a little more unstable. Does this whole business tire out your computer? Your HDD? I'm worried that perhaps the HDD has been strained by all this encryption activity.

    Any ideas?

    Thanks.

    George
     
    Last edited: Jul 16, 2010
  2. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    Well!

    Let me run through with what happened.

    First of all, nothing I could do would solve the problem, until I decrypted the system file. That went flawlessly--no jerky behaviour. Then I uninstalled True Crypt. No problem. The I ran True Crypt Portable 6.3a from a USB stick. It encrypted the partition in question without jerkiness--without stopping and starting. In other words, it worked normally. Then I again installed TrueCrypt on the system partition. Then I re-encrypted the system disk. That went flawlessly. I didn't try to encrypt any other partition since I had exhausted all the available partitions needing encryption.

    It's not clear what the problem was. The TrueCrypt documentation on PDF says in the FAQ's that if the encryption is going real slow it might be a problem with a competing program, possibly your Antivirus. That I would concur with, although I had no problem in the beginning, and disabling the Antivirus had no effect. My suspicion is that doing things like changing the page file size before I had encrypted all the partitions (although not in the middle of a partition encryption!) caused 'confusion and dismay' to TrueCrypt. It's a guess. Obviously the problem is not the computer; it's some sort of incompatibility that developed at a certain juncture.

    Remark. Probably the best thing to do is to encrypt the System file last of all--after you've encrypted all the non-system partitions. My gut feeling is that's the best thing to do.

    Another remark: Before you go to full HDD encryption of your computer BACK EVERYTHING UP!!!!

    Best wishes to all--

    George
     
    Last edited: Jul 17, 2010
  3. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    Some further remarks:

    I had installed Snoop Free just before installing True Crypt, and once I encrypted the System Partition it was showing strange behaviour. I uninstalled it after decrypting the system disk and it remains uninstalled. This might have had something to do with things, but it is a guess.

    As it is, without Snoop Free, with full encryption, the system is very stable. To all intents and purposes the TrueCrypt is transparent. There's a different logon, booting up, especially from Hibernation, takes a little longer, not inordinately, but for the rest it's as if it's not there. This has to do with some of the more user-friendly aspects of the later versions of TrueCrypt (unless I hadn't spotted them before): the 'favourites' and 'system favourites' auto-mounting of partitions so you don't have to hassle, the ability to get rid of the unused old partition letters so they don't show up in say Explorer. Of course, that says nothing about how well-written TrueCrypt is from an encryption pov; that's something someone else will have to pass judgement on. But apart from that caveat, it's an effective encryption solution in terms of usability. Of course, once you go to full-disk encryption, you've opened a new chapter in terms of how to back up your system partition.
     
    Last edited: Jul 19, 2010
  4. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    994
    Location:
    Hawaii
    Thank you for your posts. I'd like to re-emphasize the importance of backing up all encrypted data. TrueCrypt is generally very stable, but there are a lot of outside factors that can cause problems. Generically speaking, "stuff happens". We may not even know what's going on, but if some unknown weirdness decides to damage or overwrite the encryption headers then it's bye-bye data and/or operating system. Recovery is sometimes possible, but often it's not. The only thing that will consistently save you is having full system and data backups.

    The backups can be encrypted, of course. The main thing is to have more than one copy of all vital data and store it off-drive.
     
  5. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    @Dantz:

    Thanks very much for replying.

    I was beginning to worry no one was interested.

    Perhaps you can answer this question about encrypted system partition backups.

    First of all, backing up a non-encrypted partition is easy as far as I can see: Encrypt a removable medium with enough space to hold your data and copy your data under Windows to the encrypted removable medium. Then you simply mount the removable medium and copy back to the target partition if you need to. Am I missing anything on non-system partition backups?

    Encrypted system partition backups is confusing and somewhat difficult. I know that the best you can do with a program like Acronis is to boot the Acronis boot CD/DVD instead of your O/S and then backup your system disk sector by sector. Judging from what I read on Acronis' forum, this is the whole physical disk, not the C: system partition on that disk. Of course, with the very large HDD's now circulating this could be a huge operation.

    So we go to what TrueCrypt recommends, and here is where I need assistance understanding what is intended.

    What they seem to be saying is that you find a removable disk (HDD) with at least the same capacity as your C:system partition. Then under BART PE you install TrueCrypt (in the FAQ's they say download, but I don't know why you couldn't do this from a USB stick; is it something to do with BART?). Then you encrypt the removable disk fresh with True Crypt (again, I don't know why you couldn't do this under Windows before you logged off and booted the BART PE). Then, they say--and here is where I'm confused--under BART PE you mount the encrypted target disk under TrueCrypt and you copy the files on your C: system partition to your target encrypted removable disk. And voilà your system disk is backed up. Questions:

    1. Does the target encrypted removable disk have to be dedicated to your c: system partition backup or, since we're copying files, can the c: system partition backup simply be a folder on a much larger encrypted removable disk that contains data backups from other partitions? Let's ignore the issue that an adversary who had repeated access to the removable disk and copied it could see which parts of the removable disk were changing, thus assisting him in his cryptanalysis. Are there any other reasons not to do this?
    2. Surely if it were simply a matter of using Explorer to copy files you could do this under Windows? Or is it because some of the files are locked if you've booted the operating system you're trying to backup? What am I missing?
    3. How are hidden system files and so on handled under this method? Do you have to do anything in Explorer to show these hidden system files so they are copied? What am I missing here?
    4. What happens to the MBR under this method? I know that the MBR record on the disk has been displaced by True Crypt's own replacement but I am confused how the MBR information is backed-up under this method.
    5. How do you do the actual restore?
     
    Last edited: Jul 20, 2010
  6. lkraav

    lkraav Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    6
    off the top of my head 2 things:

    * drive is faulty
    * hard drive controller has switched to PIO mode instead of DMA

    check the latter up in Device Manager.
     
  7. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    I don't think the drive has a hardware fault since it has shown no other issues before or after I uninstalled and reinstalled TrueCrypt. There seems to have been some kind of software conflict. As for the PIO or DMA mode issue, where would I look. I went to properties on Device Manager for the Drive and saw nothing that would correspond.

    The real issue now is really how do I do a proper backup of the encrypted systems partition so that I actually accomplish something and can restore the partition when I need to. Everything else is tangential.
     
Loading...
Thread Status:
Not open for further replies.