VMware Workstation and TrueCrypt master key

Discussion in 'privacy technology' started by syncmaster913n, Mar 24, 2012.

Thread Status:
Not open for further replies.
  1. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Hi guys,
    I wasn't sure if I should post this over here or in the VM forums, hope it fits in here.

    I am running a VMware Workstation with Windows XP. I plan to encrypt the entire partition and use containers within the virtual machine, and I was wondering - where does TrueCrypt keep the master key of a currently used container? With my host machine it is obviously in the RAM, but how is the case with TrueCrypt inside a virtual machine? Do those keys leak out in any way to my host machine or my computer's physical RAM?

    Thanks
     
  2. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    And another question while I'm at it, this time concerning VirtualBox.

    Is there anyway to take a snapshot of a machine that is turned off? My concern is that even though I have the whole system partition in my VB machine encrypted with truecrypt, the encryption can be bypassed by simply loading up one of the vm's snapshots, as all of them are in a "loaded" state.

    Any ideas?
     
  3. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    I am assuming your Master OS is Windows? In the VB settings your giving your VM access to your RAM so yes the Master keys and decrypted data are loaded into ram. If you dont have enough ram the system will start to use your Paging/swap file.

    If your using Vista or Windows 7 you can encrypt your Page File, or Buy 8-16GIG of ram and disable your paging file, 8 is cutting it close if your a multi tasker and you give your VM 3GIG of ram to use.......
    Then you should clear the encrypted Pagefile at shutdown, which can be easily enabled and disabled with XTweaker. or their are some programs like East-Tech Eraser that will wipe Pagefile on shutdown.


    Just manually Copy the VM files to another encrypted container. or is their an option where you can choose where to save snapshots?


    If your paranoid you should be using "FDE" Full Disk Encryption period, regardless of your encrypted VM, I would suggest DiskCryptor which is cool because you can store your Key/Bootloader on a USB/external device and seems more stable than Truecrypt when encrypting a data partition or OS partition, but who knows new versions of TC could be different.IMO Truecrypt is better fitted for encrypted Container files. but people have been saved by it so it is proven.

    Its really up to the user on what they feel comfortable with.
     
    Last edited: Mar 27, 2012
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I agree with Warlockz. I do use VM's but they are inside WDE system disks so that I don't have to worry about "leaks" to the host. Most VM's are not that large so copying them to encrypted containers is an easy way to snapshot them and store them elsewhere.

    I like VM's for experimenting with stuff. When you screw one up simply erase it and copy a snapshot back and you are up and running again in a few minutes. Great approach to testing!!
     
  5. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Hi guys!

    Thank you for the responses. I think you might have underestimated my "paranoidness" to some degree... :) my current setup is like this:

    Windows Host (encrypted whole drive TC) -> TC container no. 1 -> TC container no. 2 -> VM Windows Guest (encrypted drive TC) -> TC container no. 1 -> TC container no. 2 -> sensitive data. Each container has a different 45+ character random password (not saved anywhere)

    I have already set the paging file for auto deletion after PC shutdown - in fact every possible precaution listed in the TC documentation is addressed by me. (At least I hope so.)

    As for the master keys of TC containers used within the VM - thanks Warlockz for clarifying that they are stored within the host's physical RAM.

    And as for just copying the VM - I guess that is a very good solution; I'll just create one extra container on my host and copy the whole VM there in shutdown state. That should do it.

    Thanks again.
     
    Last edited: Mar 27, 2012
  6. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    If you are using whole drive encryption - do you not trust it? If not, what makes you think you can trust the containers inside? Where does the box within a box within a box stop? No disrespect intended, I see what you're trying to do - I just don't get the logic used here.
     
  7. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Hi Lockbox

    Sure, I trust the whole disc encryption. But what if my computer is seized while I am logged into the host? I'd want to have everything in a container at that point. And why the container within a container? It's mostly a time buying issue in case I am ever forced to give up a password (which is highly unlikely to happen in my country, but the laws are slowly changing). I can play super hard to get, and finally, when I have to - I will reveal the password after making them work hard for it, only so they can find out that they are facing another container. And I'll make them have to repeat the process. Of course one could ask why not 10 containers, or 20? Basically I felt that 2 are enough - just so I can feel comfortable in case someone is pressuring me to reveal the password, I will have time to think about what I have to do and won't be distracted by the fact that the second I reveal that password all hell breaks loose. Not sure if this makes sense to you, but I'm a cautious person by nature and it makes sense to me from a psychological standpoint.

    You could say that I could have stopped at: encrypted host -> container 1 -> container 2, without the need for the VM etc. The answer here is simple I think: I setup the VM for entirely different reasons, and after using it for a while I figured "hey, I'll move my important files over here!", since I'm spending 90% of my time on the VM right now.

    So basically: Host is encrypted as a rule. The first two containers are there to protect the VM (I want to keep the activities within it a secret). And the two extra containers with my most sensitive files were moved into the VM for convenience.

    All of that is topped off by the fact that I am a pianist, and I have extremely good muscle memory in my hands - it doesn't take me longer than a few minutes to memorize a 60+ character random password - I only need to write it down on a piece of paper and type it into the keyboard a few times, and I've got it memorized in my fingers, and after using it for a few weeks - in my head as well. So it isn't any kind of inconvenience for me to have to type in and remember so many passwords.

    So basically, it's not that at some point I decided "ok, to be really safe, I have to....". It sort of evolved like that from point to point.

    Hope this makes some sense.
     
    Last edited: Mar 27, 2012
  8. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I like containers on an encrypted OS too. I only access my tax documents once a year...no need to have them exposed (even on the encrypted OS) for the other 11 months. You could AxCrypt or GPG them I guess, but containers are so easy to use. JMHO.

    PD
     
Loading...
Thread Status:
Not open for further replies.