What is better 1 large container or an encrypted partition? (TrueCrypt)

Discussion in 'privacy technology' started by letgetcc, Dec 19, 2009.

Thread Status:
Not open for further replies.
  1. letgetcc

    letgetcc Registered Member

    Joined:
    Jul 6, 2008
    Posts:
    8
    Which is more reliable and stable?
    Which is safer? (Ex: from losing the data, corruption etc.)


    Also, it seems a downside of encrypting a partition like D: drive would be accidentally formatting it and losing all your data. In this thread, someone said something about "hiding" the partition so that doesn't happen. Is this safe?
    http://forums.truecrypt.org/viewtopic.php?t=18525



    Which do you guys think is better?



    EDIT:
    I Also plan on storing smaller containers inside my encrypted a) large container or b) partition so I don't know if this makes a difference or not...
     
    Last edited: Dec 19, 2009
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    To answer your question, both options should be safe. There are 2 ways you can lose data from an encrypted partition:
    1) software bugs - you can't do too much about that, and they can affect both partitions and file containers.
    2) user error (forgetting password, accidentally erase the file, deleting the partition, etc.). From this perspective, it really depends on what is your style of working with the computer and what kind of situation can appear in your day to day activity on your computer. For instance, if you like to repartition your space every 5 days (like I do sometimes :) ), the danger of deleting your encrypted partition is big. Even hiding an encrypted partition is not always a solution, because most repartitioning tools will detect it even if it's hidden.

    So, use software you know that it's bug free, and be careful when you work with encrypted containers, and you should be safe.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    How do you figure? The encrypted volume will appear as unpartitioned random data, so I fail to see how a partitioning tool will detect it. As long as the hidden volume was created with the precautions listed in the Truecrypt documentation, then I think you're wrong.
     
  4. Dundertaker

    Dundertaker Registered Member

    Joined:
    Oct 17, 2009
    Posts:
    385
    Location:
    Land of the Mer Lion
    Hi letgetcc;

    I have been using TrueCrypt for 6 months now. Hidden volumes is what I use. I guess it depends on the amount of the content and most especially the content itself that you will have to place inside the container. For me it's both. I have an outer volume for non-sensitive data which I want encrypted and hidden volumes. I have a 10gb (with 9 gb for the actual hidden volume). I have 2 hidden volumes, say, 1 for sensitive files/drawings and 1 for personal. If it's sensitive on your part and will not like anyone to know you have it then by all means hide it through a hidden volume. If it's just encryption you need and not as sensitive then an outer volume is all you need.

    You must follow the precautions/safety (as chronomatic said and yes a partitioning tool cannot detect a hidden volume as long as it is hidden or unmounted) that TC has published in the user manual (page 29 and beyond..also make yourself a rescue disk (page 42) so there is no danger on possible data corruption on your hidden volume when you accidentally write something in the outer volume. Be careful with it.
    The best is to have a back-up data storage other than your hidden volume and that is always "the" rule for safety.

    It is also advisable not to defrag your sensitive TC volume. It's also in the manual and for me I excluded it in Defraggler option.

    Take care!
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I was using the wrong words, sorry... What I meant is that when you are repartitioning, you should be careful not to overwrite the encrypted volume, because some of the partitioning tool thinks that there is free space there.
     
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    As far as TrueCrypt goes, both approaches are equally stable and reliable. However, encrypted partitions are more vulnerable than container files because both users and the programs that they run tend to screw around with partitions more, either by making intentional changes or by running partition-aware software (including Windows) that doesn't recognize encrypted partitions and will sometimes either "fix" them or alter their sector boundaries, often without prompting the user. Many users don't seem to realize that it's very risky to try to alter their overall partition layout when one of them is encrypted. Another common screwup is to get the drive letters mixed up and format the wrong one. Also, upgrading to Windows 7 has been damaging encrypted partitions in some cases.

    With container files, the main risk is accidental user deletion. I've heard a variety of stories. Sometimes a user accidentally deletes the folder that the file is stored under, forgetting that the file was there. Sometimes they name the file something innocuous and then fall into their own trap by deleting it during a disk cleanup. Sometimes they overwrite the file with another one of the same name.

    I think the safest approach would be to create a dedicated, non-encrypted partition and use it only for storing well-named, contiguous container files in the root directory. If you still somehow manage to delete a container file then it will be much easier to recover under those conditions.

    And of course, back up your data! When things go wrong, encrypted data is much harder (if not impossible) to recover. Whichever approach you choose, there's simply no alternative to having good backups.
    It's perfectly fine to nest encrypted containers within another encrypted container or partition, but there will probably be a small performance hit. If you have reasonably fast hardware you might not notice it unless you put particularly high demands on the volume. However, if this turns out to be an issue then you will probably get better performance by nesting your container files inside an encrypted partition rather than inside another file. I suggest you run some small-scale performance tests before making your decision. If performance is a major consideration then you may not want to set up nested volumes at all.
     
Loading...
Thread Status:
Not open for further replies.