|reply to scottp99 |
Re: Truecrypt question
said by scottp99:
What about encrypting my whole entire USB flash drive rather than creating a separate TC container within the USB drive? Would that still leak some data when I open for example an Excel file from that fully encrypted USB flash drive?
From what I can gather, as mentioned, Excel stores the temp files and auto-recover in the same directory as the original. So if they are kept in a Truecrypt container they are secure regardless of encrypting the whole USB key or not. This is an application specific thing of course.
The biggest weakness to Truecrypt or any encryption application is leaving the encrypted volume mounted. Passwords and/or keys can be recovered from memory if it is mounted.--
Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency. David Wong
Well, in that case, I ALWAYS dismount whenever I am done editing or saving a file within that encrypted TC container.
So will dismounting the uSB device or volume container should not leave any traces of the encrypted files read in plain view on my local HDD?
If you're this concerned about traces of the sensitive files ending up elsewhere on the unencrypted areas of the drive - a completely legitimate concern - then you should encrypt the whole drive. That way you cover the pagefile, hibernation file (if any), temporary directories, etc., etc.
It's also operationally more convenient for you than managing (perhaps multiple) file-container volumes.--
Scott Brown Consulting
Ok, fine. Since I have my OS image build, without any important data on it, if anything goes wrong with the encryption process, then I will just reimage my PC.
I just do not trust these encryption programs. If one does not know what their doing, then their system can be "hosed"
The full disk encryption procedure has certain protective safeguards built into it. For example, it tests the boot loader by making you reboot through it successfully before encrypting any drive contents. And, it forces you to burn and verify a rescue CD that gives you crisis workarounds like repairing a broken boot sector, removing encryption without having to boot into the OS, etc. All of this is required before a single block is encrypted.--
Scott Brown Consulting
I always keep a clean OS image build without any important stuff on there just incase things go wrong.
One more question here - Is there any way for TC to automatically enable the NUMLOCK on my USB keyboard whenever the TC bootloader appears to enter the password?
That's controlled from BIOS Setup, if anywhere.
So, I did it. Installed full disk encryption. So far not noticing any system slowness. I could of posted this thread on the TC Forums but they do not accept any Internet based emails.
I guess TC is adequate enough for me as opposed to WinMagic.
But thanks for the support on this.