Topic 'Re: Truecrypt question' in forum 'Security' - dslreports.com

Re: Truecrypt question

Mon, 03 Dec 2012 13:23:43 EDT

scottp99 posted : So, I did it. Installed full disk encryption. So far not noticing any system slowness. I could of posted this thread on the TC Forums but they do not accept any Internet based emails.

I guess TC is adequate enough for me as opposed to WinMagic.
»www.winmagic.com/products/full-d···andalone

But thanks for the support on this.

Re: Truecrypt question

Mon, 03 Dec 2012 13:02:42 EDT

sbconslt posted : That's controlled from BIOS Setup, if anywhere.

Re: Truecrypt question

Mon, 03 Dec 2012 04:15:40 EDT

scottp99 posted : I always keep a clean OS image build without any important stuff on there just incase things go wrong.

One more question here - Is there any way for TC to automatically enable the NUMLOCK on my USB keyboard whenever the TC bootloader appears to enter the password?

Re: Truecrypt question

Mon, 03 Dec 2012 02:13:13 EDT

sbconslt posted : The full disk encryption procedure has certain protective safeguards built into it. For example, it tests the boot loader by making you reboot through it successfully before encrypting any drive contents. And, it forces you to burn and verify a rescue CD that gives you crisis workarounds like repairing a broken boot sector, removing encryption without having to boot into the OS, etc. All of this is required before a single block is encrypted.
--
Scott Brown Consulting

Re: Truecrypt question

Mon, 03 Dec 2012 01:48:58 EDT

scottp99 posted : Ok, fine. Since I have my OS image build, without any important data on it, if anything goes wrong with the encryption process, then I will just reimage my PC.

I just do not trust these encryption programs. If one does not know what their doing, then their system can be "hosed"

Re: Truecrypt question

Mon, 03 Dec 2012 01:28:09 EDT

sbconslt posted : If you're this concerned about traces of the sensitive files ending up elsewhere on the unencrypted areas of the drive - a completely legitimate concern - then you should encrypt the whole drive. That way you cover the pagefile, hibernation file (if any), temporary directories, etc., etc.

It's also operationally more convenient for you than managing (perhaps multiple) file-container volumes.
--
Scott Brown Consulting

Re: Truecrypt question

Sun, 02 Dec 2012 17:57:48 EDT

scottp99 posted : Well, in that case, I ALWAYS dismount whenever I am done editing or saving a file within that encrypted TC container.

So will dismounting the uSB device or volume container should not leave any traces of the encrypted files read in plain view on my local HDD?

Re: Truecrypt question

Sun, 02 Dec 2012 17:39:29 EDT

Ian posted :

said by scottp99:

What about encrypting my whole entire USB flash drive rather than creating a separate TC container within the USB drive? Would that still leak some data when I open for example an Excel file from that fully encrypted USB flash drive?

From what I can gather, as mentioned, Excel stores the temp files and auto-recover in the same directory as the original. So if they are kept in a Truecrypt container they are secure regardless of encrypting the whole USB key or not. This is an application specific thing of course.

The biggest weakness to Truecrypt or any encryption application is leaving the encrypted volume mounted. Passwords and/or keys can be recovered from memory if it is mounted.
--
�Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.� � David Wong

Re: Truecrypt question

Sun, 02 Dec 2012 17:31:36 EDT

scottp99 posted : What about encrypting my whole entire USB flash drive rather than creating a separate TC container within the USB drive? Would that still leak some data when I open for example an Excel file from that fully encrypted USB flash drive?

Re: Truecrypt question

Sun, 02 Dec 2012 17:07:06 EDT

Ian posted :

said by scottp99:

You see, I just dont like to have a whole disk encryption because I am afraid that would "hose" my system partitions and that sort of stuff. I had read horror stories of people encrypting their entire HDDs and had some issues along with it and not to mention not backing up data before encrypting
But this was not with TC, some other program.

I'm having trouble seeing a large distinction between the danger of disk damage to your entire drive (encrypted) and damage to your entire drive (unencrypted), or for that matter to your Truecrypt container.

In both cases, if the contents are important enough to encrypt, wouldn't they be important enough to properly backup? I would backup your whole system with a drive-mirroring application, try out your new scheme and verify backup method.

said by scottp99:

Is RIPEMD-160 secure enough? Because it will not support Whirlpool either.

If this is the case, then shame on TC. Because I really tend to lean more on SHA-512 which is approved by the NSA and NIST standards of compliance.

The hash function is not about how it's encrypting your files, it's about how Truecrypt is storing your password.

As a hash algorithm, both SHA-512 and RIPEMD-160 have been shown to be "vulnerable" to a collision attack. A collision attack is the theoretical creation of two identical messages with the same hash value. And if that's troubling....so has WHIRLPOOL. But they vary in the complexity of the attack. And SHA-512 has been shown to be vulnerable to a pre-image attack, whereas RIPEMD-160 has not. I'm really not sure why Truecrypt isn't letting you hash your password with SHA-512. Works for me. Licensing? Patent? Not sure.

But that's deliberately creating two messages with the same hash value. As a practical consideration finding a message (password2) that has the same hash value as the unknown message to the attacker (your actual password) is no easier than simply guessing your actual password under those hash functions.

So brute-forcing your password, assuming a hacker wanted to is no easier or hard under any of the three hashing schemes in my opinion. And assuming you picked a good password, would require trillions of centuries on a super-computer to do so.

Easier for the hacker to install a key-logger on your system, a hidden camera, or to bash you over the head until you told him (or her) the password. ;-)
--
�Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.� � David Wong

Re: Truecrypt question

Sun, 02 Dec 2012 16:47:59 EDT

scottp99 posted : What if I just only do a full USB flash drive encryption instead of encrypting the local HDD? Is this better or it can still leak data even when you encrypt the entire USB flash drive?

When creating an entire full USB disk encryption, at least Im able to select the SHA-512 option.

Re: Truecrypt question

Sun, 02 Dec 2012 11:56:48 EDT

scottp99 posted : Now wait a second here. Look at this.
Its now telling me that it does not support SHA-512 when creating a whole full system HDD disk encryption.
Now this is very very odd. However, when I created the virtual encrypted TC container volume, it did allow me to select the SHA-512 option. But why doesnt it support this when creating a whole system disk encryption?

It does however support this only for Standard TC virtual Volumes, but NOT for whole system encryption.

Is RIPEMD-160 secure enough? Because it will not support Whirlpool either.

If this is the case, then shame on TC. Because I really tend to lean more on SHA-512 which is approved by the NSA and NIST standards of compliance.

Re: Truecrypt question

Sun, 02 Dec 2012 11:46:57 EDT

sivran posted : The only ways to be sure are whole-disk encryption and booting off a liveusb/cd.

"Portable" software can be used, but some of it leaves traces, some doesn't. Most of the software on portablefreeware.com is marked whether it does or not. LibreOffice Portable is stealthy, according to them. GnuCash portable isn't.
--
Think Outside the Fox.

Re: Truecrypt question

Sun, 02 Dec 2012 11:19:22 EDT

scottp99 posted : Ok, how about if I encrypt my whole USB Flash drive key? Would that have any leaks too? If yes, then I will go with full drive HDD encryption. And one more question, is RIPEMD-160 safe enough with AES-256 for whole drive local HDD or USB encryption?

Also, I am backing up my OS drive as we speak (before the encrytpion process) in case something gets "hosed"....

Thanks again.

Re: Truecrypt question

Sun, 02 Dec 2012 10:03:06 EDT

Brano posted : PDFs should be fine. Those are read only, no temp files.

Re: Truecrypt question

Sun, 02 Dec 2012 09:58:53 EDT

scottp99 posted : Thats how I do it. I open those files (mostly their PDFs), directly from the virtual TC container.

Re: Truecrypt question

Sun, 02 Dec 2012 09:56:56 EDT

Brano posted : If you just encrypt a separate file outside TC, you need to decrypt it before use. That equals to copying it to unencrypted HDD.

Re: Truecrypt question

Sun, 02 Dec 2012 09:55:47 EDT

Brano posted : Yes. But as it was pointed, let's say you open the financial file by your financial software directly from your TC container there's good possibility that the financial software will save some kind of temporary working copy (or at least part of it) to your %temp folder. Really depends on software (MS Word and MS Excel will save the temp file to the source folder).
You need to check how is the software you're using storing temp data.

If you want to be absolutely sure/paranoid, you need to encrypt entire drive.

Re: Truecrypt question

Sun, 02 Dec 2012 09:50:51 EDT

scottp99 posted : Financial data, and numerous IT related reports.
So, If I wanted to keep these files encrypted, it should NEVER be copied and pasted onto the local HDD? Am I correct? It should always stay and be there inside the virtual TC container?
You see, I just dont like to have a whole disk encryption because I am afraid that would "hose" my system partitions and that sort of stuff. I had read horror stories of people encrypting their entire HDDs and had some issues along with it and not to mention not backing up data before encrypting :)
But this was not with TC, some other program.

So, it would be easier for me to just encrypt the files.
If I do not intend to store those files outside the TC container, I should be safe? Right?

Thanks

Re: Truecrypt question

Sat, 01 Dec 2012 19:06:07 EDT

Ian posted : Also, I'd wonder what it is you're trying to protect (not because I'm curious) but more for how you're using it. Do you want TC to encrypt important financial info? Or to keep the extensive girlsgonewild movie collection away from prying eyes? ;-) For financial information or a movie player or whatever, you really don't know what sort of data could be leaked to a place outside of the TC container. Excel or Quicken storing autosaves someplace other than in the TC container? Etc. Even if you say, installed a browser to a truecrypt mounted volume, and ran it from there, it could still be default storing certain info to c:/temp or whatnot.
--
�Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.� � David Wong

Re: Truecrypt question

Sat, 01 Dec 2012 15:42:17 EDT

OZO posted : If you copy your file from TC container to your HD and then remove it, do you know that the file is not actually removed? The record to the file in folder, where it was, is marked as it is deleted, but its content is still on HD and with appropriate tools it can be restored... You have to use special tools to securely delete that file, if you want to guarantee, that content of your file is gone. Be careful and keep your important files (that you want to protect) within TC container only.

--
Keep it simple, it'll become complex by itself...

Re: Truecrypt question

Sat, 01 Dec 2012 09:37:29 EDT

Brano posted :

said by scottp99:

What I mean, is for example when I take out those files from the virtual tc container will those files be still encrypted when I paste those to my desktop?

No. Your desktop is just a folder on your un-encrypted HDD thus anything in your desktop folder will be un-encrypted.

With TC, however you have option to encrypt your entire HDD if you desire.

Re: Truecrypt question

Sat, 01 Dec 2012 08:49:06 EDT

scottp99 posted : What I mean, is for example when I take out those files from the virtual tc container will those files be still encrypted when I paste those to my desktop?

After I created my virtual encrypted tc container I placed files inside that tc container and then deleted those files from the local directory from my desktop.

Re: Truecrypt question

Sat, 01 Dec 2012 08:20:12 EDT

Brano posted : The original copy on TC container will remain encrypted, the HDD copy will be un-encrypted.

Truecrypt question

Sat, 01 Dec 2012 05:44:51 EDT

scottp99 posted : I created a virtual TC volume to store my encrypted files.
Now suppose I copy and past these file off the TC virtual container to my local HDD, will the files remain encrypted?

Thanks