dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed

scottp99

join:2010-12-11
reply to Ian

Re: Truecrypt question

What about encrypting my whole entire USB flash drive rather than creating a separate TC container within the USB drive? Would that still leak some data when I open for example an Excel file from that fully encrypted USB flash drive?



Ian
Premium
join:2002-06-18
ON
kudos:3

said by scottp99:

What about encrypting my whole entire USB flash drive rather than creating a separate TC container within the USB drive? Would that still leak some data when I open for example an Excel file from that fully encrypted USB flash drive?

From what I can gather, as mentioned, Excel stores the temp files and auto-recover in the same directory as the original. So if they are kept in a Truecrypt container they are secure regardless of encrypting the whole USB key or not. This is an application specific thing of course.

The biggest weakness to Truecrypt or any encryption application is leaving the encrypted volume mounted. Passwords and/or keys can be recovered from memory if it is mounted.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong

scottp99

join:2010-12-11

1 recommendation

Well, in that case, I ALWAYS dismount whenever I am done editing or saving a file within that encrypted TC container.

So will dismounting the uSB device or volume container should not leave any traces of the encrypted files read in plain view on my local HDD?



sbconslt

join:2009-07-28
Los Angeles, CA

If you're this concerned about traces of the sensitive files ending up elsewhere on the unencrypted areas of the drive - a completely legitimate concern - then you should encrypt the whole drive. That way you cover the pagefile, hibernation file (if any), temporary directories, etc., etc.

It's also operationally more convenient for you than managing (perhaps multiple) file-container volumes.
--
Scott Brown Consulting


scottp99

join:2010-12-11

Ok, fine. Since I have my OS image build, without any important data on it, if anything goes wrong with the encryption process, then I will just reimage my PC.

I just do not trust these encryption programs. If one does not know what their doing, then their system can be "hosed"



sbconslt

join:2009-07-28
Los Angeles, CA

The full disk encryption procedure has certain protective safeguards built into it. For example, it tests the boot loader by making you reboot through it successfully before encrypting any drive contents. And, it forces you to burn and verify a rescue CD that gives you crisis workarounds like repairing a broken boot sector, removing encryption without having to boot into the OS, etc. All of this is required before a single block is encrypted.
--
Scott Brown Consulting


scottp99

join:2010-12-11

I always keep a clean OS image build without any important stuff on there just incase things go wrong.

One more question here - Is there any way for TC to automatically enable the NUMLOCK on my USB keyboard whenever the TC bootloader appears to enter the password?



sbconslt

join:2009-07-28
Los Angeles, CA

That's controlled from BIOS Setup, if anywhere.


scottp99

join:2010-12-11

So, I did it. Installed full disk encryption. So far not noticing any system slowness. I could of posted this thread on the TC Forums but they do not accept any Internet based emails.

I guess TC is adequate enough for me as opposed to WinMagic.
»www.winmagic.com/products/full-d···andalone

But thanks for the support on this.