Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
TrueCrypt
- Thread starter Malice
- Start date
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
Just an update...
Imagine this situation, I have a 1GB USB key:
I want to keep some data on my USB key that is really sensitive.
I create a 500MB encrypted file. This file acts as a Mapped drive.
I can put data in this "mounted drive"
If someone else put my USB key in their machine, they would see a 1GB USB key, and there would be a 500MB file. This file if not using truecrypt with the password, would have to be cracked to be able to open it.
Quite interesting.
Imagine this situation, I have a 1GB USB key:
I want to keep some data on my USB key that is really sensitive.
I create a 500MB encrypted file. This file acts as a Mapped drive.
I can put data in this "mounted drive"
If someone else put my USB key in their machine, they would see a 1GB USB key, and there would be a 500MB file. This file if not using truecrypt with the password, would have to be cracked to be able to open it.
Quite interesting.
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
This is one of coolest tools I have seen in a LONG time.
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
What is the encryption FileVault uses?
jaguarr
Be Your Own Hero
- Joined
- Nov 11, 2003
- Messages
- 43,566
- Reaction score
- 1
- Points
- 31
It uses AES. It won't encrypt a thumb-drive, though, so that would be a useful thing that TrueCrypt does.
jag
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
I figured the Mac would do that. Strange. Man they sound like they have done a good job with leopard.
t:
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
I wrote this for my boss in a few minutes....
Encrypting Data with TrueCrypt
Using an on the fly encryption program called TrueCrypt (located at http://www.truecrypt.org ) encrypting mass amounts of data.
TrueCrypt does not just encrypt a single file, lets say an Excel spreadsheet of passwords, other programs are better at performing that. TrueCrypt (TC from here on out) can create a wholely encrypted file that can be mounted as a separate drive, very similar to a mapped drive.
The best way to really explain what TC can do is actually illustrate some examples on how it works:
1) Create a single encrypted volume that is all encapsulated in a single file
Imagine you have a 1 GB USB Thumbdrive. You wish some data to be encrypted for security and some data not to be, as its not needed.
Using TC, I can create a 500MB (it can be any size of course, up to the maximum size of the drive) for my encrypted files volume. You use TC to create a new 500MB encrypted file. This file is allocated, encrypted and hashed before anything is ever added to it. You assign a password to the volume and can even have a key file for two part authentication (basically you need a password and a file to allow you to open the volume, so if someone get their hands on the encrypted volume without the file, they cant open it.)
This encrypted file volume now exists on your USB drive as a 500MB file. Unable to be opened at all. Using TC you then have to mount it, you point to it, enter your password and state what drive letter you want that volume to use. Lets say I open it using the Z: drive letter. In windows explorer, I now have a Z: drive, with 500MB of space. This volume acts like an independent drive as far as windows goes. I can put any data in this Z: drive, and once I unmount that encrypted volume, its completely accessible as if it was a standard mapped drive or hard drive.
So in this example, I have now on my 1GB USB key, 500MB of space for unencrypted data and 500MB of space for encrypted data, that can only be accessed using TC.
2) Create a single encrypted USB Drive
In the first example, you had a single encrypted file volume, here, we will simply encrypt the drive. Its faster since the data is not being pulled from a single file. Assume we have another 1GB USB key. I can set TC to encrypt the entire device. This means without TC and the password, there is no getting at any data on the device.
3) Create a encrypted file on your hard drive
This is pretty much exactly like the first example. Imagine I have a laptop with 100GB of space, and I want to create a 5GB encrypted file volume. I follow the same steps as in example 1 and at the end, once I mount the drive, I have a 5GB encrypted volume. If someone was to get their hands of the file, it would simply be a 5GB file that they cant read without TC and the password.
This is a great suggestion for those that have laptops to store ANY proprietary data on.
Other Issue with TrueCrypt
- Once encrypted there is no recovery, so if you copy all your data to an encrypted volume, and then dont remember the password, there is no getting your data.
- The Encrypted File Volumes created by TC, are completely portable. So if I create my 5GB encrypted file volume on my laptop, I can actually copy that to my network for backup. Ssay my laptop dies, and I get another, all I have to do is install TC and then copy down the backup 5gb file, then I am back, I can open it like before, even though its on a completely different machine.
- Uses 256 bit encryption using: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-Sepent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent
(as you can see, there are three types of encryption, but TC can allow you to encrypt using three different encryption schemes at once)
- Can be set to use only a password, or can be set to use a password AND a keyfile. This means if someone got the Encrypted File Volume, but had only the keyfile, it wont open, or if they had the password without the keyfile, it wont open either.
- Hidden volumes - Hidden volumes allow you to mount two partitions within a given TrueCrypt volume: a regular one, revealed by default when you supply a password, and a second one, which is not detectable (and is concealed with a different password). The designers of TrueCrypt created this feature to allow a degree of plausible deniability for the end user; you could place a certain amount of non-crucial information in the outer volume, and if you were forced to reveal the main password for the volume, you could do so without compromising the truly sensitive data on the inner volume.
- Traveler mode - This allows you to place a runtime copy of TrueCrypt on a removable drive and run it on Windows systems where TrueCrypt is not installed. The TrueCrypt program has a wizard to automate this process and even makes it possible for the volume to mount itself (with the proper password, of course) when the volume in question is inserted. Note that you cannot use traveler mode in Vista unless you are using an account with admin privileges.
Encrypting Data with TrueCrypt
Using an on the fly encryption program called TrueCrypt (located at http://www.truecrypt.org ) encrypting mass amounts of data.
TrueCrypt does not just encrypt a single file, lets say an Excel spreadsheet of passwords, other programs are better at performing that. TrueCrypt (TC from here on out) can create a wholely encrypted file that can be mounted as a separate drive, very similar to a mapped drive.
The best way to really explain what TC can do is actually illustrate some examples on how it works:
1) Create a single encrypted volume that is all encapsulated in a single file
Imagine you have a 1 GB USB Thumbdrive. You wish some data to be encrypted for security and some data not to be, as its not needed.
Using TC, I can create a 500MB (it can be any size of course, up to the maximum size of the drive) for my encrypted files volume. You use TC to create a new 500MB encrypted file. This file is allocated, encrypted and hashed before anything is ever added to it. You assign a password to the volume and can even have a key file for two part authentication (basically you need a password and a file to allow you to open the volume, so if someone get their hands on the encrypted volume without the file, they cant open it.)
This encrypted file volume now exists on your USB drive as a 500MB file. Unable to be opened at all. Using TC you then have to mount it, you point to it, enter your password and state what drive letter you want that volume to use. Lets say I open it using the Z: drive letter. In windows explorer, I now have a Z: drive, with 500MB of space. This volume acts like an independent drive as far as windows goes. I can put any data in this Z: drive, and once I unmount that encrypted volume, its completely accessible as if it was a standard mapped drive or hard drive.
So in this example, I have now on my 1GB USB key, 500MB of space for unencrypted data and 500MB of space for encrypted data, that can only be accessed using TC.
2) Create a single encrypted USB Drive
In the first example, you had a single encrypted file volume, here, we will simply encrypt the drive. Its faster since the data is not being pulled from a single file. Assume we have another 1GB USB key. I can set TC to encrypt the entire device. This means without TC and the password, there is no getting at any data on the device.
3) Create a encrypted file on your hard drive
This is pretty much exactly like the first example. Imagine I have a laptop with 100GB of space, and I want to create a 5GB encrypted file volume. I follow the same steps as in example 1 and at the end, once I mount the drive, I have a 5GB encrypted volume. If someone was to get their hands of the file, it would simply be a 5GB file that they cant read without TC and the password.
This is a great suggestion for those that have laptops to store ANY proprietary data on.
Other Issue with TrueCrypt
- Once encrypted there is no recovery, so if you copy all your data to an encrypted volume, and then dont remember the password, there is no getting your data.
- The Encrypted File Volumes created by TC, are completely portable. So if I create my 5GB encrypted file volume on my laptop, I can actually copy that to my network for backup. Ssay my laptop dies, and I get another, all I have to do is install TC and then copy down the backup 5gb file, then I am back, I can open it like before, even though its on a completely different machine.
- Uses 256 bit encryption using: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-Sepent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent
(as you can see, there are three types of encryption, but TC can allow you to encrypt using three different encryption schemes at once)
- Can be set to use only a password, or can be set to use a password AND a keyfile. This means if someone got the Encrypted File Volume, but had only the keyfile, it wont open, or if they had the password without the keyfile, it wont open either.
- Hidden volumes - Hidden volumes allow you to mount two partitions within a given TrueCrypt volume: a regular one, revealed by default when you supply a password, and a second one, which is not detectable (and is concealed with a different password). The designers of TrueCrypt created this feature to allow a degree of plausible deniability for the end user; you could place a certain amount of non-crucial information in the outer volume, and if you were forced to reveal the main password for the volume, you could do so without compromising the truly sensitive data on the inner volume.
- Traveler mode - This allows you to place a runtime copy of TrueCrypt on a removable drive and run it on Windows systems where TrueCrypt is not installed. The TrueCrypt program has a wizard to automate this process and even makes it possible for the volume to mount itself (with the proper password, of course) when the volume in question is inserted. Note that you cannot use traveler mode in Vista unless you are using an account with admin privileges.
Speedin Bullet
Mr. Peg's chewtoy
- Joined
- Oct 21, 2002
- Messages
- 4,506
- Reaction score
- 0
- Points
- 31
You sold me on it, I'm going to be trying this soon. Malice always finds the neatest stuff.
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
A New Version just came out on Feb 5 (Today)...
New features:
Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
Pipelined operations increasing read/write speed by up to 100% (Windows)
Mac OS X version
Graphical user interface for the Linux version of TrueCrypt
SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).
Improvements, bug fixes, and security enhancements:
The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).
Many other minor improvements, bug fixes, and security enhancements. (Windows and Linux)
New features:
Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
Pipelined operations increasing read/write speed by up to 100% (Windows)
Mac OS X version
Graphical user interface for the Linux version of TrueCrypt
SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).
Improvements, bug fixes, and security enhancements:
The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).
Many other minor improvements, bug fixes, and security enhancements. (Windows and Linux)
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
I thought this was interesting about AES...one of the encryption algorithms that can be used in TrueCrypt:
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm (Rijndael, designed by Joan Daemen and Vincent Rijmen, published in 1998) that may be used by US federal departments and agencies to cryptographically protect sensitive information [3]. TrueCrypt uses AES with 14 rounds and a 256-bit key (i.e., AES-256, published in 2001) operating in XTS mode (see the section Modes of Operation).
In June 2003, after the NSA (US National Security Agency) conducted a review and analysis of AES, the U.S. CNSS (Committee on National Security Systems) announced in [1] that the design and strength of AES-256 (and AES-192) are sufficient to protect classified information up to the Top Secret level. This is applicable to all U.S. Government Departments or Agencies that are considering the acquisition or use of products incorporating the Advanced Encryption Standard (AES) to satisfy Information Assurance requirements associated with the protection of national security systems and/or national security information [1].
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm (Rijndael, designed by Joan Daemen and Vincent Rijmen, published in 1998) that may be used by US federal departments and agencies to cryptographically protect sensitive information [3]. TrueCrypt uses AES with 14 rounds and a 256-bit key (i.e., AES-256, published in 2001) operating in XTS mode (see the section Modes of Operation).
In June 2003, after the NSA (US National Security Agency) conducted a review and analysis of AES, the U.S. CNSS (Committee on National Security Systems) announced in [1] that the design and strength of AES-256 (and AES-192) are sufficient to protect classified information up to the Top Secret level. This is applicable to all U.S. Government Departments or Agencies that are considering the acquisition or use of products incorporating the Advanced Encryption Standard (AES) to satisfy Information Assurance requirements associated with the protection of national security systems and/or national security information [1].
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
Yeah, saw that the Mac OS X version got released today. I'll grab it later on this week and play with it a bit.
jag
This new version has whole system encryption..not sure if that works entirely for the MAC...
I have an old laptop that I loaded XP on completely.
I installed TrueCrypt and am performing a whole drive encryption on it.
Its taking another 4 hours to encrypt the drive right now...
When I boot the machine, a TrueCrypt prompt comes up asking for a password.
Kinda Nice.
jaguarr
Be Your Own Hero
- Joined
- Nov 11, 2003
- Messages
- 43,566
- Reaction score
- 1
- Points
- 31
I'm thinking I could use it to encrypt some external Firewire 800 drives that I have.
jag
Similar threads
Users who are viewing this thread
Staff online
-
SwordOfMorningSuper Moderator -
Lily Adler#forthecontent! 📹 (she/her)
