TrueCrypt

Discussion in 'Tech & Support' started by Malice, Feb 1, 2008.

  1. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    There is a wonderful new software called TrueCrypt

    Its a wonderful program to allow creating Encrypted drives.
    This would be a wonderful application to create an encrypted mount point on a USB drive.

    A user would need the truecrypt software and then the password to be able to decrypt the drive.
     
  2. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    Has anyone ever used it or played with it?
     
  3. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    Just an update...

    Imagine this situation, I have a 1GB USB key:
    I want to keep some data on my USB key that is really sensitive.
    I create a 500MB encrypted file. This file acts as a Mapped drive.
    I can put data in this "mounted drive"

    If someone else put my USB key in their machine, they would see a 1GB USB key, and there would be a 500MB file. This file if not using truecrypt with the password, would have to be cracked to be able to open it.

    Quite interesting.
     
  4. Morg Super Moderator

    Joined:
    Jul 29, 2003
    Messages:
    64,416
    Likes Received:
    2,748
    I think one of my USB has it, sounds familiar
     
  5. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    This is one of coolest tools I have seen in a LONG time.
     
  6. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    The new version of TrueCrypt (which is going to be available this month) will work on Macs..
     
  7. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,569
    Likes Received:
    1
    FileVault already comes with Macs and works just wonderfully, though. Sort of a redundant product from a Mac user's perspective.

    jag
     
  8. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    What is the encryption FileVault uses?
     
  9. Badger Side-Kick my Ass!

    Joined:
    Jul 28, 2005
    Messages:
    8,812
    Likes Received:
    0
    I was a similar program called Folder Lock, very good program as well. It's a must have in my line of work.
     
  10. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,569
    Likes Received:
    1
    It uses AES. It won't encrypt a thumb-drive, though, so that would be a useful thing that TrueCrypt does.

    jag
     
  11. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    I figured the Mac would do that. Strange. Man they sound like they have done a good job with leopard.
     
  12. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,569
    Likes Received:
    1
    Leopard is excellent. A billion light years ahead of XP or Vista. :up:

    jag
     
  13. Badger Side-Kick my Ass!

    Joined:
    Jul 28, 2005
    Messages:
    8,812
    Likes Received:
    0
    So, jag how was it to work with Bruce Willis? :woot:
     
  14. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,569
    Likes Received:
    1
    What? :huh:

    jag
     
  15. Badger Side-Kick my Ass!

    Joined:
    Jul 28, 2005
    Messages:
    8,812
    Likes Received:
    0
  16. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,569
    Likes Received:
    1
    That's another Mac geek. Not me. :o

    jag
     
  17. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    I wrote this for my boss in a few minutes....

    Encrypting Data with TrueCrypt

    Using an on the fly encryption program called TrueCrypt (located at http://www.truecrypt.org ) encrypting mass amounts of data.

    TrueCrypt does not just encrypt a single file, lets say an Excel spreadsheet of passwords, other programs are better at performing that. TrueCrypt (TC from here on out) can create a wholely encrypted file that can be mounted as a separate drive, very similar to a mapped drive.

    The best way to really explain what TC can do is actually illustrate some examples on how it works:

    1) Create a single encrypted volume that is all encapsulated in a single file
    Imagine you have a 1 GB USB Thumbdrive. You wish some data to be encrypted for security and some data not to be, as its not needed.

    Using TC, I can create a 500MB (it can be any size of course, up to the maximum size of the drive) for my encrypted files volume. You use TC to create a new 500MB encrypted file. This file is allocated, encrypted and hashed before anything is ever added to it. You assign a password to the volume and can even have a key file for two part authentication (basically you need a password and a file to allow you to open the volume, so if someone get their hands on the encrypted volume without the file, they cant open it.)

    This encrypted file volume now exists on your USB drive as a 500MB file. Unable to be opened at all. Using TC you then have to mount it, you point to it, enter your password and state what drive letter you want that volume to use. Lets say I open it using the Z: drive letter. In windows explorer, I now have a Z: drive, with 500MB of space. This volume acts like an independent drive as far as windows goes. I can put any data in this Z: drive, and once I unmount that encrypted volume, its completely accessible as if it was a standard mapped drive or hard drive.

    So in this example, I have now on my 1GB USB key, 500MB of space for unencrypted data and 500MB of space for encrypted data, that can only be accessed using TC.

    2) Create a single encrypted USB Drive
    In the first example, you had a single encrypted file volume, here, we will simply encrypt the drive. Its faster since the data is not being pulled from a single file. Assume we have another 1GB USB key. I can set TC to encrypt the entire device. This means without TC and the password, there is no getting at any data on the device.

    3) Create a encrypted file on your hard drive
    This is pretty much exactly like the first example. Imagine I have a laptop with 100GB of space, and I want to create a 5GB encrypted file volume. I follow the same steps as in example 1 and at the end, once I mount the drive, I have a 5GB encrypted volume. If someone was to get their hands of the file, it would simply be a 5GB file that they cant read without TC and the password.

    This is a great suggestion for those that have laptops to store ANY proprietary data on.

    Other Issue with TrueCrypt

    - Once encrypted there is no recovery, so if you copy all your data to an encrypted volume, and then don’t remember the password, there is no getting your data.

    - The Encrypted File Volumes created by TC, are completely portable. So if I create my 5GB encrypted file volume on my laptop, I can actually copy that to my network for backup. Ssay my laptop dies, and I get another, all I have to do is install TC and then copy down the backup 5gb file, then I am back, I can open it like before, even though its on a completely different machine.

    - Uses 256 bit encryption using: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-Sepent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent
    (as you can see, there are three types of encryption, but TC can allow you to encrypt using three different encryption schemes at once)

    - Can be set to use only a password, or can be set to use a password AND a keyfile. This means if someone got the Encrypted File Volume, but had only the keyfile, it wont open, or if they had the password without the keyfile, it wont open either.

    - Hidden volumes - Hidden volumes allow you to mount two partitions within a given TrueCrypt volume: a regular one, revealed by default when you supply a password, and a second one, which is not detectable (and is concealed with a different password). The designers of TrueCrypt created this feature to allow a degree of plausible deniability for the end user; you could place a certain amount of non-crucial information in the outer volume, and if you were forced to reveal the main password for the volume, you could do so without compromising the truly sensitive data on the inner volume.

    - Traveler mode - This allows you to place a runtime copy of TrueCrypt on a removable drive and run it on Windows systems where TrueCrypt is not installed. The TrueCrypt program has a wizard to automate this process and even makes it possible for the volume to mount itself (with the proper password, of course) when the volume in question is inserted. Note that you cannot use traveler mode in Vista unless you are using an account with admin privileges.
     
  18. Speedin Bullet Mr. Peg's chewtoy

    Joined:
    Oct 21, 2002
    Messages:
    4,506
    Likes Received:
    0
    You sold me on it, I'm going to be trying this soon. Malice always finds the neatest stuff.
     
  19. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    :)
    This is a nice tool.
     
  20. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    A New Version just came out on Feb 5 (Today)...

    New features:
    Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)

    Pipelined operations increasing read/write speed by up to 100% (Windows)

    Mac OS X version

    Graphical user interface for the Linux version of TrueCrypt

    SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).

    Improvements, bug fixes, and security enhancements:

    The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).

    Many other minor improvements, bug fixes, and security enhancements. (Windows and Linux)
     
  21. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    I thought this was interesting about AES...one of the encryption algorithms that can be used in TrueCrypt:

    The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm (Rijndael, designed by Joan Daemen and Vincent Rijmen, published in 1998) that may be used by US federal departments and agencies to cryptographically protect sensitive information [3]. TrueCrypt uses AES with 14 rounds and a 256-bit key (i.e., AES-256, published in 2001) operating in XTS mode (see the section Modes of Operation).

    In June 2003, after the NSA (US National Security Agency) conducted a review and analysis of AES, the U.S. CNSS (Committee on National Security Systems) announced in [1] that the design and strength of AES-256 (and AES-192) are sufficient to protect classified information up to the Top Secret level. This is applicable to all U.S. Government Departments or Agencies that are considering the acquisition or use of products incorporating the Advanced Encryption Standard (AES) to satisfy Information Assurance requirements associated with the protection of national security systems and/or national security information [1].
     
  22. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,569
    Likes Received:
    1
    Yeah, saw that the Mac OS X version got released today. I'll grab it later on this week and play with it a bit. :up:

    jag
     
  23. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    This new version has whole system encryption..not sure if that works entirely for the MAC...

    I have an old laptop that I loaded XP on completely.
    I installed TrueCrypt and am performing a whole drive encryption on it.
    Its taking another 4 hours to encrypt the drive right now...

    When I boot the machine, a TrueCrypt prompt comes up asking for a password.
    Kinda Nice.
     
  24. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,569
    Likes Received:
    1
    I'm thinking I could use it to encrypt some external Firewire 800 drives that I have. :up:

    jag
     
  25. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,744
    Likes Received:
    0
    I will tell ya what happens to my laptop.
    It forced me to build a Boot CD (via an iso)

    I am guessing that is my back door to the laptop in the event I loose my password.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice
monitoring_string = "afb8e5d7348ab9e99f73cba908f10802"