TrueCrypt question

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
jimkinny
Posts: 1271
Joined: Sun Mar 14, 2010 1:51 pm

TrueCrypt question

Post by jimkinny » Wed May 29, 2013 6:35 am

In another thread regarding how to maintain and secure a paperless record keeping system, several people suggested using TrueCrypt.

I am interested in using this software but have a concern about compatibility when moving from one operating system to a newer version. I will more than likely stay with Microsoft. I have been using Vista since 2007/2008 and intend to buy a new computer once MS releases the new upgrade to Windows 8.

My concern is with encryption software, I may run into problems when changing OS. Is this a legitimate concern?

Another question: can TrueCrypt be "reversed"?
I backup data to both a thumb USB flash drive and a Toshiba external hard drive. So, once I have created the encrypted space and moved files into that space, can I reverse the process so the file are no longer stores in the TrueCrypt space?

Jim

Sidney
Posts: 6694
Joined: Thu Mar 08, 2007 6:06 pm

Re: TrueCrypt question

Post by Sidney » Wed May 29, 2013 7:03 am

I can't comment on cross platform usage other than from my experience. I have used it interchangeably between Windows and Linux platforms.

I'm not sure what you mean by "reverse". The TC encrypted file, when mounted by TC appears to the OS as a virtual disk drive. When the file is mounted and the contents accessible, you can copy them from this container to an unencrypted destination just as you would copying data from a disk drive to another device.
I always wanted to be a procrastinator.

strcmp
Posts: 26
Joined: Thu Jun 07, 2007 7:04 am
Contact:

Re: TrueCrypt question

Post by strcmp » Wed May 29, 2013 9:38 am

Truecrypt should have no issues running on any modern version of Windows today (Windows XP and above).

What the above poster said is correct. You just copy the file out of the encrypted container onto the regular drive.

Quickfoot
Posts: 999
Joined: Fri Jan 11, 2013 1:03 pm

Re: TrueCrypt question

Post by Quickfoot » Wed May 29, 2013 10:07 am

TrueCrypt has two options, one is to create a virtual disk file and the second is to encrypt the entire device. If you choose to encrypt the entire device you lose the ability to store the TrueCrypt executable on the device so I don't do that for removable devices. Hard disks I do whole device encryption on, and yes it is reversible.

So long as the software itself runs on the OS you are wanting to use the encrypted device / virtual disk will work fine, it is not OS specific. TrueCrypt runs on every modern version of Windows as well as Mac and Linux so you aren't likely to run into OS problems.

Also take a look at AxCrypt, AxCrypt encrypts single files using AES rather than creating a virtual drive, if you are simply wanting to encrypt files it may be a simpler solution though it doesn't give you plausible deniability.

In any case make sure you have more than one copy of your encrypted files. Hard drives, CD-R, DVD-R / DVD +R and solid state (Thumb drives) can and will fail so a backup strategy is necessary.

Bill Bernstein
Posts: 561
Joined: Sat Jun 23, 2007 12:47 am

Re: TrueCrypt question

Post by Bill Bernstein » Wed May 29, 2013 11:28 am

One more fine point: Truecrypt can encrypt the whole disk (ie, the system disk) with Windows, but not with Linux or Mac OS.

Otherwise, TC is fully cross-platform.

Bill

jimkinny
Posts: 1271
Joined: Sun Mar 14, 2010 1:51 pm

Re: TrueCrypt question

Post by jimkinny » Wed May 29, 2013 2:11 pm

Thanks to every one for the replies/answers to my question and for the suggestions.

Jim

ourbrooks
Posts: 1575
Joined: Fri Nov 13, 2009 4:56 pm

Re: TrueCrypt question

Post by ourbrooks » Wed May 29, 2013 7:13 pm

As Quickfoot points out, you can use Truecrypt to create a virtual volume inside a single file in the file system, without encrypting the entire disk. This has the advanatage that you can copy the file containing the virtual volume to another device, such as a thumb drive. Then, if find that after the upgrade to Windows 12, Truecrypt no longer runs, you can take the file to some other machine that still runs Truecrypt.

The virtual volume approach is also useful with cloud storage since you can upload the file containing the virtual volume.

Quickfoot
Posts: 999
Joined: Fri Jan 11, 2013 1:03 pm

Re: TrueCrypt question

Post by Quickfoot » Wed May 29, 2013 7:40 pm

It is also worth noting a man was just ordered to provide his encryption keys to decrypt encrypted hard drives. In this case he is accused of child pornography but the same power could be used to force others to reveal their keys. It is not a bad idea to have a hidden volume where the actual data is stored. That way you can provide the outer volume key.

THY4373
Posts: 769
Joined: Thu Mar 22, 2012 3:17 pm

Re: TrueCrypt question

Post by THY4373 » Wed May 29, 2013 8:50 pm

wbern wrote:One more fine point: Truecrypt can encrypt the whole disk (ie, the system disk) with Windows, but not with Linux or Mac OS.
Just to be clear Truecrypt can do whole disk encryption on all platforms it supports but it cannot do whole disk encryption on system disks/partitions (those used for booting the primary OS of the host) except for Windows. If you have a data only drive you can do whole disk encryption on Linux just fine as I have done it. Not all disks are systems disks :-). I think you were saying that but it wasn't quite clear.

Sidney
Posts: 6694
Joined: Thu Mar 08, 2007 6:06 pm

Re: TrueCrypt question

Post by Sidney » Thu May 30, 2013 6:43 am

THY4373 wrote:
wbern wrote:One more fine point: Truecrypt can encrypt the whole disk (ie, the system disk) with Windows, but not with Linux or Mac OS.
Just to be clear Truecrypt can do whole disk encryption on all platforms it supports but it cannot do whole disk encryption on system disks/partitions (those used for booting the primary OS of the host) except for Windows. If you have a data only drive you can do whole disk encryption on Linux just fine as I have done it. Not all disks are systems disks :-). I think you were saying that but it wasn't quite clear.
For those who segregate all the data from the system disk, this is helpful. I keep all my data in a separate disk partition. If I encrypt this drive, would a Linux system (with TC installed) be able to mount and read this drive. Right now I just use a TC file -- plus I leave some decoy data on this drive to make it look like a normal drive.
I always wanted to be a procrastinator.

rkhusky
Posts: 5710
Joined: Thu Aug 18, 2011 8:09 pm

Re: TrueCrypt question

Post by rkhusky » Thu May 30, 2013 6:48 am

Quickfoot wrote:It is also worth noting a man was just ordered to provide his encryption keys to decrypt encrypted hard drives. In this case he is accused of child pornography but the same power could be used to force others to reveal their keys. It is not a bad idea to have a hidden volume where the actual data is stored. That way you can provide the outer volume key.
Not sure if this is settled law yet. There appears to be a significant constitutional difference between requiring someone to provide their key and requiring someone to decrypt a specific file whose existence is suspected. See: http://en.wikipedia.org/wiki/Key_disclosure_law

Quickfoot
Posts: 999
Joined: Fri Jan 11, 2013 1:03 pm

Re: TrueCrypt question

Post by Quickfoot » Thu May 30, 2013 8:13 am

It may not be settled but refusal to comply with an order will often result in you staying in jail on contempt until you comply or a higher court rules the lower court was in error. That can be quite a stay and can be avoidable if you setup a hidden volume. The likelihood of being in a situation where a judge would order you to reveal your encryption key is quite low but the potential ramifications of refusing to do so are quite high and easily accessible methods to mitigate the risk exist.

Encryption has advanced enough that most governments lack the ability to crack it so they will increasingly resort to ordering people to unlock their own devices. There probably are entities in the US that can crack AES but their efforts are most likely directed at bigger targets.

User avatar
Ged
Posts: 3616
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: TrueCrypt question

Post by Ged » Thu May 30, 2013 9:40 am

Quickfoot wrote: Encryption has advanced enough that most governments lack the ability to crack it so they will increasingly resort to ordering people to unlock their own devices. There probably are entities in the US that can crack AES but their efforts are most likely directed at bigger targets.

The reason that this pornographer can be asked to supply the key(s) for his drives is that the FBI was able to decrypt one of his drives, thus removing the self-incrimination barrier.

It seems likely that brute force passphrase guessing was used. I haven't heard of any cases where the actual TrueCrypt algorithm was defeated.

For now anyway if you are going to use TrueCrypt be sure to pick a strong passphrase.

As far as hiding a drive, I would not trust that feature at all.

http://www.zdnet.com/schneier-research- ... 039448526/

Law enforcement sometimes gains access to encrypted drives by capturing the equipment with the password in memory, or with the encrypted volume opened by the user. The former is what is used by tools you find on the internet that claim to crack TrueCrypt.

If you are going to travel with an encrypted drive be aware a lot of foreign governments are less squeamish about forcing key disclosure than the US is.

User avatar
Ice-9
Posts: 1326
Joined: Wed Oct 15, 2008 12:40 pm
Location: Rockville, MD

Re: TrueCrypt question

Post by Ice-9 » Thu May 30, 2013 11:30 am

Just in case your worries about using TrueCrypt across different OS's haven't already been assuaged, I wanted to add my experience. An iMac and a Linux laptop at home, and a PC at work. I regularly access the same TrueCrypt file containers stored in my Dropbox account on all three. (I've never used the entire drive encryption method.)

Default User BR
Posts: 7501
Joined: Mon Dec 17, 2007 7:32 pm

Re: TrueCrypt question

Post by Default User BR » Thu May 30, 2013 12:03 pm

Quickfoot wrote:It is also worth noting a man was just ordered to provide his encryption keys to decrypt encrypted hard drives. In this case he is accused of child pornography but the same power could be used to force others to reveal their keys. It is not a bad idea to have a hidden volume where the actual data is stored. That way you can provide the outer volume key.
In Missouri, the police tried that but it was denied by the courts on the grounds of self-incrimination. Where was the location of the case you reference?


Brian

Jeff7
Posts: 329
Joined: Sat Nov 24, 2012 2:30 pm

Re: TrueCrypt question

Post by Jeff7 » Thu May 30, 2013 12:07 pm

Quickfoot wrote:It is also worth noting a man was just ordered to provide his encryption keys to decrypt encrypted hard drives. In this case he is accused of child pornography but the same power could be used to force others to reveal their keys. It is not a bad idea to have a hidden volume where the actual data is stored. That way you can provide the outer volume key.
And as far as this goes, I'm sure the primary concern of the OP is to keep other regular citizens from finding the data. If the federal government wants access to your data...well, that's a whole other (legal) realm entirely.


For example, I also keep some financial records and passwords, stored on a thoroughly-encrypted Truecrypt volume. That file is kept on my thumbdrive, and also on a hard drive at home. The primary purpose of that encryption is to ensure that no one will get that sensitive information if my computer or thumbdrive were to get stolen, unless they're willing to build a ridiculous supercomputer cluster to brute-force the daylights out of it. I can't say that run-ins with the FBI have factored into my thinking on that sort of thing. :mrgreen:


Ged wrote:
Quickfoot wrote:Encryption has advanced enough that most governments lack the ability to crack it so they will increasingly resort to ordering people to unlock their own devices. There probably are entities in the US that can crack AES but their efforts are most likely directed at bigger targets.

The reason that this pornographer can be asked to supply the key(s) for his drives is that the FBI was able to decrypt one of his drives, thus removing the self-incrimination barrier.

It seems likely that brute force passphrase guessing was used. I haven't heard of any cases where the actual TrueCrypt algorithm was defeated.

For now anyway if you are going to use TrueCrypt be sure to pick a strong passphrase.
Definitely. I don't care how insanely powerful your encryption is - 5-layer 4096-bit something-or-other - if your password is "12345," well, good luck with that. ;)


As far as hiding a drive, I would not trust that feature at all.

http://www.zdnet.com/schneier-research- ... 039448526/

Law enforcement sometimes gains access to encrypted drives by capturing the equipment with the password in memory, or with the encrypted volume opened by the user. The former is what is used by tools you find on the internet that claim to crack TrueCrypt.

If you are going to travel with an encrypted drive be aware a lot of foreign governments are less squeamish about forcing key disclosure than the US is.
That article is a few years old, but Windows 7 does still create shortcuts left and right. I wonder though, what's the difference between Windows creating a shortcut to something on a volume that is hidden and encrypted, versus creating a shortcut to something on a volume that's designed to be removable, such as a thumbdrive?

THY4373
Posts: 769
Joined: Thu Mar 22, 2012 3:17 pm

Re: TrueCrypt question

Post by THY4373 » Thu May 30, 2013 6:22 pm

Jeff7 wrote:That article is a few years old, but Windows 7 does still create shortcuts left and right. I wonder though, what's the difference between Windows creating a shortcut to something on a volume that is hidden and encrypted, versus creating a shortcut to something on a volume that's designed to be removable, such as a thumbdrive?
There is essentially no forensic difference between Vista (the OS mentioned in the article) and Windows 7 so everything in that article would apply to Win7. Truecrypt warns about such artifacts in their documentation which most folks probably don't read. If you want to avoid the scenario documented in the article use a Linux Live CD to access your Truecrypt volume. Once you power down all such artifacts would be gone (Linux keeps far less in the first place). Problem solved, of course with much greater hassle.

Really though if folks are worried that three letter agencies are after their data then they are going to have to think A LOT more creatively and out of the box and deal with much greater hassles to maintain security. The question I have to ask is what do you have encrypted that the say the FBI cannot get via other means? All I have are tax forms, financial and medical records. If the FBI wanted those and had reason enough to attempt to get me to give up my password, I am sure they would have reason enough to subpoena them as well.

To your question about differentiating between a "thumb" (USB) drive and Truecrypt there are a number of ways such a differentiation could be made. Windows keeps records of everything, I swear it probably logs each time a user passes wind. The registry maintains "records" of USB devices, and what drives have been mounted. These will frequently though not always provide enough context to allow one to understand what sort of drive/volume was likely mounted at the time certain data was seen being accessed via the say the shortcuts. This is more likely the case if the access in question occurred relatively recent in time. If it occurred months/years ago then not so much. Also if the system has not been rebooted since the last time the Truecrypt partition was mounted then there will likely be artifacts in memory as well and even after a reboot possibly in the swap file. I have not worked much with Macs but Linux keeps, far, far less artifacts than Windows. I always (half) joke with folks if you are going to do something "bad" do it on Linux :-).

User avatar
Rob5TCP
Posts: 3161
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: TrueCrypt question

Post by Rob5TCP » Thu May 30, 2013 7:53 pm

My only concern with truecrypt was that there has not been an update in almost 18 months.
I do use the product and find it to be a great encryption utility so I can comfortable upload
my critical files to the cloud, without worrying about them being compromised.

lightheir
Posts: 2302
Joined: Mon Oct 03, 2011 11:43 pm

Re: TrueCrypt question

Post by lightheir » Thu May 30, 2013 8:30 pm

I don't do this, but it's neat to know that Truecrypt has the option of creating a "dummy" partition file.

In English, this means that you can have on TrueCrypt archive, but it actually has TWO separate archives built into it. One is the 'real' one with your secret stuff and openable only with your super-secret password, and the other is the 'fake' one that has a separate password and is filled with whatever (disposable) stuff you wish to put into it. This way, if someone like the FBI forces you to divulge the password, it could theoretically look like you did, even though the real secret archive remains hidden. Of course, this would depend on how plausible you make your fake archive file content.

You can't tell there's a second secret archive by the size of the TrueCrypt archive as well, since the archive size is set independent of file contents. So if you specify 1GB, you could use that container to hold only 100k of actual files, but it would look in all effects to be a 1GB full archive.

Rolyatroba
Posts: 207
Joined: Mon Apr 22, 2013 1:14 pm

Re: TrueCrypt question

Post by Rolyatroba » Thu May 30, 2013 8:46 pm

I don't know if I'm missing something, but to the OP: when you get a new PC, why can't you just copy the files in the TrueCrypt volume to a USB drive, then copy those to the TrueCrypt volume on the new PC? You have to transfer the files somehow, not sure you should make it a requirement that the only thing transfered is the encrypted container file (when you transfer files to the USB drive, they won't be encrypted).

The only other thing to do would be to do a secure wipe of the USB drive.

User avatar
Teetlebaum
Posts: 457
Joined: Tue Apr 10, 2007 4:27 pm

Re: TrueCrypt question

Post by Teetlebaum » Fri May 31, 2013 1:10 pm

strcmp wrote:Truecrypt should have no issues running on any modern version of Windows today (Windows XP and above).
Not Windows 8 as of today. Full support for Windows 8 is planned to be implemented in future versions.

jchef
Posts: 263
Joined: Wed Aug 29, 2012 7:04 am

Re: TrueCrypt question

Post by jchef » Fri May 31, 2013 8:00 pm

Teetlebaum wrote:
strcmp wrote:Truecrypt should have no issues running on any modern version of Windows today (Windows XP and above).
Not Windows 8 as of today. Full support for Windows 8 is planned to be implemented in future versions.
I believe when they say full support, they are talking about a Metro app. (Or maybe they are talking about full disk encryption.)

I've been regularly using Truecrypt on Windows 8 on the desktop for many months without any type of problems, although I don't use full disk encryption.

User avatar
kwan2
Posts: 384
Joined: Thu Jun 14, 2012 9:13 pm

Re: TrueCrypt question

Post by kwan2 » Fri Jul 19, 2013 2:28 am

how many people will ever have law enforcement wanting their computer data ?

maybe people who use torrents and such, but it seems sufficiently rare, that maybe encrypting some financial data for yourself, is all one likely will ever need.

maybe in 20 years, the survellience state will have their dossiers more fine-tuned, anyone smart enough to encrypt, will be suspicious and monitored closer. :)

i use boxcryptor and upload it to google drive, for a few files now
“The history of Paris teaches us that beauty is a by-product of danger, that liberty is at best a consequence of neglect, that wisdom is entwined with decay."

Post Reply