TrueCrypt is that solid that its developers need to update it only once or twice a year. The last update dates back to September 2011 where support for Mac OS X 10.7 Lion was added to the application, and the update before that was almost a year before that.

Yesterday the first 2012 update was released. The change log over at the TrueCrypt website lists minor improvements and bug fixes as the only changes in TrueCrypt 7.1a. It does not go into further detail, other than stating that these have been applied to all supported operating systems.

TrueCrypt users can download the latest version of the application from the official project website. You need to close all TrueCrypt instances running on the system before the update can be installed.

Should you install the update if you are running a version of TrueCrypt that is not causing problems or issues on your system? I’d say you may still want to update to TrueCrypt 7.1a, considering that the update may have resolved rare bugs that you might experience in the future if you do not apply the update.

If you are a new TrueCrypt user you may be interested in our collection of TrueCrypt tutorials that we have published over the years. Here is a short selection of guides to get you started:

• Create a secure data safe with True Crypt
• Create a secure USB Data Safe
• How to Create a Hidden Encrypted Volume With True Crypt
• Storing Data In The Cloud With Dropbox And TrueCrypt
• Disguising True Crypt Volumes In MP4 Videos
• TruPax, Create TrueCrypt Containers Without True Crypt

Are you a TrueCrypt user, or do you prefer a different encryption software? (via Caschy)

The ruling may still get overturned, but at this point in time it is not clear how this will turn out.

Encryption makes sure that only authorized users can enable access to data provided that there is no loophole or backdoor built-into the software itself. People traveling to the US may have their mobile computers analyzed by federal agents even without probable cause.

Users have a number of options at their disposal to protect their data from prying eyes. Encryption for instance requires a pass phrase or key to be entered to decrypt the contents of the storage device. If you forget the password, you cannot open the encrypted contents anymore.

There is however a better option for users who want to make sure that they private files stay personal. True Crypt supports so called hidden volumes. These volumes are encrypted volumes inside an encrypted volume. True Crypt calls the concept plausible deniability. You put your important files into the hidden volume, and other files that you do not mind to share with others in the regular encrypted container. When someone asks you to decrypt your data, you enter the password to decrypt the first volume that you do not mind sharing with anyone.

It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.

The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

Hidden volumes can be created quite easily in True Crypt. New True Crypt users should read through the tutorial posted on the site first to understand the basics of creating encrypted volumes on the computer.

You have the option to create both volumes in one go though, by following the process outlined below. Click on Tools > Volume Creation Wizard. You have two options now how to proceed:

• Create an encrypted file container: This option can be used to create an encrypted file on one of the computer’s hard drive and add a hidden file container to it, or add a hidden file container to an existing encrypted file.
• Encrypt non-system partition/drive: This is basically the same option as above, only that it works partitions and hard drives, and not with files. Please note that all contents of the selected hard drive/partition will get deleted in the process.

I suggest you start with an encrypted file container to see how the process works.

Select Hidden TrueCrypt volume on the next page

Now you have the option to select normal or direct mode. Normal mode creates both the outer and the hidden volume in the process, while direct mode creates a hidden volume inside an existing True Crypt file container.

Lets pick normal mode to demonstrate how both the standard encrypted container and the hidden container within are created.

You now need to select a file name for the outer container. Pick any directory and file name that you want. You can use the file name to your advantage, for instance by making it a .tmp file or a .avi.

You are then asked to select the encryption algorithm and hash algorithm for the outer volume. Pick one each or keep the default settings.

You are then asked to select a size for the file container. Keep in mind that the hidden volume is added to this container file as well. Select a password on the next screen. This password is used to decrypt the files stored in the outer volume. The volume will be formatted afterwards. Move your mouse around to create random values. Click on Format afterwards to create the file. Depending on the size, you may need to switch the file system from FAT to NTFS.

Now that you have created the outer volume, you move on to the next step, the creation of the hidden volume.

The process is nearly identical. You first select the encryption and hash algorithms, then the file size. True Crypt will display the maximum possible hidden volume file size on that screen. Don’t select the maximum if you plan on adding files to the outer volume as well.

The remaining steps are identical. You now have one outer volume, one hidden volume and two pass phrases to decrypt the volumes on your computer.

Mounting the hidden volume

To mount either the outer or hidden volume do the following:

• Select a free drive letter in the True Crypt interface.
• Click on Select File and browse to the encrypted file that you want to mount.
• click on mount afterwards.
• Enter the pass phrase for the outer volume to mount it, or the password for the hidden volume to mount it instead.

If you mount the outer volume you may want to click on mount options to check the “protect hidden volume against damage caused by writing to outer volume” box to avoid to protect the hidden container from being partially or fully overwritten. You need to supply the hidden volume password though for this option.

The very same principle applies to the creation of a hidden volume inside an encrypted partition or hard drive.

What’s your take on this new ruling?

Lets take a look at the basics first. If you are a free Dropbox users, you get 2 Gigabytes of space. That’s usually more than enough to store documents and files in the cloud. Dropbox uses encryption to protect data on their servers from unauthorized access. As I pointed out before, that may not sufficient considering that the company may decrypt all files in a legal process, which also means there is a chance that an attacker might do the same. (Dropbox has responded to the issue)

TrueCrypt is an Open Source encryption software for Windows, Linux and Macintosh that can encrypt data containers or full hard drives or hard drive partitions. Since we only have a maximum of 2 Gigabytes of storage on Dropbox, we need to create an encrypted container to store our files in.

The basic idea is therefor the following: We create a TrueCrypt container on the local system. The size depends on your preferences, I would suggest to keep it as small as possible. If you run out of space you can either increase the size of the TrueCrypt container or create a second container to store additional data in. My suggestion is a maximum size of 500 Megabytes, if you can live with less select that number. My personal container has a size of 100 Megabytes.

Download the latest version of True Crypt from the developer website. Install it and run it after installation. Locate the Create Volume button in the interface and click on it.

Click Next two times on the following screens to create an encrypted file container with a standard TrueCrypt volume (those are the default options). Click Select File and browse to a location where you want to create the new container. Make sure it is not in the Dropbox folder if Dropbox is running. You can name the container anyway you want, e.g. holiday2010.avi.

Click Next on the encryption options page unless you want to change the encryption algorithm or hash algorithm. Select the volume size on the next screen. I suggest you keep it at a few hundred Megabytes tops.

You need to enter a secure password on the next screen. It is suggested to use as many characters as possible (24+) with upper and lower letters, numbers and special characters. The maximum length of a True Crypt password is 64 characters.

Now it is time to select the volume format on the next screen. If you only use Windows computers you may want to select NTFS as the file system. If you use others you may be better of with FAT. Juggle the mouse around a bit and click on format once you are done with that.

Congratulations, the new True Crypt volume has been created.

Move your unmounted new data container to the Dropbox folder. That folder, but not its contents since Dropbox cannot access those, will now be synced with your space in the cloud. It can take minutes to hours depending on the upload speed of your Internet connection and the size of the container that you have created.

But this is a one-time transfer. Dropbox will only transfer the changed bits after the first upload. This is theoretically a security risk as well but it would require lots of energy and dedication which means it usually can be neglected for personal data.

You can now mount the container on your local system and use it normally just like any other True Crypt volume. You can add, delete or edit files in it. Whenever you unmount it, it gets synced with your Dropbox account. This means that you need to unmount it regularly before you shut down the computer in order to sync the data with Dropbox.

Install True Crypt on all your other devices to access the encrypted volume there as well. You can also copy a portable version of True Crypt to the Dropbox for direct access without installation.

Problems

The biggest problem is that you cannot access the encrypted data on Dropbox’s web interface anymore. All you see is that one big encrypted container that you cannot access because you cannot run True Crypt on the cloud. There is no way around it: You either use the encrypted container for additional security, or trust the standard Dropbox encryption to access the data on the web interface as well.

You also need to make sure to mount the encrypted data container on one computer at a time. Dropbox would otherwise create a copy of the file in the Dropbox folder which would cause files becoming out of sync.

Verdict

If you want that extra bit of security, and eliminate the minor chance that someone manages to decrypt your data on Dropbox, or that Dropbox decrypts the data for law enforcement, then your best bet is third party encryption of the data. It may sound complex and complicated to setup, when it is a straightforward process that’s done in less than five minutes.

It was only a matter of time until someone came up with a concept to hide the existence of a True Crypt volume on the computer. A method has been described in detail in February, months before the release of the TCHunt application.

TCSteg basically hides the True Crypt container inside a MP4 video file. Even better, that mp4 video is still playable which makes it more plausible that the file is indeed just a video and not host for an encrypted True Crypt volume.

There are still some limitations though, for instance a limitation to a maximum file size of 4 Gigabytes, or the fact that someone who would monitor the bitrate of the video could identify the manipulation. The method however makes it a less likely that someone will find the hidden True Crypt container on the system, as it renders software such as TCHunt useless.

The method combines the mp4 file with the True Crypt container, or to be more precise, the hidden volume of the True Crypt container. You may remember that you can create a hidden volume inside a True Crypt container for that extra bit of security? Exactly that volume is used for the process, the outer volume will not be used at all.

A Python script has been created that handles all the file merging, you can download it from the developer website. You also need a solid quality mp4 video file that’s encoded efficiently to make the combined file size more plausible.

You then create a True Crypt container and a hidden volume and give it a .mp4 name. You should follow the instructions on the developer site to the letter for maximum efficiency, for instance to select a plausible total size for the True Crypt volume and to select the maximum possible size for the hidden volume.

You run the Python script with the following command

python tcsteg.py RealVideo.mp4 TrueCryptContainer.mp4

where RealVideo.mp4 is the mp4 video that you want to use for the disguise, and TrueCryptcontainer.mp4 the encrypted True Crypt container.

Windows users need to first install Python before they can run the Python script.

The process combines the two files, and the end result should be that you can still play the resulting file in a video player and that you can mount the hidden True Crypt volume inside that video.

Additional instructions and the Python script are available at the developer’s website.

These volumes can have sizes from 19 Kilobytes onwards and completely arbitrary file names and extensions. The program has been designed to show that it is possible to identify those True Crypt containers even if they are reasonable small and disguised by the user. It is more or less impossible to verify the existence of a True Crypt container without technical help unless the container itself is rather large or placed in a location where it can be easily identified. While it is possible to analyze each possible container file on a system, it would take a very long time to do so.

TCHunt scans a select folder or partition on the computer for the following four attributes that are part of every TrueCrypt volume:

• The suspect file size modulo 512 must equal zero.
• The suspect file size is at least 19 KB in size (although in practice this is set to 5 MB).
• The suspect file contents pass a chi-square distribution test.
• The suspect file must not contain a common file header.

You need to accept the terms of service on start before you can use the folder browser to select a root folder for the scan. The application scans all files based on the attributes above and reports its findings back in the program interface. Not all files that are found are True Crypt containers, but you can be sure that all True Crypt containers stored under the selected root folder are found during the scan.

The program ignores the file name and extension completely, which many True Crypt users use to disguise the volume on the computer system. The program can also be helpful if you forgot where you placed your own True Crypt volume on a system, as it can reveal that location to you.

TCHunt demonstrates that it is possible to detect True Crypt volumes even if they are not mounted on the system. It stops here however, as it cannot brute force or bypass the encryption itself. True Crypt users should take note that it is possible to detect those volumes, and the True Crypt developers should consider randomizing the volumes if possible to avoid that detection.

True Crypt Hunt is available for the Windows operating system. The source code of the program is available for download on the website as well. According to the developer’s site the program is only compatible with Windows 7.

Generally speaking, you have three different situations that you need to be prepared for: Corrupt or overwritten headers, data loss on the hard drive and forgetting the True Crypt password.

A few years ago a friend of mine accidentally quick formatted a True Crypt encrypted partition on his computer which had the consequence that all data on the disk became inaccessible since he did not have a backup header.

To avoid those horror scenarios, backups are important. Here is what you can do to prepare for True Crypt emergencies:

True Crypt Password

If you forget the password, the data on the True Crypt volume becomes inaccessible. You have two options here to avoid this worst case scenario. You can either write down your password in a secure location, or create a backup header with a different, basic password. Both options are not ideal as it gives attackers more options to discover the password.

After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password)

It is generally not advised to create a second header with a different weaker password for emergencies. You could write down the password and store it in a safe location, for instance at your parent’s house or a friend’s house.

Backing Up True Crypt Headers

True Crypt headers can be backed up and restored. This is important if the partition header becomes corrupt or is changed by malicious code or tools like format that modify the header. A click on Tools in the main True Crypt application window displays the options to backup and restore the True Crypt header.

The header is worthless without the password, keep that in mind. To Backup the header select Tools > Backup Volume Header after selecting an unmounted True Crypt volume (via Select File or Select Device). The Restore Volume Header function works in a similar fashion.

Backup data on a True Crypt volume

The third and final preparation is to backup the data that is stored on a True Crypt volume. True Crypt volumes are affected by hard disk failures just like any other storage device. You should therefor back up important data regularly. Since the data is encrypted, it is recommended to back up the data on another encrypted volume.

The suggested way is to create another encrypted True Crypt volume that matches or exceeds the size of the original volume. You then mount both volumes and copy the data from the old volume to the new volume. It is highly suggested that the new volume is located on another drive, local or network, or backup up on backup media like external hard drives, optical discs or the cloud / ftp servers.

The True Crypt documentation contains a guide on how to backup both standard True Crypt volumes and system volumes.

Closing Words

These three steps ensure that you can restore data or the full True Crypt volume in case of corruption or hard drive failures. Anything to add? Let me know in the comments.

A recent study of the Department of Computer Science and Engineering at the University of California came to the conclusion that individual file sanitizing techniques were ineffective on SSDs and that built-in disk sanitizing techniques were effective if implemented correctly which was not always the case.

But this article is about encryption and Solid State Drives, read on how the findings impact encryption as well.

The makers of the open source encryption software True Crypt for instance recommend that “TrueCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that TrueCrypt is not used to encrypt any portions of such devices or filesystems)”.

They basically ask their users to use True Crypt on conventional hard drives only and not on Solid State Drives and other Flash storage devices.

Why are they recommending that? For that, we need to take a look at how data is saved to SSDs.

Solid state drives use a technology called wear leveling to extend the lifetime of the device. Storage sectors on Flash drives have limited write-cycles which means that they cannot be written to anymore eventually. Wear leveling is used to avoid heavy use of specific sectors. With Solid State Drives it’s not possible to save data to a specific sector of the drive. The wear leveling mechanism makes sure that the data is evenly distributed on the drive.

This means that it is theoretically possible that data is stored multiple times on the drive. If you change the TrueCrypt volume header for instance it can be that the old header is still accessible on the drive as it is not possible to overwrite it individually. Attackers could exploit this if they have found the old header. A basic example. Lets say you have encrypted your SSD and found out that a trojan recorded the password or keyfile that you use to access the encrypted data.

All you need to do on conventional hard drives is to create a new password or keyfile to resolve the issue and protect the data from access. On solid state drives however it may still be possible to extract the old header and use it to access the data with the stolen password or keyfile.

But what if the drive is empty before you use it? What if you plan to erase it securely if it is compromised?

Even this may not be sufficient. First, we already established that some “secure erase” tools offered by manufacturers of SSDs implement the technology incorrectly which means that the data may still be accessible after the operation.

TrueCrypt recommends the following precautions prior to encryption a blank Solid State Drive.

Before you run TrueCrypt to set up pre-boot authentication, disable the paging files and restart the operating system (you can enable the paging files after the system partition/drive has been fully encrypted). Hibernation must be prevented during the period between the moment when you start TrueCrypt to set up pre-boot authentication and the moment when the system partition/drive has been fully encrypted.

Even then the makers do not guarantee that this “will prevent data leaks and that sensitive data on the device will be securely encrypted”.

What’s the conclusion then? It depends. The security implications are probably nothing that home users need to worry about as it requires some technical background and equipment to attack encrypted drives. If you run a business, are a government official or an individual with data that needs to be protected at all costs, then you need to avoid drives with wear leveling for now.

Have a different opinion? Let me know in the comments.

True Crypt Backup

One of the most important security precautions are backups, so that the encrypted volume can be restored in case of emergency. Backup in this regard does not mean a backup of the full volume, but the backup of the True-Crypt headers. The headers contain all the information about the volume. They can match the entered password for instance, which already indicates that they are the most important part of a True Crypt volume. If the headers get corrupted, and there is no backup to restore, the encrypted volume can never be accessed again.

To backup the volume header do the following. Open True Crypt and make sure the encrypted volume is currently not mounted. If it is dismount it. Now click on Tools > Backup Volume Header. This process requires administrative rights, and will ask for the volume password for security reasons.

true crypt backup header

You are then asked if the volume contains a hidden volume. A hidden volume basically is another volume inside the encrypted area. Make your selection. If you say yes you need to enter the password of the hidden volume as well. After that a file save prompt is displayed, to store the backed up header of the encrypted volume on a storage device. As the last step, move your mouse around to create random characters and select an algorithm if you like.

Volume headers can be restored by clicking on Tools > Restore Volume Headers. You need the backup header for that obviously and the passwords.

True Crypt in a corporate environment

As a system administrator, one of the biggest problems with True Crypt is the missing ability to reset a user’s password. The security design of True Crypt makes that impossible. On the other hand, if the user forgets the password then the data on the encrypted volume is toast.

The proposed solution is the following. The True-Crypt admin creates the encrypted volume and selects a password for it. The volume headers are then backed up and the password is changed. Then the user is given the new password and asked to change it in the software.

Now, whenever the user forgets the password the admin can restore the original headers with the first password, to recover the volume and repeat the process to give the user access to it again.

Changing the True Crypt password

There may come a time when you want to change the password of a True Crypt volume. This can be a security precaution, or because the password was leaked or discovered. To change the password simply select a True Crypt volume first, and then Volumes > Change Volume Password in the True Crypt menu.

True Crypt in a network

There are basically two options to use True Crypt in a network. The first is that the True Crypt volume gets mounted and shared on one computer system of the network, the second that all connected computers that need access to it mount it individually. Both options have their advantages and disadvantages. It is furthermore recommended to make sure the connections use encryption, otherwise it would be possible to snoop on the traffic in the network. (see sharing over a network for details)

Are you using True Crypt? If so, have anything to add to the list? Let me know in the comments.

The official True Crypt website contains no information about resizing encrypted containers, only the forum hosts a few posts with the issue. Where it is addressed it is suggested to backup the old container, before creating a new one with the new storage size.

That’s not very practical, for many reasons.

I just stumbled over the Open Source tool Extvc at Caschy’s blog, and the tool seems to be exactly what True Crypt users need to increase the size of the True Crypt container.

The program has not been updated for a while, and the last compatible version of True Crypt is 6.2a which can be a nuisance. Then again, it might be faster and more comfortable to run True Crypt 6.2a during the resizing operation, than to create a new container on the hard drive (besides that it sometimes is not possible because of size limitations).

Extvc only supports volumes formatted with NTFS, and should not be used to expand an outer volume containing a hidden volume, as it will destroy the data in the hidden volume.

Enough with the limitations, lets take a look at the program in detail.

increase true crypt container size

Start by moving the extvc.exe file in the True Crypt folder. Executing the program should display the screen above. The location of the True Crypt volume needs to be specified here by selecting a file or device.

extend true crypt volume

A click on start displays the next screen. A security question to remind the user that hidden volumes inside other volumes will be deleted in the process. Best option is to not use the program with hidden volumes.

increase true crypt volume size

The new volume size of the True Crypt container can be selected in the third and final step. Please note that the new size needs to be at least 64 Kilobytes larger than the old size. The current size of the container and the available space on the host drive are displayed in the same window. We recommend to backup the True Crypt volume before using the application. The resizing worked without problems in our tests, but it is always better to be safe than sorry.

Extcv can be downloaded from the project website over at Sourceforge. the guys over at T3CH have created a walkthrough for Mac OS systems.

True Crypt now supports hardware acceleration; By default, hardware accelerated AES on computers that have a an Intel Core i7 or Core i5 processor where the Intel AES-NI instructions are available. Currently, only Intel Gulftown, Intel Clarkdale and Intel Arrandale processors support those instructions.

Additional information about hardware acceleration in True Crypt can be found in the docs section.

true crypt 7

Volumes can now be configured to automatically mount whenever the host device gets connected to a computer system.

For example, if you have a TrueCrypt container on a USB flash drive and you want to configure TrueCrypt to mount it automatically whenever you insert the USB flash drive into the USB port, follow these steps: 1. Mount the volume. 2. Right-click the mounted volume in the drive list in the main TrueCrypt window and select ‘Add to Favorites’. 3. The Favorites Organizer window should appear. In it, enable the option ‘Mount selected volume when its host device gets connected’ and click OK.

Please note that True Crypt itself is still required for the mounting.

Favorites have been added to TrueCrypt. This new feature allows the user to set specific parameters for TrueCrypt volumes, like mounting as read-only, upon login or when the host device gets connected.

truecrypt7 favorites

Configuring favorite volumes offers new possibilities, including:

* You have a volume that always needs to be mounted to a particular drive letter.

* You have a volume that needs to be automatically mounted when its host device gets connected to the computer (for example, a container located on a USB flash drive or external USB hard drive).

* You have a volume that needs to be automatically mounted when you log on to the operating system.

* You have a volume that always needs to be mounted as read-only or removable medium.

Another benefit of configuring favorites is the ability to mount all devices at once, either by selecting Favorites > Mount Favorite Volumes or by pressing the Mount Favorite Volumes hotkey.

Lastly, partition or device hosted volumes can now be created on drives that use sector sizes of 4096, 2048 or 1024. Only file hosted volumes were supported previously on those drives.

The changelog lists one security improvement regarding the encryption of hibernation and crash dump files in Windows. True Crypt 7.0 now uses the API provided by Microsoft to encrypt those files in a safe documented way.

TrueCrypt 7.0 can be downloaded from the official project homepage.

The drive itself showed up fine in Windows Explorer and Disk Management. I started with advanced troubleshooting programs like Test Disk trying to figure out what was wrong. It was later that I discovered that these advanced troubleshooting programs were not needed for the problem that I was experiencing.

It was clear that the headers where somehow corrupted. True Crypt offers so called mount options and one of these mount options is to use embedded backup headers if they are still available in the encrypted volume. Now this might not work in all cases as these can also become corrupted but it did work in my case.

I selected “use backup header embedded in volume if available” that are an option in the Mount Options in True Crypt’s password field and entered the password of the True Crypt partition again. This fixed the problem that the True Crypt volume was not recognized and the encrypted partition mounted as normal on the system.

To avoid header problems with True Crypt volumes it is suggested to backup the volume headers so that they can be restored in case of corruption. This can be done by selecting the True crypt partition under Select Device, then Volume Tools from the main True Crypt window and finally Backup Volume Header.

I guess I was lucky that I was able to restore the header without the backup. The first thing I did was to create a backup header for all of my True Crypt partitions for additional restoration options in case of an emergency.

USB Agent is a portable software program that provides this functionality. It requires some manual preparation before it will execute the programs. This should not take longer than a few minutes the most though. The most important step in the process is the creation of a new file on the USB device that has to be named usbagent.inf. The following information need to be added to the file after its creation (with a text editor):

[usbagent]
ON=start-app.exe
OFF=stop-app.exe

where start-app.exe and stop-app.exe need to be replaced with executables or batch files that the user wants to execute if the USB device is connected and disconnected. The executables and batch files can be stored on the USB device by using the format

ON=%basepath%\start-app.exe

where %basepath%\ is pointing to the root folder of the USB device.

USB Agent comes with an option to mount True Crypt containers that are stored on USB devices. This can be a handy option to automate the mounting of the encrypted container. The portable software is available at the developer’s German website. A link to Google Translate is listed at the top of the page to translate the page into a different language. The program itself is available in English and German and compatible with Windows 2000 and newer Microsoft operating system including Windows 7 and Windows Server 2008.

The last week however revealed that Bitlocker’s encryption after all was not as secure as everyone thought back then. Not one but two methods of attacking a Bitlocker encrypted system were revealed both even working if a Trusted Platform Module is available in the computer system.

The Fraunhofer institute discovered the first attack form which requires physical access to the computer system. It makes use of the fact that Bitlocker does carry out an integrity check of the system but not of the bootloader. The attack therefor replaces the bootloader that can record the user’s pin in unencrypted form. The system would then automatically reboot and replace the fake bootloader with the original one.

The second attack was reported by security company Passware who have added the ability to recover Bitlocker keys in a matter of minutes to their flagship product Passware Kit Forensic version 9.5. This second method requires physical access to the target computer system as well to get hold of a memory image of that computer system to run the recovery.

Both of these attacks and the methods that have been posted earlier that attacked True Crypt required physical access at some point. Two methods even required that the system is active or was active shortly before the attack for it to be successful.

True Crypt on the other hand is open source and a cross-plattform application which gives it the advantage if a user works with Windows, Linux and Mac systems.

The performance impact of both encryption software programs is neglectful on modern desktop computer systems. Netbooks, which are usually powered by Atom or Celeron cpus on the other hand, are not as powerful as desktop PCs.

I ran some benchmarks on an Atom N260 Netbook. For BitLocker, I chose three different encryption algorithms. For TrueCrypt, I chose only the fastest algorithm according to its built-in benchmark.

The results on a tested Atom 260 netbook are that Bitlocker performs better than True Crypt. The first chart shows the transfer rate in Megabytes on a system without encryption and on a computer system with either Bitlocker or True Crypt encryption. Both have a noticeable impact on the computer system.

The second chart shows the performance loss compared to a system running no encryption.

True Crypt did perform worse in the test. The author did not fail to mention on the other hand that the difference in performance was not noticeable during tests. Alexander comes to the same conclusion

As you can see, TrueCrypt performs worse. The default BitLocker algorithm (AES 128 bit with diffuser) is 12% faster. If you use the same algorithm in BitLocker and TrueCrypt, BitLocker is even faster by 14%. So switching to TrueCrypt in order to increase performance is a bad idea. But in defense of TrueCrypt I have to say that the difference is hardly noticeable; running encryption on a netbook makes it slow whether BitLocker or TrueCrypt is used.

To sum it up. Both security programs slow down netbooks noticeably but the difference in performance between the two programs is not noticeable even though it is existing. (via 4Sysops)

Microsoft has therefor created a solution for this problem by introducing the Bitlocker To Go Reader so that the data on the portable device can be read in operating systems that are not supporting Bitlocker. Microsoft’s solution is the Bitlocker To Go Reader, a software program compatible with Windows XP, Windows Vista and Windows 7 that can be used to decrypt the data on a Bitlocker encrypted removable storage device.

Bitlocker To Go Reader is added to the removable storage device when it is encrypted. The program will automatically be displayed if autoplay is enabled on the computer system when the user connects the removable storage device that has been encrypted with Bitlocker To Go. A right-click on the device and the selection of autoplay or a double-click on the drive icon in Windows are the other options to display the Bitlocker To Go Reader window.

The user only needs to enter the password the data was encrypted with to decrypt and access it on the other operating system. An alternative to encrypt file systems, removable storage devices and other data is the open source software True Crypt which we have reviewed in the past. True Crypt offers the advantage of encrypting and decrypting data not only in Windows but also Linux and Mac OS.wp-image-19416″ />

While Windows 7 support is probably the stand-out feature of the True Crypt 6.3 release there are a few others additions and changes that might be interesting to some users. TrueCrypt 6.3 adds full support for Mac OS X 10.6 Snow Leopard as well which should please Mac users who use the software program.

Another addition to this release of the disk encryption software is the “system favorite volumes” option. This comes in handy “when you have volumes that need to be mounted before system and application services start and before users start logging on. It is also useful when there are network-shared folders located on a TrueCrypt volume and you need to ensure that the network shares will be restored by the system each time it is restarted.”

The latest version of True Crypt can be downloaded from the developer’s website where it is available for all supported operating systems.

CryptKeeper is available for the GNOME desktop (requires Nautilus) and is a system try applet that easily manages EncFS encrypted folders without the user having to touch the command line. And CryptKeeper works very similarly to TrueCrypt, but makes the whole process even easier. In this article you will learn how to install CryptKeeper and then create and use an encrypted folder on a Ubuntu machine.

Installation

Installing CryptKeeper is as simple as installing any other software on a Ubuntu machine. Of course this software should be just as easy to install on your favorite distribution – just modify the process as needed. The steps for installation are:

1. Open up your Add/Remove Software tool.
2. Search for “cryptkeeper” (No quotes).
3. Select the resulting software for installation.
4. Click Apply to install.

That’s it. Once installed you will find the menu entry under the Applications menu, in the System Tools sub-menu.

How CryptKeeper works

The way this application works is simple: Creating encrypted, mountable file systems. Basically you create an encrypted folder that can only be accessible if that folder is mounted, and the only way to mount that folder is to know the authentication password.

Starting and using CryptKeeper

Figure 1

When you start CryptKeeper you will be surprised to see that no windows or dialogs open. As stated earlier this is a system tray applet so the application resides in your system  tray (or Notification Area). So when you start CyrptKeeper the only thing you will see is the system tray icon appear (see Figure 1).  The icon you are looking for is the keys icon. From this icon there are two actions:

Right click: Preferences, About, Quit

Left click: Mount previously created encrypted folders, Import EncFS folders, Create encrypted folders.

From the Preferences window there isn’t really much to do. There is, however, one important option you can set. If you want to make sure your encrypted folders are unmounted after being idle for a user-configured amount of time.

Now, let’s create an encrypted folder. Left click CryptKeeper icon and select “New Encrypted Folder”. This action will open up a Wizard that will walk you through the process of creating your folder. The steps are:

Give your folder a name and location.

Enter (twice) a password for the encrypted folder.

Figure 2

That’s it. As soon as you have verified your password, and hit Forward, your new encrypted folder will open in the Nautilus file browser (see Figure 2).

With your folder open you can then place whatever you like inside. Once you are done working with the folder you only need to unmount it to keep the contents from prying eyes. There is only one way to unmount your folder:

Left click the CryptKeeper icon and uncheck the mounted folder.

If you try to unmount the folder from within Nautilus you will be unsuccessfull.

When the folder is unmounted it will seem to no longer exist on your machine. The only way you will see the file is to open up a terminal and search for the folder in your home directory using the ls -a command. Using the example I created above (encrypted folder “Ghacks”) I will see the entry .Ghacks_encfs in the ~/ folder. If I try to search the contents of that folder I will see something like:

kgv8qdE4Y,8kNqkREP7cQGvz-fk9bUujZTSXd8ijrelqi0

Figure 3

No dice. There is only one way to see the contents of this folder. To do this left click the CryptKeeper icon and select the encrypted folder you want to mount (see Figure 3). Once selected you will be prompted for the password for the folder. When you successfully enter the password the folder will mount and be opened in a new Nautilus window.

Final thoughts

Without a doubt, CryptKeeper is one of the easiest means to create on-the-fly encrypted folders to use on the Linux desktop. If you need solid encryption for personal folders, CryptKeeper is the way to go.

The only way to password protect data is to use encryption. It would theoretically be possible to zip or compress the files and use a password to protect them which would however mean that the data would need to be uncompressed before it could be used.

All you need to password protect CDs or DVDs is True Crypt (or another software that can create encrypted containers). The Open Source encryption software can create so called containers that can be filled with data. These containers are password protected and can only be accessed if the correct password is supplied. The user does need True Crypt on the other hand to access the CDs and DVDs.

Start by downloading True Crypt from the official website. Click on the Create Volume button after installation. This opens a wizard that can be used to create an encrypted file container.

Select to create a standard True Crypt volume.

Now select a filename and location on the hard drive for the container.

Keep the algorithms and select an appropriate size for the container. You might need to experiment with the sizes a bit. If sizes do not matter that much select 650 Megabytes for a CD container and 4000 Megabytes for a DVD container.

Now select a password and use the format button to format the container.

Now that the container is created it needs to be mounted which basically means to use the password to make it accessible in Windows. Click on the select file button in the True Crypt main menu and locate the created container. Now select the Mount button. True Crypt will ask for a password. Just enter the password supplied to access the container. The container becomes available as a drive letter in Windows then. You can now transfer data in the container. Once all data has been added it can be burned to CD or DVD depending on the size of the container.

The user then needs to select the file on the CD or DVD whenever data on the disc should be accessed. Everything else will remain the same.

True Crypt is an Open-Source software that can be used to create encrypted containers on devices. One of the major advantages of True Crypt is that it can be used as a portable application which means that you can copy the True Crypt files on the USB device so that the software does not have to be installed on the computer system where the data is needed.

There is however the requirement that the user who wants to mount the True Crypt volume to get access to the data needs to have administrative rights to run the software. That is however the only requirement.

Download the True Crypt software and run the setup. The setup displays options to install or extract the contents. Choose the extract option and pick the USB device as the target. All the files needed to encrypt and decrypt data will be extracted to the USB device.

Run truecrypt.exe afterwards. We need to create an encrypted container on the USB device that can store the data that we want to protect. It is limited to the free space on the USB device.

Click on Create Volume in the main interface and select the option to create an encrypted file container. Use the standard volume type in the next screen. Now browse to the USB device and pick a random filename that should be used as the container. You can use any name or extension, it does not really matter, for example test.avi, test.txt or bigrar.rar.

Pick an encryption algorithm (AES is fine and fast) and a Hash Algorithm (SJA-512) and define the space on the device that you want to assign. Select a password (20+ chars are recommended, the more the securer). The volume (in this case the space that you have selected) will be formatted. Move the mouse around to create random information and click the format button in the end.

This completes the creation of the encrypted container on the device. You need to mount it whenever you are going to use it. This is done by executing True Crypt from the USB device, picking a drive letter and selecting the file that contains the encrypted container.

The last step would be to click on mount to enter the password that is needed for the data decryption.

The data will be secure whenever the container is not mounted on the computer system. That’s one of the safest ways of transporting data from location A to B. Got any questions? Let me know.

Version 6.1 of True Crypt was released two days ago and it has – again – added interesting features to the encryption software. The major improvement of this release affects Windows Vista and Windows Server 2008 operating systems. It is now possible to encrypt non system partitions on those operating systems without losing the data on those partitions. That feature is unfortunately not available in previous operating systems such as Windows XP.

To encrypt a non-system partition and retain the data of the partition one would have to follow the path
Create Volume’ > ‘Encrypt a non-system partition’ > ‘Standard volume’ > ‘Select Device’ > ‘Encrypt partition in place’ in True Crypt.

Another interesting addition is the support of keyfiles on security tokens and smart cards that comply with the PKCS #11 standard. Text output of the True Crypt bootloader can now be suppressed or customized.

A complete list of changes and updates is available in the True Crypt release notes on the True Crypt homepage.