Microsoft has therefor created a solution for this problem by introducing the Bitlocker To Go Reader so that the data on the portable device can be read in operating systems that are not supporting Bitlocker. Microsoft’s solution is the Bitlocker To Go Reader, a software program compatible with Windows XP, Windows Vista and Windows 7 that can be used to decrypt the data on a Bitlocker encrypted removable storage device.

Bitlocker To Go Reader is added to the removable storage device when it is encrypted. The program will automatically be displayed if autoplay is enabled on the computer system when the user connects the removable storage device that has been encrypted with Bitlocker To Go. A right-click on the device and the selection of autoplay or a double-click on the drive icon in Windows are the other options to display the Bitlocker To Go Reader window.

The user only needs to enter the password the data was encrypted with to decrypt and access it on the other operating system. An alternative to encrypt file systems, removable storage devices and other data is the open source software True Crypt which we have reviewed in the past. True Crypt offers the advantage of encrypting and decrypting data not only in Windows but also Linux and Mac OS.wp-image-19416″ />

Related posts

• My Encrypted Tunnel (1)
• How To Password Protect Data On CDs or DVDs (6)
• Disk Encryption Software TrueCrypt 6.3 Released (4)
• Zoogmo Secure Peer To Peer Backups (3)
• ZoneScreen Finally Gets 64-bit Update (7)

While Windows 7 support is probably the stand-out feature of the True Crypt 6.3 release there are a few others additions and changes that might be interesting to some users. TrueCrypt 6.3 adds full support for Mac OS X 10.6 Snow Leopard as well which should please Mac users who use the software program.

Another addition to this release of the disk encryption software is the “system favorite volumes” option. This comes in handy “when you have volumes that need to be mounted before system and application services start and before users start logging on. It is also useful when there are network-shared folders located on a TrueCrypt volume and you need to ensure that the network shares will be restored by the system each time it is restarted.”

The latest version of True Crypt can be downloaded from the developer’s website where it is available for all supported operating systems.

Related posts

• VLC Media Player 1.0 Released (9)
• Stream Music With Subsonic (11)
• Prep For GRE, GMAT, SAT Tests With Words (3)
• Photo Collage (3)
• Open Office 4 Kids (11)

CryptKeeper is available for the GNOME desktop (requires Nautilus) and is a system try applet that easily manages EncFS encrypted folders without the user having to touch the command line. And CryptKeeper works very similarly to TrueCrypt, but makes the whole process even easier. In this article you will learn how to install CryptKeeper and then create and use an encrypted folder on a Ubuntu machine.

Installation

Installing CryptKeeper is as simple as installing any other software on a Ubuntu machine. Of course this software should be just as easy to install on your favorite distribution – just modify the process as needed. The steps for installation are:

1. Open up your Add/Remove Software tool.
2. Search for “cryptkeeper” (No quotes).
3. Select the resulting software for installation.
4. Click Apply to install.

That’s it. Once installed you will find the menu entry under the Applications menu, in the System Tools sub-menu.

How CryptKeeper works

The way this application works is simple: Creating encrypted, mountable file systems. Basically you create an encrypted folder that can only be accessible if that folder is mounted, and the only way to mount that folder is to know the authentication password.

Starting and using CryptKeeper

Figure 1

When you start CryptKeeper you will be surprised to see that no windows or dialogs open. As stated earlier this is a system tray applet so the application resides in your system  tray (or Notification Area). So when you start CyrptKeeper the only thing you will see is the system tray icon appear (see Figure 1).  The icon you are looking for is the keys icon. From this icon there are two actions:

Right click: Preferences, About, Quit

Left click: Mount previously created encrypted folders, Import EncFS folders, Create encrypted folders.

From the Preferences window there isn’t really much to do. There is, however, one important option you can set. If you want to make sure your encrypted folders are unmounted after being idle for a user-configured amount of time.

Now, let’s create an encrypted folder. Left click CryptKeeper icon and select “New Encrypted Folder”. This action will open up a Wizard that will walk you through the process of creating your folder. The steps are:

Give your folder a name and location.

Enter (twice) a password for the encrypted folder.

Figure 2

That’s it. As soon as you have verified your password, and hit Forward, your new encrypted folder will open in the Nautilus file browser (see Figure 2).

With your folder open you can then place whatever you like inside. Once you are done working with the folder you only need to unmount it to keep the contents from prying eyes. There is only one way to unmount your folder:

Left click the CryptKeeper icon and uncheck the mounted folder.

If you try to unmount the folder from within Nautilus you will be unsuccessfull.

When the folder is unmounted it will seem to no longer exist on your machine. The only way you will see the file is to open up a terminal and search for the folder in your home directory using the ls -a command. Using the example I created above (encrypted folder “Ghacks”) I will see the entry .Ghacks_encfs in the ~/ folder. If I try to search the contents of that folder I will see something like:

kgv8qdE4Y,8kNqkREP7cQGvz-fk9bUujZTSXd8ijrelqi0

Figure 3

No dice. There is only one way to see the contents of this folder. To do this left click the CryptKeeper icon and select the encrypted folder you want to mount (see Figure 3). Once selected you will be prompted for the password for the folder. When you successfully enter the password the folder will mount and be opened in a new Nautilus window.

Final thoughts

Without a doubt, CryptKeeper is one of the easiest means to create on-the-fly encrypted folders to use on the Linux desktop. If you need solid encryption for personal folders, CryptKeeper is the way to go.

Related posts

• True Crypt 6 released (3)
• True Crypt 5 adds System Partition Encryption (1)
• Securing your Pc with True Crypt (29)
• Increase True Crypt AES performance (7)
• Encrypting an USB Drive with True Crypt (11)

The only way to password protect data is to use encryption. It would theoretically be possible to zip or compress the files and use a password to protect them which would however mean that the data would need to be uncompressed before it could be used.

All you need to password protect CDs or DVDs is True Crypt (or another software that can create encrypted containers). The Open Source encryption software can create so called containers that can be filled with data. These containers are password protected and can only be accessed if the correct password is supplied. The user does need True Crypt on the other hand to access the CDs and DVDs.

Start by downloading True Crypt from the official website. Click on the Create Volume button after installation. This opens a wizard that can be used to create an encrypted file container.

Select to create a standard True Crypt volume.

Now select a filename and location on the hard drive for the container.

Keep the algorithms and select an appropriate size for the container. You might need to experiment with the sizes a bit. If sizes do not matter that much select 650 Megabytes for a CD container and 4000 Megabytes for a DVD container.

Now select a password and use the format button to format the container.

Now that the container is created it needs to be mounted which basically means to use the password to make it accessible in Windows. Click on the select file button in the True Crypt main menu and locate the created container. Now select the Mount button. True Crypt will ask for a password. Just enter the password supplied to access the container. The container becomes available as a drive letter in Windows then. You can now transfer data in the container. Once all data has been added it can be burned to CD or DVD depending on the size of the container.

The user then needs to select the file on the CD or DVD whenever data on the disc should be accessed. Everything else will remain the same.

Related posts

• Xkcd Comic Wallpaper Changer (2)
• Wireless Network Scanner inSSIDer (3)
• Windows Tabbed Browsing (4)
• Windows Run Aliases (8)
• Windows Management: Super Maximize Windows (9)

True Crypt is an Open-Source software that can be used to create encrypted containers on devices. One of the major advantages of True Crypt is that it can be used as a portable application which means that you can copy the True Crypt files on the USB device so that the software does not have to be installed on the computer system where the data is needed.

There is however the requirement that the user who wants to mount the True Crypt volume to get access to the data needs to have administrative rights to run the software. That is however the only requirement.

Download the True Crypt software and run the setup. The setup displays options to install or extract the contents. Choose the extract option and pick the USB device as the target. All the files needed to encrypt and decrypt data will be extracted to the USB device.

Run truecrypt.exe afterwards. We need to create an encrypted container on the USB device that can store the data that we want to protect. It is limited to the free space on the USB device.

Click on Create Volume in the main interface and select the option to create an encrypted file container. Use the standard volume type in the next screen. Now browse to the USB device and pick a random filename that should be used as the container. You can use any name or extension, it does not really matter, for example test.avi, test.txt or bigrar.rar.

Pick an encryption algorithm (AES is fine and fast) and a Hash Algorithm (SJA-512) and define the space on the device that you want to assign. Select a password (20+ chars are recommended, the more the securer). The volume (in this case the space that you have selected) will be formatted. Move the mouse around to create random information and click the format button in the end.

This completes the creation of the encrypted container on the device. You need to mount it whenever you are going to use it. This is done by executing True Crypt from the USB device, picking a drive letter and selecting the file that contains the encrypted container.

The last step would be to click on mount to enter the password that is needed for the data decryption.

The data will be secure whenever the container is not mounted on the computer system. That’s one of the safest ways of transporting data from location A to B. Got any questions? Let me know.

Related posts

• True Crypt 6.1 Released (4)
• Protect your data from physical access (3)
• Password Protect Files (4)
• Zoogmo Secure Peer To Peer Backups (3)
• Use any USB 2.0 Device for Readyboost in Vista (4)

Version 6.1 of True Crypt was released two days ago and it has – again – added interesting features to the encryption software. The major improvement of this release affects Windows Vista and Windows Server 2008 operating systems. It is now possible to encrypt non system partitions on those operating systems without losing the data on those partitions. That feature is unfortunately not available in previous operating systems such as Windows XP.

To encrypt a non-system partition and retain the data of the partition one would have to follow the path
Create Volume’ > ‘Encrypt a non-system partition’ > ‘Standard volume’ > ‘Select Device’ > ‘Encrypt partition in place’ in True Crypt.

Another interesting addition is the support of keyfiles on security tokens and smart cards that comply with the PKCS #11 standard. Text output of the True Crypt bootloader can now be suppressed or customized.

A complete list of changes and updates is available in the True Crypt release notes on the True Crypt homepage.

Related posts

• Increase True Crypt AES performance (7)
• Encrypting USB Devices Data With True Crypt (5)
• Disk Encryption Software TrueCrypt 6.3 Released (4)
• Zoogmo Secure Peer To Peer Backups (3)
• True Crypt 6 released (3)

Rohos Mini Drive was specifically designed with USB drive encryption and ease of use in mind. It uses the 256-bit AES as the encryption algorithm and can create encrypted partitions with a maximum size of 1 Gigabyte. The program does not require installation and can be run right of the USB drive.

So how does this work? The user executs the Rohos Mini Drive software which will automatically detect usb drives that are connected to the computer. One usb drive will be selected automatically but the user can change to another one if multiple drives are connected to the computer.

He then specifies a password that will be used to decrypt and encrypt the data in the partition of the usb drive.

This procedure is not that different from encrypting an USB drive with True Crypt. Rohos Mini Drive however comes with a feature that makes it possible to access the data without administration rights. The software comes with another program called Rohos Mini Drive which is a simple disk browser. This tool can be used to browse the contents of the encrypted usb drive without admin rights.

Rohos Mini Drive comes with two additional interesting features. The first is a virtual keyboard which can be used to defeat keyloggers on a computer while the second is an autostart folder to start applications immediately after connection.

Related posts

• True Crypt 6 released (3)
• Securing your Pc with True Crypt (29)
• Encrypting an USB Drive with True Crypt (11)
• Data Can Leak From Partially Encrypted Systems (6)
• True Crypt 5 adds System Partition Encryption (1)

I’m a bit puzzled that it took them so long to figure out that every kind of application that is logging or saving temporary data might reveal information about such hidden data. Maybe I got it wrong and missed something but if that is not the case I might call this finding rather obvious.

If I have a Word document on an encrypted partition and open it with Word it gets added to the recently accessed files list in Word as far as I know. The research paper has already been published and can be downloaded freely. The name of the document is “Defeating Encrypted and Deniable File Systems:
TrueCrypt v5.1a and the Case of the Tattling OS and Applications”.

The research paper is well written and understandable for users with a technical background but most other users as well. What they are basically saying is that information can be found in operating systems and applications that could link to data in encrypted and hidden partitions. Some of the examples mentioned in the paper are Word auto-saves, recent files lists and Google Desktop.

The researchers are also assuming that a user would reveal the encrypted partition but not the hidden partition located inside of the encrypted partition which is plausible. An analyst would only have to find evidence for the existence of a hidden partition to defeat its purpose. That does not mean that he would be able to decrypt the data but he could gather information by analysing the operating system and the installed applications.

Related posts

• True Crypt 6 released (3)
• Securing your Pc with True Crypt (29)
• Encrypting an USB Drive with True Crypt (11)
• Encrypt USB Drives (8)
• True Crypt 5 adds System Partition Encryption (1)

Version 6 of True Crypt introduces several interesting features and improvements. Users with multi-core CPUs will see a huge speed increase due to the multi-core support that has been implemented in True Crypt 6. Each additional cpu core will increase encryption and decryption performance by 100% which means that a quad core cpu will be 400% faster than a single core cpu of the same speed. Mounting will also benefit from multi-core CPUs.

Another interesting addition is the option to use a fully encrypted and hidden operating system that can be installed in a hidden True Crypt partition. That’s basically the hidden container on a encrypted partition feature ported to operating systems, very useful in my opinion.

Backup Headers were introduced in this version of True Crypt as well. Previously one header was used to determine the size of the encrypted partition. If something happened to that space on the hard drive the partition or container could no longer be mounted and that all data would be lost. The backup header is a second header for this case which reduces the likeliness of this.

Mac OS X and Linux users can now create hidden volumes as well. The most important additions to this version are in my opinion multi-core support and the option to install a hidden operating system.

Related posts

• Encrypting an USB Drive with True Crypt (11)
• Increase True Crypt AES performance (7)
• Drag and Crypt Ultra (2)
• Securing your Pc with True Crypt (29)
• Scan Computer for password protected files (2)

The file size limit for this application is about half the size of your RAM meaning the maximum file size on a computer with 1024 Megabyte of RAM is roughly 512 Megabytes. The author suggests to use True Crypt for large files instead. Multiple files and folders can be dropped on the dropzone which will then all be encrypted with the same encryption key. That’s right, you will be asked to enter an encryption key, a password, which you have to remember to decrypt the files again.

There is obviously no way to save the password in the application because it would make the whole process superfluous. The original file will remain untouched unless you check the option to securely erase source files once they have been encrypted or decrypted.

Another option might prove useful. You can add an entry to the right-click menu for faster access to the application. I really like the ease of use and think that Drag and Crypt Ultra could be a great asset for users who do not want to create a True Crypt container or Partition but still want to protect some of their files and folders.

Related posts

• True Crypt 6 released (3)
• Increase True Crypt AES performance (7)
• Encrypting an USB Drive with True Crypt (11)
• Scan Computer for password protected files (2)
• Zip Repair (3)

The solution is a little bit complicated because you have to compile a source to get it to work. The benefit however is a much better performance of that algorithm which has been programmed in Assembler in comparison to the one programmed in C that True Crypt is using by default.

The increase is amazing. The bandwidth increases by about 20 MB/s from 66 MB/s to 85 MB/s on the system of the user who discovered it. It depends on the hard drive of course but everyone should see a gain in the end.

You will need the following to compile the algorithm source and True Crypt:

• Microsoft Visual Studio 2005 with SP1
• Microsoft Visual C++ 1.52
• Windows Driver Development Kit (DDK) Vista Build 6000
• YASM

You can read the full instructions in this thread. I was not able to locate a precompiled version of True Crypt with this faster AES algorithm yet. If anyone comes up with a trustworthy download source let me know. I unfortunately do not have Microsoft Visual Studio 2005.

Related posts

• True Crypt 6 released (3)
• Encrypting an USB Drive with True Crypt (11)
• Drag and Crypt Ultra (2)
• Scan Computer for password protected files (2)
• Ghacks Christmas Giveaway: DriveCrypt (86)

I don’t want to point out all of the valid reasons for encrypting a drive or partition with True Crypt other than pointing out some key elements such as privacy and theft protection.

You obviously need True Crypt for this guide, the latest available version for Windows is 5.0a. Download and install the software as usual and start it afterwards. The main True Crypt window will load and look like the following:

You obviously need to make some decisions before you continue. True Crypt can encrypt a partition or create an encrypted container on a hard drive. The choice is yours, I prefer to encrypt the whole partition. The benefits of using a container  are that some data of that drive is accessible without True Crypt. This guide will encrypt the full USB drive.

Click on the Create Volume button in the lower left corner. A window will appear asking about the type of volume that you want to create. The choices are to create an encrypted container, encrypt a partition / drive or encrypt the system partition (the one running Windows).

We are going to create a volume within a non-system device and check the second option in that screen. The next window gives us the choice to create a standard or hidden True Crypt volume. Hidden volumes are created in standard volumes. The reason is to give up only the standard password and not the password for the hidden volume when someone forces you. We are creating a standard volume therefor.

Now we are selecting the device that we want to encrypt, in my case the new USB drive. Next in the line are the encryption options. Which encryption and hash algorithm are you going to use. My selection was AES and SHA-512. You can run benchmarks in that window and get additional information about each algorithm. All algorithms are secure (unless someone proves otherwise, which has not happened yet)

The  Volume Password is probably the most important part.You access your files with it and if you happen to forget it your files are lost.Make sure you use a large string, something that is not a dictionary word and not a combination of them. You should also forget about using personal information like birthdays, names or places.

A password should be at least made of 20 characters and be made of upper and lower case chars, numbers and special chars. The maximum amount of chars is 64.

A keyfile can be created as well which then works in combination with the password. You get access to the encrypted hard drive only if you supply the keyfile and the password. The keyfile is simply a file on your computer which you select or generate during setup.

The drive will be formated in the end. You need to move your mouse randomly around the screen for some time to improve the quality of the encryption keys. The file system should and cluster size can remain as is unless you need them to be different. I’m using Quick Format since there have not been any files on the USB drive previously. The process is finished after this step. You need to mount the drive now to be able to use it.

Select a drive letter currently not assigned and  click on Select Device afterwards in the main menu. Now select the partition or drive that you have encrypted and click on ok.

Now click on Mount which opens up a password box where you have to enter the password that you have selected during setup. Click ok afterwards and work with the hard drive normally from there on if the password was correct. I was not able to experience any major slowdowns due to the encryption, everything runs smooth and solid and even large file transfers and many connections work as usual.

Related posts

• True Crypt 6 released (3)
• Increase True Crypt AES performance (7)
• Drag and Crypt Ultra (2)
• Securing your Pc with True Crypt (29)
• Scan Computer for password protected files (2)

Yet there was always the danger of temporary files, history records and the like that could give valuable clues to a possible attacker. This is no longer a point to worry about with System Partition encryption. This allows a user to encrypt his system partition, i.e. the partition or hard drive with Windows or another operating system on the fly so that no one may access the data on the system if he can’t provide the password during bootup.

True Crypt 5 adds a boot loader to the system which will ask for the password so that the system can boot. I’m planning to encrypt my whole system in the next few days. If you plan to do the same make sure you create a rescue disc to be on the safe side if something goes wrong.

Never had a problem with True Crypt in the entire years though. This major release has seen several other changes which are worth mentioning. True Crypt 5 is available for Mac OS X as well which means all major operating systems (Windows, Linux Mac) are supported right now.

The Linux version received a graphical user interface and the read / write speed was increased by up to 100% on Windows systems due to pipelined operations.

Last but not least a new algorithm was added and one removed. The SHA-512 hash algorithm replaced the SHA-1 algorithm).

What are you waiting for ? Go grab it now !

Related posts

• True Crypt 6 released (3)
• Securing your Pc with True Crypt (29)
• Increase True Crypt AES performance (7)
• Encrypting an USB Drive with True Crypt (11)
• Encrypt USB Drives (8)

The backups can be scheduled and run automatically in the background. Prior to using the software you need to create an account at the Zoogmo website. Those information are used to encrypt the data that is backed up on your computer which means that if you loose those information the backed up data will be lost.

Zoogmo currently has some limitations. The maximum file size is only 50 Megabytes which might be not enough for users who would like to backup larger files. Since this is currently a beta it is most likely that the limit will be raised in the future.

While Zoogmo is great for creating external secure backups I would suggest to use a combination of True Crypt and an external hard drive if you want to backup your files locally. The advantage of course is that you do not need to connect to the Zoogma server at all before you can access your backups.

Take a look at this video that explains the concept of Zoogmo.

Read More:

Zoogmo

Related posts

• Verify File Integrity Of Backups (4)
• True Crypt 6.1 Released (4)
• True Crypt 6 released (3)
• True Crypt 5 adds System Partition Encryption (1)
• True Crypt 4.2 released (1)

It can go on by using recovery softwares to gather a list of softwares that once were installed on the computer but have been deleted by the user. In the end they have access to almost everything if you did not take the necessary measures to make sure that no one is able to access sensitive data.

Protecting your data is essential these days and even if some of you would call me paranoid I think everyone should do it. But, how would one do that ?

This is actually easier than you would have thought. My suggestion would be to use encryption to protect the data. This does mean however that the user has to enter a code to decrypt the data before he can use it which is far better than handing the data on a silver plate to everyone who has physical access to the computer.

Just follow the easy steps outlined below to secure your computer:

Download and install True Crypt on your system. True Crypt is able to encrypt hard drives and partitions with a secure key. I would suggest to use either an external hard drive or make space on a internal hard drive. It is far better to encrypt the complete hard drive.

Be aware that you need at least one unencrypted partition to be able to boot your operating system.

Encrypt the hard drive. I outlined the process in an earlier article called Create a secure data safe with True Crypt.
Now the important part. Move all your sensitive applications to that encrypted partition. I’m thinking of email clients, browsers, p2p applications, ftp programs, documents, pictures, videos and everything else that you do not want to share with anyone.
Make sure you change the data paths in the applications as well. It would not help if you use the email client from the encrypted hard drive but have the mailboxes on an unencrypted one. Move them all to the encrypted hard drive as well.
No one is able to access that data unless they provide the key to decrypt the hard drive. It is theoretically possible to break the algorithm or use brute force. The later would take ages if you use a key with more than 40+ chars.

Other measures that you should undertake could be to clean the caches on exit and using a software like Eraser to regularly delete information about former files on unused disk space.

Do you have additional ideas or methods that you use to protect your data ?

Related posts

• Zombie City Tactics (0)
• Why you should switch your parents pc to ubuntu (20)
• Who is connected to your pc right now ? (6)
• Use your Wiimote in Windows (0)
• USB 3.0: What You Need To Know About SuperSpeed USB (6)

True Crypt is available for Linux and several Windows editions including Vista and XP. Please download the software from the location above and install it afterwards. The only other thing that you need is some free space on a hard drive or a storage device. I would suggest an usb key for instance, size does not really matter that much. If you ask me I encrypted a complete external hard drive with 320 Gigabytes of space that stores my private files that no one else should be able to access.

• Launch True Crypt
• Click on Create Volume
• Create a Standard Volume, click Next
• Decide if you want to encrypt a device or create a encrypted container. Select File creates an container of x megabytes that you specify, select device encrypts the device. I’m using the second option for my hard drive but this is really up to you and does not change the data safe that we create
• If you select File: Browse to a location that you want to store the file and name it, something like test, data or whatever. Click save, then next.
• Select an encryption algorithm, AES is fine for instance. Click Next
• Select a file size for the container. It should be at least some megabytes, the limit is the space on the device that the file is created on
• Create a secure password that you can remember. Write it down for the first time if you want to be sure that you do not forget it. Get rid of that paper as soon as possible.
• Click on Next, move the mouse around for a minimum of 30 seconds and click on format afterwards.
• A message should appear that the container was created.
• To mount it simply select a drive letter that is not taken and click on Select File and browse to the file that you created
• click on mount and enter the password that you have selected during installation
• If everything worked out fine the container should be mounted and you can use it like any other drive letter.You could for instance move important files into the container or create a textfile that contains all of your passwords.
• do not forget to unmount the partition if you leave the computer for a longer time. Booting or shutting down automatically unmounts the drive.
• It would be nearly the same process if you want to encrypt a whole partition or drive.
• Instead of selecting a file at the beginning you select the drive letter of that partition and follow the same menus as before.
• Mounting it is similar as well, you only click on Select Devices instead of Select File before you click on mount

So, where are the advantages of this method over tools that work like password safes ? The main advantage is that you can not only store passwords in the encrypted container but also files and everything else that you can think off. Just move the files inside and no one can access them unless they can provide the password to this True Crypt container.

As I said earlier True Crypt works with big hard drives and there is no visible loss in speed during read and write operations. The devices work as usual once mounted. You could for instance run your favorite torrent client from that drive saving those torrents on it as well.

Tags: encrypted-drive, hard-drive-encryption, password-safe, safe-disk, true-crypt, true-crypt-how-to


Related posts

• Increase True Crypt AES performance (7)
• Encrypting an USB Drive with True Crypt (11)
• Zoogmo Secure Peer To Peer Backups (3)
• True Crypt 6.1 Released (4)
• True Crypt 6 released (3)
]]> http://www.ghacks.net/2007/03/27/create-a-secure-data-safe-with-true-crypt/feed/ 3 http://www.ghacks.net/2006/10/07/create-a-secure-usb-data-safe/ http://www.ghacks.net/2006/10/07/create-a-secure-usb-data-safe/#comments Sat, 07 Oct 2006 17:13:38 +0000 Martin http://www.ghacks.net/2006/10/07/create-a-secure-usb-data-safe/ I’m going to show you how to create a secure usb data safe that can be used to store sensitive data. Secure means it is encrypted and will only be encrypted if you need the data that is saved on the stick. This method is also working with other removable media such as zip drives and hard disks.

There are some prerequisites that have to be met: You need of course the software that makes all of this possible – True Crypt. You also need a mobile device and administrators privileges on the computer you intend to run true crypt to decrypt the data on the device – which means that this setup won’t work if you intend to use it on e.g. public computers or computers with no administrators privileges.

Once downloaded and installed you select Tools > Traveler Disk Setup from the menu. Browse to the volume that you want to use for this, make sure you select the right one. Don’t change any of the other settings and click on create to make the device ready for traveler mode. Some True-Crypt files are copied to the mobile device and can be run from there whenever you connect the device to the computer.

We are of course not done yet. You need to create the encrypted part of the device that can be used to store data in it. Select Create Volume to create a new encrypted volume. Create a standard true crypt volume is the default option and we use that as well, click next.

Select File in the next screen, navigate to the mobile device, add a filename that you like (test, container or work are possibilities) and click on open.
We have to select an algorithm, or more than one, to encrypt the data on the device, for more information check out the wikipedia entries on the algorithms. Each is secure so use the default ones if you like.

Specify the size of your container in megabytes, this depends of course on the size of the device and what you intend to do with it. If you only want to save passwords you need some megabytes at most, if you want to save word documents, images and music you might need some hundred.

You have to enter a password in the next dialog. Make sure it is a long password. Mine for instance is longer than 35 chars and I’am very proud that I can remember it, hehe. Select something that you can remember but no one is able to find out by looking into your background.

Leave everything else the way it is. Leave everything the way it is in the next screen and click on format. This creates the encrypted container on the drive. The larger the container the longer it takes of course. Took 19 seconds for my 55 megabytes test usb stick. Click ok and cancel on the next screen.

Congratulations, you have created a secure container on that mobile device. If you take a look in windows explorer you see the filename with the file size you specified.

Using this is now pretty simple. Start True Crypt again, remember the files are on the stick and select a drive letter that you want to assign the container to. Choose select file and mark the file that you have created before on the device. Click mount and enter your password. Et Voila, your device is mounted and ready for use.

You can now use all file operations that are normally associated to drives. Copy files, edit files, read from files, everything is there. Once you are done you select unmount and no one will be able to access the files on the device anymore without mounting it first.

Please be advised that it might be possible to find out if someone used true crypt on a computer by examining the registry. Nevertheless you should be pretty safe if for example you are the only user on that computer and just want to make sure your personal data is safely stored.

Tags: encryption, password, true-crypt, usb safe, usb storage


Related posts

• True Crypt 6 released (3)
• True Crypt 5 adds System Partition Encryption (1)
• Securing your Pc with True Crypt (29)
• Increase True Crypt AES performance (7)
• Encrypting an USB Drive with True Crypt (11)
]]> http://www.ghacks.net/2006/10/07/create-a-secure-usb-data-safe/feed/ 1 http://www.ghacks.net/2006/04/18/true-crypt-42-released/ http://www.ghacks.net/2006/04/18/true-crypt-42-released/#comments Tue, 18 Apr 2006 19:39:10 +0000 Martin http://www.ghacks.net/2006/04/18/true-crypt-42-released/ You might know that I´am using True Crypt for some months now to encrypt and decrypt my entire removable hard disk that has 300 Gb capacity. All happens in realtime and I can´t see and witness any slowdowns so far. I´am able to download content to the drive with 14.2 Mbps and its working like every other hard disk. Yesterday a new True Crypt version was released and it has some amazing new features, let us take a look at some of them:

# TrueCrypt volumes can now be created under Linux.
# Ability to create a ‘dynamic’ container whose physical size (actual disk space used) grows as new data is added to it.
# It is now possible to mount a single TrueCrypt volume from multiple operating systems at once

So, most important of course is that it now supports Linux, which is great and if thats what kept you from using it you now have no excuse whatsoever to not try it out.

Take a look at the manufacturers homepage and download the latest version of true crypt here.

Make sure you backup all important files on that drive before using it, it´s always better to stay on the safe side.

Tags: privacy encryption, Security, true-crypt


Related posts

• True Crypt 6 released (3)
• Securing your Pc with True Crypt (29)
• Encrypting an USB Drive with True Crypt (11)
• Encrypt USB Drives (8)
• Data Can Leak From Partially Encrypted Systems (6)

]]> http://www.ghacks.net/2006/04/18/true-crypt-42-released/feed/ 1 http://www.ghacks.net/2005/12/11/securing-your-pc-with-true-crypt/ http://www.ghacks.net/2005/12/11/securing-your-pc-with-true-crypt/#comments Sun, 11 Dec 2005 09:15:18 +0000 Martin http://www.ghacks.net/?p=215 Only a few days ago I wrote a first small article about true crypt and recommended it. Back then I bought a usb 2.0 hard drive with 300 GB capacity and encrypted its entire partition with true crypt. This was done to test the programs functionality but also to see if it would slow down my main computer (athlon 64 3000+, 1 gb ram).

To my great suprise it did not slow down the pc and I decided to expand the encryption to cover all my hard drives. Let me tell you why and how i did this and why you should also be considering this.

Why ?

The first question that comes to my mind and probably yours as well is: Why would someone want to encrypt his hard drives / part of his hard drives ? (note you can also encrypt other storage devices like usb sticks)

There are numerous reasons for this. It can be as profane as to hide your daily dose of naked ladys from your wife, hide personal information from other people who might have access to your pc or encrypt your files on a removable storage device for transportation to prevent that the files can be accessed when the device is stolen.

Now what ?

Now, why encrypt the whole drive(s) and not just a small part of it ?

This is a good questions and I have to answer it to some lengths. Let me first tell you that true crypt is not able to encrypt a operating system and boot from it at the same time. That means either you use a second unencrypted operating system or move all sensible user data to the encrypted partitions.

As I said earlier I only encrypted the removable usb hard drive. All my tools that I´ve been using daily are still on the unencrypted internal drives. Guess what happens when I open Open Office and load a document from the encrypted drive ?

It leaves traces. Last used files are normaly shown, it probably gets cached in windows cache as well. That means, although the file itself is encrypted the possibility exists that it could still be accessed by other means. There are lots of scenarios like this, a browser caches the pages you visit, a media player keeps records of last played files aso.

Wouldn´t it be much securer if those tools are also stored on an encrypted disk ?

The setup:

I decided to do the following. I already have a partition for the operating system. All other partitions would be encrypted. The user data from the operating system would reside on an encrypted disk, as would be the pagefile and all other caching.

As a sidenote, one could also install a clean operating system on that partition and use vmware to install another operating system on encrypted drives. BartPE is another possibility. The operating system would be stored on a read only device.

All my tools reside on the encrypted drives, making it impossible for someone else to access them. (unless one would keep the pc running when leaving..)

How to:

I suppose you already are using your drives. True Crypt will erase all data on a partition if its applied to it. Therefor you should move or backup your files before you start this process.

Download true crypt and install the program. Download the true crypt user manual as well. Then backup / move your files if you have not done so already.

Start True Crypt and select Create Volume. You have the choice to create a standard or a hidden True Crypt Volume. The difference between the two is the following. A hidden volume has a own passphrase and always resides inside a standard volume. If someone forces you to reveal the passphrase you provide the one for the standard volume. Its impossible to say if a hidden volume exists even if the standard volume has been mounted. (True Crypt partitions are always filled with random data and one can´t therefor distinguish.)

Select standard partition now and in the next window you have the option to store the encrypted data in a file or encrypt a whole device. We want to encrypt a complete hard drive, select device and chose your hard drive that you want encrypted.

Encryption Options:

You have to select an encryption algorithm and an Hash Algorithm now. I don´t want to recommend one to you but as of now none has been officially cracked. Some people are discussing their choices on the official true crypt forum, if you are unsure you might want to go there. You can also use wikipedia for more information. (Blowfish information in this example)

Make sure that in the next step the whole hard disk space will be encrypted.

Selecting a password:

You will have to select a password which will be asked every time you want to mount your encrypted drive. Recommendations are that yours should be 20+ chars that consist of a mixture of upper- and lowercase, special chars and numbers. Its hard to remember at first but it will become easier over time. Its suggested that you do not write it down but thats up to you..

Volume Format:

Move the mouse around for 30+ seconds, select a filesystem (ntfs for windows xp recommended), leave cluster size at default und click format afterwards. The whole partition will be formatted and encrypted, all data that is left on the device will be lost forever. Make sure there is none that you still need left.

Mounting:

You have to mount an ecnrypted partition to enable it in windows. Chose Select Device in the main menu of true crypt and pick the encrypted drive. Then click on mount and enter your passphrase. If its correct the drive will appear and you can fill it with data.

The drive letter remains the same as before, so there should not be any problems with broken program links or the like.

Final Words:

Depending on your choices to use an unencrypted operating system, BartPE or VMware you need to make sure that all personal data and caches are stored on the encrypted partition. I strongly suggest you use one of the latter for the best security.

If you encounter errors I suggest you visit the true crypt forum which is well visited and contains lots of valuable topics of users that had problems with the tool.

I for myself decided to give BartPE a go and forget about the idea to have the operating system on the unencrypted partition. This saves a lot of the hassle of moving all cache and personal data locations to ones on the encrypted drive.

[tags]encrypt, blowfish, secure, security, true crypt, hide, serpent, aes, encryption algorithm, twofish[/tags]

Tags: encryption, hard-drives, privacy, Security, true-crypt


Related posts

• Encrypt your Hard Drives (9)
• True Crypt 6 released (3)
• Freenigma Extension to encrypt your mail (1)
• Encrypting an USB Drive with True Crypt (11)
• Encrypt USB Drives (8)

]]> http://www.ghacks.net/2005/12/11/securing-your-pc-with-true-crypt/feed/ 29