1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TrueCrypt / general encryption questions

Discussion in 'Windows XP' started by Sphinx, Apr 2, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Sphinx

    Sphinx Thread Starter

    Joined:
    Aug 5, 2003
    Messages:
    606
    Ok so I just looked into encryption and I have a few questions.

    I downloaded truecrypt and created a file-hosted container and mounted it in truecrypt.

    1) What exactly is "mounted" and "unmounted" mean? I mean I know I can't move files into the drive unless its mounted, but is there something wrong with having it mounted all the time. Is there a time when its supposed to unmounted?

    2) I am considering encryption the entire windows xp including boot partition. Is this a good idea or is there a significant decrease in performance. Speed is a concern for me. Also, will this make it difficult for me to install ubuntu later on using dual boot (grub loader)?


    Here is my current setup:
    160GB 7200rpm hard drive 8mb buffer

    Current Partitions:
    C:\ (100GB, NTFS, windows xp pro)
    D:\ (60GB, NTFS, data storage)
    K:\ (4GB, file-hosted container, with container being in the C:\ drive) (this 4GB is part of the 100GB of C)


    3) So, if making the whole windows xp encrypted is too much of a hit on performance, i'd rather just take the 60GB of D:\ and make that an encrypted volume. Although I'd like to shrink it to say 25gb, and have the rest for an ubuntu install. If I do that, will ubuntu be able to read that encrypted 25gb partition?

    So, to recap-
    - What is mounting/unmounting really do - do I need to unmount ever?
    - What will I be sacrificing performance-wise if I made the entire XP partition encrypted
    - If I did the complete XP encryption, will this affect my ability to install grub boot loader when I want to install ubuntu later?
    - If I use 25GB of the D: to make an encrypted volume, will this volume be readable/writable by ubuntu if I installed ubuntu (i'd reallocate D: into multiple partitions, one being 25gb for the encrypted volume, the rest being a separate partition for root and one for swap).




    one last question -
    I'd also like to shrink C: to about 80gb (from 100gb), and use the extra 20 towards D, but when I did this on another computer using gparted (off a live CD), the system wouldn't boot - I got "error loading operating system" and neither fixmbr nor fixboot off the winxp recovery cd solved this.



    My Computer specs:
    P4 3.0ghz w/ HT on
    160gb WD hard drive 7200rpm 8mb buffer (IDE)
    2x512MB (1gb) Kingston Valueram DDR400
    ATI Radeon 9550 Video Card
    Creative Labs 5.1! Sound Card
    Geniatech X8000A HDTV Tuner Card
    antec 350W trupower supply
     
  2. fairnooks

    fairnooks Banned

    Joined:
    Oct 1, 2007
    Messages:
    5,251
    Mounted is kind of like having a DVD in the optic drive--its loaded, unencrypted and useable. Unmounted is just the opposite, encrypted and unavailable--data safe mode. You will always at the very least mount after start up (if you want access to the data) and then unmount (wether you proactively do it or not) on shutdown. Remember that if you leave a volume mounted and walk away from the system, that data is vulnerable.

    Ubuntu will not have any access to any TrueCrypt protected volume and if you encrypt an entire Windows OS partition you have to go through what is called pre-boot authentication and I'm not sure how that affects dual booting. I would guess you can still choose.

    Not sure about speed and performance on an entire OS-containing partition but smaller data volumes don't seem to suffer from performance issues.

    Gparted is a very powerful tool and so far I haven't messed up any of my partitions beyond repair but I ALWAYS cross my fingers on first boot afterwards. That's just part of the game with Gparted.
     
  3. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    One suggestion on using any encryption program, Make sure you have a backup of any and all files backed up separate from the encrypted file and make sure they are not encrypted. This will make sure that you have the files safe and secure incase of any problems with the encryption process especially if you have to do a repair-install and you lose the rights to access the encrypted files, you will then have a backup you can access.
     
  4. fairnooks

    fairnooks Banned

    Joined:
    Oct 1, 2007
    Messages:
    5,251
    I agree with ozrom1e wholeheartedly. Unfortunately this also defeats the purpose of encryption because I would just go after the backup if so inclined. That's why there should be a real "company or national security" type of need for encryption and special consideration for reliable but still secure backups.
     
  5. Wanderer2

    Wanderer2

    Joined:
    Jan 28, 2008
    Messages:
    1,428
    Long time ago I supported a product called Disklock when I was with Symantec. It was a folder/drive encryption software. A simple crash and chkdsk correction could destroy access.

    Sphinx this is an excellent plan to lose access to all of your data with no recovery. Though the govt could still get it back.

    Point here is only do folders not the OS. Additionally I would ask you to review the reasons why you want to use encryption when you weigh it with the possibiltiy of catistrophic loss.
     
  6. Sphinx

    Sphinx Thread Starter

    Joined:
    Aug 5, 2003
    Messages:
    606
    Thank you everyone for the advice. I am a little confused though - this encryption thing just seems so inconvenient - if the drive is 'mounted' it is complete accessable and unencrypted? I mean, whats the point of dismount on shutdown - it doesnt really matter when the computers off because no one can access it anyway - unless i guess they physical stole my computer.

    Basically I don't see what its actually doing if I have important data that I have to use often (thus I have to have the encrypted DATA partition frequently mounted, but if its mounted its basically not encrypted, huh?)
     
  7. fairnooks

    fairnooks Banned

    Joined:
    Oct 1, 2007
    Messages:
    5,251
    Exactly, otherwise there would be a wide open method for accessing your encrypted data would there not, and by deduction, no point in encryption in the first place. Encryption isn't designed to be convenient, its designed to be secure. In fact most methods of security almost always make a process more inconvenient.
     
  8. Wanderer2

    Wanderer2

    Joined:
    Jan 28, 2008
    Messages:
    1,428
    which again brings us back to the question of why use encryption.

    from what you describe ntfs rights and no one else as admin on your computer would be enough to secure your data.

    you should also ask yourself what you would think and feel if that encrypted volume did not mount....
     
  9. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,582
    First Name:
    Terry
    The data on a TrueCrypt volume is always encrypted; but, as stated by others, when it is mounted the data is quickly unencrypted by TrueCrypt so it is easily available. If somebody gets access to your computer while the volume is mounted, yes the data is available.

    But if the volume is not mounted, whether the computer is on or off or whatever the data is not available (without the password). If you have sensitive data and your computer is stolen or lost you will be happy if that data was encrypted by TrueCrypt or something similar.
     
  10. Sphinx

    Sphinx Thread Starter

    Joined:
    Aug 5, 2003
    Messages:
    606
    I have a laptop that can be dual booted (windows xp and ubuntu 7.10).

    Is it a bad idea to have my windows xp partition moutned in ubuntu (/dev/sda1). Should I always unmount it after I am done transfering files from or to it (using umount command).

    I would also like to know if this is possible...

    Create a 25GB partition and encrypt it with truecrypt. Format using FAT32. Will I then be able to read/write data to it from both Windows XP and Ubuntu? For example, in Ubuntu could I mount it with the correct password - or would I need to isntall truecrypt on the ubuntu partition as well?''

    But then again isn't FAT file system not very secure... if I made it NTFS instead will ubuntu be able to deal with it correctly?

    And on a separate note, I was reading the description of FAT vs NTFS, and it said NTFS has encryption - why not just use this instead of dealing with truecrypt?

    Thanks for the help thus far.
     
  11. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,582
    First Name:
    Terry
    I don't know the answers to many of your questions, but you can probably do some quick tests (use a small test TrueCrypt volume).

    If you want to mount a TrueCrypt volume from Ubuntu (or any other OS) you would need to be running the TrueCrypt application for that OS. I don't know if Ubuntu handles NTFS--try it.

    I haven't tried the NTFS encryption, so can't answer anything along those lines.

    For my personal use I use TrueCrypt volumes very little--only for data I don't want falling into the wrong hands. I don't worry about my desktop (at home, pretty safe neighborhood). Whenever I am traveling with a laptop any private data is in a TrueCrypt volume, either on the hard drive or on a flash drive.

    You apparently have larger security needs. There are ways to encrypt an entire hard drive, but I don't know if TrueCrypt can be used for this. Such disk locking is built into some Vista versions--Ultimate, and I think Business and Enterprise. The IRS uses SecureDoc (http://www.winmagic.com/ ) to lock the hard drive on Windows XP PCs loaned to tax preparation volunteers. Upon turning the PC on you have to enter a password before even thinking about logging into Windows. Once you enter the correct password you have no further inconvenience. If you forget and lose the password, or the SecureDoc system "locks up," you can kiss every thing on that drive goodbye.
     
  12. Sphinx

    Sphinx Thread Starter

    Joined:
    Aug 5, 2003
    Messages:
    606
    Thanks Terry, I will try your suggestions.

    No I don't really need to encrypt my entire drive. I am new to encryption and just wanted to try some things out. I am not concerned about my desktop being stolen.

    Basically I just want a safe place to store private data. I'd like it to be accessible through both OSs since I use both on and off. I am pretty new to linux so when I went to install Truecrypt there, I got the ".deb: file and used the command:

    sudo dpkg -i truecrypt.deb

    and it did some stuff but I have no idea where to find truecrypt! I'm pretty sure I did it the wrong way, but anyway that is a different story.

    The way I set up my current truecrypt volume is a 4GB volume based on a file that is on the C drive. I have a password and use a keyfile.
    What happens if your keyfile gets deleted - wouldn't you be like.. completely screwed?

    I made the keyfile read-only and hidden, and I guess I should back it up somewhere. Although I am not worreid at the moment since I don't really have any data on the encryption volume.

    I also made the keyfile encrypted by right clicking... properties..advanced..enable NTFS encryption. I'm pretty sure I have no idea how that works but it makes me feel like I am doing something advanced.
    :)
     
  13. DoubleHelix

    DoubleHelix Banned

    Joined:
    Dec 9, 2004
    Messages:
    24,388
    Using NTFS encryption without understanding how it works could result in the loss of your data. I would never recommend it to a home user. Yes, if you lose your TrueCrypt key, you're screwed. The data is not accessible. This is the risk with encryption.

    If your computer isn't at risk of being stolen, I don't see the point in encryption. You could easily find yourself "protected" from your own data.
     
  14. Sphinx

    Sphinx Thread Starter

    Joined:
    Aug 5, 2003
    Messages:
    606
    The only reason i'd like an encrypted volume is since I'm connected to the internet all the time, if someone happened to gain access, they wouldn't be able to gain access to my important data (unless of course I had it mounted at the time).
     
  15. zabusant

    zabusant

    Joined:
    Sep 6, 2007
    Messages:
    2,584
    Well, there's an easier solution to your problems then - just use an external hard drive to store your sensitive info. You can simply unplug it when you're not working and it's much easier and safer than encrypting, don't you think? It's basically the same as "unmounting", but you need no passwords and the chance of data corruption decreases.:)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/699514

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice