Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrueCrypt help - headers and backup


  • Please log in to reply
10 replies to this topic

#1 dex2

dex2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 26 December 2015 - 04:51 AM

I recently learned about TrueCrypt and have been working on setting it up so that I can protect my personal files. I am using TrueCrypt 7.1a of course, and have a 128GB Flash drive dedicated to my encrypted file container. I have it set up as a self mounting drive with a portable version of TrueCrypt installed. In this way, I am able to plug the flash drive into any computer and mount it by typing in my encryption password. I have this setup and it is working great! 

One aspect of all this that has been a bit confusing to me was the concept of disk headers. I know that it is important to back these up as it would beimpossible to access my media in the scenario of a corrupted disk header. I used TrueCrypt to make a backup of the disk header and have it backed up for safe keeping. I was wondering if it is necessary to backup the disk header periodically (to always have an updated version), or would this one copy suffice? Is the disk header something that changes as the file content of the encrypted container changes, or is it something static that will not change as long as I use the same flash drive with the current setup?

Additionally, I have been making a periodic full backup of my encrypted flash drive, by simply copying the entire encrypted file container over to my computer every few weeks. As it stands, the flash drive is the main file that I am updating constantly, and I have a period backup on my laptop. However, I would prefer to have the main file on my laptop and periodically backup to the flash drive. I was wondering how this would work with regards to the disk header. If I were to maintain a main file on my laptop, and backup the entire file container to the flash drive periodically, would the flash drive still maintain the disk header structure necessary for proper operation? 


I am very new to all this, but I am very eager to learn. If I have done a poor job at explaining my questions, please let me know and I will try to correct this. Your help would be invaluable to me and much appreciated. Thank you.



BC AdBot (Login to Remove)

 


#2 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 26 December 2015 - 09:21 AM

The disk headers that TrueCrypt uses for recovery are static, so there's no need to update them.  :wink:

 

The normal operation for making a copy/backup of a TrueCrypt container is making a new container and after mounting them both you can copy the content of the first into the second. The second doesn't even need to have the same size or have the same name. In that case you'll also need a header backup of the second container.

 

That being said... Just copying the unmounted container (file) seems to work also. Both containers (files) will have the same headers!

The only risk is that if there's a (copy) fault the whole container can be lost. If you use the normal operation and there's a (copy) fault you will loose just one file in that container...

 

Greets!



#3 dex2

dex2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 26 December 2015 - 12:21 PM

The disk headers that TrueCrypt uses for recovery are static, so there's no need to update them.  :wink:

 

The normal operation for making a copy/backup of a TrueCrypt container is making a new container and after mounting them both you can copy the content of the first into the second. The second doesn't even need to have the same size or have the same name. In that case you'll also need a header backup of the second container.

 

That being said... Just copying the unmounted container (file) seems to work also. Both containers (files) will have the same headers!

The only risk is that if there's a (copy) fault the whole container can be lost. If you use the normal operation and there's a (copy) fault you will loose just one file in that container...

 

Greets!

Thank you so much for the help. A few quick followup Q's if you have time :)
 

If I decide to continue making my backup by copying the entire TrueCrypt container (as I have been doing), and there IS a fault in the file copy process, wouldn't windows inform me of an error (at which point I would know to make another copy)? Or not necessarily?

 

Realistically, what are the chances the container could be corrupted during transfer like this? It is dependent on file size? The entire TrueCrypt container is about 100GB. I must say, I have quite enjoyed the simplicity and ease of simply dragging a file container over to make a backup. I would like to make it an easy process (as I am more likely to back up frequently if I make it easy on myself). But I definitely am listening to your concern, I guess I just want to decide if it is really a big risk I am taking.



#4 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 26 December 2015 - 12:51 PM

The chances of something going wrong (without an error message) are indeed very small but not non-existent.

A quick and certain way to check for yourself is by simply mounting (unencrypting) the volume (file) after you have copied it.

If it mounts and you see any files inside, it is safe to assume things are ok.

 

Greets!



#5 dex2

dex2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 27 December 2015 - 04:00 PM

I want to thank you for all the help so far. I have another question I hope I'm not bothering you too much lol...

This link states that there are security risks for backing up TrueCrypt containers via the method I described.

 

Do you believe this is a legitimate concern? Am I safe making periodic backups of my TrueCrypt container on different media?

My hope was to have my main file on my laptop and have GoodSync scheduled to back up the entire container to my NAS once a week. 

Since my NAS is very large at 4TB, space is no concern. Therefore I would have GoodSync retain the 5 most recent version of the file container.

By this method, I would hope to mitigate the risk of a corrupted container causing me the lose everything. But of course this would also mean having multiple versions of the encrypted container available to a would-be data thief.


Edited by dex2, 27 December 2015 - 04:00 PM.


#6 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2015 - 07:18 PM

Interesting link but in my opinion very theoretical...

I think 5 copies will not make a difference, maybe 1000 or more different backups of the same container have a real effect...

 

If you use TrueCrypt with a strong and long password/keyphrase AND one or more keyfiles it is "unbreakable"!

Real life story's confirm this and the way TrueCrypt was shutdown just reinforces that feeling!

Sadly it will not be updated anymore but at the moment I trust TrueCrypt more than VeraCrypt (just my opinion), only time will tell...

 

Greets!



#7 dex2

dex2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 27 December 2015 - 09:06 PM

Interesting link but in my opinion very theoretical...

I think 5 copies will not make a difference, maybe 1000 or more different backups of the same container have a real effect...

 

If you use TrueCrypt with a strong and long password/keyphrase AND one or more keyfiles it is "unbreakable"!

Real life story's confirm this and the way TrueCrypt was shutdown just reinforces that feeling!

Sadly it will not be updated anymore but at the moment I trust TrueCrypt more than VeraCrypt (just my opinion), only time will tell...

 

Greets!

I can see you are very experienced on this topic and I appreciate the detailed info! :)

 

Just to pick at your brain a bit more, what would you consider a long enough password? My current password consists of random characters (letters, numbers, special characters), and quite long. But I wanted your opinion on what is "long enough". Also, I'm not sure what you mean by "one or more keyfiles"? Please excuse my ignorance on this topic, I am willing to do what it takes to make my data more secure!

 

I am glad to have ran into you. We would have to be psychic to know for sure if a specific encryption method has a hidden back door. I think that we must do the best with the information we have, and I do believe that TrueCrypt's story is the most compelling to me of being a safe encryption method. I have been speaking to people on other forums attempting to learn more about encryption, but a lot of people seem to immediately tell me that TrueCrypt is insecure and to migrate to other options. Are there any promising software that is being developed that you would trust to the same extent as TrueCrypt? Perhaps something compatible with FDE support for newer versions of Windows? Additionally, would you trust VeraCrypt if it had an independent audit as TrueCrypt already had?


Edited by dex2, 27 December 2015 - 09:07 PM.


#8 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:36 PM

Posted 27 December 2015 - 09:22 PM

The longer the password, the longer geometically it would take a "black box" to crack it.  Just keep a secret record of such passwords somewhere out of sight, where you can find that list.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#9 dex2

dex2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 27 December 2015 - 10:36 PM

The longer the password, the longer geometically it would take a "black box" to crack it.  Just keep a secret record of such passwords somewhere out of sight, where you can find that list.

Hypotheticals...

 

If I currently have a PW consisting of 16 random characters I memorize, if I change the password to be those 16 characters two times, would this be any less secure than a password consisting of 32 randomly generated characters?



#10 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2015 - 05:07 AM

Read this, it covers the most important things about passwords, length and entropy. It will answer a lot of the questions you have.
 
By using a password and keyfiles with TrueCrypt you achieve the highest possible security.
When you create a new TrueCrypt volume you can add a password and add one or more keyfiles to encrypt it.
Read here about how keyfiles actually work.
 
bqugAb7.png
 
At the moment all real TrueCrypt alternatives are clones or further developments of it...
None has had a serious audit, they look promising but ATM I personally trust TrueCrypt the most.
Since I'm on Linux/Windows7 I have no need for the newer features.
 
Greets!



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 December 2015 - 07:38 AM

I want to thank you for all the help so far. I have another question I hope I'm not bothering you too much lol...

This link states that there are security risks for backing up TrueCrypt containers via the method I described.

 

Do you believe this is a legitimate concern?

 

Depends on who you want to protect your data from. According to you, who is interested in your data?

Because normal criminals will not gain an advantage by having several copies of your TC container.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users