Thursday, January 22, 2009

TrueCrypt - virtual encrypted disk

TrueCrypt looks and sounds complicated, but actually it's pretty easy to use. It is not only a file or data encryption, but provides file system encryption, which makes it usable on a daily basis. I never had the patient and discipline to maintain encryption files, but now most of my secrets are encrypted on a constant basis.

All the default options will give you safe and secure encryption - you create a fixed size file that becomes a virtual disk with a drive letter (on Windows), protected by a password. When the file is mounted, you can see an additional disk drive that you can access like any others. When the file is dismounted, via TrueCrypt or by pulling the plug, the file remains an encrypted file with no known backdoors. You can exit the TrueCrypt user interface anytime while the encryption engines run in the background.

There are some actions that you may want to perform. One is under [tools], [refresh drive letters]. For some reasons, after you mount or dismount, the drive letters are not always updated. The other action is under [volumes] , [store volumes as favorite] and [mount favorite volumes]. I also put TrueCrypt into my start menu, and set it's preference to Mount favorite volume when started. So basically whenever I login to or boot up windows, I also have to login to my most used virtual disk.

The most useful feature I use is to encrypt all my surfing activities by encrypting my Firefox profile. I worked in competitive or secretive companies before. When someone quit or being fired, they may be escorted immediately by security guards out of the door. You don't even have time to erase your private bookmarks or caches. This is more real than being raid by the FBI, NSA, or US Secret Service. Smashing the harddrive is too late and hardly effective. With TrueCrypt you just need to pull the plug, or dismout gracefully when you have time.

To bring up the FireFox profile manger, edit the properties of any FireFox shortcut, find the target in the form of
"C:\Program Files\Mozilla Firefox\firefox.exe"
and add the option
"C:\Program Files\Mozilla Firefox\firefox.exe" -profilemanager

Create a TrueCrypt drive and mount it as say z. When you create a new profile, you can pick your own profile directory to be in the z drive. The default profile directory is where your current profile is at, so you can find it and copy it over if you need to.

If you have multiple profiles, you can edit any FF shortcut to go straight into that profile:
"C:\Program Files\Mozilla Firefox\firefox.exe" -P profileName

The other useful FF option is -no-remote, so different profiles can be used at the same time.

FireFox stores everything in the profiles, history, bookmark, encrypted passwords and cache etc. So when the profile drive is not mounted, all your data are encrypted, and FF can't even run. Most add-ons also store data in the profile directory. But if you are using some extensions that handle secret or private data, you have to check.

If you use encrypted virtual drive continuously, as in using it as for FF profile, you have to avoid automatic force dismount under some circumstances. If your drive is force dismounted while in use by some application such as FF, the drive letter is not available anymore, and you have to reboot to clear it up. For security reason, drives are dismounted after certain time by default, when the screen saver is on, or other power management features.

In the pass, I had major inconveniences during upgrade of OS, either by choice or by force due to hardware replacement. I am wary of compression and backup utilities that uses proprietary formats. TrueCrypt is open source, use standard encryption, and I stord a copy of the software just in case.

TrueCrypt is safer and more secure in many ways. There is no decrypted copy at anytime, so you don't have to worry about magnetic traces on the physical devices. You can pull the plug anytime once you finished updating something - they were encrypted on the fly.

Will you lost the whole file or whole virtual disk due to hard disk corruption? Firstly, disk/file corruption doesn't happen anymore nowadays. Secondly, I don't think you will lost any more data than what you lost if the file is not encrypted. The encryption unit will be file sectors. There are redundancy to ensure that the volume can still be accessed when error occurs.

DVD's and CD's are more tricky. There are redundancy in DVD's to ensure that data can still be recovered when there are errors, comparable to hard disks. But you don't touch or smash hard drives. I would test DVD's for recoverable errors yearly or once several years. Most DVD burning utility comes with test scans. If these error occurs, it's time to make a new error free DVD. Again I don't think you will lost more data than if the disks are not encrypted. But since the encrypted file sizes are larger, you are a tiny little bit more exposed to disk corruption.

2 comments:

Anonymous said...

Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!

The Player said...

Thank you. But it depends on what I'm coming across in my house.