Practical whole disk encryption, or, how to frustrate data forensics.

When you get right down to it, the best way for an attacker to get hold of your data is to shut the box down, pull the drive, and rip a sector-by-sector image to analyze offsite. It might not be quick (depending on the speed of the hard drive, speed of the storage drive, and a number of other factors) but if you're not there when it's done you might not know that it ever happened. However, if you encrypt data at the level of the drive, they can copy the drive all they want but they won't be able …

Read more...

FIXED - Truecrypt v6.0a released.

I'm well over a week late with this post, but better late than never. The Truecrypt Foundation announced on 8 July 2008 that v6.0a of Truecrypt, the cross-platform disk encryption package was released to the Net, along with its source code. Judging by the changelogs, it stands head and shoulders above the last releases (v5.1 and v5.1a) in several important respects. First and foremost, the new release takes full advantage of systems that have more than one CPU in them (like many laptops these days), so if you're using whole disk encryption storage I/O will be …

Read more...

Boot loaders and securing dual-booting portable systems.

UPDATE - 20170327 - Truecrypt was disconnected in 2014.ev when Microsoft stopped supporting Windows XP.  DO NOT USE IT.  This blog post must be considered historical in nature.

If you've been following the news media for the past year or so, stores have been cropping up with frightening regularity about travelers who are detained at the border while customs agents demand the login credentials for their notebook computers so that they can be examined for gods-know-what kind of information. From time to time, the hard drives of computers are actually imaged for later analysis. As if that weren't enough, the United …

Read more...

Shell script: truecrypt-1.0.sh

To scratch a frequently encountered itch, namely mounting and unmounting Truecrypt volumes on USB keys and external drives on a number of systems in a day, I wrote a shell script that automates the command line arguments that I use most often as well as making it simpler to assume root privileges to do so. The script is designed to be kept on the key along with the encrypted datastore, though it could also be placed on each system in a publically accessible location (such as /usr/local/bin)

The script assumes that it'll be run on a UNIX (-alike …

Read more...