Wipe Blanks, Pretest, And Encryption
This feature probably seems like overkill, but if you don’t want any traces to remain on a hard drive and only work with the encrypted data, it is important. The procedure effectively removes existing file fragments that may still be on a hard drive from previous system installations. Select 3-pass, 7-pass, or a solid 35-pass wiping of unused areas and these will systematically be overwritten.
Before actually encrypting your system, TrueCrypt verifies that the system boots correctly using the boot loader, not yet using encryption nor the password.
Once restarted, the actual encryption process may begin.
Our test system, a Dell Latitude D610, was equipped with a 45 nm Core 2 Duo Penryn T9500 processor (2.6 GHz) and a brand new Western Digital WD5000BEVT 500 GB Scorpio drive, one of the fastest mainstream drives available today. The entire encryption process using AES took eight hours, during which we could keep using the system (though we did not do much). The process takes place in the background and only consumes CPU resources during system idle times. This obviously means that working with the system intensively results in a longer encryption period.
Hardcore security is hardcore. Very good article. Thanks for the info.
Nice software. Been using it for close to 3 years. No glitches. The only complain/annoyance was when upgrading from 5.x to 6.x for security reasons i needed to re encrypt encrypted external usb drives.
Despite working with it every day, and being in charge of a fair amount of systems, I've never truely appreaciated security measures. Sure I use passwords and the like, but I just don't really trust the security features. Probably so because I don't understand them.
No matter how many of these here articles I read, I'll always be afraid to lock myself out of my data, or somehow lose the keys or whatever is needed. More security means higher risk of accidental loss. And I don't know enough about encryption to feel secure in a secured enviroment.
So I prefer my outlook pst file being a plain text file on a network drive secured with just ntfs restrictions. I know the file would be readable if someone'd steal the nas system or get my windows password, but that's just too unlikely to bother me.
In short - probably a good piece of tech, but if more people are like me, they'd be too scared to even try it.
Edit: Ofcourse a man in the middle attack, and other similar stuff, would also increase the risk of someone getting my sensitive data, but since they'll have to know a fair bit about the data to truely gain from it, that doesn't much bother me either.
Thanks for the review, I've been very interested in switching to an encrypted system drive.
I'm still curious if you could go into more detail about where the bottlenecks are; eg: how fast does the CPU have to be to bottleneck the HardDrive.
I find having truecrypt AES enabled limits throughput to 80MB/s on my E6600, 4x750GB RAID5 on 3ware vs 160MB/s unencrypted.
I'd like to see more tests across different hardware configs to see what the crossover points are. When does CPU speed limit HD speed? Would upgrading to WD-RE3 drives and an i7-920 improve performance (well, obviously yes, but how much?)
And when would the RE3's be bottlenecked by the CPU?
The same applies to the mobile platform, does a faster CPU help? or is it still IO limited?
I've been using Truecrypt for about 2 years now: system encryption as described in this article (pasword at bootup), and my whole data drive encrypted with a password and keyfile.
I chose to work with such (hardcore) security measures because our privacy gets more and more threatened in these modern technology days. I like the privacy protection it offers a lot.
But this is not for everyone. You really have to know what you're doing:
- Forget your pasword: you're doomed.
- Find out your rescuedisk doesn't work in case of disk corruption: you're doomed.
- Loose a keyfile: you're doomed.
- Don't have a header backup, and header gets corrupted (got that once): you're doomed.
You need the rescue iso, headers and keyfiles securily backupped TWICE to prevent data loss, at all cost. It's something you have to take very seriously, or face the possible consequences of loosing all your data forever.
Now that last post just scares me! makes me know exactly why I'm not thrilled with the whole security issue.
I still dreadd the day I forget the master password for the offsite backup (can't be reset)
Yes those issues would stop a normal user from using the software IF the knew about them. From my experience most of the standard users down even read the quick start guides and then mumble that their new toy is crap. So I don't see this being widely used by normal users.
Now that last post just scares me! makes me know exactly why I'm not thrilled with the whole security issue.I still dreadd the day I forget the master password for the offsite backup (can't be reset)
Don't be too scared. Reading the info at trucrypt.org helps a lot. Invest a little time and you're safe. You just have to know how the system works, what you need to backup, and what to do when a failure occurs.
I just wanted to warn the average Joe of implementing encryption, without knowing the consequences.
I use Vista bitlocker (Business/Ultimate). With a TPM module it is pretty transparent function. Without a TPM you have to have an USB key (or type in a 48 digit code). It mainly works to keep your data private if your laptop is stolen. Of course business/ultimate costs real $$ if you do not have it already and this looks like a nice free solution.
I've been using Truecrypt for about 2 years now: system encryption as described in this article (pasword at bootup), and my whole data drive encrypted with a password and keyfile.I chose to work with such (hardcore) security measures because our privacy gets more and more threatened in these modern technology days. I like the privacy protection it offers a lot. But this is not for everyone. You really have to know what you're doing:- Forget your pasword: you're doomed.- Find out your rescuedisk doesn't work in case of disk corruption: you're doomed.- Loose a keyfile: you're doomed.- Don't have a header backup, and header gets corrupted (got that once): you're doomed.You need the rescue iso, headers and keyfiles securily backupped TWICE to prevent data loss, at all cost. It's something you have to take very seriously, or face the possible consequences of loosing all your data forever.
+1. I too have been using TruCrypt for a few years and very impressed with it.
I have just one question. What if vista (not the boot loader of truecrypt) crashes and nothing works, like system restore, and i am left with doing a complete repair reinstall of vista OS. Will that be possible?? I just have a gut feeling that Vista dvd wont recognize truecrypt layer.
I found 1 flaw in your article(may not be the only flaw).
"Password Limitations
...there is only one master password for the entire system...(wrong)... This means that it is not possible to create multiple, differently-encrypted system installations that are based on different Passwords...."
You can have as many passwords to as many OS's as you want.
it's at the beginning pages of the setup.
it is actually recommended for the extreme paranoid.(plausible deniability)where if you are captured and asked for the password give them an OS that you use often but not the one the has the sensitive info on.
to abhinav_mall
the answer is yes.
I note at installation the article says you have to pick single or multi-boot, what happens if you want to add a new o/s later and become multi-boot from single boot?
Would also be nice to see a comparison of this versus bitlocker for windows users.
lets say you lose your password or something along those lines. Can you reformat the drive?
Im curious because I have a few of external drives as an IT professoinal, what options do I have to regain access to them?
lets say you lose your password or something along those lines. Can you reformat the drive? Im curious because I have a few of external drives as an IT professoinal, what options do I have to regain access to them?
You can always reformat a drive. I don't see the problem there.
If you don't have the password for an Truecrypt encrypted system or drive, there's no way you can ever access the data on it again.
One exception: in some cases it might be possible to retrieve the cached password from RAM. This method has shown to work in an ideal lab situation. I don't see this happen in real life tho, because data in RAM is lost in about 30 seconds average, after shutdown.
I have just one question. What if vista (not the boot loader of truecrypt) crashes and nothing works, like system restore, and i am left with doing a complete repair reinstall of vista OS. Will that be possible?? I just have a gut feeling that Vista dvd wont recognize truecrypt layer.
1. You can boot from the Truecrypt rescuedisk, decrypt your system, do some Vista repair magic, then encrypt again (yup, lengthy)
2. You can reïnstall Vista from scratch (of course, it won't recognize any data on the drive, because it's all encrypted)
3. You can mount the encrypted system drive from another OS, let's say Ubuntu, and access data on it if you need it prior to reïnstalling Vista.
I note at installation the article says you have to pick single or multi-boot, what happens if you want to add a new o/s later and become multi-boot from single boot?Would also be nice to see a comparison of this versus bitlocker for windows users.
Decrypt, install second OS, encrypt. I do suggest you read about dualbooting with Truecrypt on the Truecrypt forum. There are several options (and not always easy to understand).
A tip for people wanting to experiment with Truecrypt: do it within a Virtual Machine with software like VMWare. Very good for learning, and you can screw up without consequences. Especially useful when experimenting with dualboot configs.