How To: Encrypt Your Entire Hard Drive The Easy Way Using TrueCrypt

18

Comments

+ Add a Comment
avatar

Cmsgstockton

CMS has a full-disk encrypted hard drive upgrade that makes the process very easily. All you need to do is place the encrypted drive in our enclosure, run the transfer software, setting the drive passphrase, and all programs etc. are moved onto the encrypted hard drive. Once you are done it's just a matter of swapping drives. We describe how to do this in a demonstration here.

avatar

robotcat

Whole-drive multiboot encryption under Truecrypt (as of 6.2 anyway) has some pretty severe limitations.  For me, at least, it insisted that the bootloader OS had to be on a physically separate drive from other OS's.  It's cool that it works under any circumstances, but this keeps it from being useful for me (and I assume for many others).

avatar

PhoneyVirus

TrueCrypt I use this before and found it to be good for Passwords and Game Keys

avatar

routine

TrueCrypt vs BitLocker:

So, how do the two compare in performace, security, easy-of-use, etc? 

avatar

horzo

I'm not nearly paranoid enough to do full disk encryption, but I've been using Windows & Linux TrueCrypt for a couple of years to protect password files and the like. Great little piece of software. I actually gave them a donation.

avatar

savage4naves

at system start up I get a quick message from acronis stating to press the F11 key to start recovery (acronis is pure awesomeness by the way) By encrypting the hard drive will that mess up the recovery from acronis? should I or can I image my hard drive again while running true crypt?

avatar

krj15489

The finger print reader wont protect your data. someone could take out the drive and plug it into another computer and access the data or use a windows password cracked to get in. Drive encryption is the only thing that will really protect you.

avatar

nekollx

andthats why you ask questions :P

avatar

nekollx

i have a biometric fingerprint scanner in my laptop, cant acess my user accout without my fingers.

 

How does that compare to true crypt?

avatar

jcollins

It really depends on the setup, but you have to understand how Windows works.  In general, if you can log into a computer, you can access anything on the computer (even if it isn't under your particular login).  So if they somehow manage to bypass your login, they can still see your data. 

The Fingerprint Scanner takes the place of your login for the most part.  So if they can bypass that (through breaking the hardware, using gummi bears, taking the hard drive out, etc.), they have access to all your data.  TruCrypt and the like protect against those situations.   You have to actually have the password in order to see the data.

 

avatar

nekollx

as the sole administrator of the laptop though isn't is the same thing. if the biometric scanner wont let them log into the admin how can the acess the data short of takingthe drive apart (and id think id notice somoen removing the drive while im working on it :P)

avatar

jcollins

In re. the laptop, the assumption in these things are that the crook's not going to do anything while you are there.  Let's say you leave the laptop in your apartment and go off to the grocery store.  Bam, someone breaks in and grabs everything visible, including your laptop.  Or let's say you took it with you to the store in your car and leave it in the trunk.  You get out and your car is gone.   Both situations, they have your physical laptop.

Once they have the laptop:

Example 1: They take the hard drive out and plug it into another computer running WinXP (not sure on the Vista end, but it is probably something similar).  They tell it to take ownership of all the files on the drive and boom, they've got access to all the files.  There are some things you can do to prevent this (encrypting folders for example).  However, there are various softwares out there that may be able to get past this.

Example 2: A lot of the fingerprint scanners have "issues" where they'll accept scanned images or even totally fake things (gummi bears). 

 

avatar

krj15489

The easiest way to get to the data without taking out the hard drive would be too run a program callled oph crack. it is a windows password cracker and can be booted from a cd. I have tried it out and it does work. But it can be slow depending on how fast the computer is.

http://ophcrack.sourceforge.net/

 

 

avatar

nekollx

but can ir crack a biometric Finger print scanner?

avatar

icsmith

owned

 

avatar

Block_Dude

Just a few words of warning when using Truecrypt:

1. Encrypting the entire system drive will SIGNIFICANTLY decrease hard drive performance, especially if you choose cascade encryption. Think about it, every byte a data written and read needs to be on-the-fly encrypted or decrypted before it can be handled. You may want to consider making a standard container first before choosing full system encryption - otherwise expect to wait 2.5x longer (or more) if you're unraring something.

2.TrueCrypt disables the pagefile by default. This can mean serious havok/memory errors when running popular steam games like CS:S, TF2, and L4D. The reason why it is disbaled is because sensitive data can be written to the pagefile if the entire system is not encrypted.  But I think it will disable it even before you chose to encrypt anything - when you first install the TruCrypt app - so make sure you leave "disbale pagefile" unchecked when installing - if you don't have 4GB of RAM or more, expect to see "direct3d device" errors if the pagefile is disabled and trying to join a server. A good rule of thumb is to keep the pagefile at 1.5x your current RAM - so if you have 2GB, then set the pagfile max file size at 3GB. Sometimes the errors can be cached as well, so use CCleaner to remove old temp files.

3. TrueCrypt modifies the MBR in ways that might cause alarms with some monitoring/security apps. Rootkit detectors like GMER will only be able to see "root-kit like behavior in sector 63" - and this is actually TrueCrypt's bootloader.

avatar

Tagge

Hey just a note Block, TrueCrypt has actually been proven to have 0 performance hit on any PC it's installed on. I can also speak from experience in this matter. Every HDD I own has full disk system encryption installed on it. It doesn't slow down Vista, Windows XP, or Ubuntu Linux. Or on any media drives I have it installed on.

 

"Two things are infinite the universe and human stupidity; and I'm not sure about the the universe."
-Albert Einstein

avatar

Justin.Kerr

Thanks for your observations, to be honest though on my side, I didn't notice much of a hit. In my unoffical benchmarks write performance took about a 5% hit, but read rates remained the same. CPU utalization went up a touch as well during reads/writes, but most of us have several cycles (and cores) to spare these days.

I was actually very impressed how lightweight the package was. As for point 3, that was noted in the several places throughout the article but is definatly important to call out. Thats just poor coding style in my opinion on behalf of the software manufacturers who tie into the MBR.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.