U.S. Constitution – Amendment 4
Amendment 4 – Search and Seizure
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
“Let them track my phones whereabouts, I have nothing to hide”.
“Let them read my email I have nothing to hide”
“Let them search my car I have nothing to hide”
“Let them search my house, kill my dog and scare the hell out of my kids, I have nothing to hide”
Does this irritate you? Do you get angry when a person you are talking to ignorantly blurts out “I have nothing to hide” and chuckles nervously? Well my friends you have met a freedom freeloader. Someone who relies on everyone else to protect their freedom and or someone who won’t lift a finger to preserve freedom they enjoy living under.
Today we are going to cover “whole disk encryption”. Truecrypt makes an awesome product that is free and will encrypt a file, group of files or a complete hard drive. The advantage of encrypting an entire hard drive is this. Most modern operating systems leak data to the hard drive when in use. Every time you do something on a computer that leaked data gets smeared all over the entire hard drive, you cannot stop it. Also the OS itself keeps track of everything you do. Not to mention every program you use keeps track of what you do. Needless to say your tracks are scattered all over the drive. If you encrypt the whole drive and shut the computer off then no one can examine the drive for the “leaked data”. Unless they force you to give them the key in which case TC has a system hidden inside a system of encryption that will be lesson two and we are not covering that in this phase. England has made it illegal to encrypt your drive and not turn over the key. Glad I don’t live there.
Before I go on I want to discuss passphrases. What’s a passphrase? A passphrase is a longer password. Let’s take a look at two passphrases and you tell me which is more secure.
1.) $f(8HnK!?/>.[]L{}&^FGJdxced$^$3*
2.) $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D0g!
It’s a trick question right? Nope! The longer is exponentially more difficult to brute force crack. Which one is easier to remember? This technique is called “hay stacking a needle” In this case the needle is your passphrase. Test your passphrase strength here. (https://www.grc.com/haystack.htm) Here is the time it would take a government computer array to crack both passphrases.
1.) Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)6.22 thousand trillion trillion trillion centuries ( 1.96 x 1063)
2.) Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)5.07 hundred billion trillion trillion trillion centuries (1.59 x 1071)
So if you are like me and don’t want anyone reading your computer because its none of their business and you like being secure in your papers and possessions then whole disk encryption is the answer.
Steps to take to whole disk encrypt…
1.) Download truecrypt (http://www.truecrypt.org/downloads) (Linux, Windows, Mac)
2.) Install TC (make sure you back up your stuff first just in case)
3.) Get a burnable cdrom ready because TC will ask you to burn an emergency ISO to it for drive recovery in case something happens and the drive wont boot. Do not worry the password is still needed to decrypt the drive even with the bootable cdrom.
4.) Open TC and go to “system” “encrypt system/partition drive”
5.) Encrypt windows system partition (if you have windows)
6.) Single boot (if you only have one operating system)
7.) Options –> AES / RIPEMD-160
8.) Hay stacked passphrase at least 30 characters long, simple but long is much better than short and difficult to remember
9.) Collecting data wiggle mouse around to create pool content
10.) Keys generated…next
11.) Rescue cdrom creation insert disk and burn then verify
12.) Burn disk
13.) Verify disk
14.) Wipe mode (none)
15.) Test
16.) Test complete (I think it asks to reboot either here or after this step)
17.) Encrypt drive (I think it asks to reboot either here or before this step)
18.) Done after a few hours
Mr. Gibson is very knowledgeable of hard disk systems, their functions, and recovery. An excellent hard disk drive forensics resource.
MCF
Delta,
Thanks for the post. Not sure if you use Linux at all but a lot of the Linux distros come with heavy encryption preloaded as an option. Would be worth the switch for most users.
Read this…..
“While it is true that many Linux distributions provide the ability to setup system encryption, they “fake it” by using a set of scripts and kernel modules that are loaded using an initrd on an unencrypted partition. This works well because most Linux distros already utilize an initrd, and by simply including routines to mount an encrypted partition instead of a normal ext3 partition, they can keep root encrypted.
However, many Linux users have been asking for the ability to encrypt the entire system following a similar model to Truecrypt for Windows, which leaves only a small bootloader unencrypted at the start of the disk. This is now possible with extensions to the next generation GRUB2 bootloader, which has been patched to support not only AES, Twofish, Serpent and CAST5 encryption, but a number of hashing routines such as SHA1, SHA256, SHA512, and RIPEMD160. There is also support for the LUKS on-disk encryption format.
Note that there will still be an unencrypted bootloader, and an attacker could compromise it just like they could have compromised the unencrypted kernel on the /boot partition. To be clear, this does not in any way make your system less vulnerable to offline attack, if an attacker were to replace your bootloader with their own, or redirect the boot process to boot their own code, your system can still be compromised.”
Also I forgot to add that TrueCrypt works on Linux as well as windows. Most users could not use Linux. Most users can barely use windows.
TrueCrypt may have changed but I know a few years ago it had problems with drives that had multiple partitions, 4 or more, don’t remember exactly. (Never used it, but Open Source is good, even if it has a nonstandard license!) Having the boot loader Encrypted or compromised won’t however allow you to exploit specific mount point partitions like /home or root if I setup that way. Only the /boot would be left open which would only have my specific boot instructions if I even changed them. If you do not have the password just as with the preboot authentication setup that partition will not be mountable from a Linux environment or if plugged into a Windows environment and attempted from a virtual machine. Not a certified expert in this but I know I have experimented a lot on my own networks and machines and that was the case. However if you want preboot authentication you can use LUKS, also since you are clearly schooled on these topics, Blowfish which is built into the Linux Kernel since around late 2.5 still is yet to have a successful cryptanalysis…
I agree with Linux being tough, but being prepared means training, Linux is a great solution for computer needs in most cases. Since TrueCrypt is available on both formats though this tutorial will help a lot of folks.
Great article Delta-01! I’ve been a happy user TrueCrypt’s whole drive encryption for many years. 100% reliable! We needed it to fulfill HIPAA requirements for one of our home-based businesses. It is so fast and reliable we use it on all our business computers. Started off years ago with commercial products, but TrueCrypt is better/safer/cheaper. To all users: do check out the documentation to see all the security options TrueCrypt offers!
Excellent article. Friend and I have been modifying a couple of CF-29 toughbooks as computers for when the end comes. Been working on a SD card data storage solution for documentation and manuals, tying it in with Truecrypt would be an ideal layer of protection for those cards when not in use.