Jump to content

Disk Encryption with TrueCrypt and Backups


Recommended Posts

Guest Neil Jones
Posted

Most companies these days are using disk encryption on their laptops. I

am planning to use TrueCrypt for my laptop. The question I have now is

about backups and the system restore procedures.

 

I do my backups to an external disk and am assuming that the complete

system backup is also going to be an encrypted image. My main concern

is about the restore session. If I do have to restore my laptop from

the backup, then how does the disk encryption crypto tools such as

TrueCrypt work?

 

Thank you in advance for any information.

 

NJ

  • Replies 4
  • Created
  • Last Reply
Guest darkassain
Posted

it depends on where you do the backup...

if you do a offline backup (such as a complete disk (sector by

sector)backup then the backup will be encrypted...

if you are doing the backup from within the system then the backup wont

be encrypted as the OS not encrypted

 

here is how trucrypt partitions should be backed-up

http://www.truecrypt.org/docs/?s=how-to-back-up-securely

<span style="color:blue">

> SYSTEM PARTITIONS

> Note: In addition to backing up files, we recommend that you

> also back up your 'TrueCrypt Rescue Disk'

> (http://www.truecrypt.org/docs/rescue-disk.php) (select -System- >

> -Create Rescue Disk-).

> To back up an 'encrypted system partition'

> (http://www.truecrypt.org/docs/system-encryption.php) securely and

> safely, it is recommended to follow these steps:

> <span style="color:green"><span style="color:darkred">

> > > </span></span></span>

- If you have multiple operating systems installed on your<span style="color:blue">

> computer, boot the one that does not require pre-boot

> authentication.

>

> If you do not have multiple operating systems installed

> on your computer, you can boot a WinPE or 'BartPE'

> (http://www.nu2.nu/pebuilder/) CD/DVD (i.e. 'live' Windows entirely

> stored on and booted from a CD/DVD; for more information, search the

> 'TrueCrypt FAQ' (http://www.truecrypt.org/faq.php) for the keyword

> 'BartPE').

>

> If none of the above is possible, connect your system drive as a

> secondary drive to another computer and then boot the operating

> system installed on the computer.

>

> Note: For security reasons, if the operating system that

> you want to back up resides in a 'hidden TrueCrypt volume'

> (http://www.truecrypt.org/docs/hidden-volume.php) (see the section

> 'Hidden Operating System'

> (http://www.truecrypt.org/docs/hidden-operating-system.php)), then

> the operating system that you boot in this step must be either

> another hidden operating system or a "live-CD" operating system (see

> above). For more information, see the subsection 'Security

> Precautions Pertaining to Hidden Volumes'

> (http://www.truecrypt.org/docs/hidden-volume-precautions.php) in the

> chapter 'Plausible Deniability'

> (http://www.truecrypt.org/docs/plausible-deniability.php).</span>

- Create a new non-system TrueCrypt volume using the TrueCrypt<span style="color:blue">

> Volume Creation Wizard (do not enable the -Quick Format- option or

> the -Dynamic- option). It will be your -backup- volume so its size

> should match (or be greater than) the size of the system partition

> that you want to back up.

>

> If the operating system that you want to back up resides in

> a 'hidden TrueCrypt volume'

> (http://www.truecrypt.org/docs/hidden-volume.php) (see the section

> 'Hidden Operating System'

> (http://www.truecrypt.org/docs/hidden-operating-system.php)), the

> -backup- volume must be a hidden TrueCrypt volume as well. Before

> you create the hidden -backup- volume, you must create a new host

> (outer) volume for it without enabling the -Quick Format- option. In

> addition, especially if the -backup- volume is file-hosted, the

> hidden -backup- volume should occupy only a very small portion of

> the container and the outer volume should be almost completely

> filled with files (otherwise, the plausible deniability of the

> hidden volume might be adversely affected).</span>

- Mount the newly created -backup- volume.

- Mount the system partition that you want to back up by following<span style="color:blue">

> these steps:<span style="color:green"><span style="color:darkred">

> > > </span></span></span>

- Click -Select Device- and then select the system partition that<span style="color:blue">

> you want to back up (in case of a 'hidden operating system'

> (http://www.truecrypt.org/docs/hidden-operating-system.php),

> select the partition containing the hidden volume in which the

> operating system is installed).</span>

- Click -OK-.

- Select -System- > -Mount Without Pre-Boot Authentication-.

- Enter your pre-boot authentication password and click -OK-.<span style="color:blue"><span style="color:green"><span style="color:darkred">

> > > </span></span>

> </span>

- Mount the -backup- volume and then copy all files from the<span style="color:blue">

> system partition (mounted as a regular TrueCrypt volume since the

> previous step) directly to the mounted -backup- volume.<span style="color:green"><span style="color:darkred">

> > > </span></span>

> IMPORTANT: If you store the backup volume in any location

> that an adversary can repeatedly access (for example, on a device kept

> in a bank's safe deposit box), you should repeat -all- of the above

> steps (including the step 2) each time you want to back up the volume

> (see below).

> If you follow the above steps, you will help prevent

> adversaries from finding out:

> <span style="color:green"><span style="color:darkred">

> > > > </span></span></span>

- Which sectors of the volumes are changing (because you always<span style="color:blue">

> follow step 2). This is particularly important, for example, if you

> store the backup volume on a device kept in a bank's safe deposit

> box (or in any other location that an adversary can repeatedly

> access) and the volume contains a 'hidden volume'

> (http://www.truecrypt.org/docs/hidden-volume.php) (for more

> information, see the subsection 'Security Precautions Pertaining to

> Hidden Volumes'

> (http://www.truecrypt.org/docs/hidden-volume-precautions.php) in the

> chapter 'Plausible Deniability'

> (http://www.truecrypt.org/docs/plausible-deniability.php)).</span>

- That one of the volumes is a backup of the other.<span style="color:blue"><span style="color:green"><span style="color:darkred">

> > > </span></span>

>

>

> General Notes

>

> If you store the backup volume in any location where an

> adversary can make a copy of the volume, consider encrypting the

> volume with a 'cascade of ciphers'

> (http://www.truecrypt.org/docs/cascades.php). Otherwise, if the volume

> is encrypted only with a single encryption algorithm and the algorithm

> is later broken (for example, due to advances in cryptanalysis), the

> attacker might be able to decrypt his copies of the volume. The

> probability that three distinct encryption algorithms will be broken

> is significantly lower than the probability that only one of them will

> be broken (each of the ciphers in a cascade uses its own key).

> Neil Jones;922202 Wrote:

> Most companies these days are using disk encryption on their laptops. I

> am planning to use TrueCrypt for my laptop. The question I have now is

> about backups and the system restore procedures.

>

> I do my backups to an external disk and am assuming that the complete

> system backup is also going to be an encrypted image. My main concern

> is about the restore session. If I do have to restore my laptop from

> the backup, then how does the disk encryption crypto tools such as

> TrueCrypt work?

>

> Thank you in advance for any information.

>

> NJ</span>

 

 

--

darkassain

Posted

Neil Jones wrote:

<span style="color:blue">

> Most companies these days are using disk encryption on their laptops. I

> am planning to use TrueCrypt for my laptop. The question I have now is

> about backups and the system restore procedures.

>

> I do my backups to an external disk and am assuming that the complete

> system backup is also going to be an encrypted image. My main concern

> is about the restore session. If I do have to restore my laptop from

> the backup, then how does the disk encryption crypto tools such as

> TrueCrypt work?</span>

 

http://www.truecrypt.org/docs/

http://www.truecrypt.org/faq.php

http://forums.truecrypt.org/

 

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ

Posted

I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second

Copy which replicates my C drive to the eGo. I have found this equally

successful when encrypting the whole eGo or just a volume on it. Once the

drive is mounted and the (very strong) password entered, the data on the

encrypted drive behaves exactly the same as if it had not been encrypted.

Incremental backups work fine and I have had occasion to retrieve data after

a hard drive failure. I swap the portable drives weekly, one of them always

being off site in the boot of my car and the other in a different part of my

house except, of course, when I am backing up. These drives are robust and

yet so cheap that they can almost be regarded as consumables, so having one

for each day of the week might be considered.

 

"Neil Jones" <castellan2004-nschap@remove-this.yahoo.com> wrote in message

news:OKh$4dMaJHA.1268@TK2MSFTNGP04.phx.gbl...<span style="color:blue">

> Most companies these days are using disk encryption on their laptops. I

> am planning to use TrueCrypt for my laptop. The question I have now is

> about backups and the system restore procedures.

>

> I do my backups to an external disk and am assuming that the complete

> system backup is also going to be an encrypted image. My main concern

> is about the restore session. If I do have to restore my laptop from

> the backup, then how does the disk encryption crypto tools such as

> TrueCrypt work?

>

> Thank you in advance for any information.

>

> NJ </span>

Guest darkassain
Posted

you have to point out that you have to encrypt both drives....

otherwise the unencrypted will be have the data out in the open...

 

if you encrypt both drives then you are safe as you can right now on

software encryption

 

 

 

Doug;923094 Wrote: <span style="color:blue">

> I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second

> Copy which replicates my C drive to the eGo. I have found this equally

> successful when encrypting the whole eGo or just a volume on it. Once

> the

> drive is mounted and the (very strong) password entered, the data on

> the

> encrypted drive behaves exactly the same as if it had not been

> encrypted.

> Incremental backups work fine and I have had occasion to retrieve data

> after

> a hard drive failure. I swap the portable drives weekly, one of them

> always

> being off site in the boot of my car and the other in a different part

> of my

> house except, of course, when I am backing up. These drives are robust

> and

> yet so cheap that they can almost be regarded as consumables, so having

> one

> for each day of the week might be considered.

>

> "Neil Jones" <castellan2004-nschap@xxxxxx-this.yahoo.com> wrote in

> message

> news:OKh$4dMaJHA.1268@xxxxxx> > > <span style="color:green"><span style="color:darkred">

> > > Most companies these days are using disk encryption on their laptops.</span>

> > I<span style="color:darkred">

> > > am planning to use TrueCrypt for my laptop. The question I have now</span>

> > is<span style="color:darkred">

> > > about backups and the system restore procedures.

> > >

> > > I do my backups to an external disk and am assuming that the complete

> > > system backup is also going to be an encrypted image. My main</span>

> > concern<span style="color:darkred">

> > > is about the restore session. If I do have to restore my laptop from

> > > the backup, then how does the disk encryption crypto tools such as

> > > TrueCrypt work?

> > >

> > > Thank you in advance for any information.

> > >

> > > NJ > ></span></span></span>

 

 

--

darkassain

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...