Truecrypt on a whole HDD?

Post by **ayu** » 11 Jul 2008, 09:53

I have a 500 GB HDD, how "well" would it work to use truecrypt on all of that space?

Would it be super slow, or nothing that I would notice or what? Reading a 500 GB file, would take some time though xD

Just wondering if maybe there is something in truecrypt that would make it work, was thinking of creating a regular encrypted disc, and then hide one inside of it. And have all my "not officially bought stuff" there ^^

Since the option of hiding one disc in another is not available in Linux yet, I thought that this would be the appropriate board to post in.

Post by **bad_brain** » 11 Jul 2008, 12:21

well, I did no benchmarks, but I noticed no loss of performance...the only thing that needs time is the initial setup/format procedure.
mounting the drive is done in a second, it's not like you have to wait until the whole drive is read and decrypted...

uid0 · Post by **uid0** » 11 Jul 2008, 17:54

As bad_brain said, the creation of the truecrypt volume itself is the only thing that might need some time, it depends on several factors, ram, RPMs of the disk, CPU cicles and such.

Mounting it won't be aproblem, at least not in performance

Saving or reading shouldn't be too much problem, however, it might if the file you're trying to access is "too" big, for instance, imagine that you're trying to access a file that is about 100 GB and all that, being saved or read from the volume, needs to be encrypted/decrypted on the fly by the ram, if that file happens to be a video, then every bit the video player is going to read needs to be decrypted in the ram before its showed, it all depends.

Something you can do to measure the time it will take to create the volume in your system is to start with something little, like a volume of 1 GB or the like, then multiply the amount of time in minutes to create that volume by 500

Post by **ayu** » 18 Jul 2008, 02:43

hmm ok... is it possible to do the following?:

1: Create a regular encrypted partition (500 GB)

2: Hide another encrypted partition inside that one (~498GB?)

3: Use 2 different keyfiles to unlock them both

I figure that this is somehow possible. But what combination of algorithms should I use? what's the strongest one? and what hash algorithm is recommended?

Post by **bad_brain** » 18 Jul 2008, 04:57

sure, that's possible...to create a hidden volume you have to create a regular encrypted one first anyway where the hidden one is placed into...

I use AES-Twofish-Sperpent in combination with Whirlpool, already AES alone is still safe...there have been no PoC yet that it can be cracked.

Post by **ayu** » 18 Jul 2008, 05:01

thanks b_b, gonna try that =)

uid0 · Post by **uid0** » 18 Jul 2008, 05:21

About the hashes...

RIPEMD-160 generates 160 bits while sha-512 and whirlpool generates 512 output so that may left ripemd out of the question, also, I've read (I'm not a cypher expert) that ripemd haven't been tested so much as the others so many thinks that still is early to adopt it for very important purposes.

About sha and whirlpool, don't really know what could be best, afaik, whirlpool is still considered young but who knows ^^

leechy9 · Post by **leechy9** » 30 Jul 2008, 19:13

well, it shouldnt change performance because it isnt decrypting the whole drive, its just decrypting the sectors your pulling off the drive. it should only add a few ms to the access time. but an encrypted drive isnt going to do much because its still only one algorithm. so it doesnt really matter whether you do the whole drive or not.

i also suggest you use blowfish 32 rounds for the whole drive, but the internal cylinder that is going to be double encrypted can be a 12 stack mutating algorithm. because you have a double encryption on the cylinder, you can have an internal equation that changes the outcome of the decryption to one of the twelve possible ways the equation can be solved. this makes it so that when they think they have decrypted it appears to have only a few files that are not of value to them because they dont seem complete on all of the other equations except for the one that you chose to be the true equation.

then again, it would require a lot of math lol and im not sure if your worried about people getting hold of your drive that much.

and yes i know it seems like a bunch of random stuff i put down lol. but encryption is kinda my thing lol.

leechy9 · Post by **leechy9** » 30 Jul 2008, 19:15

oh ya, just make your own algorithm. thats one way to make sure that programs cant crack it.

G-Brain · Post by **G-Brain** » 01 Aug 2008, 04:25

leechy9 wrote:oh ya, just make your own algorithm. thats one way to make sure that programs cant crack it.

You're going to need one hell of an ego if you think you can do better than experienced cryptographers, or multiple experienced cryptographers.

Having that said, all my data is encrypted with my own algorithm.

leechy9 · Post by **leechy9** » 01 Aug 2008, 06:40

yep lol, i learned how to do all the encryption stuff from my uncle. he makes algorithms when he gets bored lol.

Post by **bad_brain** » 01 Aug 2008, 06:51

well, own algorithms are of course nice, BUT the question is how safe they are in reality....the established once have been tested a lot, simply because they are widely used. so I trust those ones more, AES for example is still not crackable...just as an example: AES-256 has about equal possible combinations than the amount of atoms in the universe.
Moore's Law says the power of computers double every 18 months, following this law it would mean in 192 years the time has come where cracking AES-256 is possible*...

*source: George Ou's blog, ZDNet

G-Brain · Post by **G-Brain** » 01 Aug 2008, 06:59

George Ou?

Post by **bad_brain** » 01 Aug 2008, 07:07

he's not blogging anymore, but it's still worth to browse:
http://blogs.zdnet.com/Ou/

G-Brain · Post by **G-Brain** » 01 Aug 2008, 07:31

I know. I was going for the Ou/who resemblance in pronunciation.