Basic truecrypt guide

uid0 · Post by **uid0** » 05 Jan 2009, 21:02

So, this is a guide about truecrypt some time ago (not that long though) and felt it will be good to have it here, however, if isn't the case, feel free to move it, delete it or flame it xD

Contents

1. Introduction
2. What's Truecrypt and what are its advantages
3. Things to know before to try
4. Using truecrypt
5. Common Problems
6. Conclusion

Introduction

This is just a little guide about using truecrypt, yeah, I know, there are a lot of guides about truecrypt so why create another one?

Well, for one, the fact that there are others doesn't mean that they're good

Second, every guide (about any topic) is made with creator perceptions about content and knowledge, which mean that is possible that the way a guide is written isn't that understandable to others so another way to describe the same content might be appreciated.

Third, many of the guides about truecrypt in particular are GUI oriented, this is not.

This guide isn't perfect, isn't the greatest, but I'll do my best to cover the things that create more confusion about the tool, also, will be (or try to) easy to follow for those who are using the tool for the first time and those who already know the tool.

For convenience, I will be using several concepts to define different things, by "virtual volumes" I'll be meaning every group of clusters (random space in a hardrive or a hardrive partition), by "real volumes" I'll be meaning hardrives or partitions and by "removable volumes" I'll be referring to every removable device (like usb hardrives).

What's Truecrypt and what are its advantages

Truecrypt its an opensource tool build with privacy on mind. Its also referred as hard-disk encryption software, as of today, portable in most of the mayor systems. It works by encrypting the data 'on-the-fly', this means that, if I open a music file that is saved on a encrypted volume, this file will be decrypted in the RAM memory system while the data is asked by the music player, when saving the data, all the encrypting is done in the RAM as well while truecrypt reads the file(s) that are being saved in the volume.

From paranoids to companies, this is the best tool to use when you want to keep your information private for peeking eyes. If you're looking for a solution to keep your things private this tool will be your best friend for sure!

Truecrypt is loved by many because it has many important features and this is a list of them:

Portable: Can be used in several of the mayor operating systems around, Windows, Linux and Mac OSX.

Volume scope: You can encrypt just a portion of disk or disk partition by creating a virtual volume, you can encrypt a partition or hardrive entirely and you can encrypt removable devices.

Several algorithms: At the time of this writing, Truecrypt support three encryption algorithms, AES, Twofish and Serpent.

Cascades: Related with the avobe, one of the best things to enforce security is that you can use two or three algorithms at the same time, this is what is called cascades which are: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent.

Several hashes: Besides algorithms, truecrypt uses hashes to create random values from password and key files, at the time of this writing there are only three hashes available, SHA-1, RIPEMD-160 and Whirlpool.

Passwords and key files: Truecrypt is flexible in the way that you can use only passwords to protect the encrypted volume or you can use passwords and key files. The key files are used as random data that is sourced and implemented while creating the hashes, the great thing is that any kind of file and even entire directories can be used as key file, meaing that you can use a mp3 file or a video avi file as key file.

Interfaces: The tool can be used through a GUI (Graphical User Interface) or from the console which offer wider portability.
Interactive use: For those who are starting to use the tool, this is the best. The interactive mode is used by truecrypt when there are no parameters passed to the initial command, this means that truecrypt will ask the user for every piece of information neede in order to create an encrypted volume thus avoiding errors that can be created by new users.

Two kind of volumes: There are normal volumes and hidden volumes. At the beginning, every volume is a normal one, hidden volumes are created inside of normal volumes as a way to improve the privacy of the data.

Plausible deniability: Related to the previous, this is by far one of the greatest advantage of this tool. Basically, since every truecrypt volume, unless decrypted, is showing as random data, it's almost impossible to know that such truecrypt volume exists, besides that, if the normal volume is expose (someone forces to give the access password), it's impossible to know that there's a hidden volume in it thus the information saved in that hidden volume.

You can deny that there are alot of advantages in the tool, and the best of all, is free

Things to know before to try

When it comes to Linux systems, you need to have specifics kernel support in order "to use" truecrypt volumes, not to create them, just to use them. Also, the specific support you'll need depends on truecrypt's version you're using. Right now you could say there are two mayor versions of the tool being used, the 4x and the 5x, there's also the 6x version which, for now, this guide won't cover since the version was released one month ago and haven' tried to be honest, however, this guide should be useful even for that version, if not, feel free to comment.

Regarding the other two, both have at least one very important difference regarding to linux support, the 4x uses device mapper while the 5x use FUSE (Userspace driver). Also, no matter what version of truecrypt you are using, you need to have the loop device support in the kernel.

So the first thing you'll need to check before start using truecrypt is that you have kernel support (activate them as modules or built-in accordingly to the truecrypt version you use):

Device Drivers --> Multiple devices drivers support (RAID and LVM) --> Device mapper support

File systems --> Filesystem in Userspace support

Device Drivers --> Block Devices --> Loopback device support

Using truecrypt

If you're starting to use this tool you need to understand at least how to encrypt what you need to encrypt, and to this, you need to understand that there are different scopes and kinds of volumes.

Virtual volumes: Lets say you have a linux partition in /dev/sda4 and this partition have 20GB of space. Now, virtual volumes are just a portion that can be reserved from a partition (or a hardrive if don't have any partitions), basically, is just a file with a fixed lenght that you create on a partition or hardrive. In /dev/sda4 a virtual volume could be one single file called private and be about 5GB of space, in turns, you have /dev/sda4 as a partition of 20GB with a file of 5GB. I call them virtual volumes because every truecrypt volume needs to be mounted and worked as if it was a single disk, so, even when it's actually just a file, it needs to be treated as if it was a real disk on your system.

Real volumes: Remember, as I said in the introduction, I'm using this terms as convenience so you can easily understand the way it all works, in the case of real volumes, I mean every partition or entire hardrive that's going to be encrypted. For instance, lets take the avobe example, you have a partition called /dev/sda4 and is about 20GB of space; You can encrypt the partition entirely, not just create a file on it, in the same way, if you have only one disk with no partitions at all, you can encrypt it completely. Those can be real volumes.

Removable volumes: This are just any kind of removable device where you can save data, like USB Hardrive, flashdrives and such.

Every truecrypt volume needs a path (like /media/sda4/private) which is going to be mapped then to a device in /dev, if it's a virtual volume, it will be mapped to /dev/mapper/truecryptN, this path is where the truecrypt volume is and is importand (demanded) to indicate it in order to create the volume. To use the volume, besides a known path, is need a mount point (like /mnt/something or /media/data), this is only used once the truecrypt volume have been created and mapped to device in /dev, this mount point is where you actually are going to save or access the data that is in the truecrypt volume, no worries if you don't catch this yet, you'll understand it later

As I said before, this guide is about using truecrypt from the console in Linux systems, for a guide about the use with the graphical interface please refer to the Official user's guide:

http://www.truecrypt.org/docs/tutorial.php

From the command line, truecrypt has many parameters that can be used to create your volumes, I won't cover every possible use of those parameters so you can check all the options avialable issuing the command: