TrueCrypt and image backups
TrueCrypt 5.0 just came out and the big new feature is it lets you encrypt your entire hard drive. The thing I can't figure out is if you are still able to create a backup image of your drive with Acronis /Ghost if you encrypt your drive? I know with some *nix encryption if you create an image with an encrypted drive it can only be done with a sector-by-sector image (a huge image). Anyone know?
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
"The internet is a great way to get on the net." --Bob Dole
"The internet is a great way to get on the net." --Bob Dole
Comments
-
Kasor Member Posts: 934 ■■■■□□□□□□I find no reason to backup the entrie encrpyt HD.
However, you ask a good question. I want to know, too.Kill All Suffer T "o" ReBorn -
JDMurray Admin Posts: 13,089 AdminI don't see anything listed to the contrary in the troubleshooting and incompatibilities section of truecrypt.org. If you can create a backup image of a disk partition encrypted with TrueCrypt 4.3, why would you assume that you might not be able to do the same with TrueCrypt 5.0? The new features list states that it is highly recommended that users of older versions of TrueCrypt upgrade to 5.0. I'm gonna load 5.0 on my Ubuntu laptop right now.
-
mog27 Member Posts: 302On my XP laptop with TC 5.0
I keep getting the following error on a laptop with 2GB RAM:
"error: insignificant memory for encryption"
(After I boot my computer up and it asks me to enter my pass.)
I have seen some others with this issue with no resolution. I wonder if it's a bug. Is this happening to anyone else?"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
"The internet is a great way to get on the net." --Bob Dole -
JDMurray Admin Posts: 13,089 AdminDoes the error occur before or after you enter your volume password? How much free memory is there when the error occurs?
-
mog27 Member Posts: 302JDMurray wrote:Does the error occur before or after you enter your volume password? How much free memory is there when the error occurs?
It's before windows boots. I'm encrypting the entire drive. So it's during the pre boot authentication test. It does a test before it starts encrypting and that is when it complains about memory. It has to be something with TC because I have 2 gigs of ram and I've seen others with the same error. Im just waiting for a resolution/fix."They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
"The internet is a great way to get on the net." --Bob Dole -
JDMurray Admin Posts: 13,089 AdminDid the computer ever boot properly after the entire system drive was encrypted? If not, try booting the computer from a Linux LiveCD and check if the drive is actually encrypted or not. If it is encrypted, and the LiveCD has TrueCrypt installed on it, you should be able to mount the encrypted drive in Traveler Mode.
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□Kasor wrote:I find no reason to backup the entrie encrpyt HD.
However, you ask a good question. I want to know, too.
You hear about laptops with social security numbers, bank/credit account numbers, etc. being lost all the time. Simply requiring a password on boot is a great way to secure that information. There are a number of reasons why having a user load a TC file is not ideal. A program may require that data be stored in a specific location or maybe you're afraid the user will check the "remember password" box. I agree that encrypting the entire system drive is overkill for nearly everyone. However, I can see it being useful in certain situations.
I'm curious to see how much it effects performance. Have there been any benchmarks released? I imagine it could go unnoticed for word processing, email, etc., but it would probably cripple any disk-intensive tasks, such as video/audio editing. -
mog27 Member Posts: 302JDMurray wrote:Did the computer ever boot properly after the entire system drive was encrypted? If not, try booting the computer from a Linux LiveCD and check if the drive is actually encrypted or not. If it is encrypted, and the LiveCD has TrueCrypt installed on it, you should be able to mount the encrypted drive in Traveler Mode.
I think you are misinterpreting what happened.. The laptop was never encrypted. TC does a 'test' where it reboots your computer and has you enter in the pre boot auth password. That is where we get the memory error. If the test passes TC will go ahead and do the actual encryption."They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
"The internet is a great way to get on the net." --Bob Dole -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Have you enough hard drive space? Based on how much data exists, or the largest single file size it may need more free space on certain systems to use as temp storage while it encrypts. You might also want to run a full chkdisk before hand.
Just encrypting my own laptop right now, also 2GB Ram using 25Gb out of 100GB of HDD space. I have to say I'm very impressed with the whole process so far, I was able to pause it and remove some non critical images to speed up the process, restart it seamlessly and can still work on the system while it's encrypting the volume.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
mog27 Member Posts: 302Ahriakin wrote:Have you enough hard drive space? Based on how much data exists, or the largest single file size it may need more free space on certain systems to use as temp storage while it encrypts. You might also want to run a full chkdisk before hand.
Just encrypting my own laptop right now, also 2GB Ram using 25Gb out of 100GB of HDD space. I have to say I'm very impressed with the whole process so far, I was able to pause it and remove some non critical images to speed up the process, restart it seamlessly and can still work on the system while it's encrypting the volume.
I can't remember how big my HD is (I'm not at home now) but it is a newer model Lenovo (core 2 duo) so it must have a fairly large drive and I don't have a lot of things on it - just everyday programs and no movies, mp3, etc."They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
"The internet is a great way to get on the net." --Bob Dole -
RTmarc Member Posts: 1,082 ■■■□□□□□□□mog27 wrote:On my XP laptop with TC 5.0
I keep getting the following error on a laptop with 2GB RAM:
"error: insignificant memory for encryption"
(After I boot my computer up and it asks me to enter my pass.)
I have seen some others with this issue with no resolution. I wonder if it's a bug. Is this happening to anyone else? -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Was just over on the site and while the forums are down the Known-Issues section does lists this as a problem on some systems, with no cause-details only that it will be addressed in the next version.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
mog27 Member Posts: 302Ahriakin wrote:Was just over on the site and while the forums are down the Known-Issues section does lists this as a problem on some systems, with no cause-details only that it will be addressed in the next version.
Ah ok. Guess we will have to wait till this is fixed."They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
"The internet is a great way to get on the net." --Bob Dole -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Well it finished encrypting my system and the test machine I had running in parallel. Dell 620 and 630 Laptops respectively, the audio drivers on both now will not load (Sigmatel HD Audio). Both are running fully updated XP SP2, the test machine is a fresh install. Will have to do some digging but just FYI you may have sound issues....We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
ratzefatz Member Posts: 1 ■□□□□□□□□□the same issue on my dell m90 laptop. after the first reboot (before encryption) my sounddriver couldn´t load( sigmatel hd audio). when using permanently decrypting the system drive and the bootloader is removed, the audiodevice start to work like normal
-
JDMurray Admin Posts: 13,089 AdminYou guys are encrypting your entire drive? I've had no problems creating encrypted volumes under Ubuntu, but I've not tried encrypting an entire drive yet. And from what I've been reading, this memory problem seems to be happening only on newer computers, or perhaps newer releases of a specific BIOS.
-
slippy Member Posts: 1 ■□□□□□□□□□I'm having the audio problem as well. Anyone find a fix yet or know where I can get more info?
Dell E1705
Sigmatel HD Audio
2GB Ram -
dynamik Banned Posts: 12,312 ■■■■■■■■■□JDMurray wrote:You guys are encrypting your entire drive? I've had no problems creating encrypted volumes under Ubuntu, but I've not tried encrypting an entire drive yet. And from what I've been reading, this memory problem seems to be happening only on newer computers, or perhaps newer releases of a specific BIOS.
I believe this is what they're doing: http://www.truecrypt.org/docs/?s=system-encryption -
RTmarc Member Posts: 1,082 ■■■□□□□□□□dynamik wrote:JDMurray wrote:You guys are encrypting your entire drive? I've had no problems creating encrypted volumes under Ubuntu, but I've not tried encrypting an entire drive yet. And from what I've been reading, this memory problem seems to be happening only on newer computers, or perhaps newer releases of a specific BIOS.
I believe this is what they're doing: http://www.truecrypt.org/docs/?s=system-encryption -
Darthn3ss Member Posts: 1,096how long do you reckon it'd take to encrypt my 750gb hard drive?Fantastic. The project manager is inspired.
In Progress: 70-640, 70-685 -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Yup entire drive. Ensures no one's going to plunder through your Pagefile, check the system for deleted files etc. There was a bit of a performance hit since the encryption but not much at all, since I work with our Firewall/Security devices and am editing and transferring configs regularly an encrypted volume (which I was using) doesn't provide enough protection considering the sensitivity of the data. If I remember rightly one of the first successful attacks against Vista involved overloading the system RAM so that protected data was dumped to the Pagefile where it was recovered and read with ease, so it is a vector worth covering even for data you think is just in volatile ram.
Edit: Performance. It encrypts blank space with random data so the amount of space used is irrelevant it is just down to the drive size. My Laptop (the D620) has a 100GB 7200RPM (2mb cache) drive, took about 2 hours using AES and no pre-wipe. A desktop drive should be a good deal faster. The fact you can do it while you are working on the system though is pretty amazing.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
JDMurray Admin Posts: 13,089 Admindynamik wrote:I believe this is what they're doing: http://www.truecrypt.org/docs/?s=system-encryption
-
DeTard Member Posts: 1 ■□□□□□□□□□JDMurray wrote:dynamik wrote:I believe this is what they're doing: http://www.truecrypt.org/docs/?s=system-encryption
Honestly, I find that would be incredibly insecure.... First off, you'd have to have some way of entering that password in. The only secure way of doing that pre-boot (required) would be using a some form of "lights out" interface and doing it manually. If you didn't go that route, you'd most likely have to have a public/private key system. But that would mean leaving that key on an unencrypted partition of the drive. Meaning if someone broke into your data room and stole the hard drives from the server, they'd be able to use that key to decrypt the drives anyhow.
I mean, there's no way of doing this securely and automatically upon boot. Even if you had it on a USB drive, you'd have to leave that drive there all the time, and if someone broke in they'd be able to take the drive as well.
If you really want to encrypt your data on a server, I'd suggest using EFS per user, but make sure you create a data recovery agent key before allowing users to do so. Of course, this is if you're talking about a file server... otherwise, I don't know. I, at the moment, can't think of any REAL secure way of encrypting a whole server and boot it automatically. Maybe the "lights out" system along with a very good UPS is the way to go to make sure it doesn't power off even on long power outages? -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□For a remote server you'd be better off with just using Encrypted volumes but an un-encrypted boot partition. There are two 3rd party addons for Truecrypt that will automatically encrypt your Pagefile and Mycdocuments folder (incl. temp files) on an un-encrypted volume.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
JDMurray Admin Posts: 13,089 AdminAhriakin wrote:For a remote server you'd be better off with just using Encrypted volumes but an un-encrypted boot partition. There are two 3rd party addons for Truecrypt that will automatically encrypt your Pagefile and Mycdocuments folder (incl. temp files) on an un-encrypted volume.
-
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Containers are also the most portable, just dismount it pick up the file and move it/remount.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
RTmarc Member Posts: 1,082 ■■■□□□□□□□Version 5.0a has been released that reportedly resolves all of the issues we initially ran into including the 'insufficient memory' and audio related problems.
-
JDMurray Admin Posts: 13,089 AdminAnd 5.0a also fixes the problem with some sound card drivers not loading from an encrypted partition. That was another big problem reported with TC 5.0.
TrueCrypt Version History -
mog27 Member Posts: 302I haven't tried it yet but TrueCrypt 5.0a was just released:
Improvements:
*The memory requirements for the TrueCrypt Boot Loader have been reduced by 18 KB (eighteen kilobytes). As a result of this improvement, the following problem will no longer occur on most of the affected computers: The memory requirements of the TrueCrypt Boot Loader 5.0 prevented users of some computers from encrypting system partitions/drives (when performing the system encryption pretest, the TrueCrypt Boot Loader displayed the following error message: Insufficient memory for encryption).
Bug fixes:
* On computers equipped with certain brands of audio cards, when performing the system encryption pretest or when the system partition/drive is encrypted, the sound card drivers failed to load. This will no longer occur. (Windows Vista/XP/2003)
*It is possible to access mounted TrueCrypt volumes over a network. (Windows)
*TrueCrypt Rescue Disks created by the previous version could not be booted on some computers. This will no longer occur. (Windows Vista/XP/2003)
Note: If your TrueCrypt Rescue Disk created by TrueCrypt 5.0 cannot be booted on your computer, please upgrade to this version of TrueCrypt and then create a new TrueCrypt Rescue Disk (select 'System' > 'Create Rescue Disk').
* Many other minor bug fixes. (Windows, Mac OS X, and Linux)
This should fix the sound issues some here were having and the annoying insufficient memory problems I and some others were having."They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
"The internet is a great way to get on the net." --Bob Dole