#encryption security

About TrueCrypt

It is an open-source full-disk hard drive encryption tool that encrypts the data stored on your system’s hard drive. Using the tool, you can create a virtual volume, also known as a container. Any information or data stored in this virtual container will automatically get encrypted that means the data will exist in a cryptic format. As you know, any data or text in a cryptic format can neither be read nor understood. Thus, even if someone steals your hard drive (hardware) and connects it to another computer to get access to the data stored on it, the thief will get nothing else but just the cryptic text. The only way to access the TrueCrypt’s encrypted data in its readable format is to mount (unlocking) the encrypted container. That is possible only if you use the authorized password. That means only those people, who have the authorized password, will be able to mount (unlock) or dismount (lock) the encrypted container to access the data stored in it.

It is a highly popular tool that is compatible with Windows XP and later versions, many versions of Mac OS X and Linux. But its developers are anonymous programmers and still unidentified. The tool can encrypt the whole disk, external hard drive and a partition on the disk. Read below to learn how to create an encrypted container using this hard drive encryption software.

How to Use the Hard Drive Encryption Software?

•    Run the tool on your computer. •    Next, click the button ‘Create Volume.’ •    Now, a wizard will open up. •    On the first window, select ‘Create an encrypted file container.’ •    Next, select ‘Standard TrueCrypt Volume.’ •    In the next window, select a location where you want to save the volume. •  You need to store the volume of a newly created file. Don’t use an already existing file. Give the newly created file a name. •    On the next window, select an encryption algorithm. Usually, people go for AES. 

•    On the next window, select a size for the encrypted volume. •    Now, choose a strong password for the encrypted container/volume. •    On the next window, keep moving your mouse cursor randomly that will strengthen the cryptic keys. •    Then, click ‘Next.’ •    Next, choose a ‘File System’ for the encrypted volume. Choose NTFS, if your encrypted data is over 4GB. •    Next, click ‘Format.’ •    Now, move back to the desktop. •    Here, open TrueCrypt. •    Then, click the button ‘Select File.’ •    Then, navigate to the file that you have created to store your encrypted files. •    Now, select an open drive letter. •    Next, click the ‘Mount’ button. •    Next, you will be prompted to type the password you had just created. •    Check, Windows Explorer. Here, you can see the encrypted volume just like a separate drive. But it is a virtual drive. 

Conclusion

For long TrueCrypt has been one of the popular tools trusted by many users for their hard drive data’s encryption security. However, when its official owners abandoned it and asked users to switch to BitLocker or other hard drive data encrypting tools then, users had no option but to doubt the tool’s security and integrity.

The audit by NCC Crypto Services Group is finally out, and it has some concrete results to reveal. The team has published a full report of the audit on the Open Crypto Audit Project website. If you want to read it in detail, you can refer the website. However, for your convenience, this blog briefly describes the audit outputs.

Brief Summary of the Audit (Published on Open Crypto Audit Project website by NCC)

Every user who stores sensitive data on its hard drive requires a tool to keep the data encrypted. TrueCrypt was well-designed crypto software, and till now it is not clear why the software got discontinued. However, as mentioned above, the tool is too good to get discontinued therefore the NCC audit was essential to know how insecure the software can be. 

The audit results reveal that there are no deliberate backdoors in the tool. There are no as such severe design flaws that would make the software insecure. However, this revelation doesn’t imply that this tool is perfect or that you can continue using it to get your data encrypted. That is because, the auditors found some incautious programming and a few glitches that can lead to certain issues. These issues might make the software insecure in certain cases.

Existing Security Flaw: Predictable Encrypted Codes

  As mentioned above, the auditors did find some issues with the tool. One of the most significant findings is related to Windows version of TrueCrypt's random number generator (RNG). RNG is responsible for creating the keys that encrypt the volumes. These encrypting keys are very crucial and important piece of codes. If any of these keys has a predictable RNG, then it can be a disaster for the data security. That is because it will be easy to hack a key with predictable RNG. 

TrueCrypt’s developers applied the RNG codes based on a design created by well-known developer Peter Guttman back in the year 1998. The design utilizes an entropy pool for collecting unpredictable values from a variety of sources such as Windows Crypto API and others. 

Programming Flaw

The programming glitch of this design is that sometimes (in extremely rare circumstances) the Crypto API might fail to get properly initialized. That is not the main issue. The prime issue is that when this mishap or failure happens, then instead of creating any alarm, the tool silently continues generating keys. Thus, it might end up creating predictable encrypted keys. As a result, predictable keys will be guarding the encrypted data inside an encrypted volume. That is a big security vulnerability, and it can risk the encrypted data. However, the likelihood of such a mishap or failure is extremely low. But just because the probability of such failure is rare, you can’t ignore its chances. Thus, there is no denial that the system has some incautious programming that might end up creating a security loophole. So, correcting the RNG code failure of Peter Guttman system based on 1998 design is a security vulnerability that needs to get fixed.

Existing Security Flaw

NCC auditors also noted another existing security concern. The concern is regarding the resilience of Truecrypt's AES code that might lead to cache timing attacks. However, you are under the danger of this security concern only if you are performing data encryption and decryption on a shared machine. If your computer is a part of an environment, where there is a possibility that attackers might run code on your system, then also your system might be at risk.

Conclusion

For instance, if you are using your credit card on some e-commerce site, then to keep the card information safe from cyberbullies, the websites transmit the data over the Internet in an encrypted format. 

Encryption security is essential not just when you are online, but even the data on your computer’s hard drive needs to be in an encrypted format. That is because it is far easier to steal the hard drive than the online stealing of data. Nowadays, people have started keeping their personal and financial information stored on their personal laptop and computers. It won’t be wrong to say that these days people do have too many sensitive data on their computers that they want to keep secret from others. It can be their bank statements, property details, etc.  Thus, it is equally important to keep the hard drive data safe with encryption security.

How Hard Drive Data Encryption Helps? 

By choosing to get your data encrypted, you transform the data into a non-readable format, which is also known as mounting of data. The data gets mounted and transforms itself into a non-readable format. Then to retransform the data back to its readable format, first you need to feed the encryption password. Without the password, it is impossible to read the encrypted data. Thus, encryption security ensures that no illegitimate source will ever be able to make wrong use of your personal or financial information, even if the data gets flushed, leaked or stolen. 

There are a few good tools that you can use for hard drive data encryption. TrueCrypt is certainly the most popular tool of its kind. However, most of the people think that this tool is useful in encrypting the entire hard drive, but very few people know that this tool also lets you perform selective encryption. For instance, you can use the tool to encrypt a single folder or to encrypt the file. 

Encrypt Single File or Folder

Not necessarily, the entire data in your computer is sensitive. You might want to keep the folders for the movies and song collection accessible to your friend, sibling or partner. But then again you have some real sensitive data in one folder that you want to keep as a secret. TrueCrypt is useful in encrypting not just the entire hard drive but also individual files and folders. 

Selective encrypting of files and folders also lets you ensure the security of those files that you need to send online through emails, messages, etc. Thus, this data encrypting tool also helps in enhancing your Internet security, because before transiting your data online, you can encrypt it and make sure that the data remains safe while in transit.

•    Start the tool on your computer •    Click on ‘Create Volume’ button •    That will open the wizard •    On the first screen, select ‘Create an encrypted file container.’ •    On the second screen, select ‘Standard TrueCrypt Volume.’ •    That will open the ‘Volume Location screen.’ Here, click the ‘Select File.' •    Then navigate to the folder where you wish to store your encrypted data (files.) •    Here, remember to create a new folder to store your encrypted data. Don’t select an existing folder. •    On the next screen, choose your encryption algorithm. You can select AES because it is fine for most users. However, there are also other secured options but that will make the process slow. •    On the next screen, choose the size of the encrypted volume. You should ensure that the volume should have enough space to accommodate all your existing and future encrypted files. •    Choose a strong password to protect the encrypted folder. Remember, you can’t lose this password; otherwise, data in the encrypted folder will remain altogether inaccessible. •    On the next screen, keep moving your mouse randomly for a while and let the tool generate a strong and random key. •    Then click ‘Next.’ •    Now, choose a file system for the encrypted volume. If your encrypted data is over 4GB, then choose NTFS. •    Click ‘Format’ in the encrypted volume. •    Now, move to the desktop and open up TrueCrypt. •    Click the ‘Select File’ button. •    Navigate to the folder you have created to store your encrypted files. •    Then from the list, select an open drive letter and click the ‘Mount’ button. •    Now when prompted, type the password you had created. •    Now, your encrypted volume will show up Windows Explorer just like a separate drive. 

Now, you have an encrypted volume on your computer, any folder or file saved within this volume will get automatically encrypted. You can work on this encrypted volume just the way you work inside other drives. You can drag files, delete files, add or edit files. When you are done working with these files, navigate back to TrueCrypt, and here select ‘Dismount.’ Your files will stay safely within that encrypted volume in a hidden form.

Conclusion