Vista - Disk Encryption with TrueCrypt and Backups

12-28-2008

Most companies these days are using disk encryption on their laptops. I
am planning to use TrueCrypt for my laptop. The question I have now is
about backups and the system restore procedures.

I do my backups to an external disk and am assuming that the complete
system backup is also going to be an encrypted image. My main concern
is about the restore session. If I do have to restore my laptop from
the backup, then how does the disk encryption crypto tools such as
TrueCrypt work?

Thank you in advance for any information.

NJ

**darkassain** · 12-28-2008

it depends on where you do the backup...
if you do a offline backup (such as a complete disk (sector by sector)backup then the backup will be encrypted...
if you are doing the backup from within the system then the backup wont be encrypted as the OS not encrypted

here is how trucrypt partitions should be backed-up
http://www.truecrypt.org/docs/?s=how...ck-up-securely

Quote:

System Partitions

Note: In addition to backing up files, we recommend that you also back up your TrueCrypt Rescue Disk (select System > Create Rescue Disk).
To back up an encrypted system partition securely and safely, it is recommended to follow these steps:

If you have multiple operating systems installed on your computer, boot the one that does not require pre-boot authentication.

If you do not have multiple operating systems installed on your computer, you can boot a WinPE or BartPE CD/DVD (i.e. 'live' Windows entirely stored on and booted from a CD/DVD; for more information, search the TrueCrypt FAQ for the keyword 'BartPE').

If none of the above is possible, connect your system drive as a secondary drive to another computer and then boot the operating system installed on the computer.

Note: For security reasons, if the operating system that you want to back up resides in a hidden TrueCrypt volume (see the section Hidden Operating System), then the operating system that you boot in this step must be either another hidden operating system or a "live-CD" operating system (see above). For more information, see the subsection Security Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability.
Create a new non-system TrueCrypt volume using the TrueCrypt Volume Creation Wizard (do not enable the Quick Format option or the Dynamic option). It will be your backup volume so its size should match (or be greater than) the size of the system partition that you want to back up.

If the operating system that you want to back up resides in a hidden TrueCrypt volume (see the section Hidden Operating System), the backup volume must be a hidden TrueCrypt volume as well. Before you create the hidden backup volume, you must create a new host (outer) volume for it without enabling the Quick Format option. In addition, especially if the backup volume is file-hosted, the hidden backup volume should occupy only a very small portion of the container and the outer volume should be almost completely filled with files (otherwise, the plausible deniability of the hidden volume might be adversely affected).
Mount the newly created backup volume.
Mount the system partition that you want to back up by following these steps:
1. Click Select Device and then select the system partition that you want to back up (in case of a hidden operating system, select the partition containing the hidden volume in which the operating system is installed).
2. Click OK.
3. Select System > Mount Without Pre-Boot Authentication.
4. Enter your pre-boot authentication password and click OK.
Mount the backup volume and then copy all files from the system partition (mounted as a regular TrueCrypt volume since the previous step) directly to the mounted backup volume.

IMPORTANT: If you store the backup volume in any location that an adversary can repeatedly access (for example, on a device kept in a bank's safe deposit box), you should repeat all of the above steps (including the step 2) each time you want to back up the volume (see below).
If you follow the above steps, you will help prevent adversaries from finding out:

Which sectors of the volumes are changing (because you always follow step 2). This is particularly important, for example, if you store the backup volume on a device kept in a bank's safe deposit box (or in any other location that an adversary can repeatedly access) and the volume contains a hidden volume (for more information, see the subsection Security Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability).
That one of the volumes is a backup of the other.

General Notes

If you store the backup volume in any location where an adversary can make a copy of the volume, consider encrypting the volume with a cascade of ciphers. Otherwise, if the volume is encrypted only with a single encryption algorithm and the algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able to decrypt his copies of the volume. The probability that three distinct encryption algorithms will be broken is significantly lower than the probability that only one of them will be broken (each of the ciphers in a cascade uses its own key).

Quote: Originally Posted by Neil Jones

Most companies these days are using disk encryption on their laptops. I
am planning to use TrueCrypt for my laptop. The question I have now is
about backups and the system restore procedures.

I do my backups to an external disk and am assuming that the complete
system backup is also going to be an encrypted image. My main concern
is about the restore session. If I do have to restore my laptop from
the backup, then how does the disk encryption crypto tools such as
TrueCrypt work?

Thank you in advance for any information.

NJ

12-28-2008

Neil Jones wrote:

Quote:

> Most companies these days are using disk encryption on their laptops. I
> am planning to use TrueCrypt for my laptop. The question I have now is
> about backups and the system restore procedures.
>
> I do my backups to an external disk and am assuming that the complete
> system backup is also going to be an encrypted image. My main concern
> is about the restore session. If I do have to restore my laptop from
> the backup, then how does the disk encryption crypto tools such as
> TrueCrypt work?

http://www.truecrypt.org/docs/
http://www.truecrypt.org/faq.php
http://forums.truecrypt.org/

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

12-29-2008

I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second
Copy which replicates my C drive to the eGo. I have found this equally
successful when encrypting the whole eGo or just a volume on it. Once the
drive is mounted and the (very strong) password entered, the data on the
encrypted drive behaves exactly the same as if it had not been encrypted.
Incremental backups work fine and I have had occasion to retrieve data after
a hard drive failure. I swap the portable drives weekly, one of them always
being off site in the boot of my car and the other in a different part of my
house except, of course, when I am backing up. These drives are robust and
yet so cheap that they can almost be regarded as consumables, so having one
for each day of the week might be considered.

"Neil Jones" <castellan2004-nschap@xxxxxx-this.yahoo.com> wrote in message
news:OKh$4dMaJHA.1268@xxxxxx

Quote:

> Most companies these days are using disk encryption on their laptops. I
> am planning to use TrueCrypt for my laptop. The question I have now is
> about backups and the system restore procedures.
>
> I do my backups to an external disk and am assuming that the complete
> system backup is also going to be an encrypted image. My main concern
> is about the restore session. If I do have to restore my laptop from
> the backup, then how does the disk encryption crypto tools such as
> TrueCrypt work?
>
> Thank you in advance for any information.
>
> NJ

**darkassain** · 12-29-2008

you have to point out that you have to encrypt both drives....
otherwise the unencrypted will be have the data out in the open...

if you encrypt both drives then you are safe as you can right now on software encryption

Quote: Originally Posted by Doug

I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second
Copy which replicates my C drive to the eGo. I have found this equally
successful when encrypting the whole eGo or just a volume on it. Once the
drive is mounted and the (very strong) password entered, the data on the
encrypted drive behaves exactly the same as if it had not been encrypted.
Incremental backups work fine and I have had occasion to retrieve data after
a hard drive failure. I swap the portable drives weekly, one of them always
being off site in the boot of my car and the other in a different part of my
house except, of course, when I am backing up. These drives are robust and
yet so cheap that they can almost be regarded as consumables, so having one
for each day of the week might be considered.

"Neil Jones" <castellan2004-nschap@xxxxxx-this.yahoo.com> wrote in message
news:OKh$4dMaJHA.1268@xxxxxx

Quote:

> Most companies these days are using disk encryption on their laptops. I
> am planning to use TrueCrypt for my laptop. The question I have now is
> about backups and the system restore procedures.
>
> I do my backups to an external disk and am assuming that the complete
> system backup is also going to be an encrypted image. My main concern
> is about the restore session. If I do have to restore my laptop from
> the backup, then how does the disk encryption crypto tools such as
> TrueCrypt work?
>
> Thank you in advance for any information.
>
> NJ

12-28-2008	#1 (permalink)
Neil Jones n/a posts	Disk Encryption with TrueCrypt and Backups Most companies these days are using disk encryption on their laptops. I am planning to use TrueCrypt for my laptop. The question I have now is about backups and the system restore procedures. I do my backups to an external disk and am assuming that the complete system backup is also going to be an encrypted image. My main concern is about the restore session. If I do have to restore my laptop from the backup, then how does the disk encryption crypto tools such as TrueCrypt work? Thank you in advance for any information. NJ
My System Specs

12-28-2008	#2 (permalink)
darkassain Server 2008 R2 , Windows 7 6801 + 6936 x64,6801 6956 x32, Windows Home Premium Sp1 x64, Linux 236 posts	Re: Disk Encryption with TrueCrypt and Backups it depends on where you do the backup... if you do a offline backup (such as a complete disk (sector by sector)backup then the backup will be encrypted... if you are doing the backup from within the system then the backup wont be encrypted as the OS not encrypted here is how trucrypt partitions should be backed-up http://www.truecrypt.org/docs/?s=how...ck-up-securely Quote: System Partitions Note: In addition to backing up files, we recommend that you also back up your TrueCrypt Rescue Disk (select System > Create Rescue Disk). To back up an encrypted system partition securely and safely, it is recommended to follow these steps: If you have multiple operating systems installed on your computer, boot the one that does not require pre-boot authentication. If you do not have multiple operating systems installed on your computer, you can boot a WinPE or BartPE CD/DVD (i.e. 'live' Windows entirely stored on and booted from a CD/DVD; for more information, search the TrueCrypt FAQ for the keyword 'BartPE'). If none of the above is possible, connect your system drive as a secondary drive to another computer and then boot the operating system installed on the computer. Note: For security reasons, if the operating system that you want to back up resides in a hidden TrueCrypt volume (see the section Hidden Operating System), then the operating system that you boot in this step must be either another hidden operating system or a "live-CD" operating system (see above). For more information, see the subsection Security Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability. Create a new non-system TrueCrypt volume using the TrueCrypt Volume Creation Wizard (do not enable the Quick Format option or the Dynamic option). It will be your backup volume so its size should match (or be greater than) the size of the system partition that you want to back up. If the operating system that you want to back up resides in a hidden TrueCrypt volume (see the section Hidden Operating System), the backup volume must be a hidden TrueCrypt volume as well. Before you create the hidden backup volume, you must create a new host (outer) volume for it without enabling the Quick Format option. In addition, especially if the backup volume is file-hosted, the hidden backup volume should occupy only a very small portion of the container and the outer volume should be almost completely filled with files (otherwise, the plausible deniability of the hidden volume might be adversely affected). Mount the newly created backup volume. Mount the system partition that you want to back up by following these steps: Click Select Device and then select the system partition that you want to back up (in case of a hidden operating system, select the partition containing the hidden volume in which the operating system is installed). Click OK. Select System > Mount Without Pre-Boot Authentication. Enter your pre-boot authentication password and click OK. Mount the backup volume and then copy all files from the system partition (mounted as a regular TrueCrypt volume since the previous step) directly to the mounted backup volume. IMPORTANT: If you store the backup volume in any location that an adversary can repeatedly access (for example, on a device kept in a bank's safe deposit box), you should repeat all of the above steps (including the step 2) each time you want to back up the volume (see below). If you follow the above steps, you will help prevent adversaries from finding out: Which sectors of the volumes are changing (because you always follow step 2). This is particularly important, for example, if you store the backup volume on a device kept in a bank's safe deposit box (or in any other location that an adversary can repeatedly access) and the volume contains a hidden volume (for more information, see the subsection Security Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability). That one of the volumes is a backup of the other. General Notes If you store the backup volume in any location where an adversary can make a copy of the volume, consider encrypting the volume with a cascade of ciphers. Otherwise, if the volume is encrypted only with a single encryption algorithm and the algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able to decrypt his copies of the volume. The probability that three distinct encryption algorithms will be broken is significantly lower than the probability that only one of them will be broken (each of the ciphers in a cascade uses its own key). Quote: Originally Posted by Neil Jones Most companies these days are using disk encryption on their laptops. I am planning to use TrueCrypt for my laptop. The question I have now is about backups and the system restore procedures. I do my backups to an external disk and am assuming that the complete system backup is also going to be an encrypted image. My main concern is about the restore session. If I do have to restore my laptop from the backup, then how does the disk encryption crypto tools such as TrueCrypt work? Thank you in advance for any information. NJ
My System Specs

12-28-2008	#3 (permalink)
Malke n/a posts	Re: Disk Encryption with TrueCrypt and Backups Neil Jones wrote: Quote: > Most companies these days are using disk encryption on their laptops. I > am planning to use TrueCrypt for my laptop. The question I have now is > about backups and the system restore procedures. > > I do my backups to an external disk and am assuming that the complete > system backup is also going to be an encrypted image. My main concern > is about the restore session. If I do have to restore my laptop from > the backup, then how does the disk encryption crypto tools such as > TrueCrypt work? http://www.truecrypt.org/docs/ http://www.truecrypt.org/faq.php http://forums.truecrypt.org/ Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ
My System Specs

12-29-2008	#4 (permalink)
Doug n/a posts	Re: Disk Encryption with TrueCrypt and Backups I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second Copy which replicates my C drive to the eGo. I have found this equally successful when encrypting the whole eGo or just a volume on it. Once the drive is mounted and the (very strong) password entered, the data on the encrypted drive behaves exactly the same as if it had not been encrypted. Incremental backups work fine and I have had occasion to retrieve data after a hard drive failure. I swap the portable drives weekly, one of them always being off site in the boot of my car and the other in a different part of my house except, of course, when I am backing up. These drives are robust and yet so cheap that they can almost be regarded as consumables, so having one for each day of the week might be considered. "Neil Jones" <castellan2004-nschap@xxxxxx-this.yahoo.com> wrote in message news:OKh$4dMaJHA.1268@xxxxxx Quote: > Most companies these days are using disk encryption on their laptops. I > am planning to use TrueCrypt for my laptop. The question I have now is > about backups and the system restore procedures. > > I do my backups to an external disk and am assuming that the complete > system backup is also going to be an encrypted image. My main concern > is about the restore session. If I do have to restore my laptop from > the backup, then how does the disk encryption crypto tools such as > TrueCrypt work? > > Thank you in advance for any information. > > NJ
My System Specs

12-29-2008	#5 (permalink)
darkassain Server 2008 R2 , Windows 7 6801 + 6936 x64,6801 6956 x32, Windows Home Premium Sp1 x64, Linux 236 posts	Re: Disk Encryption with TrueCrypt and Backups you have to point out that you have to encrypt both drives.... otherwise the unencrypted will be have the data out in the open... if you encrypt both drives then you are safe as you can right now on software encryption Quote: Originally Posted by Doug I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second Copy which replicates my C drive to the eGo. I have found this equally successful when encrypting the whole eGo or just a volume on it. Once the drive is mounted and the (very strong) password entered, the data on the encrypted drive behaves exactly the same as if it had not been encrypted. Incremental backups work fine and I have had occasion to retrieve data after a hard drive failure. I swap the portable drives weekly, one of them always being off site in the boot of my car and the other in a different part of my house except, of course, when I am backing up. These drives are robust and yet so cheap that they can almost be regarded as consumables, so having one for each day of the week might be considered. "Neil Jones" <castellan2004-nschap@xxxxxx-this.yahoo.com> wrote in message news:OKh$4dMaJHA.1268@xxxxxx Quote: > Most companies these days are using disk encryption on their laptops. I > am planning to use TrueCrypt for my laptop. The question I have now is > about backups and the system restore procedures. > > I do my backups to an external disk and am assuming that the complete > system backup is also going to be an encrypted image. My main concern > is about the restore session. If I do have to restore my laptop from > the backup, then how does the disk encryption crypto tools such as > TrueCrypt work? > > Thank you in advance for any information. > > NJ
My System Specs

Similar Threads
Thread	Forum
Re: Disk Encryption with TrueCrypt and Backups	Vista General
Re: Disk Encryption with TrueCrypt and Backups	Vista installation & setup
Re: Disk Encryption with TrueCrypt and Backups	Vista installation & setup
Re: Disk Encryption with TrueCrypt and Backups	Vista General
encryption & backups ???	Vista General