What’s your best defense against a boot CD that breaks Windows passwords in two keystrokes? Encrypting your entire hard disk. Shannon’s got the details on truecrypt drive encryption while Darren brings up plausible deniability with hidden volumes.

Download HD Download MP4 Download XviD Download WMV

Encrypting your entire hard drive

Truecrypt is an open-source, free program for everyone.
Download the latest version of Truecrypt.

Open Truecrypt and choose ‘Create Volume’. Choose ‘Encrypt entire hard drive’. Then, you will choose whether you single-boot or multi-boot your machine.

On the encryption options, I just choose AES because it is the default setting, and it’s a very strong encryption.

Next you will choose a password. This option is neat because it actually gives you a small notice saying that a password with less than 20 characters is easier to break than one with more than 20.

On the next page, you must randomize your data. You must move your mouse around in the box of algorithms to create a very randomized clump of data. The more randomized, the better encrypted.

Truecrypt will make your create a rescue disk. This is easy if you have a cd burner already installed in your tower. If not (if you have a netbook), you must create the rescuedisk.iso and burn it onto a flashdrive or something of the like. You are basically making Truecrypt think you have a cd burner and are burning the cd, when instead, you are just sticking the iso on a USB flashdrive.

For my netbook, I used WinCD Emu. WinCD Emu emulates the burning of a cd, so Truecrypt thinks you’ve finished this task.

Truecrypt will ask you to wipe your drive, and I just choose none since I don’t really need to. Next you must go through a pretest. Your computer will restart and a Truecrype login screen will appear before the windows login (this is why Konboot wouldn’t work!). If everything goes well and the pretest completes with no problems, you can begin encrypting. Encryption takes a LONG time, so be patient! Once it’s done, it’ll prompt you, and you’re finished!

For a more in depth step by step, go here.

And as always, you can email me at snubs@hak5.org!

Plausible Deniability with Hidden Truecrypt Volumes

Plausible Deniability basically means being able to deny awareness of something. For a more rich explination check out Wikipedia’s article on the subject, it’s quite interesting.

In regards to Truecrypt, our subject of the week, Plausible Deniability referrs to the ability to hide encrypted volumes within encrypted volumes. Since it cannot be proven that a hidden volume exists within a truecrypt volume.

Hidden volumes can contain just about any data, including entire operating systems. It is important to note that the sectors of a hidden volume do not change over time. If an adversary had access to the outer volume contents over a period of time the existance of a hidden volume could be proven if files were never read or written to or from these sectors.

Questions? Comments? Write me directly, Darren@Hak5.org or send feedback to the entire Hak5 crew.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

30 Comments

  • plbour 5 years ago

    Great episode. Will a Harddrive password take care of the full drive encryption? Most of our laps are Dells with built in.

  • Pizza 5 years ago

    you better backup your hard drive(very important) :)

  • plbour 5 years ago

    Definitely…. My policy states not to save anything locally. So if they lose something it’s there issue.

  • Kodess 5 years ago

    Instead of doing a hidden partition, how about making sure they don’t know you use truecrypt?
    How to do it? Easy:

    1. Use stenography to hide the truecrypt volume in a video or music file, since these can vary alot in size due to quality without causing suspicion.

    2. Dont store the Truecrypt program on your laptop/PC, but on a USB stick you carry around.

    Now how do they know you even HAVE an encrypted volume? :D

  • Brainhacker12 5 years ago

    Sorry guys to tell you, but this episode was just some faq’s out of the truecrypt website. The content of this episode was just some wikipedia-knowledge, that had nothing to do with hacker-knowledge.
    Please bring back the good stuff. I know you can, because you used to have terrific episodes. Perhappes you could have spaced this episode up with some real life situations. Draw some pictures of it, which key seals which file, etc. You could have shown us in which situation we could use truecrypt in which mode. Tell us what pro’s and con’s this would have. You could have analysed situations like:
    “I like to carry along 1GB of music, for which I didn’t pay, on my laptop and probably someone will check my laptop, how can I protect myselfe?”
    Or like
    “I have 100GB of adult movies on my PC and I don’t want anyone ever to find it, even if I suddenly decease, what to do?”
    And you could have gone up to:
    “I have a thumbdrive with me on which I have a document which proves the existence of aliens, how can I hide this files so nobody will ever find out I have this information, even if they point on me with a gun. Shurly they don’t stop until they found something on my encryptet drive that was worth encrypt it”

    Please Hak.5 bring back your hacker-knowledge

  • Jonas3d 5 years ago

    Great show guys! I have to say that whole episode was made whole by the bloopers, with matt doing what ever that was. :D

  • dennis waters 5 years ago

    A fairly pointless and quite frankly disappointing ep tbh :( nothing more than how to follow a GUI wizard through.

    Also, was that at least two pirate movies I saw on one of the systems featured @ approx 10:10 ? :D Cap -> http://img39.imageshack.us/img39/5106/snapshot20090701234402.png

  • Psychosis 5 years ago

    oh snap!

    Downloading now, will watch at school… podcasts ftw.

  • rockstar 5 years ago

    sigh.

    please go back to the old stuff, please. i liked it better when you guys did stuff that you loved, and you knew. the virtulization stuff however is fucking good.

    but sadly, the show suffers from stuff you guys aren’t passionate or in to. show just sucks when people like shannon have to ‘study’ for 2 hours because she doesnt know what shes talking about.

  • David H 5 years ago

    Not a bad show, but it would have been better as a small segment on a longer show covering other topics.

    Two caveats about Truecrypt:

    1. The hidden volume would only work if A. The guy with a gun wasn’t knowledgeable about Truecrypt and B. He wasn’t willing to continue beating you senseless for the second password. Still a cool feature.

    2. Using a keyfile is a good idea, but that keyfile can never change. I believe Truecrypt examines the hash of that file. I once used an MP3 of one of my favorite songs as the keyfile. Later, I updated the tag information in the song (added the album name or something) and it altered the hash, rendering the keyfile unrecognized by Truecrypt and my data lost.

  • Mnemonic 5 years ago

    Well,
    This is kinda what happens when doing something that you love and are passionate about starts to become an ongoing chore.
    It’s no one’s fault and as human nature, it’s completely understandable.

    I think hak5, needs to step back as reassess the value in churning out an episode a week and I suppose it’s relationships with rev3 might even be on the cards.

    I’m a fan of hak5, don’t get me wrong, but frankly i haven’t watched an episode in a long time.

  • TheFu 5 years ago

    Truecrypt rocks!

    With that said, whole drive encryption is dangerous. How do you solve a logical file system issue that is inside the fully encrypted partition? How does IT support gain access to a system that’s fully encrypted short of wiping the disk and starting over?

    It is much easier to build encrypted volumes sized about 3.9GB, so they fit on DVDs and there’s room for par2 files to recover from any media corruption.

    If you encrypt everything, everyone will know you’re trying to hide “something” even if a hidden volume is used. If you encrypt something titled `x-wing-v4.56.iso` and it is 3.9 GB, they probably won’t bother looking too closely at it. It doesn’t look suspicious.

    Don’t get me wrong, all private and personal data NEEDS to be encrypted, even on desktops. What happens when there’s a failure? For most people, they take the computer into geek-squad and pay $200 for a fix. During that time, every interesting file is pulled onto a USB drive by the techs, for fun. I want my files, emails, PST, docs, xls to all be encrypted.

  • B.ReaLm 5 years ago

    Great topic. Can’t wait for the Bush Gardens Trip!

  • Steve Steiner 5 years ago

    Truecrypt is great! I use it at work to create encrypted containers to hold data generated from our site assessments and other security work. I have not tried full disk encryption with it yet, my only concern is, what happens when I need to decrypt the entire drive because it is going bad and want to get my data off before total crash? Does Truecrypt have a way to do this?

  • Steve Steiner 5 years ago

    TheFu,

    We use a full drive encryption from one of the commercial vendors, and have been able to decryt a drive using a couple of different methods supplied by the vendor.

  • imag1narynumber 5 years ago

    I’ve read where a portion of a file gets corrupted, thus destroying any chance of decrypting/using your HD if there’s full-drive encryption. So you make crazy amounts of backups? Doesn’t that get laborious?

  • imag1narynumber – That’s hogwash, if a portion of a file gets corrupted you lose that portion of a file, if a portion of a truecrypt container gets corrupted you only lose the block or blocks where the corruption occurs. The only critical bit is the volume header which you can backup.

  • imag1narynumber 5 years ago

    Matt Buxton: Thanks very much for your help. That makes much more sense to me.

  • CryptFu 5 years ago

    TrueCrypt has the option not to check the rescue disc, however it involves starting the “TrueCrypt Format.exe” /n [or /noisocheck]. It will still create an ISO, but you can store that on a central server and only burn if you need it. (http://www.truecrypt.org/docs/command-line-usage)

    As far as TrueCrypt in a corporate environment, there is no central management, but using the method outlined in the user guide you can safely deploy TrueCrypt because you can always reset the password. Here is the excerpt from the manual:
    “Note that these features can be used in a corporate environment to reset volume passwords in case a user forgets it (or when he/she loses his/her keyfile). After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can “reset” the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header backup (Tools -> Restore Volume Header).”

    The show is still awesomeness. Keep up the great work.

    PS: What to you think of ZFS?

  • What an episode!

    Snubs were indescribable annoying in the beginning just saying “what ever he said”. Matt looked at her weird @ 1:37
    And as another post mentioned it was funny, in a private invading way, to see snubs’ illegal movie downloads. Remember winners don’t do warez, right?

    This episode was fun to watch, but maybe not in the way you intended.

  • Does this work on a mac? i don’t think so :S

  • rockstar 5 years ago

    I agree with bob :)

  • Cybie2k 5 years ago

    @Rul Yeah it works on a Mac… though I’m not sure about whole disk encryption portion.

  • birus 5 years ago

    Interesting topic for sure. I have thought about messing with TrueCrypt on my desktop PC at home maybe I’ll have to revisit that thought again soon.

    Have you heard or had to use PointSec PC (now called Check Point Full Disk Encryption)? It appears to be something designed or pitched towards corporate environments.

  • Rickh925 5 years ago

    Couple of comments. I implemented TrueCrypt over about 20 medical laptops where we have HIPPA concerns about patient data. The users of the laptops are not the most technical and are prone to forgetting their password so my first tip from a corporate standpoint if you are going to use TrueCrypt is this(and sorry if it is on the Truecrypt.org website).

    Initially you do Whole Drive Encryption(WDE) with a password only the IT dept knows that I’ll call password01 for machine 01 and password02 for machine 02 and so on. Then you save the required ISO as a file someplace on your corporate LAN protected of course and backed up(DON’T forget that!). Next, allow the end user to change the TrueCrypt password to something that they know. This will change the encryption key that encrypts the symmetric key(that is not changed by a simple password change) that actually does the disk encryption/decryption. Now, if the end user forgets the password you can send them a CD(from the ISO) with the known password on it. You boot from that CD to then allow access to the previously locked drive.

    Second tip that I use when I travel abroad with my WDE laptop. To keep from being compelled to give my password, you can change the screen that is offered at boot from the “dead give away” screen that tells you to enter your password to something more fun like “Missing Operating System” or some sort of STOP message. When the laptop boots you get only that prompt and you have to know that you need to type your password. Nothing you type will show on the screen even as asterisks. If you type the wrong password and press enter you get no feedback except that the computer does not boot, not even a CRLF. This allows me to freak out in front of the customs official about my dead laptop. There is probably some way to look at the boot sector to realize that it is waiting for something to be entered but at least the typical person is going to just feel sorry for you.

    One final tip, don’t forget to whole drive encrypt your external drives. I bet more USB attached drives are left on airplanes, in hotels, and on board room tables than laptops and they frequently have very damaging data on them.

    TrueCrypt doesn’t(to my knowledge as of v6.1) support the TPM on the newer laptops but it may not be necessary. I think that with Win7 BitLocker is going to become the corporate standard since it integrates nicely with TPM and AD and now allows encryption of external drives as well as blocking the writing to an unencrypted USB attached drive which is very cool.

    Sorry for the rant but TC is one of my must have’s.

    Rick

  • Years of watching you guys and seeing the GoDaddy sponsorship has led me to jump on the proverbial bandwagon and launch my own site. It’s a streaming anime site dedicated to the fans and for the fans I can only hope to have the kind of success you guys have had in spreading the 1337sauce that we all love so much!

    Guys come check it out if you like anime at AnimeFruit.com

    and I promise it’s totally pro.

    gg,

    heatgap/ho0d0o

  • Sorry heres an active link for you guys <3

    http://www.animefruit.com

  • skimpniff 4 years ago

    A good follow up would be how to do this with a Dual Boot Linux/Windows.