Need Help Concealing/Password Protecting Data On New External HD

[Paddington]

Currently using Windows XP on my laptop and home computer. I purchased a new 250 GB external HD, which I assume is NTFS formatted.

On my computers, I've always concealed data by keeping it within my desktop folders, hiding it, and making my data private. For the external HD however, this does not seem to be an option.

Advice?

 

[Nothinman]

You can encrypt data on any NTFS partition, just remember that if you lose the cert attached to your account you lose the data that you've encrypted as well.

 

[Paddington]

Actually I just checked it and it's FAT 32.

you lose the cert attached to your account you lose the data that you've encrypted as well.

What's a cert?

 

[blackangst1]

Create a hidden partition (or entire drive) with Truecrypt.

Also, for encrypted files/folders, NTFS is NOT the way to go. FAT32 is best.

 

[Nothinman]

Also, for encrypted files/folders, NTFS is NOT the way to go. FAT32 is best.

FAT is best? Because you like not being able to have files >4G or transparent encryption/decryption?

 

[QuixoticOne]

I'd look at truecrypt.

NTFS encryption if it's supported by your OS version may well be a step up
relative to just security through hiding them obscurely in folders, but I doubt it's
as reliably secure as something like truecrypt.

Also if you're concerned about disclosure of the data, beware of your operating system
as well. Even if you mount the encrypted drive, if you ACCESS an encrypted file
via some program, maybe a word processor, media player, whatever, it may well
start to keep cached / backup copies of part or all of those accessed files within
the non-encrypted drive.

e.g. just like temporary internet files does for the web browser.

Also it'll probably cache the name and location of the file that was accessed
as unencrypted data on the main drive (e.g. you know those "Recent Documents" links
in various Windows explorer and application menus?).

Many document and imaging applications create unencrypted "thumbnail" views
of documents, movies, images you access and store those unencrypted on the main
drive.

Any kind of search / indexing application may well store parts of the data from secure
files on the main drive.

Anytime you open one of those files your anti-virus program may well copy it
to the main drive to a temporary folder (unencrypted) to scan it; this is especially
true of any archived files since it'll unarchive them at least in part to virus scan them.

 

[Nothinman]

but I doubt it's as reliably secure as something like truecrypt.

Somehow putting AES inside of TrueCrypt is secure but using it inside of NTFS isn't?

 

[QuixoticOne]

Originally posted by: Nothinman

but I doubt it's as reliably secure as something like truecrypt.

Somehow putting AES inside of TrueCrypt is secure but using it inside of NTFS isn't?

You can check the source code for truecrypt to ensure it's doing the right things
and nothing unexpected. I don't recall Microsoft making that option available.

AFAIK (I'm not an expert on NTFS security and this is from recollection of what I've
read elsewhere -- check the facts for yourself) furthermore, the keys used to encrypt the
data for the NTFS are somewhat out of the user's direct control / management, but
are stored as part of the overall systems security / credentials data stores. Thus
there's at least a greater chance they can be lost / corrupted / accessed by other
software or people with access to the system. Also I think you have to be very
careful to know how to backup / restore the user / system level security credentials
associated with those files or you'll never see them again if the system data stores are
lost. I think it's a bit more complicated in some ways than with TC, though that's just
my recollection.

Whereas with something external that's managed by exactly ONE software program
that is NOT built in to the OS, you can have an easier job of assuring yourself that
your keys are kept secure and are removed from the system's accessability
when you expect them to be.

Here appear to be the facts on NTFS EFS:
http://en.wikipedia.org/wiki/Encrypting_File_System

Depending on your OS and configurations for your user accounts / passwords /
administrator accoounts / etc. you'll have relatively better or worse EFS security,
and more or less assurance / direct control of it, as I speculated/recalled above.

 

[blackangst1]

Originally posted by: Nothinman

Also, for encrypted files/folders, NTFS is NOT the way to go. FAT32 is best.

FAT is best? Because you like not being able to have files >4G or transparent encryption/decryption?

Actually youre mistaken. This only really applies to a hidden volume. you see, NTFS by design writes data randomly throughout the disk, and leaves no room for a hidden volume. FAT on the other hand leaves the data on the platters nice and tidy. In this case, its not the formatting scheme that protects the data, its the encryption. So whether you use AES-256, Serpent, Twofish, or a combonation of these, it is THAT encryption that protects data. So it really doesnt matter what format its encrypting, its all the same. NTFS just doesnt play nice with hidden volumes.

As far as what you state as >4GB not being able to be used...youre wrong. Again, everything is handled by Truecrypt. Its just a matter of how the encrypted files are stored. By design, a hidden volume is embedded inside a "honeypot" volume where insignificant data is stored. This data is not static, and isnt ever really changed. The data INSIDE this honeypot is what is frequently changed, therefor cant have NTFS spreading data all over the HD/volume, therefore overwriting the outer volume and exposing your inner volume contents.

My current encryted volume is 40 gigs. Formatted with FAT.

 

[Nothinman]

You can check the source code for truecrypt to ensure it's doing the right things
and nothing unexpected. I don't recall Microsoft making that option available.

Of course not and while I'm all about the available of source code, how many people do you think are really qualified to audit encryption software? MS does a lot of things wrong but AFAICT EFS wasn't one of them.

Depending on your OS and configurations for your user accounts / passwords / administrator accoounts / etc. you'll have relatively better or worse EFS security, and more or less assurance / direct control of it, as I speculated/recalled above.

Which is also generally true no matter what software you choose.

NTFS by design writes data randomly throughout the disk, and leaves no room for a hidden volume. FAT on the other hand leaves the data on the platters nice and tidy.

AFAIK there's nothing random about the Windows NTFS driver's placement of data, which would be an extremely stupid policy and without the source code you can't say either way. But I won't argue that the FAT driver is pretty braindead and just fills up the disk linearly from start to finish after the FAT.

In this case, its not the formatting scheme that protects the data, its the encryption.

But if you use NTFS you get encryption essentially for free.

As far as what you state as >4GB not being able to be used...youre wrong.

Not at all, go ahead and try to put a file >4G on a FAT volume and see what happens.

My current encryted volume is 40 gigs. Formatted with FAT.

And you will never be able to store a file >4G inside of that volume.

 

[blackangst1]

Originally posted by: Nothinman

You can check the source code for truecrypt to ensure it's doing the right things
and nothing unexpected. I don't recall Microsoft making that option available.

Of course not and while I'm all about the available of source code, how many people do you think are really qualified to audit encryption software? MS does a lot of things wrong but AFAICT EFS wasn't one of them.

Depending on your OS and configurations for your user accounts / passwords / administrator accoounts / etc. you'll have relatively better or worse EFS security, and more or less assurance / direct control of it, as I speculated/recalled above.

Which is also generally true no matter what software you choose.

NTFS by design writes data randomly throughout the disk, and leaves no room for a hidden volume. FAT on the other hand leaves the data on the platters nice and tidy.

AFAIK there's nothing random about the Windows NTFS driver's placement of data, which would be an extremely stupid policy and without the source code you can't say either way. But I won't argue that the FAT driver is pretty braindead and just fills up the disk linearly from start to finish after the FAT.

In this case, its not the formatting scheme that protects the data, its the encryption.

But if you use NTFS you get encryption essentially for free.

As far as what you state as >4GB not being able to be used...youre wrong.

Not at all, go ahead and try to put a file >4G on a FAT volume and see what happens.

My current encryted volume is 40 gigs. Formatted with FAT.

And you will never be able to store a file >4G inside of that volume.

Wrong. INSIDE my TC volume, I have a 13 gig log file of network activity for the last 30 days for work. Outside of the volume, youre right. No go.

Your comment "But if you use NTFS you get encryption essentially for free" ROFL. file system != encryption.

 

[Nothinman]

Wrong. INSIDE my TC volume, I have a 13 gig log file of network activity for the last 30 days for work. Outside of the volume, youre right. No go.

Then there's a disconnect between what you're saying and what you really mean because no matter where you put a FAT filesystem it can't hold a file >4G. The file length field in the FAT is only 32-bit so it just can't happen. So your 40G encrypted volume has to be some other filesystem besides FAT.

Your comment "But if you use NTFS you get encryption essentially for free" ROFL. file system != encryption.

You need to work on your reading comprehension. NTFS comes with per-file EFS which is indeed encryption.

 

[blackangst1]

Originally posted by: Nothinman

Wrong. INSIDE my TC volume, I have a 13 gig log file of network activity for the last 30 days for work. Outside of the volume, youre right. No go.

Then there's a disconnect between what you're saying and what you really mean because no matter where you put a FAT filesystem it can't hold a file >4G. The file length field in the FAT is only 32-bit so it just can't happen. So your 40G encrypted volume has to be some other filesystem besides FAT.

Your comment "But if you use NTFS you get encryption essentially for free" ROFL. file system != encryption.

You need to work on your reading comprehension. NTFS comes with per-file EFS which is indeed encryption.

Seeing how you cant format a hidden TC volume in NTFS without corrupting the outer volume, I guess Im an exception the rule.

edit: from TC site itself:

A hidden volume can only be created within a FAT TrueCrypt volume (i.e., the file system of the outer volume must either be FAT12, FAT16, or FAT32). NTFS file system stores various data throughout the entire volume (as opposed to FAT) leaving little room for the hidden volume. Therefore, the Volume Creation Wizard prevents the user from selecting NTFS as the file system for the outer volume. The hidden volume can contain any file system you like. Note that the outer volume (when file-hosted) can be stored on any file system.

Note: Should you be asked why the file system of the outer volume is FAT, you can answer that you left all settings at default (FAT is the default file system for all TrueCrypt volumes). There are also other reasons to use FAT instead of NTFS (for example, FAT is faster and tends to get less fragmented).

 

[Nothinman]

A hidden volume can only be created within a FAT TrueCrypt volume (i.e., the file system of the outer volume must either be FAT12, FAT16, or FAT32).

Ah, so their hidden volumes are really just ugly hacks that depend on FAT's naive filesystem layout. That makes more sense now.

Note: Should you be asked why the file system of the outer volume is FAT, you can answer that you left all settings at default (FAT is the default file system for all TrueCrypt volumes).

Except that's not true anymore. NTFS has been the default since at least XP and you have to jump through some major hoops to create a FAT volume >32G these days since none of the MS tools will do it for you.

There are also other reasons to use FAT instead of NTFS (for example, FAT is faster and tends to get less fragmented).

The former is only true in some cases. The fact that the FAT is at the very beginning access to data at the end of the volume will be slower than NTFS because the MFT is in the middle of the volume. And reading large FAT directories is excruciatingly slow when you've got thousands of files.

 

[blackangst1]

double post

 

[blackangst1]

dude you are out of your league here and have no idea whatsoever what your talking about. This statement proves it:

Ah, so their hidden volumes are really just ugly hacks that depend on FAT's naive filesystem layout. That makes more sense now.

You really have no idea how encrytion works do you. /sigh.

Except that's not true anymore. NTFS has been the default since at least XP and you have to jump through some major hoops to create a FAT volume >32G these days since none of the MS tools will do it for you.

For OS file systems, yes. We arent talking about filesystems! What dont you understand about this? File system != encryption!

The former is only true in some cases. The fact that the FAT is at the very beginning access to data at the end of the volume will be slower than NTFS because the MFT is in the middle of the volume. And reading large FAT directories is excruciatingly slow when you've got thousands of files.

For file systems, yes, But again we are talking about TC hidden volumes.

Do some reading please. We are talking about two completely different things here, and you dont understand encrypted volumes. No offense, I didnt either until a few years ago.

Also, when you say "You need to work on your reading comprehension. NTFS comes with per-file EFS which is indeed encryption." technically youre right. But this...ahem...encryption scheme is so easily bypassed it's virtually non existant. It's like protecting your house with a screen door lol. Spend some time on Wilder's security boards and learn about EFS.

 

[Nothinman]

You really have no idea how encrytion works do you. /sigh.

I do but where/how TrueCrypt hidden volumes are stored is a completely separate issue.

For OS file systems, yes. We arent talking about filesystems! What dont you understand about this? File system != encryption!

But we are talking about filesystems, the volume inside of the encrypted container is still formatted with a standard filesystem. So if you format the filesystem inside of the encrypted container as FAT you're stuck with all of the other mis-features of FAT.

For file systems, yes, But again we are talking about TC hidden volumes.

But the hidden volume still contains a normal filesystem.

Do some reading please. We are talking about two completely different things here, and you dont understand encrypted volumes. No offense, I didnt either until a few years ago.

Actually I have, you're the one that seems to be confused.

Also, when you say "You need to work on your reading comprehension. NTFS comes with per-file EFS which is indeed encryption." technically youre right. But this...ahem...encryption scheme is so easily bypassed it's virtually non existant. It's like protecting your house with a screen door lol. Spend some time on Wilder's security boards and learn about EFS.

Please show me an EFS hack that actually works and doesn't require being able to get the user's password to decrypt the files.

 

[blackangst1]

Maybe YOU were talking about file systems. Ive only been talking about TC hidden volumes *shrug*

Cracking EFS? Done in less than 5 mins. The EFS keys are held in the registry. Boot off a Linux disk, grab the key from the registry, apply it to the "encrypted volume, bam. Youre in. Or do it the easy way and use Advanced EFS Data Recovery. Does the same thing but in a live environment.

Thats just one way. EFS is a joke.

 

[bsobel]

Originally posted by: blackangst1
Maybe YOU were talking about file systems. Ive only been talking about TC hidden volumes *shrug*

Cracking EFS? Done in less than 5 mins. The EFS keys are held in the registry. Boot off a Linux disk, grab the key from the registry, apply it to the "encrypted volume, bam. Youre in. Or do it the easy way and use Advanced EFS Data Recovery. Does the same thing but in a live environment.

Thats just one way. EFS is a joke.

Blackangst, I just noticed this thread and the amount of misinformation you are spuing is hard to believe. You've been wrong on most of your points yuet you accuse him of not knowing what he's talking about.

To the point above, the keys are easy to recover if you have physical access. Of course to use them you'll need to know the users login password, which is no different from having to know the users TC password.

This only really applies to a hidden volume. you see, NTFS by design writes data randomly throughout the disk, and leaves no room for a hidden volume. FAT on the other hand leaves the data on the platters nice and tidy. In this case, its not the formatting scheme that protects the data, its the encryption. So whether you use AES-256, Serpent, Twofish, or a combonation of these, it is THAT encryption that protects data. So it really doesnt matter what format its encrypting, its all the same. NTFS just doesnt play nice with hidden volumes.

NTFS doesn't write data 'randomly'. Its just the TC manipulates the fats to make certain parts of the disk unusable. Its an ugly hack. It would work the same on NTFS if they knew how to maniuplate the bad cluster list. Its not a file system limitation, its breaking an existing file system to allow a hack. As to Nothinman's 4gig comment, he technically correct but TC just blocks out multiple 4gig chunks and hides this detail from you.

Seeing how you cant format a hidden TC volume in NTFS without corrupting the outer volume, I guess Im an exception the rule.

Again, thats because TC is using a FAT hack which doesnt apply to NTFS. Its still an ugly hack in either case (ugly doesnt mean I dont like it, btw). You are talking about a subtask of hiding the volume in the first place. In NTFS you can just make it an alternate data stream on a file you know wont go away, same results on NTFS as you get on FAT with the hacks.

dude you are out of your league here and have no idea whatsoever what your talking about. This statement proves it:
Ah, so their hidden volumes are really just ugly hacks that depend on FAT's naive filesystem layout. That makes more sense now.
You really have no idea how encrytion works do you. /sigh.

He is exactly correct. How they store the hidden volume has nothing to do with how the data is encrypted, its just a trick to get a place to put the darn thing.

But this...ahem...encryption scheme is so easily bypassed it's virtually non existant

This is completely false. I'd be happy to give you access to my machine (sans my login password) and a TC volume. You won't (based on my pw strength) be able to break either. Suggesting their is difference here shows you know nothing about EFS.

Bill

 

[nerp]

TC is a really ugly hack. I wouldn't touch it with a ten foot pole. Using "hidden" volumes sounds useful for someone trying to hide a porn collection or something. Any professional with real encryption needs should look to EFS or something like Bitlocker.

 

[bsobel]

Originally posted by: nerp
TC is a really ugly hack. I wouldn't touch it with a ten foot pole. Using "hidden" volumes sounds useful for someone trying to hide a porn collection or something. Any professional with real encryption needs should look to EFS or something like Bitlocker.

I won't go that far, all of these technologies have their use. If the OP wants to move his external drive from machine to machine and access it from all, TC is a good choice. If he just wantes to protect it in case its stolen or encrypt some of the data on it from his primary machine, then NTFS with EFS is a better choice. Bit locker protects ALL of the data on the drive if its stolen, but is often still used with EFS so you still have per user (e.g. I can't access your files even tho I can login and have rights to read them) protection.

 

[blackangst1]

bsobel:

does the key not reside in the registry for EFS? I am assuming the EFS encryted volumes are inaccesable via something like a Linux boot disk? Again, I assume so. Im still curious about the registry entry. I seem to find differing opinions on this.

I didnt know TC breaks up large data chuncks invisbly. On that, I stand corrected. I tried without success to confirm my earlier statement via whitepapers, but couldnt find anything. I'll check later, but trust your comment. I guess in that sense, we were both right, and both wrong. Again, I stand corrected.

As far as the kiddy porn excuse for having a hidden volume..well...I almost take offense (only a little). Some of us really do have reasons for needing or wanting it. Is this feature available via Bitlocker? Thats one of the main reasons I use TC.

thanks for your answers.

 

[bsobel]

Originally posted by: blackangst1
does the key not reside in the registry for EFS? I am assuming the EFS encryted volumes are inaccesable via something like a Linux boot disk? Again, I assume so. Im still curious about the registry entry. I seem to find differing opinions on this.

Short answer no. Longer answer, which key. EFS as defaulted does have a local key on the box created from the users password (hence you need that to bootstrap an attack). The syskey can also be kept external, on a floppy, on id card, etc. That is the way 'real' users of encryption use it (most home users arent really using EFS in the way its designed, it is a corporate feature after all).

I didnt know TC breaks up large data chuncks invisbly. On that, I stand corrected. I tried without success to confirm my earlier statement via whitepapers, but couldnt find anything. I'll check later, but trust your comment. I guess in that sense, we were both right, and both wrong. Again, I stand corrected.

Its a minor point and doesnt really matter to the effectiveness of TC, you were just jumping on the other poster a little hard about it.

As far as the kiddy porn excuse for having a hidden volume..well...I almost take offense (only a little). Some of us really do have reasons for needing or wanting it. Is this feature available via Bitlocker? Thats one of the main reasons I use TC.

I didnt mention kiddie porn, so be offended at someone else for that comment. Trust me, any professional investigator knows in about 2 seconds if there is a hidden volume on the drive, the TC fat trick is just that, a trick. It will confuse your friends, but certainly not law enforcement if they pull the machine into special services for a look see.

As for bitlocker, bitlocker is full drive encryption.

Bill

 

[Paddington]

I made 2 NTFS partitions on my new drive, and I concealed the second one using true crypt. Oh yes, all of my pornography is now hidden.

Of course, I plan to buy my first Mac never later on this year, but we'll cross that bridge when we get to it.

 

[nerp]

I didn't mean to offend and I never said "kiddie porn" i simply said porn and that was a pretty tactless way of saying that hiding a volume isn't really effective at keeping it from someone who is really bent on retrieving your data. I meant to suggest that if you're serious about protecting data from prying eyes, sophisticated encrpytion should be priority one.