And these activities require the best protection out there. So I am going to talk about disk drive encryption in detail.
And I am mainly talking about how to encrypt your existing Windows partition, or any other part of the hard drive. I will also briefly talk about encrypting flash drives and other external storage units.
First let's talk about what software we should use. My favorite is TrueCrypt, since it's free and open source. Many people use PGP or similar software, which can't be carded, and people usually use cracked versions. Which wouldn't be recommended with all the FUD technologies which could easilly disguise a trojan or whatever virus inside the crack...so the companies can retrieve your bootup passwords and such.
There have also been court cases concerning the ability of Symantec (the owner of PGP software) to retrieve passwords via their clients' software. So it might be backdoored already, even if it's not cracked.
So that is why I stuck with TrueCrypt, which is open source and anyone can verify the source of the software for backdoors. They had no complaints whatsoever. I will also talk briefly in the end of the tutorial about methods of cracking TrueCrypt passwords as well as software used for this.
TrueCrypt can be downloaded from the official website. Always get the latest stable version, always update to the latest stable version. You can easily update even if your drives are encrypted.
We will also need Daemon-Tools, which can be downloaded from the official site. We will need this later to be able to encrypt the drive, and not save the recovery TrueCrypt image. We should install DT first, since it will most likely require a restart of the PC.
Chapter 1
Encrypting the System partition/drive
The installation of the software is pretty much idiot proof, so I will not talk about that at all. We will now go to the first step, encrypting the operating system partition or operating system drive.
Go to "Volumes -> Create New Volume". We will then be presented with 3 options:
- create and encrypted file container (which will be a larger file, containing other files. Everything will be encrypted and readable only when the password is used)
- encrypt a non-system partition or drive (this refers to partitions or drives not containing a operating system)
-
encrypt a system partition or system drive
(this refers to the operating system partition or drive. This is what interests us).
We will select the 3rd one, "Encrypt the system partition or entire system drive" and press "Next". We will then be asked if we want a "Normal" encryption or a "Hidden" encryption. We want a Normal one. The hidden one refers to making the operating system invisible. That would mean that the normal windows would run, and in it would run another encrypted operating system. This kind of protection is not really needed, so we want the "Normal" encryption.
After this we will be asked if we want to encrypt the Windows partition or the entire drive. This depends on how the drive is partitioned. If you only have 1 drive/1 partition then you want to select "Encrypt the entire drive". If the drive is partitioned in 2 or more partitions, then we want to select "Encrypt the Windows system partition".
We will then be asked if we want to encrypt the "Host protected area", which is the small partition created by PC/laptop vendors for recovery of the OS. It's best not to have one, and just use a backup DVD or w/e. I will go with "No" here, I've never used such a partition, always deleted them and used backup DVDs instead. This partition could also be just empty space (usually 8 MB - it can be seen all the time when formatting a drive). Anyway, just go with "No".
We will then be presented with other options: "Single-boot" system, or "Multi-boot" system. Most users just use one OS so we're interested in the first option, but if you're using more than one, just go with the second option.
The next screen asks for our encryption algorithm preferences. The normal one is good, but I like to go with "Twofish" since it's more advanced and newer.
Now comes the most important step of the whole process. Selecting a password. Now I have my own theory for this. TrueCrypt passwords can only be bruteforced, so selecting a password that seems random, with special characters, upper and lower case letters, as well as numbers is highly recommended. No dictionary words, no birthdays, nothing stupid like that. Use something advanced which you could also remember.
Never write down this password or save it somewhere else. Always remember it. If you will lose it, then you'll have to format the hard drive and install the OS again, and go through encryption one more time.
Nothing will be left to recover. Think about every possible way this could go wrong, and choose wisely. Do not use this password anywhere else. A good 30+ character password with special characters (?!@#$%^&*()_+[]\/?), letters (both upper and lower case) and numbers would be impossible to crack, or would take billions of years (yes, billions) to crack.
After we selected a password and entered it twice...we will be asked to move the mouse inside that window to create the random data pool which will create the algorithm for the keys. Move it around for 10-15 seconds and it would be enough. Press "Next" and "Next" after this.
You will then be asked to save the recovery image as a .iso file. Save it anywhere (choose location and press "Next" to save it), then load it into Daemon-Tools for verification. The next screen will be about verification. If the image is loaded in D-T you can press "Next" and the verification will be done and you'll be taken to the next step, which should say "Rescue Disk Verified". Press "Next".
You will be able to select a "Wipe Mode", which refers to the free space. I recommend using at least a "7 pass". You will then be asked to reboot the machine. Press "Test" and "Yes" to reboot.
When the machine reboots you will be asked for the password which you set up. Enter it correctly and the machine will go to Windows and you will be shown a last screen which should make you able to start the encryption process. Press "Encrypt" and wait for it to finish. It shouldn't take long, depending on how many passes you selected for the wipe mode, and what encryption algorithm you chose. My 50GB partition, with Twofish and 7 pass took 1 hour, or 1 hour and a half.
If you did not enter the password correctly you will still go to Windows but you will have to do the test again.
When the partition will be encrypting do not interrupt the process. You will lose data. Also the power should not be interrupted for the PC or w/e, laptop, etc.
I was unable to post too many screenshots for this process since my drive was already encrypted. I will post screenshots for the other things discussed at the beginning.
-
Chapter 2
Encrypting a non-system partition or drive (other hard disks, flash drives, usb sticks, etc.)
This is useful to save sensitive information and keep it safe from prying eyes.
We will again go to the "Volumes" menu and choose "Create New Volume". We will then chose "Encrypt non-system partition or drive" and then "Standard TrueCrypt volume. You can check the screenshot for more accurate info. Press "Next" when finished.
The next screen allows us to choose the device we wish to encrypt. So choose it via the menu like in the screenshot, and press "Next".
We will then be presented with two other options, as can be seen in the screenshot. The first one, "Create encrypted volume and format it" means that TrueCrypt will erase the drive and encrypt it. The second option "Encrypt partition in place" means that TrueCrypt will encrypt the drive as-is, and the data along with it. Which means there will be no need to format the drive. I will only go with the second option, "Encrypt partition in place". Press "Next" when finished.
You will then choose the algorithm. Just as with the system partition encryption. I suggest going for Twofish again. Press "Next" when finished.
You then have to setup the password, choose wisely, do not use the password elsewhere. Press "Next" when finished.
Now you'll have to move the mouse fast and as random as possible. Press "Next" when finished.
Then we go to Wipe Mode, again...choose whatever you think is fit. I chose None for this current drive, it's just a test. 7 pass should be enough. Press "Next" when finished.
Hit "Encrypt" and wait.
This basically sums up encryption and what need be done. Check out the screenshots as well. For you to be able to use the drive you need to mount it using "Auto-mount devices" which will automatically detect the drive if connected to PC (works for other partitions, external drives, etc.) and inputting the password. If correctly done then the drive shows up in TrueCrypt then in "Computer".
Chapter 3
Creating an encrypted file container
We will again go to the "Volumes" menu and choose "Create New Volume". This time we'll choose "Create an encrypted file container". Press "Next" when finished.
Then we select "Standard TrueCrypt Volume" as our option. Press "Next" when finished.
Then we browse to our external drive (might be encrypted or not - if encrypted it has to be mounted, so check back to the previous chapter for mounting instructions) and select a file name (no extension needed, name can be whatever) and press save. Press "Next" when finished.
We then choose the algorithm. Press "Next" when finished.
Then we choose the dimension of the file container. I recommend as small as possible. For example if you recon you'll be using only 100 MB of space, then make it of 150-200 tops. Play with the option and see what comes out. NTFS and FAT filesystems have different requirements. Check the info on the screen. Press "Next" when finished.
We choose a password. Press "Next" when finished.
We format the file container (not whole drive - so don't worry). Press "Next" when finished.
Voila, it is done! You now have an file that will contain many other files. For you to use this file container...when TrueCrypt is open, use "Select file" (as in the screenshot) and select the container. If you have it on an already encrypted drive, then that drive should already be mounted. Use "Mount" and you should then be asked for the password. Enter it correctly and the container should now be mounted.
Feel free to ask any questions
Chapter 4
Finding TrueCrypt passwords
This is a purely theoretical part of the tutorial. There was speculation around this for years, both about TrueCrypt as well as BitLocker (Windows proprietary encrypting software - I don't recommend using it) that they could easily be cracked and whatnot. One thing is certain, BitLocker stores the passwords in plaintext in the driver, at all times, and TrueCrypt does not. It only saves the password at bootup, so it could decrypt the keys and such, but it does not store the password in the driver afterwards. There used to be a way to recover such a password from the TrueCrypt driver, if the PC was suddenly shutdown or restarted. But this should not work anymore as the driver was patched over and over again with different updates.
Bruteforcing the password is another option. But bruteforce dictionaries are based on some kind of logic, so using an illogical password helps immensely. It would make the job impossible. For example: if we're using 1234567890 as a password, the dictionary probably already contains this string. But if we add !@#$%^&*()-= to it (some characters were made using SHIFT, some were plainly written) it makes it illogical. It makes it seem random, but yet easy to remember (since the logic was we entered all numerical characters, then we SHIFT-entered the first 10, adding -= at the end, without using SHIFT).
Everything like this adds to the strenght of the password. Another example would be adding q9p1m2z8 to an already made up password. This one has no apparent logic to it, but in fact it does use logic. I've used the 4 corners of a normal US keyboard (qpmz) in a clockwise rotation, with opposite numbers (9 for q, 1 for p, 8 for z and 2 for m). This logic (which appears to be and illogical way to setup a password) will make it easier for me to remember this password. But doing your own algorithm doesn't mean that the password will be crackable. Make up algorithms, make up passwords, find a way to remember them. Use online password generators that provide such a way (like a poem, or whatever) to remember the passwords.
Always shutdown the PC using the normal procedure, never reboot it by removing power. You can use your PC as before even when encrypted. You can still play games, listen to music, do whatever you want. It's as if it was normal...with the exception that now the data can only be read if you know the password.
I said I will also talk about cracking software that can be used to crack TrueCrypt volume passwords. I know of only one piece of software, and that is Passware Password Recovery Kit. There are others out there as well, I might into that too.
Let's take the Passware software. For it to be able to crack the TrueCrypt volume password, you need to have an EnCase image of the drive. And that image was supposed to be taken while the PC was running.
Which means they wouldn't need the password (they're not allowed to just copy/paste everything, they need to use EnCase, but still...if they had the PC running, that meant that the password was already entered, which meant the data was accesible on the screen). EnCase can only make images of up to 4GB as far as I know, and only using firewire ports. So if you really want to protect yourself, disable your firewire ports, or 1394 connection. You can also remove them, hardware-wise. Just cut the line. Then EnCase could not be used to create that image. For those who do not know, EnCase is a piece of forensic software used by investigators to make images of drives and analyze them for information. You can even test the software yourself to see if it will work with even simple passwords (3-4 characters).
I will cut this story short [url=http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html]with a piece of information[/url].
They say they can do it, and they've been setting up a Distributed Network Attack (DNA) service since 2006 (service also offered by the Passware crew - since Passware kit wasn't so easy to use - and required basically information you couldn't get, or unusable if you had it).
On the other hand, I could also refer you guys to an article about Max Butler, known carder...who was caught back in the day of CardersMarket by the FBI...who (supposedly) were able to crack his encryption password. But we do not know what software he was using, neither what software was used to crack that. And either way, time has passed since then, things are not that easy.
Now, the DNA system remains, as well as other methods used for weaker passwords. As an example...make a .rar archive with 123456 as the password. Use any cracking software for .rar archives, and it will take a lot of time on that easy password. Now, of course, on a distributed scale it wouldn't take that long, let's say, when 200k computers work on it at the same time. But cracking a 30-40 character password, with special chars, no logic in it, numbers, letters, etc...will take billions of years even for that supercomputer.
Basically what I want to say is...do use encryption, use open source software when possible. Other software might already be backdoored. Never save anything on the PC, use external drives for that.
And what you can do is...encrypt an extern usb drive (let's say a 8GB flash drive), inside it create an encrypted file container, and inside that file container another one. Then store the files in the 3rd container. Something like Inception encryption =) That will surely never get cracked. This is basically what the "Hidden" option for the encryption is.
Anyway, hopefully this helped or will help people stay on the safe side. Be creative, you can never be too paranoid.
Good luck!
A lot of work went into this tutorial. It's hand written, not copied, so no flaming or anything. I believe I covered the basics and more, so feel free to ask any questions if you have any.
0 Comments:
Post a Comment