TrueCrypt 6 and pagefileing

Discussion in 'OT Technology' started by zanyspy_dude, Jul 26, 2008.

  1. zanyspy_dude

    zanyspy_dude King of teh n00bz

    Joined:
    Aug 29, 2002
    Messages:
    4,473
    Likes Received:
    0
    Location:
    Indianapolis, IN
  2. zanyspy_dude

    zanyspy_dude King of teh n00bz

    Joined:
    Aug 29, 2002
    Messages:
    4,473
    Likes Received:
    0
    Location:
    Indianapolis, IN
    I'll just put the page file on the encrypted drive.
     
  3. Cthalupa

    Cthalupa New Member

    Joined:
    May 5, 2006
    Messages:
    46,930
    Likes Received:
    0
    Location:
    Dallas, Texas
    It allocates all of the space when you create the encrypted file, so it won't overwrite it with the the page file.

    If you create a 4gb encrypted drive, it will create a 4gb file.
     
  4. Bruticus

    Bruticus half dead OT Supporter

    Joined:
    Apr 10, 2004
    Messages:
    4,608
    Likes Received:
    0
    Location:
    Melbourne
    If your whole OS (and all your drives) is encrypted, it will be too. Otherwise it depends where you put it.
     
  5. Sailor Jerry

    Sailor Jerry OT Supporter

    Joined:
    Nov 13, 2007
    Messages:
    35,173
    Likes Received:
    8
    Location:
    Dirtona Beach
    Depends whether you encrypt the entire system drive or just make a small encrypted volume with it. If you encrypt the whole drive, you're fine. If you don't encrypt the entire drive, then theoretically somebody could extract the key from you page file.
     
  6. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    just be prepared for a pretty big performance hit.
     
  7. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    I shudder to think how much slower your machine will run if everything is encrypted, using software encryption no less. At least DoD hard drives have hardware encryption.
     
  8. Cthalupa

    Cthalupa New Member

    Joined:
    May 5, 2006
    Messages:
    46,930
    Likes Received:
    0
    Location:
    Dallas, Texas
    For what it's worth, the TrueCrypt guys suggest buying more ram and turning of the pagefile. There's no good solution to encrypt the page file.
     
  9. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    at my last job, all laptops had to have their drives encrypted. pretty bad hit to performance.

    if this is a PC, could you put in a second drive just for your page file? or could you create a second partition on your hard drive just for the page file? i know that isn't generally a good idea because it forces the head to jump around more, but it would probably be better than an encrypted page file.
     
  10. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    The best solution is to have the computer erase the pagefile every time you shut down. It takes longer, though.
     
  11. Cthalupa

    Cthalupa New Member

    Joined:
    May 5, 2006
    Messages:
    46,930
    Likes Received:
    0
    Location:
    Dallas, Texas
    Except there's no way to securely erase files. Even those file overwriters that supposedly conform to DOD level standards, a computer forensics expert can recreate shit using an MRI machine. I read a few articles about it once, pretty cool stuff.

    Expensive, but if you're really worried about security, you can't have the page file enabled.
     
  12. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    hey zanyspy, what exactly are you looking for this level of encryption for? is it just due to paranoia or do you have a legitimate reason for it? would it be ok to just encrypt your data instead of encrypting everything?
     
  13. Sailor Jerry

    Sailor Jerry OT Supporter

    Joined:
    Nov 13, 2007
    Messages:
    35,173
    Likes Received:
    8
    Location:
    Dirtona Beach
    I tried it a not too long ago and only noticed it during file transfers, but I have a quad-core and 4 gigs of RAM so I suppose that helps.

    I ended up doing away with it because I have no reason to encrypt my desktop. I could see it being very useful on a laptop, though.
     
  14. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    If you can afford to equip all your machines with an assload of RAM (preferably sterilized first), then that's fine.
     
  15. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
  16. dissonance

    dissonance reset OT Supporter

    Joined:
    May 23, 2006
    Messages:
    5,652
    Likes Received:
    1
    Location:
    KS
    Interesting. We are doing tests on some new Seagate FDE enterprise drives. I don't know if they are SATA/SAS/FC or what though. Friend of mine here does a lot of our drive certification and was telling me some about them.
     
  17. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    The ones I linked are SATA.
     
  18. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    it is kind of funny that the OP just abandoned his thread. he asks a question at midnight, doesn't get a response within the hour so he answers his own question and that's it. lol.
     
  19. dissonance

    dissonance reset OT Supporter

    Joined:
    May 23, 2006
    Messages:
    5,652
    Likes Received:
    1
    Location:
    KS
    This is C&P, we don't need the OP in order to discuss his/her question.
     
  20. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    no, i know, but i'm interested in what the purpose of encrypting the system was. i find it stupid that people come in here very late at night, throw a stupid question out there and then get annoyed when no one responds immediately.
     
  21. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    If he wasn't a real techie, chances are the idea wasn't thought through that well, and he was only looking for the first solution, not the best solution.
     
  22. Cthalupa

    Cthalupa New Member

    Joined:
    May 5, 2006
    Messages:
    46,930
    Likes Received:
    0
    Location:
    Dallas, Texas
    I originally misread his concern as that the pagefile would overwrite stuff on his encrypted drive :o

    For a whole drive, going with a HD that uses hardware encryption really is the best bet.

    But then you have to deal with RAM. Whatever was in it last when you shut down will still be there, unencrypted.
     
  23. aim2kill

    aim2kill New Member

    Joined:
    Mar 19, 2008
    Messages:
    631
    Likes Received:
    0
    Location:
    deployed.
    yes/no

    i work for DoD, we have tools. :rolleyes:

    a tool in the common though is BC wipe, you can set it for as many passes, and write whatever char. you want to the drive and the pattern (ie. 1111 or 1010 or 0000 ect)
     
  24. Cthalupa

    Cthalupa New Member

    Joined:
    May 5, 2006
    Messages:
    46,930
    Likes Received:
    0
    Location:
    Dallas, Texas
    ...Yes, I understand this. However, using an MRI machine, a forensics expert can recreate the passes used to wipe, based on the magnetic strength, or something like that. It was beyond my understanding, but the cliffnotes version is that no matter how many times you wipe over it, they can still recreate the original data, with enough effort.
     
  25. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Last I checked, DoD wipes the disk 7 times, then microwaves the platters, then runs them through a shredder, then puts the bits into a locked safe until the info on the disk is declassified.

    Even an MRI isn't going to read that, not least because it's locked in the geometric center of a secure, military-guarded building.

    The key to DoD's approach is a good idea for regular users, too -- if nobody ever gets their hands on the disk, nobody can ever read the data. If you have important data on a disk, stick it in a box in your attic and don't throw it out until the info is totally irrelevant and overcome by events.
     

Share This Page