Slightly less Random Ramblings

January 10, 2012

Thank you Asus!

Filed under: encryption, security, Truecrypt, Windows — Tags: , , , , , , , , — Robert Wicks @ 6:56 am

I bought an Asus U56E from Fry’s, which has an Intel i5-2410M CPU. The laptop has been very good, having excellent battery life and good performance. I replaced the internal optical drive with a drive caddy so that I could replace the internal drive with an SSD, but have an additional spinning drive in order to have a larger amount of space. My SSD has built-in encryption, however the spinning drive does not. I use Truecrypt. I wanted the i5 because I was under the mistaken impression that they all supported AES-NI. I later discovered that Intel has issued a microcode update for this CPU which enables the feature, but the BIOS manufacturer needed to enable it in the system BIOS. Asus has now enabled this feature in version 213 of the BIOS. Truecrypt’s benchmark performance has increased 5x since the update.

July 19, 2010

Automounting Truecrypt in Linux

Filed under: computing, encryption, linux, Truecrypt, ubuntu — Tags: , , — Robert Wicks @ 12:35 am

I have a dual boot system with Windows 7 and Ubuntu 10.04. In order to secure the system, I have system encryption with Truecrypt and encrypted LVM in Ubuntu. I need to access my Windows files from within Ubuntu. After a bit of searching around the Internet, I pieced together this command line, which I put in /etc/rc.local. Since my system is fully encrypted and used by only me, I’m not concerned about the password being in /etc/rc.local. I installed the Truecrypt console version.

I added the following line to /etc/rc.local:

echo “MyTruecryptPassPhrase” | /usr/local/bin/truecrypt -t -m system -k “” -p ”” –protect-hidden=no –fs-options=rw,noatime,umask=000 –filesystem=ntfs-3g /dev/<windows partition> /<local mount point>

By echoing the passphrase and piping it to the Truecrypt command, we avoid having it show up in the ‘ps -ef’ command. The filesystem will be mounted with 0777 permissions.

I have found that it is even possible to mount outer partitions (with hidden partitions inside) using this method, and protecting the hidden partition. The command is as follows:

echo “HiddenPartitionPassphrase\n\nOuterPartitionPassphrase” | /usr/bin/truecrypt -t -k “” -p “”  –protect-hidden=yes –fs-options=rw,noatime,umask=000  /dev/sda2 /windows

By using the hidden OS feature in Truecrypt, it is possible to triple boot your computer, with all data on the drive except for the /boot partition in Linux being encrypted. Since no secret information is stored in /boot, this is not a problem.

Blog at WordPress.com.

%d bloggers like this: