encryption - Can Truecrypt encrypt a full hard disk/drive , when/if incase it contains some 1) read/write errors ? 2) bad sectors?
2014-01
kaustubh
Can Truecrypt encrypt a full hard disk/drive , when/if incase it contains some 1) read/write errors ? 2) bad sectors ? Before or even if after , they are fixed and recovered by windows chkdsk etc...
Details : I’ve an all Empty Seagate Barracuda 7200.12 500GB HDD , which I m trying to encrypt by Truecrypt, I m using it as an external HDD via USB 2.0 connection , ( by USB to ATA/ATAPI bridge , as it says in windows taskbar notification area..as it’s USB to SATA connection) The problem I m facing is HDD is detectable by my windows 7 normally for hours like , and when I start encrypting it by Truecrypt , It encrypts it for a while like 41%-50% till around , and then suddenly Truecrypt Volume creation wizard says – “The Device is not ready “ , and then HDD isn’t detectable by windows 7 after that , ( as it ejects ) , which otherwise performs normally and is detectable…
I thought might be there can be an error on drive or bad sector…
So Then I ran a couple of Diagonistic tests too to check…
1) Windows Chkdsk reports - No errors and 0 bad sectors
2) Seagate Seatools “PASSES” it in all tests , from Short generic to Long generic test…
3) Ariolic disk scanner , at one scan , reported 62 read errors in one red dot block while scanning In its GUI interface rest all were green , and then stops the scan any further…
4) I’ve not given Spinrite yet a try…
Now I can’t make out What cud be the problem , and as though Why I can’t encrypt it… (Note : Also the disk is supposingly New and for it has been Replaced by Seagate in exchange of my earlier Seagate hard disk which was making noise , so they made a replacement under warranty ) This one works normally, but doesn’t lets me encrypt !
mic84
It treats the drive the same way as a non-encrypted disk with or without ‘bad sectors’
Forum answer here
It should still encrypt part of:
Here are the potential "gotchas":NO3.
sorry,posted in wrong part,
It works like a normal drive, as if a folder or program could not write to a bad sector,
so they stop full encrypt as this would be a possible security risk/ try 2 or 3 smaller ones if can.
Your drive is unlikely to be 50% bad sectors-maybe just in the middle.
localhost
If you have access to a linux machine, I'd try running a long offline test with smartctl. I'm sure there is an equivalent tool that works under windows, although I don't know the name of one.
I believe using SMART the disk does the error-checking itself. I use SpeedFan under Windows to view the drive's SMART data, but AFAIK SpeedFan can't trigger the error-checking of the drive.
I would question the safety of using a drive with bad sectors to store important data on though. If your data is valuable enough to encrypt, it should be valuable enough to put on a good drive that isn't likely to fail at any time. Beyond the hassle of recovering from a failed/unreliable drive, a 500Gb drive is about $60 ATM (Apr 2013). How much is your time worth?
Bill Grey
I would like to encrypt my disk, as while I don't have anything illegal, there are some things I would rather not be interrogated about or cause confiscation of my belongings while going through customs in the US or other countries.
I have 1 300gb hdd, which has about 100gb free. I would like to encrypt the contents, but do not want to be forced to give up the encryption key.
The solution to this seems to be to use a truecrypt hidden volume. However, my concern, is to allow my data to grow as needed, naturally. I was considering using a hidden OS partition, but wonder how reliable this is.
So, can a hidden OS partition be any size, and can it be protected against files written outside of it?
Is there a way to hide the size of a hidden volume? If Someone sees my 'main' volume, and see it only has 1gb of files, will this show as 299gb free, or will the hidden volume visibly be taking up space?
Otherwise, the used space would be a giveaway..., if so, is there any way to overcome this?
Is it possible to boot windows without a password, i.e. normally, and then boot my 'real' hidden OS volume only with a password?
Ilari Kajaste
The hidden partiton is inherently completely hidden - it lurks within the free space of the normal "outer" encrypted partition. There is no record of it, nor it's size, and you can only access it by providing it's own password.
There are two ways of mounting the outer encrypted partition. Only by it's own password, or also accompanied by the hidden partition's password to inform the system of the existence of the hidden partition.
If you mount it without the hidden partition's password, the system has no knowledge of it, and there's no way to know there's data to be found in the free space. Since it has no knowledge of it, the hidden data is not protected, and any writes done to the free space are potentially overwriting hidden data. Tough luck.
If you mount it by also providing the hidden partition's password, the system will know where the hidden data is, and the hidden data will be kept protected. It prevents any overwrites with an error. It will not move the hidden data around to avoid the overwrite, because this would compromize it's security - it will only prevent the overwrite with a write error (in fact also making the whole system read-only until a remount).
So in everyday use, you'd have to always mount it with both passwords - but if you're forced to provide a password, you can only provide the normal password, and there will be no way to know that you have created a hidden partition too. There is no huge "hidden.dat" -file or such, only free space, which if examined, will show random incoherent bytes.
Of course, if you're using the hidden area from an OS that's not itself running in a hidden partition, there is a risk that the OS or some of the applications used for handling the data betray the existence, or even store a cached copy, of files in the hidden partition.
In your case even the OS would be within the hidden partition, creating a hidden operating system. In this case, there's no risk of it being compromized. (Of course there are always risks from outside the system, like getting keylogged, monitored by hidden cameras, remotely viewed by psychics, socially engineered by spychicks, abducted by aliens, and so on... but you get the idea.)
You'd also need to have a decoy operating system on an different partition (using the outer encrypted partition for data), for plausible deniability. You'd also need to use the decoy quite often for non-sensitive work so that it wouldn't look suspicious. So yes, I would imagine size might become a problem there, since writes to the data area (that contains the hidden operating system within the free space) have a good chance of failing (when colliding with the hidden data) unless there's a lot of truly free space. But I'm not familiar with usage of hidden operating systems, and there might well be some countermeasure for this that I'm not aware of.
The TrueCrypt documentation has quite a lot of stuff about this, and it's well worth reading.
Andrew Moore
The best way would be not to encrypt your whole drive, but simply create a volume on the drive (as a file)...
Some tips:
- Use a file archive extension (zip, 7z, rar)... It's rather easy to claim if they come upon it that the file contained a backup and seems to be corrupted now. [Don't use zip for a volume over 4GB... Zip files cannot exceed 4GB, having a larger file would arose suspicion].
- Or use a unknown extension (.sync for example) and if asked, say it is used to backup a smart device which isn't with you.
- Don't create a volume with a round number of bytes (say exactly 10GB). That's way too suspicious.
- If they ask why TrueCrypt is installed, just say you have an external hard-drive encrypted with it for security against thieves, which is not with you right now.
William Hilsum
It is really up to you what to do... If you are stopped, they can request your encryption keys and detain you if you refuse to reveal them.
I personally would just opt for either full drive encryption using Bitlocker on Windows, or if that is a no go, I would use Truecrypt and just normally set up a drive from a file.
If you go to any effort to hide, it would just look a lot more suspicious than having the files unencrypted.
Sorry, I know that this is not really what you want to see, but if you really do not want anyone to see your files, you are probably just best off leaving your laptop at home and using remote desktop or remote access or similar.
pipTheGeek
I don't think that truecrypt would be able to make an OS volume that would boot normally. If you are encrypting the OS partition then I'm not sure how much you would gain by using a hidden volume. You would also have to install your OS twice, once in the hidden volume and once in the ordinary volume, and make the ordinary OS look full enough to be your actual OS.
Obviously I don't know what it is that you want to keep hidden, but I would agree with the other answers that making a volume in a file would be a better option.
Lastly, encryption is restricted in some countries. For instance, France had laws that meant encryption was tightly controlled and you could be required to hand over keys. Some brief research shows that they are changing these laws.
Have you considered using an on-line backup service like Mozy to store the files you want kept secret. During travelling you could leave a backup copy on removeable media at home and delete them from your laptop. Mozy make a network drive available that you can use to restore any files you want over the internet. Or you could encrypt the files and put them on a service like MS sky drive, or whatever they call it now.