Part 3: TrueCrypt on Fedora 20

In Part 2 of this article, I went over some different ways to setup TrueCrypt. In this part of the article, I will be doing the actual encryption.

 

Hardware info

I thought it would be helpful if everyone knew what hardware I was doing this on. Currently, I’m using an Acer Aspire Timeline X 4830T that I bought in June 2012. Specs are as follows:

I mention this because it’s particularly important to note the CPU specs. This particular CPU doesn’t support the AES instruction set that applications use to increase the speed of AES encryption and decryption. Because my CPU doesn’t have this, TrueCrypt can’t take advantage of this hardware acceleration to do the encryption faster. As such, my times here are probably going to be slower than yours.

 

Encrypting

Start TrueCrypt by going to Menu–>Accessories–>TrueCrypt and select Create Volume.

20140509_001

 

Step 1 – Select a volume type

At the volume creation wizard, choose Create a volume within a partition/drive. Again, I chose this option over using a file container.

20140509_002

 

Select Standard TrueCrypt volume. You can read more about hidden volumes here.

20140509_003

 

Step 2 – Select your device

Select your device and proceed. Please don’t blindly select /dev/sdb without checking your system first. This process will destroy any data on the device you select.

20140509_004

20140509_005

 

You’ll need to accept the warning that recommends you use a file container.

20140509_006

 

Enter your password (this is why you need sudo access).

20140509_007

 

Step 3 – Encryption options

I’m not going to write (yet) about which encryption algorithms are strongest/best. But, in my opinion, you should use a least two cascading ciphers. In the event that one algorithm is broken, flawed, or backdoored by the NSA, you’ll still have one or more algorithms protecting you. Same goes for your hash algorithm.

20140509_008

 

Protip: Use the Benchmark option to see how your system performs with various configurations.

20140513_001

 

Step 4 – Passwords and keyfiles

This is the most important step, because no matter which algorithm(s) you choose, it won’t do you any good if you have a weak password. TrueCrypt has some handy tips when it comes to choosing a good password. The key here is randomness and length. Size does matter, gentlemen.

20140509_009

 

I recommend using a keyfile as well. A keyfile is one of three factors of authentication:

  • Something only the user knows (password, PIN, pattern, etc…)
  • Something only the user has (keyfile, hardware or software token, SMS confirmation code, smartcard, USB token, etc…)
  • Something only the user is (biometrics, e.g. fingerprint, iris scan, etc…)

When you combine two or more factors, you decrease the chance of being hacked. In this case, we’ll be using a password as well as a keyfile. When you want to decrypt your drive, you’ll need to provide both. In the event someone were to obtain your keyfile, they wouldn’t be able to decrypt your drive without knowing the password, and vice versa. However, once you create a keyfile, you cannot edit it. I would also recommend keeping multiple copies of the keyfile (email to yourself, store in a secure cloud service, etc…).

Instead of choosing an existing file, I chose Generate Random Keyfile.

20140509_010

 

Select a mixing PRF, and start moving your mouse around like crazy! If you’re curious, what you’re doing here is increasing the entropy, which is basically the “randomness”, of the keyfile. Computers can’t generate a truly random number, so at best, they are called psuedo-random. Typically, they start with a seed (e.g., time of day) and run that seed through an algorithm, then run that output through another algorithm, and so on. However, if someone knew the initial seed, and which algorithms were used, they would be able to generate the exact same output. To circumvent this, we need something that is more random. The path your mouse takes while you’re moving it around like a madman is considered to be random enough that it can’t be reproduced.

20140509_011

20140509_012

 

Save your keyfile and add it to the list of keyfiles.

20140509_013

20140509_014

 

Step 5 – Filesystem options

TrueCrypt will present you with a few options to determine which filesystem to use.

20140509_015

20140509_016

20140509_017

 

Step 6 – Push the button!

Again, more entropy-creating goodness. Once you’re ready, click Format to begin.

20140509_018

20140509_019

20140509_020

 

As you can see, my CPU was pretty much consumed during this process. I let this run overnight.

20140509_021

20140509_022

20140509_023

 

In Part 4 of this article, I’ll show you how to use your newly encrypted drive.

UPDATE – Since TrueCrypt went offline, I won’t be posting a Part 4 of this series. I’m looking into a replacement for TrueCrypt.

-Logan

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.