Need Help Using TrueCrypt on Linux Mint 15

H

h1machiii

Guest
I am totally lost here, a beginner with the command line, not very knowledgeable about Linux (or any OS) and out of my depth. I'm more of a hardware guy.
I installed Mint on my entire 1 TB drive and encrypted the entire drive with TrueCrypt during Mint installation. Now I find I have to install Windows on the drive in order to use some hardware that doesn't have a Linux compatible program and the Win program won't run in Wine. I don't know how to even find TrueCrypt (no listing in the Menu) so I can mount the volume, decrypt it, resize a partition and install Windows. Option?: move everything to my external drive, wipe the drive and install Windows and re-install Mint? I don't know what encrypted data may not be visible to me now and I may lose it if I mess up.
Can anyone help?
 


Truecrypt partitions cannot be resized. Sorry. When you boot into Mint, make a backup of your information to an external device. Then in Windows installer let it erase the entire drive. Install Windows, then in Windows resize the drive. Then install Mint to the freespace. Really there is no other way. I personally think Truecrypt is not worth it..encrypting files/folders is good enough...not the entire drive. Unless you are setting up a server... Installing Windows first is also a GREAT idea. Windows tends to erase the entire drive anyway.
 
Truecrypt partitions cannot be resized. Sorry. When you boot into Mint, make a backup of your information to an external device. Then in Windows installer let it erase the entire drive. Install Windows, then in Windows resize the drive. Then install Mint to the freespace. Really there is no other way. I personally think Truecrypt is not worth it..encrypting files/folders is good enough...not the entire drive. Unless you are setting up a server... Installing Windows first is also a GREAT idea. Windows tends to erase the entire drive anyway.
 
Thanks a lot Ryan. I thought I would be able to get away from Using Windows at all. I seriously don't like Microsoft and its products. When I installed Linux I wasn't aware my Windows specific hardware was under warranty and would be replaced. I have a need for encryption and with limited knowledge of Linux I am not sure I would be able to secure what needs to be secure, didn't want to leave anything vulnerable. I have backed up everything and was waiting on an answer before moving on. Your recommendation is clearly the best way to go. Thanks again!
 
I have to disagree with you ryanvade in your idea that encrypting just select files is good enough. It really depends on how critical it is for the data to be protected. When you work on files almost without fail temporary copies of the file are made. These temporary copies are made in un-encrypted parts of the drive. This opens up the possibility of someone getting access to an un-encrypted copy of the file even when the original is safely locked away.

Admittedly, this is a bit more paranoid than most people need, but encrypting the full drive means you have closed a few more holes in the security. So like is often the case with security, you have to figure out for yourself the balance of convenience and security.
 
I'm revealing my cluelessness but now I have to agree with Machin. Having the entire drive encrypted removes any worry about leaving a document unencrypted when I want to protect it. The only problem I ran into was trying to re-size the partition of an encrypted drive. But I did use Ryan's suggestion to back everything up and wipe the drive. Once my replacement Win disk comes in I'll install Win and then re-size the hdd and then re-install Linux Mint. In the meantime I ran into the problem of actually using TC. After install I couldn't find it on the menu and after extensive searching I found the GUI and installed that. The GUI appeared on the menu but later on disappeared. I did several installs and each time I got an message that there was an error (in the package). This is the only drawback I find with Linux; successful installs for individual packages vary, with some working better installed in a terminal, some with the Package Manager and so on. It's all a learning experience.
 
Lets say you only encrypt the drive. If someone is able to decrypt it, and it is VERY possible, then the cracker (the correct term) has access to all your files. If you encrypt each file differently, using different keys for each file, it takes the cracker even longer to get your data. Giving you more of a chance to catch him/her.

As for the backups, most programs delete the temp file when you exit. So the only way to get to the temp file is when the program is opened. So, in this scenario, the cracker either already has access to your HDD and has decrypted it or he/she has got remote access with the ability to open programs or view what you are doing. If the program follows more secure procedures, the temporary copy is kept in ram. You can use security patches applied to the kernel like grsecurity to encrypt the ram even further. Helping with that issue.

Neither solution is 100% secure. A mixture of both encryption systems is probably best.

good points.
 
I am very glad I posted my issue, I am learning so much. I see your points; and I may have already addressed some of them. I haven't encrypted the whole drive yet (waiting for my replacement copy of Win 8 from my computer manufacturer) But what I am doing is moving sensitive files onto a portable device (thumb drive, portable hdd, SD card) and removing any traces (I hope!) from my drive. I am planning on encrypting each of my different portable devices with different keys. Looking for info I stumbled across Qubes. Are you familiar with it? They say it is much more secure because it doesn't give applications access to other applications through the un-secure OS (Windows surprisingly is a bit better than Linux at trying to prevent this, they say). I understood some of it but when the talk turns to things like kernels I get a little lost.
 
But what I am doing is moving sensitive files onto a portable device (thumb drive, portable hdd, SD card) and removing any traces (I hope!)

Only way to completely remove any trace of the files off the HDD is to destroy the HDD completely. Being a bad solution, you can wipe the drive with an NSA rated HDD wipe program. Be prepared for DAYS worth of passes.
 
The main question you have to ask yourself really is "What are you trying to protect against?" The world of computer security is really fascinating and once you start down that rabbit hole it is easy to get spooked when you realize what is possible. Even physically destroying a disk does not guarantee that the data cant be recovered BUT it does guarantee that only a very select few have that kind of resources.

Point is, if your protecting against the average guy, then encrypting your files simply in a container that you open as needed is good enough. But if your worried about someone getting physical access to your machine and doing deep analysis on it.... then you need to take a lot more precautions.
 

Members online


Top