Thread: TrueCrypt 5.0a - Non KakaWare
View Single Post
  #58 (permalink)  
Old 02-16-2008, 10:58 PM
nemo_outis
Guest
  
Posts: n/a
Default Re: TrueCrypt 5.0a - Non KakaWare
bealoid <signup@bealoid.co.uk> wrote in
news:Xns9A46E140D211YAsfKJXSTO@194.117.143.38:

> Just checking, but if I have a separate disk (D:) and encrypt all of
> it - using Truecrypt-, with the boot stuff on some other disc (either
> C: or some bootCD) : Is Truecrypt being used as full disc encryption?
>
> And if not, why not?

There are many OTFE programs that are capable of encrypting *all*
partitions on a HD used to store *data.* Some, by treating the HD as a
superfloppy, even encrypt track 0 on a *data* drive (Truecrypt refers to
this as device encryption whether the device is a USB stick or a HD).
Thus all partitions on all HDs could be encrypted with one very important
exception: the boot/system partition (e.g., the Windows partition). For
instance, earlier versions of Truecrypt (to 4.3a) could do this.

However, the term "full disk" encryption is generally reserved to mean
capable of encrypting all partitons on all HDs *including the boot/system
partition* - IOW, *all* partitions on *all* HDs. However, an unencrypted
bootstub on track 0 of the boot/system HD is still required to let the
computer boot. Truecrypt only added this extremely useful feature
(i.e., encrypting the Windows system partition) in version 5, thereby
becoming full disk encryption.

Regards,

PS The twits who continue to stridently reply to my posts object to this
longstanding, near-universal useage of the term "full disk." They would
reserve the term for an OTFE system that could encrypt all partitions on
all drives *including track 0." The problem is that they are speaking
about the null set, since no OTFE program for Windows, as delivered, is
capable of this without hacks.

It can be done, of course, but only by tricks/hacks: the unencrypted
bootstub code (and related info) have to be moved to some other device,
typically a removable one such a a USB pendrive (or a CD, or over the
network, etc.). This would allow all permanently mounted HDs to have all
partitions encryypted and also their HD track 0s. Some folks have hacked
Truecrypt to do exactly this (in a number of slightly different ways) -
it is an avidly discussed topic on the Truecrypt forums.

Alternatively (and slightly inconveniently) track 0 can be overwritten
with random garbage at the end of each session and restored (typically
from the OTFE vendor's recovery diskette/CD) at the start of the next
session.


Reply With Quote