• cracking wep with no clients
  
• crack wep with aircrack + inject packets ( Windows )
  
• how to bug e-mail
  
• aircrack on backtrack with clients ( wep )
  
• writing a port scanner in java
  

• ettercap part 1
  
• ettercap part 2
  
• rainbow tables
  
• social engineering
  
• google security
  

• using truecrypt to lock up your private data
  
• nmap scanning and portsentry evasion
  
• nmap scanning and portsentry evasion 2
  
• windows xp security
  
• php filtering with owasp
  

• quick and simple netbios exploitation with windows xp
  
• quick and simple netbios exploitation with windows xp 2
  
• quick and simple netbios exploitation with windows xp 3
  
• quick and simple netbios exploitation with windows xp 4
  
• quick and simple netbios exploitation with windows xp 5
  

• computertutorials
  
• computertutorials2
  
• securitytutorials
  
• computertutorials3
  
• computertutorials4
  
• securitytutorials2
  
• securitytutorials4
  

USING TRUECRYPT TO LOCK UP YOUR PRIVATE DATA

Using TrueCrypt to lock up your private data

TrueCrypt is an open source (meaning free) encryption tool for encrypting folders or entire disk partitions. It creates virtual encrypted volumes that can be mounted as drives. You can use either passwords or keys to access your encrypted volumes. Keys require the normal key management (storage, backup, etc.) that would be required with Microsoft's EFS or other encrypting system that is key-based. With passwords, TrueCrypt becomes a true on-the-fly encryption tool. TrueCrypt is an open source project, and the download is available from SourceForge.

Here is the TrueCrypt home site: http://www.truecrypt.org/

The recent news of laptops filled with thousands and millions people's private information being stolen is disturbing. Each issue of SANS NewsBites generally has one article dealing with a recent theft of identity information. In many cases, the issue would have been mitigated by the simple encryption of the laptop hard drive or partition, or encryption of the volume containing the sensitive information. TrueCrypt makes this amazingly simple and transparent to the authorized user, and impossible, or near that, to the unauthorized user.

Caveats

1. As with any encryption that you might do on your laptop, home system or work system with TrueCrypt or any other encryption system, always have an unencrypted copy of the information available in a backup media (CD, Tape or other system). The encrypted copy of the files should never by the only copy of the files that you have. That is just a disaster waiting to happen.

2. Key management is tricky. Lose a key and you very likely will not be able to recover your files protected by that key. Same with password protection. Back up your keys to reliable media or record your passwords in some secure way so that you have a way to recover your files. Encryption can be a one-way road to hell if you don't plan ahead.

Installation

TrueCrypt must be installed on the workstation with local administrator credentials. I installed it on my laptop. Fine. I needed to request that our support dude install it on my work system. (I will be installing it on my home system and a couple Linux VMs to test the cross-platform stuff later)

It is a simple installation and is over in less than a minute. Once installed, it can be run by the limited user with no problem.

The First Encrypted Volume

For the first test, we'll make a volume on your C: drive. Launch TrueCrypt and click Create Volume. For now, we just want a standard volume, so just click Next. The Location of the volume can be a bit confusing to the first time user. I was for me. Don't select a device. Just click Select File, then browse to a directory on your C: drive and type in a file name. Click OK, then click Next. Choose the encryption algorithm and a hash algorithm. There are a lot of options for encryption. We can use AES for this example. Play with the rest later to find something that suits you. There are three options for hash, RIPEMD-160, SHA-1, and Whirlpool. Experiment with various combinations and check the performance of the system when opening and closing files in encrypted volumes.

There is a Test button and a Benchmark button that will evaluate the combinations based on your system. On my system, AES is the fastest at encryption, but slower than Blowfish and Twofish at decryption. AES is second fastest overall in Mean Speed, behind Blowfish. You will choose your combinations by making the required tradeoffs between performance and strength.

Once you get the combination set, click Next and set the size of the virtual volume. For this test, I set 50 MB. Click Next, then enter your encryption password. You can choose, at this point, to use keyfiles. For our test, though, we'll stick to passwords. Click Next. This next screen allows you to select an NTFS or FAT file system (use NTFS). Before you click for Format button, move the mouse around, or (as I'm doing now) type characters on the keyboard. This adds "salt" to the encryption. When you click Format, it takes about 6 to 10 seconds to format the 50 MB, depending on your system. Then, click Exit.

You are now done with the basic volume creation. To access the volume, you must mount it. In TrueCrypt (remember that thing we launch first?) click Select File, browse to the file you created above, and click Open. The file name appears in the volume field on the TrueCrypt screen. Select an available drive from the list above, then click Mount (lower left of the screen). You are prompted for your encryption password and the mapped drive appears on the TrueCrypt screen. Open your Windows Explorer and expand the My Computer tree.

You will now see the mounted volume as a drive in the tree. You can use this like any other drive attached to the system until you dismount it. All the files you copy into these virtual volumes will be encrypted. The file is the only thing that will be visible outside the TrueCrypt application. If the volume is dismounted, the files inside will not be accessible until the volume is mounted again with the password (or keyfile, if you used that), and the volume looks just like any other very large file on your file system.

Mobile Media

The process is about the same with thumb drives, SD or other memory cards. The main difference is that some devices cannot be fully encrypted. I tried to fully encrypt my little 32 MB thumb drive, but got errors when I tried to format either as FAT or as NTFS. I was successful when I created a 15 MB file on the thumb drive (I had to leave some normal space on the device for it to work) instead, and formatted as NTFS. I mounted the drive as above, using another drive letter, and was able to move files in and out of the encrypted volume. TrueCrypt will successfully format some mobile media completely, but you'll have to try yours out.

Aside from those issues, setting up a virtual volume on mobile media is the same process as with setting up the hard drive.

The Help file that comes with TrueCrypt is full of great ideas for using this tool, including setting up a traveller disk. Since this is an open source project, there are new features planned and on the wish list. But, as it stands, it is a very useful and reasonably complete package.

Original Tutorial by rapier57 for TheTAZZone-TAZForum

Originally posted on June 1st, 2006 here

Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post...we do not sell, publish, transmit, or have the right to give permission for such...TheTAZZone merely retains the right to use, retain, and publish submitted work within it's Network.