Active Topics

 


Reply
Thread Tools
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#81
It's funny you should say that. I have a 15GB Truecrypt container on a file server that I keep for very sensitive documents that I might need to use from different workstations. So I mount that on the fly when I need to, and dismount it when I'm done. However the local workstation is still doing the actual decryption processing.

I think you're referring to keeping a container on a remote server and having the remote server actually mount the volume so the server is doing the crypto. The only thing I'd be careful with in that scenario is that you dismount the volume when you're done.

I'm not sure I'd bother encrypting a hard drive or volume on a server that is powered on 24/7 unless you're worried about it getting physically stolen. If someone can physically get to the server and access it locally via the console or copy out your data to a USB device then encryption won't really help.
__________________
http://www.securix.net
http://www.prog.fm
 
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#82
Yes, the client can do the decrypting, or the server (over a secure line connected to client). I seriously doubt a NIT can outperform a fileserver in this regard, but I like to be surprised!

Good point, on the unmounting but the encrypted HDD can remain mounted while its running as long as the system is not remotely exploitable. If one has physical access, they'd first need to perform say a cold boot attack method. USB access can be disabled.

I certainly recommend people not typing in their password in public. Which is one reason S/Key, OPIE or SSH keys are so useful. Sometimes the solution is less elegant. For example, I use Devicescape to log in to my WiFi hotspots.

I don't know if TrueCrypt supports some kind of key management (or even S/Key or OPIE itself), but I know LUKS does provide some basic key management which is very useful in (possible) hostile environments.
 
antikx's Avatar
Posts: 43 | Thanked: 12 times | Joined on Jun 2008 @ Winnpeg, MB, CAN
#83
thanks for making this great program available.

I have a question, if you have the time.

I've created a 50MB file on my external card and have successfully mounted it under /media/mqtcvolume

I can't seem to unmount it though.

when I type this:
# truecrypt -d

it thinks for a few seconds and then drops me back to the command line, but doesn't unmount the volume.

p.s. I'm using the latest (6.0a)
 
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#84
Couple questions so I can test this as well:

What OS are you running, Diablo or Chinook? What kind of filesystem are you mounting the volume as, vfat, ext2/3, etc?

I will try doing this on my N800 and let you know what happens.
__________________
http://www.securix.net
http://www.prog.fm
 
antikx's Avatar
Posts: 43 | Thanked: 12 times | Joined on Jun 2008 @ Winnpeg, MB, CAN
#85
thanks for the reply.
-Diablo
-I mounted the file (which is on a vfat formatted partition on my external microSD card) it by typing:
# truecrypt ./mqtcvolume /media/mqtcvolume
I'm not sure if that answers your question, but that's what I did.
Also, when I type:
# mount
...I don't see this mount point in the list, but perhaps I'm not supposed to.

Also, this mount seems to survive a shut down (without power adapter plugged in). Interesting...

Also amd for your FYI, I created the vo,ume by typing:
# truecrypt -t -c

thanks for your help.
__________________
-Antikx
n810 running Diablo

http://www.tyrannozaurus.com
 
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#86
Originally Posted by antikx View Post
# mount
...I don't see this mount point in the list, but perhaps I'm not supposed to.

Also, this mount seems to survive a shut down (without power adapter plugged in). Interesting...
Ok I just tested this on CHINOOK and it seems to work well. I created a 10MB container with TC60a using AES and RIPEMD-160. Then I mounted it on an empty directory. I copied some files into it. I unmounted with -d.

You ARE supposed to see mount point entries. Make sure you have FUSE installed and that you're seeing mount entries for FUSE and /dev/loop0. If you don't then either FUSE isn't there or the version you're using doesn't work with Diablo.

Here's the actual output (I added some blank lines for clarity):

Code:
Nokia-N800-50-2:/media/mmc2# /home/user/tc6 --filesystem=vfat test-tc6-vol secure

Warning: Your system uses an old version of the Linux kernel.

Due to a bug in the Linux kernel, your system may stop responding when writing data to a TrueCrypt volume. This problem can be solved by upgrading the kernel to version 2.6.24 or later.

Enter password for /media/mmc2/test-tc6-vol: 
Enter keyfile [none]: 
Protect hidden volume? (y=Yes/n=No) [No]: 

Nokia-N800-50-2:/media/mmc2# mount

<unimportant mount point entries deleted>

fuse on /var/tmp/.truecrypt_aux_mnt1 type fuse (rw,nosuid,nodev,user_id=0,group_id=0,allow_other)

/dev/loop0 on /media/mmc2/secure type vfat (rw,fmask=0077,dmask=0077,codepage=cp437,iocharset=iso8859-1)

Nokia-N800-50-2:/media/mmc2# cd secure
Nokia-N800-50-2:/media/mmc2/secure# ls
dsc00106.jpg  dsc00107.jpg

Nokia-N800-50-2:/media/mmc2/secure# cd ..
Nokia-N800-50-2:/media/mmc2# /home/user/tc6 -d
Nokia-N800-50-2:/media/mmc2# 

FUSE and /dev/loop0 mount points are gone.
__________________
http://www.securix.net
http://www.prog.fm
 
antikx's Avatar
Posts: 43 | Thanked: 12 times | Joined on Jun 2008 @ Winnpeg, MB, CAN
#87
Thanks for your help and for doing some testing.

hmmm... OK. I think I must have messed up somewhere and it never actually mounted it in the first place.
I verified that I have the fuse deb installed from your web page.

What commandline did you use to create the volume?
__________________
-Antikx
n810 running Diablo

http://www.tyrannozaurus.com
 
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#88
I made sure to use the same command line options as you did.

# tc6 -t -c

Are you getting any other errors that are maybe hiding within all the output text?

Did you install the newer libstdc++.so module (I dont know if this has been updated in Diablo but you should check to be sure). Instructions are also on my site.

If you are using SSH to connect to your device, you can paste me your output and email it to me and I can take a look.
__________________
http://www.securix.net
http://www.prog.fm
 
antikx's Avatar
Posts: 43 | Thanked: 12 times | Joined on Jun 2008 @ Winnpeg, MB, CAN
#89
yes, I used your libstdc++ as the diablo one was a couple vers older.

I'll try it again tnite and get back to you.
It's probably just some mistake I made.
__________________
-Antikx
n810 running Diablo

http://www.tyrannozaurus.com
 
Posts: 551 | Thanked: 46 times | Joined on Oct 2007
#90
switch to Diablo and just loaded Easycrypt with truecrypt 6. I get the following error when I try to mount a file. Can someone please walk me through this error. I setup the .tc file on mmc2 in mydocs folder as 5mb file(not clear if should be at least 50mb). I also setup a .tc file on mmc1 with 32mb but I get same error. I'm running Diablo, with dual boot on an N800 with 1gb swap partition. I really need this working because I'm travelling a lot abroad. Any ideas or help. TIA.
Attached Images
 

Last edited by dan; 2008-09-15 at 00:57.
 
Reply


 
Forum Jump


All times are GMT. The time now is 15:57.