I use IFL to back up a partition of a Truecrypt-encrypted drive - after mounting such partition in TC for Linux. But since that produces an image of the partition in unencrypted form, I also use the built-in encryption that IFL uses in creating the image.
I know a lot about how Truecrypt works, but nothing about the encryption IFL uses. Is any information available about how it works? In particular, how is the password authenticated when you restore the image? Is a copy of the password saved anywhere in the image file?
Encryption used by IFL
-
TeraByte Support
- Posts: 3629
- Joined: Thu May 05, 2011 10:37 pm
Re: Encryption used by IFL
it's AES256. Password is SHA1 based on RFC2898. Check is word value
outside key used of generated key.
"Peabody" wrote in message news:4963@public.image...
I use IFL to back up a partition of a Truecrypt-encrypted drive - after
mounting such partition in TC for Linux. But since that produces an image
of the partition in unencrypted form, I also use the built-in encryption
that IFL uses in creating the image.
I know a lot about how Truecrypt works, but nothing about the encryption IFL
uses. Is any information available about how it works? In particular, how
is the password authenticated when you restore the image? Is a copy of the
password saved anywhere in the image file?
outside key used of generated key.
"Peabody" wrote in message news:4963@public.image...
I use IFL to back up a partition of a Truecrypt-encrypted drive - after
mounting such partition in TC for Linux. But since that produces an image
of the partition in unencrypted form, I also use the built-in encryption
that IFL uses in creating the image.
I know a lot about how Truecrypt works, but nothing about the encryption IFL
uses. Is any information available about how it works? In particular, how
is the password authenticated when you restore the image? Is a copy of the
password saved anywhere in the image file?
Re: Encryption used by IFL
When I was backing up a whole disk, which was made with Truecrypt system encryption, on which I had the Windows XP OS, I found that the backup image was not encrypted if I had made it with IFW while running the operating system, but it was encrypted (by Truecrypt) if I used IFL in the CD recovery environment without loading the OS.
This makes me wonder why you do not also use this method in IFL, which already has a built-in Truecrypt feature. IOW, boot the IFL CD, load Truecrypt, mount your partition if need be, and back up the image. Then you would not have to be concerned with two levels of encryption.
This makes me wonder why you do not also use this method in IFL, which already has a built-in Truecrypt feature. IOW, boot the IFL CD, load Truecrypt, mount your partition if need be, and back up the image. Then you would not have to be concerned with two levels of encryption.
Re: Encryption used by IFL
Beginning with v2.77, you can boot to the IFL CD, mount the partition in Truecrypt, then make a normal image (used sectors only) of the mounted partition using IFL. But since the partition is mounted in TC, IFL sees it in unencrypted form, which is how it does a normal used-sectors-only image. Otherwise it would have to back up every sector of the partition, which is no good.
So unless you do something, the image will be small, but unencrypted. The solution is to tell IFL to encrypt the image as it creates it using its own built-in encryption system. But how secure that is depends on how good the IFL encryption is. I was just trying to get an idea of whether it was something TB takes seriously. I didn't really understand Terabyte Support's reply, but I guess I'll just hope it all works right. As a practical matter, I'm not really worried about the NSA trying to access my images, just your typical bad guy.
So unless you do something, the image will be small, but unencrypted. The solution is to tell IFL to encrypt the image as it creates it using its own built-in encryption system. But how secure that is depends on how good the IFL encryption is. I was just trying to get an idea of whether it was something TB takes seriously. I didn't really understand Terabyte Support's reply, but I guess I'll just hope it all works right. As a practical matter, I'm not really worried about the NSA trying to access my images, just your typical bad guy.
Re: Encryption used by IFL
Okay, well I must have misunderstood what you were looking for. The encryption method used by IFL in your scenario is just like it would be in Windows. I thought you must have used TC to mount a disk in order to get access to a partition, not that you were using it to mount the partition's file system. My bad!
If I am not mistaken, TC always uses a technique that obfuscates the whole partition, and that means it will appear random to every program that looks at it, including IFL. That is the magic of TC. The only other way, so far as I know, around having to back up a huge partition with little on it would be to create it in a smaller one and grow it as needed. You could do this in a VM if you like, or there are tools in Linux for it. In any case, you probably already know about them if you use it a lot.
On the other hand, another approach would be to encrypt the disk itself and put the data on it afterwards. IOW, encrypt the backup drive with TC ahead of time, mount it when you want to use it for backing up, back up to it, unmount it. When you unmount it from TC, it should become encrypted again. Would that not work for you?
If I am not mistaken, TC always uses a technique that obfuscates the whole partition, and that means it will appear random to every program that looks at it, including IFL. That is the magic of TC. The only other way, so far as I know, around having to back up a huge partition with little on it would be to create it in a smaller one and grow it as needed. You could do this in a VM if you like, or there are tools in Linux for it. In any case, you probably already know about them if you use it a lot.
On the other hand, another approach would be to encrypt the disk itself and put the data on it afterwards. IOW, encrypt the backup drive with TC ahead of time, mount it when you want to use it for backing up, back up to it, unmount it. When you unmount it from TC, it should become encrypted again. Would that not work for you?
Re: Encryption used by IFL
userX wrote:
> On the other hand, another approach would be to encrypt the disk itself and
> put the data on it afterwards. IOW, encrypt the backup drive with TC ahead
> of time, mount it when you want to use it for backing up, back up to it,
> unmount it. When you unmount it from TC, it should become encrypted again.
> Would that not work for you?
It might. I haven't tried that. It would mean that the TC for Linux running from the IFL CD would have both the source partition and the destination drive mounted at the same time. I guess in theory that should work. But one complication is that the backup drive I'm using is a Western Digital My Passport, and I've seen a number of reports that when you try to whole-drive encrypt that drive, it bricks it. Not sure why.
> On the other hand, another approach would be to encrypt the disk itself and
> put the data on it afterwards. IOW, encrypt the backup drive with TC ahead
> of time, mount it when you want to use it for backing up, back up to it,
> unmount it. When you unmount it from TC, it should become encrypted again.
> Would that not work for you?
It might. I haven't tried that. It would mean that the TC for Linux running from the IFL CD would have both the source partition and the destination drive mounted at the same time. I guess in theory that should work. But one complication is that the backup drive I'm using is a Western Digital My Passport, and I've seen a number of reports that when you try to whole-drive encrypt that drive, it bricks it. Not sure why.
Re: Encryption used by IFL
" It would mean that the TC for Linux running from the IFL CD would have both the source partition and the destination drive mounted at the same time. I guess in theory that should work."
Not just in theory. It works. I've done it. You can mount multiple drives at one time with TC. The only question is whether you can encrypt that drive. I know that TC can create not only a whole disk encrypted drive, and a single partition encrypted drive (i.e., a partial disk), as well as an encrypted file folder on a partition. So, if you don't want to add another partition to it or encrypt the whole thing, you most certainly can encrypt a folder on it and put your backup in there. If you want TC encryption, it is quite doable.
Not just in theory. It works. I've done it. You can mount multiple drives at one time with TC. The only question is whether you can encrypt that drive. I know that TC can create not only a whole disk encrypted drive, and a single partition encrypted drive (i.e., a partial disk), as well as an encrypted file folder on a partition. So, if you don't want to add another partition to it or encrypt the whole thing, you most certainly can encrypt a folder on it and put your backup in there. If you want TC encryption, it is quite doable.