truecrypt – Grey Panthers Savannah https://grey-panther.net Just another WordPress site Sat, 25 Aug 2007 07:34:00 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 206299117 Which password? https://grey-panther.net/2007/08/which-password.html https://grey-panther.net/2007/08/which-password.html#respond Sat, 25 Aug 2007 07:34:00 +0000 https://grey-panther.net/?p=809 A little note about mounting Truecrypt volumes:

When you issue a command like this:

sudo truecrypt [truecrypt volume] [where to mount it]

You will be greated with the following prompts:

Password: [your password to elevate privileges]
Enter password for '[truecrypt-volume]': [the password to the truecrypt volume]

Now in hindsight it’s clear which password goes where, but I got quite a scare when I thought that I forgot the password to my Truecrypt volume 🙂

PS. Some people still claim that the the hardware support from Linux is weak. I can only say to this: I’ve installed on a laptop Windows XP and Ubuntu 7.04. For Windows I’ve had to download drivers on a different computer and install the separately (thank God it knew at least about the USB hub, so that I didn’t had to burn CD’s) while with Ubuntu it recognized everything, including screen at native resolution, network card, special media buttons on the keyboard, etc. Also, when I plugged a cable mode in Ubuntu through USB it recognized it without asking anything!

]]>
https://grey-panther.net/2007/08/which-password.html/feed 0 809
Installing and using Truecrypt on Ubuntu https://grey-panther.net/2007/04/installing-and-using-truecrypt-on-ubuntu.html https://grey-panther.net/2007/04/installing-and-using-truecrypt-on-ubuntu.html#comments Mon, 23 Apr 2007 05:20:00 +0000 https://grey-panther.net/?p=853 Update: while truecrypt still doesn’t offer native packages (ie. .deb / .rpm) for Linux distributions, their shellscript installer works just fine. So the simplified version of the installation procedure is:

  1. Download the correct package from Truecrypt (either 32 or 64 bit – you can find out which you need by typing uname -a – if it says i686 you need 32, if it says x86_64 you need 32 bit)
  2. In the directory where you downloaded: tar xvf truecrypt-7.0a-linux-x86.tar.gz
  3. sudo ./truecrypt-7.0a-setup-x86
  4. Click “Install Truecrypt”
  5. Launch it from Application -> Accessories or by typing truecrypt
  6. If you later want to uninstall truecrypt: sudo /usr/bin/truecrypt-uninstall.sh/code>

While I was upgrading my storage subsystem (I bought two new hard-drives :)) I thought that this might be a good time to go full encrypted for privacy reasons. The solution I selected was Truecrypt since it seemed the only one to offer cross platform support. However the Linux part of it is not complete and you may have to employ a few tricks which I describe below:

Truecrypt does not have packages (yet) for Ubuntu 7.04 (Feisty Fawn), so you have to go with the source distribution. My installation experience was pretty flawless, but others had problem with it, so you might need to google around a bit. What you need:

  • The build-essentials package (sudo apt-get install build-essential)
  • The source files which correspond to your kernel version. You can find out which kernel version you have by typing uname -r at the console. For example I have 2.6.20-15-generic, and the corresponding source package for it is linux-source-2.6.20 (observe that the patch version is not important)
  • The latest Linux kernel is compiled with gcc4, however if you have an older version, you should check the gcc version it was compiled with, since you need to use the same version when compiling Truecrypt. You can do this by typing cat /proc/version at the console. For example the output on my system was Linux version 2.6.20-15-generic (root@palmer) (gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)) #2 SMP Sun Apr 15 07:36:31 UTC 2007. The important part of this is the gcc version ... part. If it says something like 3.4 there, you should install the respective version of gcc (sudo apt-get install gcc-3.4 - the subversion is not important) and make sure that the building process uses the respective version by typing at the console which you will be using to launch the building process the following: export CC=gcc-3.4

Now for the building process (taken from howtogeek and the ubuntu forums):

  1. Download the source code (by going to the download page and selecting Other (source code))
  2. Extract the archive using either the GUI (with Archive Manager) or by typing at the command line tar xvfz truecrypt-4.3-source-code.tar.gz (if you downloaded a different version of truecrypt, you should replace the archive name with the name of the archive you downloaded)
  3. Do the following on the terminal (the same terminal you done the export... step if it was needed - otherwise it doesn't matter):

    cd /usr/src/
    sudo tar xvfj linux-source-2.6.20.tar.bz2 
    sudo make -d -C linux-source-2.6.20 modules_prepare
    


    Warning! The last step can take a considerable amount of time (up to an hour), so be prepared with some fun games

  4. Now you are ready to install truecrypt:

    cd truecrypt-4.3-source-code/Linux/
    sudo ./build.sh
    sudo ./install.sh
    

After installing you can create and mount Truecrypt volumes (including ones created under Windows). Here are some gotcha's to watch out for:

When creating a Truecrypt volume (under Linux), you have to specify FAT for the filesystem. This is needed because Truecrypt does not have an option (as far as I know) to mount the volume as a block device and refuses to mount it if it can't recognize the file system. If you wish to use a more sane file-system (like ext3, reiserfs or ntfs even), do the following:

  1. Create the volume with a FAT filesystem
  2. Mount the volume
  3. Now unmount the filesystem part using umount (not truecrypt -d). For example on my system I would do sudo umount /media/large. To find out the exact parameter you need to pass to umount, do a sudo mount and look for a line which begins with /dev/mapper/truecrypt and use that part after on (for example on my system it say: /dev/mapper/truecrypt0 on /media/large type fuseblk (rw,nosuid,nodev,noatime,allow_other,default_permissions,blksize=4096) and thus I need to use /media/large). If you have multiple such lines, do a truecrypt -l to find out which you need to use.
  4. Use the mkfs to create the filesystem you wish. For example to create an NTFS filesystem, I would do sudo mkfs -V -t ntfs /dev/mapper/truecrypt0
  5. Now re-mount it.

If you wish to mount an NTFS formatted volume in read/write mode, you need to have the ntfs-3g driver installed, and when mounting specify it by saying --filesystem ntfs-3g because the autodetect mode will result in the usage of the read-only ntfs driver. Also the user mount option doesn't seem to work for me, so instead you can use the --mount-options gid=100,uid=1000,umask=000 parameter to make it accessible to all the user. You can find out the number you need to type for gid (GroupID) and uid (UserID) by doing a cat /etc/group|grep user and cat /etc/passwd|grep [your user name] respectively.

Finally be aware that truecrypt gives you the option to specify sensitive data (keyfiles, passwords) at the command line. While this is convenient, doing so will give huge clues to any decent attacker, because the command line is stored in the ~/.bash_history file, effectively giving away your passwords. Now you can clear you history file by doing a history -c, however the strings are still on your hard-drive in the slack space. The best thing is not never specify these things at the command line and let truecrypt prompt you for them.

Update: if you don't want to move around your mouse when creating a new volume (to generate random numbers), just put --random-source /dev/urandom on the command line. While this reduces the theoretical strength of your encryption, in practical terms it doesn't affect you.

Update: as a reader pointed out in the comments, there is a simpler way to use a file system different from FAT: after creating the volume, the first time you mount it, don't specify the directory where it should be mounted. This will mount it as a block-device, but will not attempt to use any file-system on it. Then issue the truecrypt -l command to see where it got mounted and use mkfs family of commands to create a filesystem of your desire.

]]>
https://grey-panther.net/2007/04/installing-and-using-truecrypt-on-ubuntu.html/feed 14 853