TrueCrypt System partition or entire system drive?

Viewing 7 reply threads
  • Author
    Posts
    • #7924
      Thegmandrive
      Participant

      I had a question regarding TrueCrypt encryption.

      How Secure is Encrypting Just the system partition Vs Whole Disk in the given scenario.

      Hard Disk has 1partition for recovery (dell) 1 partition for Windows 7. if I were to only encrypt the System Partition how secure would that be?

      My only thought is worse case scenario someone boots into recovery and wipes the whole drive, (which they could do anyway with a linux Distro and no bios pass). Is there anything i’m missing? Would true crypt store any file on the recovery partition that a forensics expert could use to hack the drive?

    • #50130
      MaXe
      Participant

      If the recovery drive is used for recovery, so all your data, settings, passwords, etc., are stored there unencrypted, it would not be an ideal setup if you only encrypt the system partition as it would be the same as shooting yourself in the foot.
      The attacker would simply read the unencrypted partition. Anyway, no encryption vs. some or FDE (Full Disk Encryption) is definitely better and will protect you against some people.
      If the other partition was not a recovery partition, it wouldn’t matter if it was encrypted or not.
      The most effective way, is the way where you can’t recover your data without a strong password, even if you use a linux distribution to read the disks while they are encrypted and the bios password(s) may have been reset.
      It’s pretty much a question of, how paranoid you are  ;D (Because you can also have partitions, within partitions when you use TrueCrypt, and boot up from each one, depending on which boot password you type in.)

    • #50131
      S3curityM0nkey
      Participant

      I would be concerned that if you encrypted the Dell recovery partition that it would no longer work… most of the recovery partitions are just press F12 at boot and select Recover or drop the CD in the drive and off it goes.

    • #50132
      Thegmandrive
      Participant

      @MaXe wrote:

      If the recovery drive is used for recovery, so all your data, settings, passwords, etc., are stored there unencrypted, it would not be an ideal setup if you only encrypt the system partition as it would be the same as shooting yourself in the foot.

      I apologize I was not as clear as I should have been. The recovery drive is an Operating system recovery partition back to factory settings, it is not a backup disk. It does not contain any User Data that is on the windows partiton.

      My thought is if someone were to “recover” it would reformat the drive back to factory setting. Which would loose all the data and make recovery impossible due to the deletion of the header key(unless of course you had a backup of the header key).  

      My concern is, would true crypt store any information on this partition?

    • #50133
      Thegmandrive
      Participant

      @SecurityMonkey wrote:

      I would be concerned that if you encrypted the Dell recovery partition that it would no longer work… most of the recovery partitions are just press F12 at boot and select Recover or drop the CD in the drive and off it goes.

      That was why I actually only encrypted the system partiton and not the recovery partition. The other concern was depending on if the bios supports it or not, if the recovery partition was encrypted, it would fail to boot.

    • #50134
      S3curityM0nkey
      Participant

      As far as I know (and I could be wrong!) the recovery partition is protected and the user can’t (most of the time) write files to it. When you use it to recover it will just blow your system partition away and it will be like a new one.

      So if that is the case then there is no value in encrypting that partition as it holds no user info, just OS, drivers and the bloatware that Dell provide.

      Again I could be wrong…

    • #50135
      MaXe
      Participant

      Ah well in that case, you shouldn’t encrypt the recovery partition, because as many others said, it would most likely not work, and if it doesn’t contain any user data, no need to protect it further with encryption.

      There is of course the scenario of an attacker using it, to recover the OS and thereby wiping the system partition.

      TrueCrypt should however, not store any information on this partition at all, as I have been using partition-based encryption for years. The only thing that was proved insecure, at least for some time, were TrueCrypt containers (encrypted files that could be mapped as drives).

      I usually delete the recovery partition though, and lock the bios too as much as possible, even though most bios passwords can be reset on the motherboard.

      You should however note, that if you use partition based encryption, TrueCrypt will also overwrite the bootloader for e.g. Windows or Linux, depending on what you use. (And if you at a later point in time, overwrite TrueCrypt bootloader, which decrypts the Windows bootloader, it won’t be fun  ;D )

    • #50136
      hell_razor
      Participant

      Why not take an image of the recovery partition and then encrypt the whole drive?  In the grand scheme of things, I don’t think it will matter much whether you encrypt the whole drive or just the system drive. Most recovery partitions are marked hidden, and if someone has hooks into your machine such that they can manipulate your hidden partition, you are sunk anyway.

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?