Jump to content


Photo

Truecrypt containers over network shares


  • Please log in to reply
5 replies to this topic

#1 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 10 October 2014 - 12:56 PM

I've long been wondering how best to feel secure in my data, and at the same time, have the super convenience of a NAS system.

And I finally figured it!

Truecrypt containers at a size almost 1:1 with the disk it's on.

 

Obviously I don't want to encrypt my media; if someone comes in and steals my DVD backups, well, damn, but OK.

But if they were to do the same thing with my photos or documents, I'd be pretty upset.

 

My main PC has an SSD boot drive, which I don't backup, and it's data drive is a 640GB drive (320GB platters FTW... back in the day).

If I use one of my servers spare 1TB drives, and make a 640GB TrueCrypt container, I suddenly have one hell of a secure backup location.

I can mount the container at windows boot, over the share, and it'll be as if it's another local drive to run backups on. Its just one extra password; once.

 

Meanwhile I have the other 300GB or so as a 'scratch disk' for data I haven't archived yet, or am actively working on.

Or better yet, for housemates to be able to more easily pass files.

 

The reason I was concerned about this is because I want to run a VM on my server, and open that to the world. (web server, or RDP terminal, or... something) but was worried that if it was compromised people would 'get everything'.

Also, sharing my server with other people in the units was a concern.

 

I know this is a bit of a ramble, but I hadn't properly taken the time to consider how easy it is to use file containers like this. I also like the fact that I can copy the container to another drive, check the MD5, and be happy 'everything backed up fine'.

 

 

With the only con being running truecrypt on every machine, and entering an extra password; I cant see the downside....


Edited by Master_Scythe, 10 October 2014 - 12:58 PM.

Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#2 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 10 October 2014 - 05:48 PM

why not break your data down into manageable size chunks and then use something WinRAR to archive the lot then protect them by password. The when you need something just extract it with Winrar. Then backup each Rar file on a R/W DVD or Bluray.


Life is like a Straw , ...... it sucks.

 

 


#3 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 19 October 2014 - 05:48 PM

because thats less secure and less universal than a truecrypt container.

 

What advantage would you suggest in using winrar or other archiving software over an encrypted archive?


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#4 smakme7757

smakme7757

    Champion

  • Atomican
  • 4,205 posts
  • Location:Europe

Posted 23 October 2014 - 04:37 AM

The latest version of WinRAR or 7Zip is pretty good. 256bit AES encryption. Works on Linux and Windows. Not sure about Mac.

 

TrueCrypt containers over a network is a good idea in theory, but they will be slow and data corruption is a big risk. The Truecrypt website is now gone, but here was something i was able to find: http://superuser.com...crypt-container

 

I use WinRAR for specific files and folders.

 

My NAS is a machine running Server 2012 R2. Previously i used Bitlocker to encrypt all the drives incase someone steals the physical hardware, but later reversed it due to a concern that my wife would never be able to get the information out again if something ever happened to me. So I just encrypt the really sensitive stuff with WinRAR and leave the rest unencrypted.



#5 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 23 October 2014 - 08:25 AM

Oh they stopped developing! That's sad news.

Ok in that case;l same question, but CipherShed instead :P

 

Why would you say data corruption is a big risk? Once a container is mounted it can be CHKDSK'd like anything else, as far as the OS is concerned, its just another HDD.

Also, the speed for truecrypt to en\decrypt stuff is many times faster than a gigabit ethernet connection can send data; so 'slow' I dont think so :)


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#6 smakme7757

smakme7757

    Champion

  • Atomican
  • 4,205 posts
  • Location:Europe

Posted 23 October 2014 - 05:45 PM

If you loose network connectivity while writing to the volume it might get damaged. It wasn't designed for that purpose so any network blip could destroy the volume. Remember that it's a single file on a disk; If it gets damaged you loose the lot.

Its also going to be a pita to move the data if you ever need to. seeing as you will have to move one massive chunk to a disk of identical size.

I'm not even sure if the data is encrypted over the network? My presumption is that the bits are decrypted when they hit the local PC, but I'm not sure.

Too many variables for my liking. That's why I never did it. But if you're comfortable then just do it and see how it works out.


Edited by smakme7757, 23 October 2014 - 05:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users