Difference between revisions of "Disk Encryption/TrueCrypt"
Line 37: | Line 37: | ||
'''Trainer's notes: '''Make sure to explain the difference between the software and the volume file - you need one to access the other with. Emphasise that when dismounted, the file can easily be deleted. | '''Trainer's notes: '''Make sure to explain the difference between the software and the volume file - you need one to access the other with. Emphasise that when dismounted, the file can easily be deleted. | ||
− | '''Editorial note: '''In May of 2014 the TrueCrypt website announced the project was ceasing development following the | + | '''Editorial note: '''In May of 2014 the [http://truecrypt.sourceforge.net/ TrueCrypt website] announced the project was ceasing development following the discovery of a serious security vulnerability in the code. Users were recommended to find an alternative solution. However since that time, an [https://opencryptoaudit.org/ independent, open source project] to audit the software has been undertaken and the [https://wiki.ciphershed.org/Audit subsequent review] of this audit concludes: |
"The remaining issues are less severe, but still important enough to at least do the "short term fix" in Phase 1. They are issues like integer overflows and errors in the kernel driver checking file permissions and names. They are real security holes, but assuming there is only one user on the machine and no malware to exploit the holes (big IF), then they should not cause problems. | "The remaining issues are less severe, but still important enough to at least do the "short term fix" in Phase 1. They are issues like integer overflows and errors in the kernel driver checking file permissions and names. They are real security holes, but assuming there is only one user on the machine and no malware to exploit the holes (big IF), then they should not cause problems. | ||
After reading this audit, we would recommend that TrueCrypt 7.1a remains safe for use" | After reading this audit, we would recommend that TrueCrypt 7.1a remains safe for use" |
Latest revision as of 20:59, 18 July 2014
TrueCrypt
- Subsections
Add or edit subsection:
Minimum time | 60 |
Maximum time | 90 |
Position |
4/2 |
Type | Lesson |
Section of | Disk Encryption |
Lang | En |
- Last modified: 18 July 2014 20:59:07
- русская версия
Installation
TrueCrypt: Install on computer. Re-launch the package file and Extract the files to a USB stick to create a 'traveller disk'. Explain the difference between using an installed and portable version. Open the software folder and upload the necessary localisation.
Trainer's notes: Localisations depend on the Windows ability to handle the language locale. Both installations requires admin privileges on Windows.
Creating a volume
Follow the hands-on guides to create an encrypted volume. Explain the options for selecting the location to store the volume file. Explain obfuscation possibilities for the file extension (Truecrypt only). Mount and dismount the volume.
Trainer's notes: For ease of session, a 100 MB volume size is recommended. Don't get stuck on explaining algorithms and the random number generator. For Truecrypt, draw up a list of common large file extensions, e.g. .mp3, .mpeg, .avi, .iso and so on. Encourage people to use KeePass to create a strong password.
Exercises
- Ask the participants to create a document and to save it inside the encrypted volume.
- Create a backup of the dismounted volume (file) on the USB memory disk.
- Change computers and ask participants to open the newly created document.
- Rename the Volume file. Change its extension.
- Create a new volume (any size)
- Rename the volume file
- Organise a competition where participants swap USB memory sticks and try to guess which file is the one containing the Truecrypt volume.
Trainer's notes: Make sure to explain the difference between the software and the volume file - you need one to access the other with. Emphasise that when dismounted, the file can easily be deleted.
Editorial note: In May of 2014 the TrueCrypt website announced the project was ceasing development following the discovery of a serious security vulnerability in the code. Users were recommended to find an alternative solution. However since that time, an independent, open source project to audit the software has been undertaken and the subsequent review of this audit concludes:
"The remaining issues are less severe, but still important enough to at least do the "short term fix" in Phase 1. They are issues like integer overflows and errors in the kernel driver checking file permissions and names. They are real security holes, but assuming there is only one user on the machine and no malware to exploit the holes (big IF), then they should not cause problems.
After reading this audit, we would recommend that TrueCrypt 7.1a remains safe for use"