Silk Road forums
Discussion => Security => Topic started by: m00tp00 on December 30, 2011, 06:07 pm
-
For this tutorial, I will be demonstrating how you can use truecrypt to completely encrypt a Windows OS partition. To start of you are going to need the following.
- virtualbox https://www.virtualbox.org/wiki/Downloads
- A windows .iso file. I am using XP home sp3
After downloading and installing virtualbox. Click new, and then follow the setup boxes.
-set ram to be around 3/4 of the green area.
-When asked click the VDI radio button
-I suggest to use 25GB of dynamically allocated space.
After you have created the new VM run it.
The first run wizard will appear. You can either Mount the .iso you downloaded or burn it to a disk(what i do). Select the correct option to boot the Windows setup in the first run wizard drop box.
Follow the windows setup installer. Press 'c' to create the new partition (xp) and the enter to install to it. Quick format always. Wait for windows to be installed and boot up into environment.
After windows is fully installed go ahead and install and download truecrypt http://www.truecrypt.org/downloads .
When you run the download. Select it to install.
In virtualbox. Select devices > shared folders.
Click on the + button to add a new shared folder. I usually just shared my User/Desktop folder. You will need to inorder to burn the Rescue Disk when encrypting you OS.
Run truecrypt and System > Encrypt Partition
Go through the walkthrough.
-Type of System Encryption - Select Normal
-Area to Encrypt - Select Encrypt the whole drive
-Encryption of Host Protected Area - Up to you, I chose yes.
-Number of Operating Systems - Select Single-boot
-Encryption Options - Encryption Algorithm (AES-Twofish-Serpent) , Hash Algorithm(RIPEMD-160)
-Click Yes when it asks "Are you sure you want to use a cascade of ciphers?" <- It appears after pressing next in the Encryption Options Page. Then ok at the next message box.
-Input a strong password - Use a sentence. 20 characters.
-Next screen be sure to read. Move your mouse to randomly generate pool content.
-Click next at the generated keys
-Rescue Disk - I made it save on my desktop.
* Now after you see the .iso on your desktop, right-click > copy it into the shared folder you recently created. You can map the drive by right-clicking my computer, Map network drive. And Select the vboxsrv. Paste it onto your host machine desktop. Then burn it onto a disk using iso burner. If you have win7 as host, you can just use the built in image burner. After you disk is successfully burnt, goto your virtual machine and goto Devices -> CD/DVD - and select the 'host drive' which is your disk drive.
-Next screen will verify that the rescue disk is good.
-Now it will do a pretest, it will reboot your computer. (if the reboot hangs at the "Windows is now shutting down", simply Goto Machine - Reset).
-After rebooting, you will be in the TrueCrypt boot-loader, type in your password that you created previously to boot into your OS. After you are all logged into windows, you will get the Pretest Completed Window. Press the encrypt button.
- After a good long time of waiting you will now have a encrypted OS.
What next?
Customize ?
Download and install tor
Questions? Comments? let me know what you think. Remember the best encryption is yourself. CHEERS!
LONG LIFE SR.
-
Very nice tutorial. Thank you. Unfortunately for me, I have an old Athlon 64 (single core) laptop so no virtual machines for me. I may try Truecrypt on my existing XP SP3 partition. I wonder if this will work after I install linux on two other partitions on the same HD. I assume GRUB2 will be the bootloader.
Do you think Truecrypt (on the Win XP partition) will work in this multi-boot scenario?
-
Great resource for Windows users! I'm sure it will be much appreciated!
-
truecrypt should be able to install to any OS. they have downloads for linux, mac, and windows. I just recommend using a virtual box. but you can use the same method to encrypt your host OS (the main).
1. Boot with linux distro.
2. install.
3. head to truecrypt.org to download truecrypt for linux. use drop down to specify x86(32 bit) or x64.
Now just follow the tut above and you will have your main os encryted.
-
Very nice tutorial. Thank you. Unfortunately for me, I have an old Athlon 64 (single core) laptop so no virtual machines for me. I may try Truecrypt on my existing XP SP3 partition. I wonder if this will work after I install linux on two other partitions on the same HD. I assume GRUB2 will be the bootloader.
Do you think Truecrypt (on the Win XP partition) will work in this multi-boot scenario?
Doesn't work. Truecrypt installs its own bootloader so that it can decrypt the encrypted disk.
-
Very nice tutorial. Thank you. Unfortunately for me, I have an old Athlon 64 (single core) laptop so no virtual machines for me. I may try Truecrypt on my existing XP SP3 partition. I wonder if this will work after I install linux on two other partitions on the same HD. I assume GRUB2 will be the bootloader.
Do you think Truecrypt (on the Win XP partition) will work in this multi-boot scenario?
Doesn't work. Truecrypt installs its own bootloader so that it can decrypt the encrypted disk.
In principle it should be possible. If there's a way to install the Truecrypt bootloader somewhere other than the MBR, GRUB2 could chainload it. Or, if the TC bootloader supports chainloading, you could install GRUB2 outside the MBR instead, and then do a full-disk encryption and chainload GRUB2 from the truecrypt bootloader instead.
-
if your looking to dual boot with a true crypt encrypted partition and a non encrypted OS. I would highly advise not doing this, since forensic data could be gathered off of the unencrypted volume and evidence could help build a case against you.
also to add to the whole getting better with forensics i would recommend reading http://www.iiiweb.net/forensic-services/ . the whole website for that matter! Has tons of information that is really, really well wrote. Even though they have good writing and information there security sucks toad buttholes :P... need to practice what they preach....
Any who, the best protection with truecrypt is anti forensics....
-
Thanks to all for the replies.
-
if you care about your fingers never do such things, besides in such country as UK for example, not telling a password for encrypted info on your computer is a punishable crime in itself.
best system I've come across is Liberte Linux, it works fine on most computers from pen drive, all data already encrypted and system ready for TOR, not such shit as security Updates, and hardened Linux. only downside of that system (which maybe be problem for some one) is that GPG have to be done from command line. best to use it from USB adapter for flash cards. small card easy to hide and destroy if necessary.
-
if you care about your fingers never do such things, besides in such country as UK for example, not telling a password for encrypted info on your computer is a punishable crime in itself.
best system I've come across is Liberte Linux, it works fine on most computers from pen drive, all data already encrypted and system ready for TOR, not such shit as security Updates, and hardened Linux. only downside of that system (which maybe be problem for some one) is that GPG have to be done from command line. best to use it from USB adapter for flash cards. small card easy to hide and destroy if necessary.
Good input...but if you care about your fingers never do such things, besides in such country as UK for example, not telling a password for encrypted info on your computer is a punishable crime in itself.
best system I've come across is Liberte Linux, it works fine on most computers from pen drive, all data already encrypted and system ready for TOR, not such shit as security Updates, and hardened Linux. only downside of that system (which maybe be problem for some one) is that GPG have to be done from command line. best to use it from USB adapter for flash cards. small card easy to hide and destroy if necessary.
Thanks for you input, however. Truecrypt is able to setup a 'ghost' system. So if you have to give up a password, it boots to a separate OS.