Tweet

Always a fan of (fairly) easy to use encryption software, I have been using TrueCrypt for the last week or so. On top of that, I’ve been running Password Safe.

TrueCrypt is a piece of software (runs on Windows and Linux) that takes a volume, partition, storage device, or even a single file and turns it into an encrypted filesystem. In my case, I started out by taking my 128MB USB flashdrive and creating an encrypted TrueCrypt volume on it, mounted it, and copied over a lot of personal files that I had on my laptop, for example, Microsoft Money‘s data files. I also have some files pertaining to other organizations that I do work for on there, which I also consider “private”. Those seemed like good candidates, so I moved those over to the encrypted volume also. When I was done, I unmounted the volume in TrueCrypt, “safely removed” (to use Windows terminology) the USB flashdrive, then pulled it out of the laptop.

I waited a few seconds, then plugged it back in. Windows XP promptly detected it, informed me that the drive wasn’t formatted and asked if I wanted to format it. I said “No”, of course, fired TrueCrypt back up, browsed to the device (flashdrive), clicked “Mount”, entered my passphrase, and watched the encrypted volume show up in Windows Explorer once again. Cool!

Since I don’t always have the flashdrive with me, and thinking that I could use the same technique for “confidential” files from work that I save on my laptop, I next created an encrypted volume out of a single file. There’s a single file somewhere on my hard drive (I know where, but I’m not saying) that appears as a regular ol’ file. It’s not, however. If you try to open it, you’ll get gibberish. If you mount that file as an encrypted volume within TrueCrypt, however, you’ll see a “new” “drive” appear in Windows Explorer that contains all my “confidential” files. This is just fuckin’ cool, you gotta check it out.

Since I’m an administrator of servers and network devices and a “security professional”, one might guess that I have an assload of usernames and passwords for various systems. And one would be right. I have an assload of “work” passwords in addition to all my personal passwords (laptop, my various servers, websites, online banking, eBay, Amazon, Google Adsense, etc., etc.), and I need a good way to keep ‘em secure. Usually I resort to the “try to remember ‘em all” method, which usually works out, except for the ones that I only occasionally use.

At work, we make sure of a program called Oubliette to keep track of passwords. We keep the data file on a network share in a directory that’s restricted by ACLs and NTFS permissions to the very small group of us that should actually be accessing that file. It works quite well for us, but since that project has been suspended/closed (see web site), I went looking for something else. I found Password Safe, originally written by Bruce Schneier.

Password Safe, in a word, fuckin’ rocks. It’s lightweight, simple, does what it needs to, and does it well (hey, isn’t that the Unix philosophy?). Password Safe, like Oubliette, stores your passwords and notes in an encrypted filesystem (I forget… 256-bit AES). I now have a number of my passwords stored in a Password Safe data file, which is residing on a TrueCrypt encrypted volume. The encrypted volume is protected by a passphrase, the data file by another (different) passphrase.

I’m fairly confident that the only way anyone will ever get to my data will be by brute force — brute forcing the passphrase out of me by kicking my ass, that is.

Seriously, both of these products rock, and they’re free. Check ‘em out.

Related Posts:

None found, sorry.