17

The reason: I want to be able to use a portable USB drive to access my passwords on any machine and OS. TrueCrypt seems to be the only program that has sufficient support on all major platforms. So I thought I'd store my passwords in a hidden volume in a TrueCrypt container stored on the drive in a plain .txt-file, so I can be sure to access that on any machine.

My question is: Is that enough (reasonable) security for storing my passwords? Or should I use more layers of encryption? How easy would it be to access the passwords should I ever loose the drive?

(Aside from obvious attempts to keylog the "master" password on a machine, let's just assume all machines I'll be using the drive on are clean)

F.P
  • 868
  • 8
  • 14
  • 2
    Why a hidden volume? IMO those are unnecessarily fragile, and gain little. – CodesInChaos Sep 03 '12 at 07:10
  • Because I also will store my pulic key in the "visible" volume and my private key and the passwords in the "hidden" one. Why are they fragile? – F.P Sep 03 '12 at 07:30
  • Because if you mount only the outer one and modify its content, you'll corrupt the inner volume. So you need to always think of using the special inner volume preserving mount of the outer volume. – CodesInChaos Sep 03 '12 at 08:21
  • 2
    And your explanation for "why" isn't that useful. Why not just put the public key in a normal volume, and the private stuff in a normal true-crypt volume. Hidden volumes are about plausible deniability, which is pretty difficult to get right. – CodesInChaos Sep 03 '12 at 08:23
  • 2
    Remember you will be using Truecrypt on "any machine" so your password won't be secure at all the first time you decrypt them. Please only use trusted computers with your secret data! – Shadok Sep 03 '12 at 13:53
  • I will try to do so - but what other option is there, really? – F.P Sep 03 '12 at 14:24
  • @FlorianPeschka, you are right, there isn't much other option. The only other possibility I can think of would be to use a [Yubikey](http://www.linuxjournal.com/magazine/yubikey-one-time-password-authentication), a RSA SecurID, a smartcard to store client certificates, or another two-factor authentication option -- but I don't know if those will be compatible with all the web sites you use. – D.W. Sep 03 '12 at 18:50
  • @D.W. - The websites don't have to support them, only the password manager he then uses, which is much more secure then a plain text document. – Ramhound Sep 04 '12 at 10:52
  • I now tried a compromise; I use 1Password on my mac to manage the passwords and copy the keychain to the portable device. 1Password can be viewed as a HTML file which is encrypted using the master password of the keychain. This way, I have a simple double encrypting which should be safer than plain text. – F.P Sep 05 '12 at 07:45
  • @CodesInChaos It has been said that because of TrueCrypt's known ability to contain hidden volumes, it serves you better, if forced to reveal the pw, to always create the hidden volume even if you store nothing on it. (https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) It obviously all depends on who your suspected adversaries are and what they're willing to do, as well as the info you're *suspected* of having. Us regular joes thankfully can stick with normal volumes. – IT Bear Apr 08 '15 at 18:02

8 Answers8

19

That's as good as encryption is gonna get. TrueCrypt is a well-vetted, respected piece of software for disk encryption. There are no guarantees in life, but TrueCrypt is about as good as it gets today.

The primary remaining risk is not that someone is going to find a cryptanalytic weakness in TrueCrypt and break TrueCrypt's encryption algorithms. Rather, the main remaining risks are:

  • That you will choose a poor passphrase for TrueCrypt. Defense: Choose a long and strong passphrase for TrueCrypt.

  • That one of the machines you use has malware on it. If you type your TrueCrypt passphrase into any machine that is infected with malware, you no longer have any reason to expect you are safe. So, do you trust your machines are likely free of malware?

(More layers of encryption won't do anything against these risks.)

The short answer is: if you think your machines are clean of malware, this approach is likely to be safe enough.

P.S. If you lose the drive, and you don't have any backups, you're going to be out of luck. So, keep a backup of the file somewhere else: maybe a printout that you keep in a secure location, maybe another copy of the drive, also encrypted, or maybe something else entirely.

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • Okay, that seems reasonable. I will always have a copy in my local environment, both on my NAS-Backup and a printed copy. I'm assuming all machines are clean as I'll be using the drive mostly on my own computers and sometimes on my machine at work. Thanks for the analysis =) – F.P Sep 03 '12 at 07:27
  • My current passphrase is 55 characters, some numbers and some special characters long. Is that sufficient? – F.P Sep 03 '12 at 07:29
  • @FlorianPeschka, yup that length is much more than sufficient! (assuming you haven't done something stupid to make it predictable, like used 11111..1 or something) – D.W. Sep 03 '12 at 07:30
  • 4
    Or `correcthorsebatterystaplecorrecthorsebatterystaple1234` – Polynomial Sep 03 '12 at 07:33
  • Heh, okay. No, it's an actual Phrase wich I constructed to include numbers and characters while still being able to remember it easily. Unfortunately, neither corret, horse, battery or staple is part of it. Pity. – F.P Sep 03 '12 at 07:35
  • 1
    @FlorianPeschka Actually, telling us what is **not** in your passphrase decreases its entropy as well, not just revealing what is in it. Don't do that. :) – TC1 Sep 03 '12 at 08:19
  • 1
    Well maybe that's just a tricky scheme I use to confuse attackers ^^ – F.P Sep 03 '12 at 09:00
  • Alright, `TrueEquineVoltaicCellRivet` then! ;) – Polynomial Sep 03 '12 at 13:51
  • Since this file is heavily encrypted, there is no reason to store a printout (eugh, imagine having to type that back into the machine!) in a secure location. Instead, I would recommend spreading the file to as many (public) locations as possible. Dropbox, Google Drive, Github, Facebook, you name it. The upside is that these companies will never delete anything while still your file is completely worthless to them. – Chris Feb 09 '15 at 19:31
  • @Chris, that might not be a great idea. If someone can guess your master password, they are in. If your master password has 128 bits of entropy, that's not a concern... but in real life, most real people's master passwords have nowhere near that much entropy (you'd be lucky if it had 40 bits). So, there might be some value to limiting access to the encrypted file. P.S. "heavily encrypted" has no technical meaning. It's either encrypted, or not. And, if it is encrypted, but someone can guess your key (passphrase), the encryption becomes useless. – D.W. Feb 09 '15 at 22:33
  • @D.W. I used "heavily encrypted" to mean "encrypted with a secure algorithm and a secure password". Assuming that this is the case there is no reason to protect the file from external access. If this is not the case, the encryption is pretty useless anyway. – Chris Feb 10 '15 at 07:41
5

I had a similar problem, I needed a way to encrypt data on USB sticks in a portable way.

First I thought on buying one of these encrypted USB sticks. There are two types: some rely on a software app, while others have a physical padlock. I discarded software option because these were Windows-only, and because I can't be 100% sure the software is secure and cannot be hacked, or comes with a backdoor, or even "phones home". I also discarded the padlock ones, since some users reported data loss and needed to format the drive from time to time. Also I can`t rely on the padlock not being broken with use.

So I'm currently using TrueCrypt to have encrypted container-file-based volumes on regular USB sticks. But this is not a fully portable solution, since TrueCrypt needs admin permissions (thus if you go to an Internet cafe, or try to use a public terminal it won't work). On the other hand, these volumes can be configured to mount automatically (which is a good thing but only in case the computer is secured), and it works on both Windows and Linux, so I'm using it to move data from home to work. Also TrueCrypt is Open Source, so you can inspect the code and make sure it does just what it says.

To encrypt account passwords, I'd recommend using a more standard file format (like zip) that also supports encryption. A good example of this is 7-zip that supports AES-256 and is also Open Source. The pros: you can carry a portable 7-zip version in the USB along with the encrypted files, and you could run it in any computer without caring about permissions (so it is a fully portable approach). The cons: every time you need to add or modify a file in the zip container, you need to decrypt the container file, modify it and encrypt everything again. As you can see, unless you remember to file-shred the temporary unencrypted zip, it could be recovered by anyone. So yes, it is a good approach but for read-only files, provided you know what you are doing.

In the future, I'd probably code my own dropbox-like solution, with both desktop and mobile versions.

Mister Smith
  • 423
  • 4
  • 9
  • 3
    "since TrueCrypt needs admin permissions (thus if you go to an Internet cafe, or try to use a public terminal it won't work)" That's a good thing! You don't really want to go to all of this work and then decrypt that volume on a public terminal. – Bradley Kreider Sep 03 '12 at 22:20
1

I'm not a cryptographer but I've heard TrueCrypt is very secure.

For even more security, presumably you could install it on a secure drive such as those made by Verbatim or Kingston.

Or for less security, consider a very convenient service like LastPass.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
JCP
  • 19
  • 2
1

Another way an attacker could recover your Truecrypt password (needs physical access to your computer, and the volume having been mounted recently): recover the password from the RAM after it's been powered off. RAM can retain information for minutes or even more in the right physical conditions.

See e.g. Cold boot attacks on encryption keys

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Benoit
  • 493
  • 1
  • 5
  • 10
1

I wouldn't recommend it. Not that it's not safe, it's that you're reinventing the wheel unnecessarily. Look into a password manager such as (my favorite) LastPass, KeePass or Roboform.

Fairlight
  • 705
  • 3
  • 5
  • 2
    KeePass is not very practical working cross-platform. The Mac OS adaption is really really bad. LastPass and RoboForm have the same problem which everyone seems to forget: I'm not comfortable having all this sensitive data stored on some server. I realize that those companies are doing everything they can to secure the files, but I just don't like having the mere possibility of a security breach on their side. I'm not reinventing the wheel, because I don't even want to use wheels. I want to use chains. – F.P Sep 25 '12 at 06:56
1

Use a TrueCrypt file container (Win, Linux, Mac) or use an encrypted disk image (Mac) with a strong password. Inside store one text file for each login. Eg My Bank.txt, Amazon.com.txt, Facebook.txt.

The advantage is that in the event of a crash while you are viewing a login there is only that file open to be dumped to disk, not a single text file with the lot.

Chris
  • 11
  • 1
0

just for reference, there is a brute-forcer already http://securityvision.ch/project_tcbrute.php, nothing is 100% secure. off-course it wont just pop-up your password, but the existence of such a tool opens up space to cloud-services for deploying huge computing power in these types of attack. check this too: https://www.wpacracker.com/index.html
truecrypt is a great disk encryption tool, am a long time fan, totally encourage using it, If your hardware is fast enough you could enhance the security by selecting a combination of several ciphers such as Serpent-AES, if not the standard AES is a good choice for you. For the hash algorithm I recommend SHA-512.

Tawfik Khalifeh
  • 2,532
  • 6
  • 22
  • 27
0

One thing to consider is how the information might leak.

If search indexing sees the file, your passwords might get stored in the search index. Or maybe the text editor you use will store temporary versions of any file it opens. Or maybe your virus scanner will scan any file you open and maybe store some information about it. Or maybe your OS likes to store some information about recently opened files. Or maybe some activity monitoring software will take a screenshot while your passwords are displayed. Or as Chris mentioned, crashes might dump data to disk.

If you hibernate or use hybrid sleep, very likely your passwords will get put unencrypted into the hibernation file.

Buge
  • 169
  • 5