You are here

TrueCrypt + Drive Partition = PortableApps Securtity

7 posts / 0 new
Last post
RegLinUsr
Offline
Last seen: 7 years 7 months ago
Joined: 2010-07-01 11:17
TrueCrypt + Drive Partition = PortableApps Securtity

The topic; "Please Add Password Protection to PortableApps", seems to crop up time and
time again. IMO, this is a truly unnecessary feature request since there is a FOSS program
that is specific to this type of functionality and does it very well.

TrueCrypt [http://www.truecrypt.org/] can be used in portability mode and; as such, is well
suited for just such a task.

I use it in conjunction with a partitioned portable hard drive. I use a 160GB USB portable
hard drive for my PortableApps home; of which, I've created a 5GB* unencrypted partition for
the TrueCrypt program to reside on. Fire up TrueCrypt, encrypt the other partition of the
drive and install your PortableApps Suite and programs to that area. As this is what I access
for my regular software usage, this drive is set to a specific drive letter and I then create the
standard menu shortcuts on my computers to access the programs directly without having to
launch the PortableApps menu. So, a shortcut to the TrueCrypt program to decrypt the drive for
program access and then direct access to all my portable applications via my standard Windows
program menu system. Of course, you can forgo the Windows menu system shortcuts and simply
utilize the PortableApps program menu system. I also keep copies of my documents and such in
the encrypted area so I have them as needed if I have to go mobile. Drive gets lost/stolen, no
worries... TrueCrypt is the only thing they can "see" on the hard drive. I keep 2 backup copies
of this drive; one offsite and one onsite... highly recommend keeping at least one backup just
in case. Aside from lost/stolen, the hard drive may simply die... they do that sometimes.

Note: You are forewarned... do not forget your password!

* The reason I created a 5GB partition was so that I could use that part of the drive as a quick
access area for things I needed quickly without the need to unencrypt for access. I help others
with computers a lot and I may only need to update a drive or program for them thus the necessity
of opening the drive to drop a driver or program onto it and then go to help them only to have to
do it once again is tedious and unnecessary. Of course, the unencrypted area can be any size you
choose, I simply chose that size due to my own needs and preference.

ADMIN: Possible to STICKY this post?

depp.jones
Offline
Last seen: 2 days 2 hours ago
DeveloperTranslator
Joined: 2010-06-05 17:19
Good description how to use

Good description how to use truecrypt. The only issue relevant to portability is that you need admin rights to access the encrypted partition. There is no way around that. That would leave you with a locked drive - or 155GB of background noise - in many cases. That has been stated many times, too, so truecrypt is no universal solution.
I use a comparable setup for years now with the only difference that I only put sensible data in a small container (4GB) and leave the other part accessible. I use two sets of portable apps, one outside the container with most apps as they mostly don't need to be protected and inside just thunderbird, filezilla and a copy of firefox with privacy addon.
I use a 4GB container because of FAT32 restriction and there is simply no other filesystem that offeres a comparable portability.
But that is just a specific setup for my typical usage and may not fit others needs.

RegLinUsr
Offline
Last seen: 7 years 7 months ago
Joined: 2010-07-01 11:17
Good call... I totally forgot

Good call... I totally forgot about that issue. I do like your suggestion of the unencrypted
setup for programs that don't necessarily require protection.

ottosykora
Offline
Last seen: 15 hours 8 min ago
Joined: 2007-10-11 17:48
admin issues

are why it is not so much advertised and recommended here. In fact there is number of such software solutions, one can get the otfe which has similar function (has other snags however) and use the otfe-explorer with it to at least extract the files needed when on a restricted user only PC. There used to be similar function for TC, but it was 3rd party and seems not to be developed any more.
All those software solutions have a common problem, they need drivers to be installed and so there is no way to make them portable since according to windows design, installation of drivers can be done only in admin mode.

The way over the ...explorer to copy out of the container few files needed is ok, but then just simple 7zip or other packer with encryption can be used. This is not very comfortable way and so all the software solutions, free or proprietary, are just for home use if slightly comfortable(what for then?) or complicated in handling and less secure if portable.

So yes, data in a TC container file are protected in case you loose the stick, but are not accessible at work, at school, at public computers in cybercafe etc.

This is why you will read in many threads here the simple answer: there is no software solution for any serious password protection, period.

Otto Sykora
Basel, Switzerland

depp.jones
Offline
Last seen: 2 days 2 hours ago
DeveloperTranslator
Joined: 2010-06-05 17:19
As it is no general solution

As it is no general solution for all, it may be a good solution for specific cases. At our school, truecrypt is part of our protection of privacy policies as we have to use sensible (student-)data in daily work. So I need something like truecrypt to ensure it is secured if any pendrive got lost. For that, truecrypt is installed on every school computer and the driver problem is solved that way.
I know, I cannot access the container on locked computers elsewhere, but I usually don't need to. It would breach our policy anyway as I could not ensure that sensible data would be left behind.
That setup heavily depends on me installing and updating truecrypt on every computer but brings portable password protection for every teacher (if they manage to operate truecrypt someday Wink ).

ottosykora
Offline
Last seen: 15 hours 8 min ago
Joined: 2007-10-11 17:48
yse sure

this is the other approach. we had this at my previous job same way, simply went and installed to all company computers, so even most of them were restricted user only, TC did work that way, also there sensitive data were on, supposed to be used on company computers only anyway.
We have to simply realize what was the TC originally designed for: to produce an encrypted container or partition on your PC. That is is possible on a flash, well it is , but was not the original concept.

Otto Sykora
Basel, Switzerland

consul
consul's picture
Offline
Last seen: 5 months 3 weeks ago
Joined: 2007-05-02 13:47
bitlocker

my department uses bitlocker for the same reasons.

Don't be an uberPr∅. They are stinky.

Log in or register to post comments