Search the Site

My Social
Powered by Squarespace

Entries in TrueCrypt (7)


Backup Failure

Creating backups. Something everyone with a computer should do. Not only to preserve the items of (sentimental) value, but also to minimise the time and effort to recreate what went to the eternal data fields.
But even if you create backups, things can go wrong.

Many believe that storing the data on an external device is a backup. Well, it is, but only if you have the original data on another device. Backup means that you store the same thing (at least) in two places. If one of the devices (your computer with internal hard drive, or the external backup device) should fail, you have still one copy of the data, which you can restore or backup (depending which device went up in smoke).

Click to read more ...


TrueCrypt Bug, or Hardware Failure

For the last couple of years I've been using an offsite backup method. And today the drive I use for that failed on me. My backup program reported that it could write (or read) data to the drive.

Investigation showed that several directories in the TrueCrypt volume were gone!!!!! Thankfully, the data on my Drobo and server were still pristine condition.

Disk Utility and several other tools reported problems with the drive (or at least the TrueCrypt part/volume). So I erased the drive, and re-initialized it. No reports of trouble while I did that. After that I recreated the TrueCrypt volume and restarted the backup to the drive (which takes forever).

All I can do now is wait for the backup to finish, and pray that the house doesn't catch on fire.....

After that a new case for SpinRite.


PGP and Snow Leopard

PGP-BrokenIt seems that the current versions of Pretty Good Privacy (PGP) are NOT compatible with Snow Leopard. Incompatibilty issues are are something that mostly occurs on mayor OS upgrades. The upgrades that overhauls the entire OS. But Snow Leopard is merely a fancy service/feature pack. So I have no idea why this would cripple PGP.

The blogposting is of August 27th. 1 (ONE) day before the release of Snow Leopard. And according to the post they are still in some sort of beta stage in the Snow Leopard compatibility development. This raises the following question(s);

  • Why aren't they further in the development?
  • Have they missed the news that Snow Leopard was on its way (announced somewhere last year)?
  • Don't they have access to the developer tools (and associated beta's of the OS)?
  • Were they asleep the last couple of months?

Instead of patching the 'old' v9.x of PGP they will release a new (commercial) version 10 which will be compatible with Snow Leopard. This shows the 'real' commitment of supporting the current customers. I'll try to make a list of applications which were incompatible with the release of Snow Leopard, but are pathed for FREE. Just to show that real service still exists.

I'll be keeping my eyes in the mean time on the MacGPG pages (the free implementation of the opensource part of PGP).
No more PGP for me. I'll be heading towards S/MIME and Truecrypt for the time being.


Apple Favors Own Products, or FileVaults Screws Up

Apple FileVault Apple FileVaultSomething everyone would do I guess (the favoring part at least :) ). But Apple is doing this in a very peculiar way. When you run OSX with a ton of third-party applications you won't notice things, since everything runs as it should. But when you're going to use FileVault, things change. A lot....

FileVault is the way Apple secures your data. When turned on the OS creates a sparse iage of your userdata. So everything stored within your user directory is encrypted using AES-128.

The use of FileVault screws up certain system files. One of those is (or several for that matter) is used to store the default applications. Like FireFox for Internet instead of Safari. Every time you reboot your system the default application settings are read.
This weekend I also found out that at least one handy program also disagrees with FileVault. Little Snitch won't properly save it's registration info when you're using FileVault.

You know what the worst thing is? This BUG is present since Panther (OSX 10.3). I wonder if this is going to be fixed in Snow Leopard. To be honest, I doubt it. If they can't figure it out in 4 years, they probably never will.

As a security savvy nerd I want to use FileVault on my MacBook, but the problems with FileVault made me decide to uninstall this feature. Too bad that there are no other real alternatives. Truecrypt (or PGP) is nice, but it can't encrypt your hard disk (from which you boot) or even your user directory. Check Point seems to have software, but there's no way of buying it easily. So it seems that's it's mainly reserved for corporate environments.

UPDATE: w00t... They solved this annoying 'feature' Apple OS X 10.6 a.k.a. Snow Leopard. Way to go Apple. Although it being several OS releases/years too late!!!!


SafeSign and OSX

Updated on Thursday, April 22, 2010 at 22:07 by Registered CommenterWillem

After my blog post on OSX and Aladdin eToken I received a phonecall from Haaino @ AET Europe. He offered the SafeSign software for OSX so I could try their OSX software as well.

The SafeSign software is used with smartcards and smartcard readers like the OmniKey smartcard readers. Through my line of work, no lack of smartcards and/or readers. Only the software was missing (up till now).

Click to read more ...


OSX and Aladdin eToken

Due to the nature of my work, and my fondness of Apple products I wasn't able to get my Aladdin eTokens working with OSX. After several months of not trying to crack this I decided to try it again.
The trigger for me was stumbling on the possibility of adding so-called keyfiles to the eToken for accessing TrueCrypt volumes.

First challenge was the eToken PKI software for OSX... Thankfully I'm a Certified eToken guru, so I've got access to their download area (you will have to get your own software). The current version of the eToken software for OSX is v4.55. I installed the Aladdin software on OSX 10.5.5.

Click to read more ...


Full Disk Encryption for the Mac

Checkpoint acquired a company called PointSec a while ago. This company made full hard disk encryption software for Windows. Now, Checkpoint has released a hard disk encryption version for the Mac. I guess they are taking OSX seriously.

Disk encryption is available today for the Mac (TrueCrypt, PGP), but these aren't able to encrypt the boot partition. Only partitions are by the use of containers. This type of software was available to Windows only primarily.

Now that the 'trick' has been done, I guess more will follow.

I do wonder if it's still possible to use SuperDuper for cloning a bootdisk....