Tuesday, July 19, 2016

Perhaps I'll Build Another Computer

Oops - the power went out and my old computer, the nine-year-old one that started this blog, didn't come back up again.  Power supply voltages looked good, but a new mobo didn't fix it, so I'll build a new computer and maybe fix the old one later.  It could serve as a server.

  • The old computer seemed fast enough, but the new one should be very modern and thus much faster.
  • Quiet.  I was very fussy about this when building the old one, and this one too.
  • Cool running - no worrying about CPU or anything else overheating.
  • Mobo capacity for at least two BD/DVD/CD drives and four hard drives.
  • Must fit under my desk drawer.
    Left side view
In other words, a sprightly, silent, cool computer.  I don't play games on it - no overclocking or overvoltage required, just reliability.

Nine years ago I chose the box, motherboard, memory, and everything else, assembling it all myself.   This time I took advantage of a company that builds "bare bones" computers from their stock, then ships the mostly-assembled box.  I visited three of these on the web: 
The OutletPC systems did not meet my needs.  Hoping for the quickest delivery, I configured a system from PortaTech, as follows:
  • Thermaltake Showcase mid-tower case.
  • Intel Core i7 6700 Processor 3.4 GHz, four cores, eight threads, 3400 GHz.
  • 16 GB memory, DDR4, 2133 MHz.
  • Asus H170 Pro motherboard, 6 SATA ports, one additional M.2 PCI Express (PCIe) disk port, lots more. I'm not yet sure if this means it will support 6 disks or 7.
  • Quiet Cooling Package.
  • 700W power supply.
  • 14x Blu-Ray writer (BD/DVD/CD).  The 16x was not available on the web site.
  • No disks.  I have plenty, from the old system.
  • No Graphics card (yet) - the CPU includes graphics.
The new bare bones box arrived promptly. At a modest extra cost, they built and shipped it by second-day express the day after they received the order.  Since my main machine was down, that was very cool.

My first surprise was the Thermaltake X31 Showcase case itself.  It is two inches larger in all of the three dimensions than the old Antec box holding my first computer.  Happily, I do have space for it.  It was slightly over-advertised on the PortaTech website, though (now fixed), and it came with only three of the six disk trays. The left-side rack has capacity for three disks, and oddly, there is space on the right side of the bulkhead for three more, but it is nevertheless supplied with only three trays.  

As the case arrived, more or less
Since the right side has no air circulation, and I had no more trays anyway, I asked the PortaTech people for a solution, and they responded by supplying another 3-disk rack, with trays, for the left side.  These racks are stackable (nice!) and there are now six hard disks mounted there, all of which can be connected to the mobo at the same time if the BD drives are not connected.

Both side panels of the X31 are removable, and in fact it is quite necessary to remove the right-side panel to do anything at all with hard disks.  It does come with mounting brackets for two 2.5-inch (laptop) disks, but I don't have plans for those just yet.  In my experience with many computers I have never had a 3.5-inch drive fail (though they ALL will eventually), but most of my laptop drives have failed, and we do not abuse our laptops. Maybe I could use these brackets for SSD drives someday? I suppose that's what they are for, but I have another idea for an SSD drive.

I should have done a little more research on the case before specifying it in the order, but it's very sturdy, well designed otherwise, and I'm warming up to it.  In particular, the buttons, lights, and USB ports are on the top in the very front, front, rather than the front panel, and if the case sticks out from user the disk by an inch I can see them easily.  Especially nice to see the disk activity light sometimes.

Next - Other additions to the hardware.

Saturday, March 5, 2016

VeraCrypt Review

It works!  I recently switched to VeraCrypt from TrueCrypt, because TrueCrypt is now unsupported and rumor has it that technology was making TrueCrypt less and less secure.  I do not use Partition/Device encryption or System encryption, only Volume Encryption, meaning that specially-created "container" files in the normal unencrypted Windows environment are mounted as encrypted volumes exactly as if they were separate, encrypted disk drives.  I keep my personal and business files there, and I do it this way because it is simple, because backup of those container files is trivially easy, and because there is zero risk of a complete failure.

If you want to know more about Partition/Device encryption or System encryption, the information in this post may not help you.

A year ago I wrote about TrueCrypt Forks. I didn't like VeraCrypt then because it took a very long time, a minute or more, to open a container after entering the correct password.  This was by design - the VeraCrypt developer, Idrassi, by default uses hundreds of thousands of iterations in the key derivation function, contending that it helps protect against brute-force attacks, where a computer is automatically trying billions of password guesses.  He is right - this method of attack is becoming faster and more effective as computer power increases and multiple processors can be brought to bear.  However, I open and close encrypted volumes frequently and the defaults pushed my patience too far.

Happily, the current version of VeraCrypt, Release 1.17, offers a compromise:  If the password is 20 characters or more, VeraCrypt allows the user to bypass the defaults and choose a lower number of iterations by specifying a Personal Iteration Multiplier (PIM).  The minimum multiplier of 1 will still result in an iteration count 8 to 16 times greater than that used in TrueCrypt, with a very short delay, whereas multipliers in the range of 10 to 100 will increase security but will cause somewhat greater delays.  Those delays might still be acceptable, depending on the speed of the processor. I experimented with several different PIM values.

The PIM is a secret value, chosen when the container file is created, and it must be entered correctly as a separate parameter when the password is entered to mount an encrypted volume.  Therefore, though the PIM may be used to reduce the iteration count and make a brute force attack easier, it also effectively increases the password strength, making the attack more difficult again.

I use passwords of 20 characters or more anyway, so the PIM is a perfect compromise.  During the process of creating new volumes I did have to wait through some long delays, but now that the volumes are created and in place, the delays are quite acceptable.  PIM works.

Also interesting, VeraCrypt can actively coexist with TrueCrypt on the same system, running at the same time.  I created new VeraCrypt containers and copied the encrypted contents of the old mounted TrueCrypt volumes directly into the mounted VeraCrypt volumes with no problems.  During that process, none of the encrypted files were ever decrypted on disk.  That's cool - no disk wiping required.  Actually, VeraCrypt can mount most TrueCrypt volumes (though not my oldest ones), so the applications might not have to coexist, but it was slick.

I rarely use the TrueCrypt or VeraCrypt console, instead using command-line scripts (cmd.exe processor) to automatically mount and dismount volumes, create backups of volumes, copy volumes to the cloud and to other computers, and more.  Every script that worked with TrueCrypt still works with VeraCrypt, after just changing the run path.  It just works, no errors, no problems.

For a thorough, functional test I uploaded a 3 GB encrypted container full of files to the cloud, using both iDrive and CloudBerry, then downloaded that same file back to the desktop.  Using Microsoft's comp program, the files compared exactly with the original in each case.  Also, in each case, the downloaded encrypted container opened without issue, the true proof that the file was not corrupted.

I use VeraCrypt on two computers, a desktop and a laptop,  The desktop runs a clean install of Windows 10 (it once ran Vista), and the laptop runs Windows 10 upgraded from Windows 7.  Both have plenty of RAM and disk, with dual processors in the 2 - 3 GHz range.

My congratulations to Mounir Idrassi, the force behind VeraCrypt.  I'll be making a PayPal donation to the cause.

By the way:  I also downloaded CipherShed, intending to compare it with VeraCrypt.  However, the CipherShed installer informed me that I would have to uninstall TrueCrypt first.  Since I want to keep TrueCrypt around, I did not install CipherShed.