TrueCrypt Is Cool

My business requires me to safeguard the security of certain files. For years I have used Encrypted Magic Folders (EMF) from PC-Magic to encrypt those files, and to hide them from the view of an interloper. I loved it, because files were always encrypted on disk and yet were fully accessible to applications. However, when I upgraded to Vista 64, the new EMF crashed my system so completely that it was unbootable even in safe mode. I tried it twice, recovered twice with some difficulty, and gave up on EMF.

In the meantime I had heard about TrueCrypt, an open-source disk encryption package for Windows and Linux. It's free! I must admit that after I downloaded it, I needed some time to get my mind around it.

Here are the basics:

• Using the TrueCrypt application you create a large "container" file on your system, larger than you will need to hold your encrypted files. It can be on any read/write disk, even a memory stick, and is initially filled with random data.
• The container file can be copied, moved, deleted, or renamed just like any other file. It's not fragile. It can have any name and any file extension. You can have more than one.
• With the TrueCrypt application, you mount that container file as a disk volume with its own drive letter. You choose the letter.
• The TrueCrypt application runs in the background and manages TrueCrypt volumes.
• Within the TrueCrypt volume you create folders, or copy them in, and create or copy in any files that ought to be encrypted. A TrueCrypt volume behaves exactly like any other disk, even though it's really just a file on your hard drive or mem stick. Every file within it is totally encrypted, including file names and even its file system.
• Unused space in the TrueCrypt container file is filled with random data which cannot be distinguished from actual encrypted files.
• When you open an encrypted file in an application, such as a wordprocessor or graphic editor, the file is decrypted on the fly so that the application sees it decrypted.
• The file is never decrypted on disk, however, unless the application keeps temporary backup copies, and of course you should tell your applications to keep those in an encrypted volume too.
• Backup of encrypted data is easy: Just dismount the encrypted volume and copy its container file, still encrypted, to the backup medium.
• If the backup medium is another disk, mem stick, DVD, or CD-ROM, you can actually mount that backup container file whenever you want without ever copying it back to the original hard disk.

That's the simple view of TrueCrypt. There is lots more. For example:

• Anyone examining your system or your disk can tell that you use TrueCrypt, and can probably even identify the container files.
• However, you can host a TrueCrypt volume within another truecrypt volume in a manner that makes the internal volume both hidden and undectable even if the outer volume is mounted and visible. Really cool. The TrueCrypt people call this "plausible deniability," and consider it quite important.
• Example: An adversary points a gun at you and demands to see your encrypted files. You can give them the password to the outer encrypted volume without ever revealing that an inner, hidden volume even exists. It's invisible. I don't actually see the need for a hidden volume in my business, but evidently some folks do.
• You can host a truecrypt volume on a public computer, or another person's computer, without installing any software on that computer, so your encrypted files are portable.
• You can tell TrueCrypt to mount certain TrueCrypt volumes automatically at bootup, though you will be required to enter a password to complete the mounting process.
• TrueCrypt allows you to use any of eight different encryption algorithms and three different hash algorithms, making decryption by an adversary even more difficult.

I love it, and in fact am using it for my encrypted files on my new computer. It works very well indeed, even on Vista 64. It is certainly no more trouble than EMF was, and backup is much simpler. It is far better than Windows Encrypted File System (EFS) because: (1) EFS files are always available when you log on, whereas TrueCrypt files require you to enter another password; and (2) EFS files cannot easily be backed up in their encrypted form. TrueCrypt is also much simpler than Windows BitLocker encryption, which requires you to partition your drive and poses some risk of losing the entire drive if something goes wrong.

Everything is Here

The Intel E6750 Boxed CPU and three Western Digital 320-Gb SATA hard drives arrived today, and now all of the parts are here. I set everything except the case out on the picnic table for a photo. Out of several photos, my sweetie liked this one with fall color in the background :-)

Then I downloaded an Intel video that demonstrates how to install the processor and "thermal solution" (fan + heat sink) on the Intel DP35DP motherboard. After playing the video once, I played it again and did the installation while watching the video. What makes it tricky is that dozens upon dozens of tiny pins on the motherboard socket must match up with a similar number of contact lands on the CPU wafer, without bending any of the pins.

And the CPU is just a wafer at this point, not fragile exactly but the motherboard pins are. You are supposed to set the square wafer straight down on the pins without sliding it at all, but I must admit that when I set it down it wasn't perfectly aligned and it did slide slightly. I hope those pins handled it - I didn't look.

After inserting the wafer you close a little door and then a little spring handle to press the door and wafer down tightly against the socket pins. Then you put the heatsink on top of it all and fasten it down with its own little plastic clips, plug the heatsink fan into the appropriate connector, tie off any spare wire, and job done. I hope. I'll feel a little better when I power it up and get a BIOS screen.

By comparison, the 4 Gb of G.Skill RAM seemed quite easy to install. Just push it carefully into the socket.

On another note: My first experience with computers was in 1962, 45 years ago, when disk drives were barely on the horizon. We used a magnetic tape operating system, and wrote programs on punched cards or paper tape. Later, about 28 years ago, I bought my first computer while working at 3M, with 64 Kb of RAM (yes RAM, not core), and a 5-Mb disk drive which was too heavy for one person to manage alone. These palm-sized disks each have 64,000 (sixty-four thousand) times as much disk capacity, and the CPU will enjoy 62,500 times as much RAM. Oh, and the RAM is about 800 times faster, while the CPU is easly 2500 times faster and there are two in the chip. Isn't technology stunning?

Gateway Performance 600

I'm struggling with the original precept of this blog: building a new computer, because my Gateway Performance 600 is working so well now. It's almost eight years old, but it runs a Pentium III processor at 600 MHz and has been upgraded significantly:

1. Added another hard disk to increase total disk capacity from 20 Gb to about 100 Gb.
2. Replaced the original CD RW drive (failed) with a new and better Sony drive.
3. Upgraded from Windows 98 to Windows XP Professional, now SP2 and fully current.
4. Maxed out the memory to 768 Mbytes, comparable to brand-new low-end computers.

It's not a bad computer, and I'm wavering on the decision to replace it. Money ($1000+) and time are the reasons NOT to replace it. Here are some reasons why I might:

• Quieter. The Performance 600, though not loud, is the loudest thing in the room.
• Faster. I wonder how much. The processors will be ten or twenty times as fast and the disk(s) at least twice as fast. I'm sure the difference will be noticeable!
• Upgradable. In theory at least, the memory will be upgradable to 8 Gb.
• Bigger disk. At least three times as much, upgradable to much more.
• Windows Vista or Vista compatible. The Gateway 600 is not even slightly compatible with Vista, needing more speed, disk, a DVD drive, and more.
• More reliable? Only the CD RW drive in the 600 has ever failed, but I've been lucky because hard disks certainly do fail too. I'm thinking about paired disks in the new computer for improved data security, and a better backup system than the zipped CD ROMs I use now.
• Experience. Mine. I will enjoy the experience and learn a LOT! I've been involved in computers almost all of my adult life (45+ years) and it's time to add some current technology to that knowledge.

I'm almost convinced, but then again the 600 is really working pretty well. I have plenty of time to think about it.

RAID

RAID is a computer acronym meaning "Redundant Array of Independent Disks." Wikipedia. In this case we're talking about "mirrored" disks, one of the simplest RAID configurations, where two identical disks contain identical data so that one can continue operating if the other fails. Since they contain the same data the second disk doesn't add any disk capacity, but it does add reliability. Pros:

• The hard disk is MUCH less apt to crash. Only people who have experienced a crash can fully appreciate this.
• Perhaps I can get away with less backup, e.g. only back up the most sensitive data.
• Or, I can buy a THIRD drive and hot-swap it, so the swapped-out drive is the backup.
• I'd enjoy the experience of setting it up and using it.

Cons:

• It's more expensive: I need two drives, not one, and the motherboard (which manages the drives) costs a little more.
• The drives will make twice as much noise. Hmmm.
• It doesn't solve ALL backup problems: If I accidentally permanently delete a file, it will be gone on BOTH drives; if lightning hits the computer it could easily take out both drives.

I'm leaning toward RAID, as you may have guessed. But haven't decided yet for sure. Seems like overkill for a simple office computer. But then again there's the experience of it ...

Here are some other features of the computer that's starting to come together:

• Sonata III 500 case, with 500 W power supply. This is the outer box for the whole thing, and this box is quiet with plenty of power available.
• Intel E6750 dual-core processor, 2.66 GHz, 1333 front-side bus, with Intel motherboard to match. This is two very fast processors in one. By the time I get going on this, the E6850 may come down in price, even faster.
• 2 Gb of 2-channel DDR2 memory, 800 MHz. Expandable to 8 Gb they say, but the chips for that don't exist yet; 4 Gb is the max.
• Seagate 320 Gb SATA-300 drive(s). Big enough for me.
• Sony AWG170S-B2 18x DVD read/write.

But everything is still in pencil. Absolutely everything. Meantime, though, I did a little pricing of the materials lists for WITH RAID and withOUT RAID. Here are very preliminary materials lists:

• With RAID.
• Without RAID.

I'm totally new at this, a complete novice. If there is anyone out there reading this blog with an idea or a word of caution, I'd love to hear from you.

I think I'll Build My Own Computer

I do need a new computer in the office; mine is a slow eight-year-old Gateway 600 MHz, with upgraded memory, disk, and operating system. It's time for a new one that can grow with the times. Here are some specifications:

• Quieter than my old Gateway tower, which itself really isn't too bad but is the noisiest thing in the room when the TV is off.
• Speedy (modern) but not "extreme". The idea is to have a computer that will last a while and be upgradable for a while. We're talking dual processor for sure, but maybe not quad.
• It doesn't have to be small - it sits on the floor next to the desk.
• At least 2 Gb RAM, 800 MHz or more.
• At least 250 Gb hard disk, 3 Gb/sec.
• Windows XP Professional (preferred), Windows Vista Business otherwise.
• Vista Business compatible for sure. I don't even know what that means yet.
• CD/DVD read and write dual layer.
• Floppy (yes, I really do want a floppy, even if I never use it).
• PS/2 mouse and keyboard ports (I like my existing keyboard & mouse).
• Vanilla audio and graphics. This machine means business, not games or entertainment.
• Modem. Occasionally we need dialup when DSL fails.
• Serial port.
• Lifetime warranty. By me.

There are plenty of companies offering to build computers to specification, so why would a person build a more-or-less-ordinary computer himself?

• Price: Probably not a good reason. I've done some internet pricing of parts already, and I doubt there will be much of a cost saving.
• Quality: Might be a reason. For example, I'm thinking of the Antec Sonata III case, because it is supposed to be very quiet. It's a little expensive, but certainly worth the difference if it really is quieter.
• Experience: I've been putting together computers for over 30 years now, but not modern ones. The experience will be invaluable.
• Serviceability: If I build it, I can fix it!
• Entertainment: It's fun to learn and do.
• Bragging rights.

More later. I hope.