Truecrypt Forks

January 25, 2015:

As everyone knows, the anonymous creators of Truecrypt have declared it unsupported and hinted that it might be defective. While no one believes that Truecrypt has a security hole (see Gibson for example), and an initial audit did not find one, everyone wants to find a supported substitute.

I use Truecrypt encrypted container files to encrypt sensitive data on my Windows systems.  A container is a file which can be mounted as if it were a separate unencrypted volume.   Truecrypt can also encrypt entire disk volumes, though I do not use that mode, because of the complication and because containers are so easily backed up with full encryption to multiple destinations including the Cloud, Blu-Ray discs, hard discs, and thumb drives.

Requirements:

• To reduce the likelihood of a hole or a back door, the software must be open source.  This rules out all commercial encryption software.
• It must support some kind of portable encrypted containers.
• It should have a credible support team.

BitLocker is not a candidate because it is not open source and does not conveniently produce encrypted containers.

In my search for a Truecrypt substitute, here is what I found today. Things are moving fast, so this may not hold true for long:

https://ciphershed.org/	US, UK, Germany, Asia	Available as pre-alpha release
https://truecrypt.ch/	Switzerland	Downloads Truecrypt 7.1a
https://veracrypt.codeplex.com/	France	Rev 1.0f-1 downloaded and working

CipherShed is currently in a pre-alpha release only, apparently using some Truecrypt code and some new code. They caution against using it in production. Purportedly it will eventually all be new code, and with a team to support it. Currently I'll stick with Truecrypt 7.1a until (1) a problem is discovered in it, or (2) CipherShed or some other supported program is available.

Truecrypt.ch (also called TCnext) seems to be two Swiss guys who want to fork Truecrypt but, for now, are simply offering Truecrypt 7.1a, the final good release, on a download site. I suspect they are watching CipherShed and may eventually support that.

Veracrypt is the only fork currently available as an official release, and is a modest modification of the original Truecrypt open-source code. Apparently it is mostly written and supported by one Frenchman, Idrassi, and long-term support may be dependent on him, though there is a lively discussion board.

I have installed it, to discover that opening a container takes a long time, but he defends that as necessary to defeat a brute force attack.  In that respect, he believes that Veracrypt is quite superior to Truecrypt.  That judgment is above my pay grade.  Otherwise it walks and talks just like Truecrypt.  I have not tried any command-line arguments yet - I use those a lot in Truecrypt.

The delay on opening is dependent on a particular iteration count, and there is discussion about allowing the user to trade off password length versus iteration count, so that a longer password could result in a shorter opening time.

Veracrypt containers are not compatible with Truecrypt containers, but Veracrypt does have a Truecrypt mode.  I tried that and it did successfully open a Truecrypt container. I didn't try modifying the files in that container.

I recommend tuning in to those sites from time to time, to keep abreast of their progress.  I may or may not blog about it again.

IDrive Backup Review

It works and I like it.  IDrive is a backup and file-sync facility with lots of good features, supporting a wide array of computer operating systems and mobile devices.  The features that I particularly like are:

• The command-line options that allow me to incorporate this cloud backup facility into the rest of our normal, every-night archive system; and
• The sophisticated incremental backup features which back up only the files which have been modified since the last backup, and then back up only the modified sectors of large modified files.

Example: I have one 2 GB encrypted file which gets modified every day, but only a little.  At DSL upload speeds it took hours to upload that file the first time, but IDrive can upload the daily modifications in just a few minutes.   A download "restore" of last night's uploaded file confirms that it compares perfectly with the current file, bit for bit, all 2 GB.  I used the Windows comp program for that comparison (several times for several downloads), but also if the file was at all corrupt I would not be able to decrypt it, and it decrypts just fine.

Desktop Application:

IDrive has both a GUI desktop application and a brower-based application, with similar but not identical functionalities.  It took me a little while to get used to the two and determine which to use for what purpose.  There are similar applications for many different computer operating systems and mobile devices.  I was able to install and use the GUI desktop app on Windows XP Pro, Vista Ultimate, Windows 7, and Windows 8.1, with no obvious differences in functionality.

Speed:

Although upload appears to go as fast as my DSL link allows, about 900 kbps or about 3 hours per GB, download through the GUI desktop application appears to be throttled to about 5 Mbps, roughly 2 GB per hour.  My DSL is about three times that fast, almost 16 Mbps, so it should go faster, as do most other downloads.  The browser-based application actually downloads a little faster than the GUI desktop application, maybe 25% faster when restoring my 2 GB encrypted file, finishing the download in 45 minutes instead of 57, though this is still well below half of the maximum speed of the DSL connection.

IDrive isn't very expensive, $37.12 per year for 300 GB, but I am still using the free version because we don't yet need the extra space or features of the professional versions.  Perhaps download speed is throttled for freeloaders like myself - I don't know, and I wouldn't blame them.  It's not an issue in our application, though, because file recovery will be seldom if at all, mostly just for testing, and at 2 GB per hour it won't require more than two or three hours to download everything we have up there in any case.

Technical Support:

Excellent so far - I've had two interactions with them, one via chat and another through a submitted bug report.  They know that I have a free account, I'm sure, but seem interested in solving my problems anyway.  There is also a forum, in which IDrive participates quite actively.  I submitted one problem there and was soon advised to submit the problem as a regular bug report.

Hints:

Command-line options are implemented through a program called idevsutil.exe, found in the IDrive programs folders (C:\Program Files (x86)\IDriveWindows\... in Windows).  However the one that is supplied by the IDrive installer didn't actually work - I had to go to the Getting Started page and download the idevsutil.exe that actually does work.

Cloud backup provides the ultimate off-site backup, to protect against a disaster such as fire, flood, theft, even death of a principal person.  However, it's no good if the files are inaccessible due to a lost usrname or password.  Be sure to have those somewhere else safe, perhaps in a safe deposit box.

LG Blu-Ray Disc Rewriter Model WH16NS40 Review

This is an internal drive which can write and read virtually all forms of CD, DVD, and Blu-Ray (BD) discs, including four-layer 128GB BDs.  It works perfectly so far.

Test System: 

LG Blu-Ray Write/Read Drive
Model WH16NS40

Seven-year-old mini-tower computer, home-built from an Intel DP35DP motherboard hosting an E6750 CPU with dual 2.66 GHz processors, 8 GB memory at 800 MHz, system bus 1066 MHz, running Windows Vista Ultimate. Hard disks are SATA 2TB Seagate hybrid disks.

The system is used as a computer, not as a video player. This review is about data backup. It should apply to copying video files as well, but you might want a newer, faster CPU to actually play or manipulate the video files.  The owners' manual lists the E6750 CPU at 2.66 GHz as the minimum system.

The originally-installed Samsung SH-203B DVD Drive is still in place and functioning well after seven years.  It can read and write DVD+R DL (dual layer) discs, though I only use it with standard and archival single-layer DVD's.  Each month, sometimes more often, I create a backup copy of our own important files (not system files or application executables) on a MAM-A DVD-R gold archival disc for long-term storage, then copy that disc to regular DVD's for shorter-term offsite storage.  Those important files have grown beyond the DVD's 4.7GB capacity, however, so the new LG Blu-Ray Disc (BD) Drive will bump that limit up to about 25GB.  A firmware update from version 1.00 to 1.01-A0 is available for the drive but not yet installed.  (First rule of life:  If it works, you can't fix it.)

Test Method:

The new BD drive was installed in the mini-tower just below the DVD drive.  The generic
Windows Vista software was used to write each disc initially.  ISO Recorder 3.1 was used to restore each disc back to an ISO file, or to write that out to another disc. The following tests were performed to demonstrate single-drive data integrity as well as cross-drive data integrity:

• CD read:  On the BD drive, restore two of our oldest archival CD's, going back to 1997.  No read errors.  Open a few files to verify data integrity.

• CD write/read, using Verbatim CD-R discs:  Write a disc on each drive, restore each disc back to a desktop ISO file using each drive (four ISO files).  No errors reported.  With the Windows utility called comp, compare the two ISO's which were created from a disc written on one drive and restored from the other.  This is a byte-for-byte comparison, and no differences were reported.

• DVD write/read, using TDK DVD-R discs:  Same procedure as for CD's.  No errors, no differences.

• DVD+R DL write/read, using Verbatim DVD+R DL discs:  Same procedure as for CD's.  The discs were filled to about 5.25GB, so that both disc layers would be used.  No errors, no differences.

• BD-R write/read, using Verbatim 25GB 6x BD-R discs:  Write a disc containing 21 GB of data including thousands of files (photos).  Restore that back to an ISO.  Write the ISO to another BD-R disc, restore that back to a second ISO, compare.  No errors, no differences.

• BD-R 50GB, 100GB, and 128GB: Not tested - I don't need this functionality now, but I have no reason to doubt that it will work when it is needed, and perhaps disc prices will be better.

Data integrity test results:

The LG Blu-Ray Disc Rewriter Model WH16NS40 performed perfectly.  I am impressed, and I now have renewed confidence in the old Samsung DVD drive as well.

Vista Speed-display Issue:

On this "old" Vista system the writing speed, estimated time left, and progress bar were all displayed incorrectly for the BD discs.  Specifically, the Windows software reported that it intended to write at 39x, and the ISO Recorder program thought it would write at 351x.  I seriously doubt that either was correct.

For both drives and all discs, I always allowed the write to take place at the maximum displayed speed (i.e. 39x or 351x), not attempting to reduce it.  I have no idea what the actual write speed was for the BD discs, and I did not time any of the operations, but the data files were obviously recorded without error.

First actual Blu-Ray backup:

• Write encrypted and unencrypted files to a Delkin 6x 25GB Archival Gold BD-R.
• Restore that disc back to the desktop as an ISO file.
• Write that ISO to each of three Verbatim 6x 25GB BD-R discs for offsite storage.
• Open and verify some encrypted files on the last of those discs as a final check.

This procedure worked flawlessly, backing up about 12GB, except that one of the Verbatim BD-R discs failed immediately when ISO Recorder 3.1 tried to write to it.  That one disc was discarded with no attempt at diagnosis.  I attribute the failure to the disc, not the drive, and comments on other blogs confirm that such failures can occur.

I believe that this process creates archival Blu-Ray discs which will last at least as long as there are drives capable of reading them.  The Delkin Archival Gold BD-R discs cost me about $10 each in a pack of of 5, and the Verbatim BD-R discs about $1 each in a spindle of 25.  Both are cheaper in larger quantities, and other brands are available.  The LG Owner's Manual recommends Sony and Panasonic discs for BD-R 25GB, but does not say whether Delkin or Verbatim discs were ever tested.

Blu-Ray versus Flash for Archival Storage:

Removable-media technology seems to be moving away from optical discs and toward USB flash drives these days, and video is increasingly downloadable, so Blu-Ray discs may never enjoy the popularity of DVD's.  Flash for archival storage is controversial, however, and it is still at least as expensive as Blu-Ray for similar capacity, so Blu-Ray is a better choice for now.

Automatically Delete Local Shared Objects

Also called "flash cookies," Local Shared Objects" (LSO's) can be used by any web site to store information about your web browsing.  Web developers explain that this capability is used "to enhance your web-browsing experience," but skeptics (like me) know that it can also be used to track a user's browsing in detail and even to share that information with unsavory sites.  LSO's may or may not be cleared when you attempt to clear your browser's cookies.

LSO's may be important to some applications.  Games, for example, may save the current state of the game in LSO's, so that the game can be stopped and then resumed.  However, in my computer usage I do not know of any such beneficial application of LSO's and I prefer to delete them.

Third parties have created extensions for some of the browsers which will delete LSO's automatically.  However, this script will also do it, without installing an extension:

    TITLE "Delete Local Shared Objects"
    SETLOCAL

:: Delete Local Shared Objects in a very heavy-handed way:

    SET SYSPATH="%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys"
    SET IE2LSO="%APPDATA%\Macromedia\Flash Player\#SharedObjects"
    SET GOOPATH="%LOCALAPPDATA%\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys"
    SET GOOGLSO="%LOCALAPPDATA%\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects"
    
:: Delete LSO's for IE and FireFox, preserving the flash settings:

    XCOPY /y /q /h /r %SYSPATH%\settings.sol %TEMP%\*
    RMDIR /s /q %SYSPATH%
    RMDIR /s /q %IE2LSO%
    XCOPY /y /q /h /r %TEMP%\settings.sol %SYSPATH%\*
    DEL /f /q %TEMP%\settings.sol

:: Delete LSO's for Chrome, nevermind the flash settings (use defaults):

    RMDIR /s /q %GOOPATH%
    RMDIR /s /q %GOOGLSO%

:: Optionally start one of the browsers.  Also possible to specify a "home" URL here:

    START "" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
::  START "" "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
::  START "" "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

::  PAUSE
    ENDLOCAL
    EXIT

Put this code in a script file with a .CMD extension, e.g. DELETELSO.CMD.  Then create a shortcut to that script and set Properties/Shortcut/Run to Minimized.  Put the shortcut on your desktop, or Quick Launch bar, or wherever you want it.  Use it any time you want to clear the LSO's.  It can also be used to start the browser of your choice after it clears the LSO's, see the code.  That's how I use it.  If you have trouble copying the code from this screen, try this instead, making your screen wide.

Note:  This is a VERY HEAVY-HANDED way to approach the problem and could produce unanticipated and hard-to-diagnose results.  Please check for problems with your favorite web-based applications before you forget that you did this and start looking for problems in the wrong places.  This script comes with no warranty, and you can only sue me for the amount that you paid for it.

The above script has been tested and is in use on Vista and Windows 7.  It has not been tested on Windows 8, and it will not work without modification on Windows XP.

I've had this in place for several months now, using it to start Chrome any time I want a browser, and have not identified any problems in my use of the Chrome browser.

Comments, complaints?

Use BLAT With STUNNEL To Send Email Via SSL On Windows

An earlier post described a Windows command-line script which sends a detailed email at bootup, like PC Phone Home (tm). It worked on our computers for a year and a half, and then stopped. We discovered that our internet service provider, trying to reduce the amount of spam sent through their servers, had blocked port 25, the standard unencrypted email port. They encouraged their customers to switch to SSL, encrypted transmission, using a different port.

The BootMail script uses a free utility called blat to actually send its email. Unfortunately, blat does not support SSL connections. However another free utility, stunnel (secure tunnel?), can convert data from an SSL-ignorant program like blat and send it to an SSL-aware computer or connection. Stunnel can do lots of other things too, and in fact I found the documentation to be thoroughly daunting, but installation turned out to be quite simple, basically the same on Windows 7, Vista, and XP:

• Download stunnel-4.35-installer.exe from stunnel.org.
• Run it and accept the defaults. This installs the software on the disk, in c:\Program Files\stunnel on a 32-bit system or c:\Program Files (x86)\stunnel on a 64-bit system.
• In Start/Programs go to the new stunnel folder and right-click on "Edit Stunnel.conf." Click Run as Administrator (Vista or W7), or click Open (XP). This brings the configuration file into Notepad with rights to modify it. You may be prompted for permission in this and following steps.
• Delete everything in the file, and copy in the four lines example below, modifying them for your use. "Accept" is the port on which blat sends the email (this can be changed), and "connect" is the server name and port that your ISP wants you to use. Save and quit.
• In Start/Programs, right-click "Service Install" and click Run as Adminstrator.
• In Start/Programs, right-click "Service Start" and click Run as Administrator.

Example stunnel.conf file which could be used to send email through gmail:

client = yes
[ssmtp]
accept  = 25
connect = smtp.gmail.com:465

In the script which runs blat, or in the registry, you will want to specity the server as follows: "-server localhost:25".

(tm) PC PhoneHome is a trademark of Brigadoon Software.

Virus Attack!

One of our computers, a 32-bit Vista laptop, recently became infested with a virus. Using either Google or Yahoo, and then clicking on a result, the browser would first go briefly to several other sites before going to the selected URL. It appeared that the virus may have been a money-earner, clicking on ads that brought someone a profit. I also got repeated popup messages that the computer was running out of disk, or out of memory, or out of "resources." None of that was true, but the computer did seem slow.

The antivirus software, Microsoft Security Essentials (MSE), looked green (OK) in the system tray, but it would not update itself, reporting an error. After reboots to "safe" mode, MSE looked red or didn’t appear at all, and the browser still misbehaved. Also, various system services would shut down, and the more I investigated, the more the virus seemed to react and shut things down.

I was able to download Malwarebytes anti-malware, update it, and perform a scan, which came up with three results:

• rogue.installer registry key
• spyware.passwords.xgen in the recycle bin, and
• rogue.hddscan in a temp directory

Malwarebytes attempted to clean them and said that it had done so. But the bug was still there after a reboot to “safe” mode. Another downloaded spyware scanner ran much more slowly but came up empty.

I reverted the drive to a previous time, before the symptoms had appeared, but that didn’t help. I eventually reverted the drive to the earliest available restore point, weeks earlier, and that didn’t help either. So:

• Either the bug had installed itself in the Master Boot Record, or
• It had attached itself to a program that always gets started at boot, and had done so without the change being noticed by the system restore software.

I suspect that it had attached to Java Updater (jusched.exe), which is started at every reboot. I can’t prove it - just a suspicion, based on a couple of observed symptoms.

Fortunately, I had made a complete disk image of that laptop on an Iomega 2 TB external drive just six weeks earlier, using Macrium Reflect (free). Macrium restored the drive in about an hour, including the Master Boot Record, and the problem was gone. Files in the lost six weeks were then restored from more-recent partial backups. Apparently nothing of value was lost, except a lot of my time.

The virus may also have posed other risks, of which we are not aware:

• It might have been a keylogger, sending keystrokes back to someone;
• It may also have tried to find personal data and send that;
• It could have tried to send virus-laden emails to our mailing list; and
• it may have tried to infect other computers on the network.

I did have the computer disconnected from the network except when downloading the virus scanners, and so far, no other computer has shown symptoms of the infection. There is no indication that emails were sent - no backscatter from virus checkers or bad email addresses. This particular computer does not contain much personal data, and we have taken steps to deal with the keylogger possibility, including changes in passwords and a new IP address.

How did the virus get in? Windows and Internet Explorer (IE) were entirely up to date. I checked recent emails, and that doesn’t seem to be the path. It may have come through Java, which was not quite up to date - I know for certain that the same computer was infected through Java a couple of years ago. Perhaps it did come in through Internet Explorer itself, or one of the many browser extensions - this computer was still running IE7 rather than the newer IE8. I’ll never know for sure, but Java is now up to date and Internet Explorer is now IE8. Was it a virus, or a worm, or a trojan? Who cares, it was destructive.

What a pain. Wouldn’t you just love to get hold of the cowardly creeps who write viruses like that and cause other people so much grief? What kind of "man" (woman?) is that intelligent, and yet so incompetent that they have to make a living by deliberately hurting other people?

Iomega Professional 2 TB External Drive Review

It works! With eSATA and USB 2.0 ports, this drive connected easily to six different computers ranging from 7 years old to less than a month, and running operating systems from Windows XP up to Windows 7, some 32 bit and some 64 bit. Every computer saw it as an external hard drive and was able to use it.

I have other ways of doing day-to-day backup, but was about to send a computer in to HP for repair and bought this drive (from TigerDirect, $130) to make an image backup first. That went so well that I started on the other computers, backing them up with Microsoft's image writer, Windows Complete PC Backup (WCPCB) where it was available (Win 7 and Vista Ultimate only). I also used Macrium Reflect Free Edition on all six computers, with success on all but one, and tried Paragon Backup & Recovery Free 2010 on that one, with uncertain success.

Hardware & Performance:

• Iomega Professional Hard Drive 2 terabytes (2,000 GB), P/N 31853000, Model LDHD-UPS, eSATA and USB 2.0.
• Capacity as displayed on a Windows Vista system: 1.81 TB, or 2,000,396,288,000 bytes.
• Maximum transfer rates (advertised): eSATA 3,000 megabits/second (Mb/s), USB 2.0 480 Mb/s. Those are peak rates, not achievable in large transfers.
• Actual average data transfer rates for complete image backup: As high as 475 megabits/second (Mb/s) writing through the eSATA port from a new computer, and as low as 93 Mb/s writing through USB 2.0 from a 4-year-old Toshiba laptop running Windows XP (a 7-year-old Gateway laptop with XP did better than that lame Toshiba!).
• In its search for image backup devices, WCPCB did not "find" the drive on a Vista Ultimate system when the drive was connected by USB 2.0, though it was mounted as a "local disk" and files were visible. Therefore, the drive was not usable for WCPCB backup via USB. It did find the drive when connected by eSATA.
• On Windows 7 computers, WCPCB did find the drive when connected either by USB or by eSATA.
• Macrium always found the drive and was able to write to it. Unfortunately, though, I was unable to boot their linux rescue CD on one of the Windows 7 systems. They claim to have a fix if you buy the "full" edition, $40 per computer. I may blog about Macrium Reflect later - I do like their software best, except for this problem.
• The Iomega Professional Hard Drive box indicates compatibility with Windows XP, Vista, and Windows 7 (32-bit). Does anyone even make a 32-bit Windows 7 system? I suppose, but anyway the drive seems to work just fine on two different 64-bit Windows 7 HP laptops, using either the eSATA or the USB connection and the drivers already in Windows 7.
• The drive is very quiet, and I'm fussy about noise. It's quiet.
• In Device Manager: The drive is listed as a "Samsung HD204UI USB Device", or just a "Samsung HD204UI" when connected by eSATA.
• According to the box label, the drive was assembled in Korea, Sept 20, 2010. I wonder if the entire system is made for Iomega in Korea by Samsung. That's OK.

Software:

I would expect any external drive to come with software for backing up the computer, both for drive-image backups and for incremental backups. Indeed, the box containing this drive touts their "Iomega NeverDown Software," which, unfortunately, was not in the box and is not to be found anywhere on the Iomega web site. Apparently, it has been discontinued. The box does contain a brief manual, in seven different languages, telling how to get started with NeverDown, but alas, no software (oops). They do offer the downloadable "Iomega Protection Suite," including:

• Iomega's v.Clone, which allows you to run YOUR OWN computer on anyone else's hardware. It's a "virtual image" - is that an image backup? Their own user manual advises that v.Clone is not backup software.
• Roxio Retrospect Express, which appears to protect exactly one computer on one external drive, no more. I'm not interested - my 2TB Iomega drive now has ten compressed system images on it from six fully-competent computers, and is barely half full.
• Hence, Iomega apparently does not offer an image backup solution. Ouch.

Happily, though, many other companies do offer image backup software, some for free, such as Macrium and Paragon.

A caution: I have not yet attempted to restore an image to any computer's hard drive. That's a risk I won't take unless I have to, and the repaired computer came back from HP with the internal drive intact. Where possible I do make at least two different images, one by WCPCB and one by Macrium or Paragon or both, in the hope that one will work if the other fails.

For your consideration: Universal Serial Bus. USB 2.0 followed USB 1.0, and has been around for at least seven years now. USB 3.0 is a recently-approved standard, and manufacturers are working hard to implement it in new computers and drives. It is about 10 times as fast as USB 2.0, a little faster even than eSATA, so computers with USB 3.0 may no longer need an an eSATA port. Therefore, future computers might have to talk to this particular drive using only USB 2.0.

That's not too bad, though - Macrium backed up a complete Windows 7 computer in 32 minutes via eSATA and 59 minutes via USB 2.0. In both cases, 105 GB "used" space on the computer's drive was compressed to one 78 GB file on the Iomega drive. Actual average data transfer rates, therefore, were 349 Mb/s and 189 Mb/s respectively, so the eSATA image backup was not even twice as fast as the USB 2.0 backup even though burst speed is six times higher.

Copyright (c) 2010

Please add your comments or questions.