Monday, August 31, 2009

How to Completely Encrypt your Hard drive

This tutorial assumes you have basic knowledge in partition editing. Go here if you don't.

About a year ago I stumbled on TrueCrypt, Open Source encryption software which by definition allows government level encryption (AES) . Encrypting your Hard drive can help you in a lot of situations and it only sacrifices 30 minutes of your valuable time.

Optional: Create a backup of your entire hard drive on a separate storage device now
Optional: Create a TrueCrypt Rescue disc

First of all you will want to Create an empty partition. Use any partition editing software for this, I prefer gparted as it's free and open source. The partition needs to support the OS you will install on it (format and size wise).

Next install any OS (operating system) on that partition. The OS on this partition does not have to be the OS you want to use later on so go ahead and install an Open Source OS to save yourself some copyright issues. The OS's only requirements is that it needs to be able to run TrueCrypt (Linux, Mac, Windows). Set up some drivers if needed (windows...) and get the OS up to speed. Next install TrueCrypt on the partition. Lastly install a boot loader on your computer if you don't already have one. I recommend grub (what's a bootloader?).

Clone the partition you just created. One partition will be your backup to work from if something goes wrong , this partition can be deleted later on, just keep it until you are sure everything is running smoothly. Now boot into your backup partition and run TrueCrypt. Select:
System > Encrypt System Partition/Drive...
Select normal press Next.
Select Encrypt the System Partition and press Next.
Select Multi-Boot and press Next.
Just answer the next view questions truthfully (hint: use your brain).
Wait and Watch as it encrypts your OS.

The TrueCrypt Boot-loader should now be installed on your boot-hard drive.

Enjoy your Encrypted OS =)

Continue Reading if you are either very paranoid or very illegal

But wait, what if Authorities or the Mafia force you to reveal the password to your OS?
Well this is where Plausible Deniability comes into play.

You may create a hidden OS inside your already encrypted OS. It is impossible to know whether a hidden volume exists on your computer as it looks exactly the same as random bits, the only pointer to it is a password you choose.

To create a hidden OS boot into your Encrypted OS and Start TrueCrypt.
System > Encrypt System Partition/Drive...
Select hidden volume this time.
You should be familiar with the steps...

You now have a Hidden OS inside an Encrypted OS. To boot into your hidden OS simply enter the password you choose for it. To boot into your Encrypted OS just enter your old password.

What do you do if someone forces you to reveal your password?
Give them the password of your Encrypted OS. They don't have proof that you have a hidden OS so don't give them any reason to believe so.

Now how do we make the Denial of a Hidden OS Plausible?
Every now and then do something (legal) on your Encrypted OS, this will make it look like you actively use it. I have some scripts which I run now and then to surf the web for me and do other random stuff, I might release them but you should be able to come up with your own.

Enjoy =D

No comments: