• Strong cryptography
  Thank TrueCrypt for 256 bits AES in XTS mode. I think 256 bits is overkill, but 128 is not offered. I don’t see any performance hit on my modest, stock Fujitsu E8210 laptop.
• Need to know (reduced data exposure)
  Data is not available in clear text when I don’t need it. In other words, when I work, I have my files, when I play they stay encrypted
• Easy encrypted backup
  My backups are merely a copy to a file server.
• Single sign-on to any encrypted volume
  The pre-boot authentication password (or pass phrase, your call) is the only one you’ll ever have to enter, and yet, that password is never stored anywhere. Not even in encrypted memory. It’s only in your head.
• Supports encrypted USB drive
  USB drives get the same single sign-on, need to know and backup features. Doesn’t matter wheter you use file based or whole volume, although using a file based container allows you to store regular data on any computer, instead of carrying to drives.
• Platform independent
  Works on all platforms that TrueCrypt supports

It does not feature, but could be extended to :

• Plausible deniability
• Two factor authentication to encrypted files (TrueCrypt version 6.1 required)
• Step-up authentication to encrypted files
• Operating system logon integration (stay tuned for that one…)
• Full operating system backup

Here is a simplified view of my setup. A laptop, a usb drive and a simple NAS server (I have a Linksys NAS200, but any remote file share or ftp will do).

1. A keyfile is stored on your encrypted partition.
   I generated a keyfile with cryptographic random noise. Let’s call it Entropy.dat. Your pre-boot password and operating system logon will give you access to that key file. It is used to single sing-on to any container. That keyfile is never backed up, excluded it from all your backups.
2. A volume header of your container (with password authentication) is backed up
   For any file based volume you create, backup a header that has a password authentication, no keyfiles. Write that password behind a picture of yourself with your kids and send it to your mother. It will be on the her fridge if ever you need it.
3. Backup a rescue disk ISO file
   This is regular TrueCrypt procedure for full disk encryption.

To set yourself up like this, follow these steps :

1. Follow TrueCrypt’s guidelines to enable full disk encryption.
2. Create a file based TrueCrypt volume, with a strong password that you will remember or write down.
3. Backup that volume header.
4. Select (or generate) a keyfile.
5. Change the volume password to      (nothing, leave the password field blank)
6. Select the keyfile of step 4 and click Ok

Repeat steps 4-5-6 for each file based container. Copy to that container the files you want to be able on a need to know basis. When you need the files, mount the container. I wrote a batch file that mounts a file based container and shows a popup with my Notifu utility (Windows only).

@echo off
REM Mounts a file based TrueCrypt container and displays a pop-up
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v C:\users\your_username\Clients.tc /l X /q /k "%USERPROFILE%\entropy.dat" /m ts
start "" notifu /m "TrueCrypt drive X was mounted successfully from file Clients.tc" /p "Secure drive mounted" /d 5000 /i "C:\Program Files\TrueCrypt\TrueCrypt.exe"
start "" /MIN "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q background

The batch is a little different for USB drives.

@echo off
REM Mounts a file based TrueCrypt container located on a USB drive and displays a pop-up
setlocal
REM I use this setup on many machines, and the USB drive is not
REM always given the same letter...
if exist f:\mobile.tc set TCFILE=f:\mobile.tc
if exist e:\mobile.tc set TCFILE=e:\mobile.tc
start "TrueCrypt" /MIN "C:\Program Files\TrueCrypt\TrueCrypt.exe" /v %TCFILE% /k "%USERPROFILE%\entropy.dat" /l U /a /q /m rm /m ts
start "" notifu /m "TrueCrypt drive U was mounted successfully from file %TCFILE%" /p "Secure drive mounted" /d 5000 /i "C:\Program Files\TrueCrypt\TrueCrypt.exe"
start "" /MIN "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q background
endlocal

Feel free to use it and adapt it to your needs !

I found a detailed explanation of the MSCASH format. Here is how you make your own MSCASH hashes to do close to reality benchmarks of your favourite password cracking tool.

The format is MD4(MD4(password) + username). password and username are in Unicode. In the explanation linked above, we have the classical "user" and "password" combination. Using notepad, type your password. Save the file using Unicode format. The first two bytes of the file will be FF and EF, a flag called the byte order mark (BOM). Delete them using an hexadecimal editor. It should look like this :

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000  70 00 61 00 73 00 73 00 77 00 6F 00 72 00 64 00  p.a.s.s.w.o.r.d.

Now calculate the first hash with openssl, with a binary output :

openssl dgst -md4 -binary password.unicode.txt > md4.password

Type and save your user name in Unicode format, remove the BOM, and concatenate the Unicode user name to the first hash.

copy /b md4.password + user.unicode.txt md4.password.user

The file should look like this (the first 16 bytes is the md4 hash of the password) :

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000  88 46 F7 EA EE 8F B1 17 AD 06 BD D8 30 B7 58 6C  ˆF÷êî.±...½Ø0·Xl
00000010  75 00 73 00 65 00 72 00                          u.s.e.r.

Now just hash that last file, again with openssl :

openssl dgst -md4 md4.password.user
MD4(md4.password.user)= 2d9f0b052932ad18b87f315641921cda

You can now use that MSCASH hash for your benchmarks. I hope you find it usefull. I might write a program in C to automate this, If I see good traffic on this post. Spread the word !

To help with the rest, I made this chart.

The colors in that chart indicate operations that are related to each other. To put it in words:

• If you use a public key for encryption, you will use your private key for decryption.
• If you use a private key for encryption, you will use a public key for decryption

But most students need some time to reach the asymmetric cryptography enlightenment. When they do reach it, I have to convince them that it is not the silver bullet it looks like. I found that remembering this chart helps them cram study for an exam.

Hope this helps !

I remember Chrissy complaining about that to Jack in an episode of “Three’s Company”. Above the humour, I remember thinking about fair coin flipping back then, many years before I learned anything about cryptography.

The other day, I was asked the very same question by my daughter. Children are great entropy generators (you can tell by the mess they make of their toys). I found a way to solve the problem by having both of them part of the coin flipping. Well I don’t flip a coin. I hide it in one of my hands, behind my back. Here is how it goes:

1. I lay out the outcome first. Something like “If you get the coin, you’re the one who take her bath first”
2. I start shuffling the coin from one hand to the other, behind my back.
3. One of them says “stop”.
4. I leave the coin in the hand it was when I was told to stop.
5. I show both hands (fists, actually) to my other kid, who gets to choose a hand.

(The entropy gathering is at step 3). If she gets the coin, she knows the outcome. No more “it’s not fair” complaints