DriveCrypt Plus Pack: encrypt only boot partition? And general DCPP question.

Posted on 2007-04-08
Medium Priority
Last Modified: 2008-01-09
I'm using DriveCrypt Plus Pack 3.9 with one hd, which has 2 partitions c:\ (boot) and d:\ (data)
(XP Pro)

1. I've read different things about encrypting partitions with dcpp. Some say it's highly recommended to encrypt ONLY c:\ some do say c:\ and d:\ should be encrypted. (Remember it's one hd)

What do the experts think about it? Should I encrypt one or both partitions?

2. I do use Bootauth with 2 passwords to gain access. Both passwords do have a length of app 25 (numbers, chars, signs)

As the hd is encrypted with AES256 and this is know to be pretty safe, but what about the passwords? A length of 25 (using 2 passwords) is nice, but when someone wants to gain access, he hasn't has to decrypt the hd, he has "only" to brute-force the 2 passwords. (Or am I wrong here?) And to brute-force 2 passwords should be more easy than decrypting a hd which is AES256 encrypted.

Respectfully yours,
sun :)
Question by:su-n
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 27

Accepted Solution

Tolomir earned 1000 total points
ID: 18873265
1.) Well it depends on what data you keep on drive D, if that is your "virtual money" and drive C contains just the boot code... well you should get the point.

Basically you have to encrypt the partition that contains config files, the data, the temp files and the pagefile. All other parts are not really important.

I don't think one can make any profit from the knowledge, that I use openoffice or nero at home...

I wonder if one needs drivecrypt DCPP though.

How about this setup:

Use the free truecrypt and the free vmware server/player. Store your virtual client systems in a truecrypt partition.

Now work just in the virtual system, should be quite tamper proof.

You could even use linux as starting OS...

</just an idea, any comments, anyone?>

2. It depends on how often one can enter a wrong bootcode. If there is an increasing timeout after each wrong entry, well brute forcing could take a bit long...



Expert Comment

ID: 19091328
Tolomir, the guy asked a question about the encryption he already have installed on his machine. He asked a particular question about DriveCrypt Plus Pack 3.9. He DID NOT ask for suggestions about other encryption programs. So I think you're offtopic suggesting him to use TrueCrypt.
Besides, TrueCrypt DOES NOT encrypt the Operating System.
LVL 27

Expert Comment

ID: 19096377
@Q90887 I've used the normal drivecrypt myself fort a couple of years.

Now I'm using the free vmware server and keep the image in a truecrypt archive.

I no longer need full harddisk encryption, for being secure. So this was just an idea no recipe how to handle the "problem".


Regarding security @ boottime:

* Anti dictionary and brute-force attack mechanisms (due to the nature of DCPP, it is the most difficult system to attack compared to anything else available.)

@sun: If you really want to be secure: I suggest you get a Rainbow iKey 1000 USB-based two-factor authentication token, also available from Securstar (1) That way one cannot force you to tell them the DCPP password, since you simply don't know it.

(1) http://www.securstar.com/products_usbtoken.php

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.


Assisted Solution

q90887 earned 1000 total points
ID: 19096841
I'm paranoid myself but not that paranoid :)
I think your sug
gestions are way too much (but of course good solutions).
Simple DCPP encryption should be enough and I don't think is possible to crack such encryption.
As about brute force, if you use a long password, nobody will brute it.
I'm sure that nobody will never even try to brute force such encryptions no matter who are you and what you did. Because it takes MONTHS of bruteforce. It's just a dead end for anyone who wants your data.

As about "being forced to provide the password", there Is no such laws. Few months back when I did this homework I was able to find that only in the UK they could vote such a law that allows Police to keep you arrested until you "remind" the password. But it was not voted yet, it was just a project with many against it.

Not even in US there is no such law. There are rumors that last versions of PGP have backdoors
for the US goverment. These are just rumors and PGP deny it, but as long as they are based in US and they are not open source... everything is possible.

Anyway the existence of the Hidden OS in DCPP cannot be proved.

DriveCryps and BestCrypt are also not open source, but at least they are based in Europe which is a Plus.

The only bad thing about DriveCrypt is that I have some windows problems because if it
(I even have ticket open at http://www.experts-exchange.com/OS/Miscellaneous/Q_22572508.html )

I'm also using BestCryp for another PC and it seems much better then DriveCrypt, but BestCrypt does not provide plausible deniability (Hidden OS).

Tolomir, whats your opinion about BestCrypt volume encryption? Ever used?
LVL 27

Expert Comment

ID: 19098643
Nope just truecrypt and drivecrypt.

Honestly securstar (drivecrypt) pissed me off by needing to confirm my order payed by credit card (just another year's maintenance) by a phone call.

I said WHAT????

Deinstalled that stuff, used truecrypt and it's smooth and I've even donated some money via paypal.


Here is some comparison:



P.S. regarding keyloggers: it's wise to keeps a part of the password on an usbstick. This leaves a keylogger quite helpless. That way the passphrase consists of a password and some filecontent, in truecrypt this could be some mp3 file, all that counts is data....

At least Truecrypt and Drivecrypt comes with that feature...

Expert Comment

ID: 19104244
What hapends if I lose the usbstick?
LVL 27

Expert Comment

ID: 19106352
Well it is just a file.

I.e. you give truecrypt a password + a file. Both could be stored anywhere.

You could even use c:\boot.ini as file. In that case you better make sure it is never changed :-)


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question