DriveCrypt Plus Pack: encrypt only boot partition? And general DCPP question.

I'm using DriveCrypt Plus Pack 3.9 with one hd, which has 2 partitions c:\ (boot) and d:\ (data)
(XP Pro)

1. I've read different things about encrypting partitions with dcpp. Some say it's highly recommended to encrypt ONLY c:\ some do say c:\ and d:\ should be encrypted. (Remember it's one hd)

What do the experts think about it? Should I encrypt one or both partitions?

2. I do use Bootauth with 2 passwords to gain access. Both passwords do have a length of app 25 (numbers, chars, signs)

As the hd is encrypted with AES256 and this is know to be pretty safe, but what about the passwords? A length of 25 (using 2 passwords) is nice, but when someone wants to gain access, he hasn't has to decrypt the hd, he has "only" to brute-force the 2 passwords. (Or am I wrong here?) And to brute-force 2 passwords should be more easy than decrypting a hd which is AES256 encrypted.

Respectfully yours,
sun :)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1.) Well it depends on what data you keep on drive D, if that is your "virtual money" and drive C contains just the boot code... well you should get the point.

Basically you have to encrypt the partition that contains config files, the data, the temp files and the pagefile. All other parts are not really important.

I don't think one can make any profit from the knowledge, that I use openoffice or nero at home...

I wonder if one needs drivecrypt DCPP though.

How about this setup:

Use the free truecrypt and the free vmware server/player. Store your virtual client systems in a truecrypt partition.

Now work just in the virtual system, should be quite tamper proof.

You could even use linux as starting OS...

</just an idea, any comments, anyone?>

2. It depends on how often one can enter a wrong bootcode. If there is an increasing timeout after each wrong entry, well brute forcing could take a bit long...



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tolomir, the guy asked a question about the encryption he already have installed on his machine. He asked a particular question about DriveCrypt Plus Pack 3.9. He DID NOT ask for suggestions about other encryption programs. So I think you're offtopic suggesting him to use TrueCrypt.
Besides, TrueCrypt DOES NOT encrypt the Operating System.
@Q90887 I've used the normal drivecrypt myself fort a couple of years.

Now I'm using the free vmware server and keep the image in a truecrypt archive.

I no longer need full harddisk encryption, for being secure. So this was just an idea no recipe how to handle the "problem".


Regarding security @ boottime:

* Anti dictionary and brute-force attack mechanisms (due to the nature of DCPP, it is the most difficult system to attack compared to anything else available.)

@sun: If you really want to be secure: I suggest you get a Rainbow iKey 1000 USB-based two-factor authentication token, also available from Securstar (1) That way one cannot force you to tell them the DCPP password, since you simply don't know it.


Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

I'm paranoid myself but not that paranoid :)
I think your sug
gestions are way too much (but of course good solutions).
Simple DCPP encryption should be enough and I don't think is possible to crack such encryption.
As about brute force, if you use a long password, nobody will brute it.
I'm sure that nobody will never even try to brute force such encryptions no matter who are you and what you did. Because it takes MONTHS of bruteforce. It's just a dead end for anyone who wants your data.

As about "being forced to provide the password", there Is no such laws. Few months back when I did this homework I was able to find that only in the UK they could vote such a law that allows Police to keep you arrested until you "remind" the password. But it was not voted yet, it was just a project with many against it.

Not even in US there is no such law. There are rumors that last versions of PGP have backdoors
for the US goverment. These are just rumors and PGP deny it, but as long as they are based in US and they are not open source... everything is possible.

Anyway the existence of the Hidden OS in DCPP cannot be proved.

DriveCryps and BestCrypt are also not open source, but at least they are based in Europe which is a Plus.

The only bad thing about DriveCrypt is that I have some windows problems because if it
(I even have ticket open at )

I'm also using BestCryp for another PC and it seems much better then DriveCrypt, but BestCrypt does not provide plausible deniability (Hidden OS).

Tolomir, whats your opinion about BestCrypt volume encryption? Ever used?
Nope just truecrypt and drivecrypt.

Honestly securstar (drivecrypt) pissed me off by needing to confirm my order payed by credit card (just another year's maintenance) by a phone call.

I said WHAT????

Deinstalled that stuff, used truecrypt and it's smooth and I've even donated some money via paypal.


Here is some comparison:


P.S. regarding keyloggers: it's wise to keeps a part of the password on an usbstick. This leaves a keylogger quite helpless. That way the passphrase consists of a password and some filecontent, in truecrypt this could be some mp3 file, all that counts is data....

At least Truecrypt and Drivecrypt comes with that feature...
What hapends if I lose the usbstick?
Well it is just a file.

I.e. you give truecrypt a password + a file. Both could be stored anywhere.

You could even use c:\boot.ini as file. In that case you better make sure it is never changed :-)

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.