DriveCrypt Plus Pack: encrypt only boot partition? And general DCPP question.

Posted on 2007-04-08
Last Modified: 2008-01-09
I'm using DriveCrypt Plus Pack 3.9 with one hd, which has 2 partitions c:\ (boot) and d:\ (data)
(XP Pro)

1. I've read different things about encrypting partitions with dcpp. Some say it's highly recommended to encrypt ONLY c:\ some do say c:\ and d:\ should be encrypted. (Remember it's one hd)

What do the experts think about it? Should I encrypt one or both partitions?

2. I do use Bootauth with 2 passwords to gain access. Both passwords do have a length of app 25 (numbers, chars, signs)

As the hd is encrypted with AES256 and this is know to be pretty safe, but what about the passwords? A length of 25 (using 2 passwords) is nice, but when someone wants to gain access, he hasn't has to decrypt the hd, he has "only" to brute-force the 2 passwords. (Or am I wrong here?) And to brute-force 2 passwords should be more easy than decrypting a hd which is AES256 encrypted.

Respectfully yours,
sun :)
Question by:su-n
  • 4
  • 3
LVL 27

Accepted Solution

Tolomir earned 250 total points
ID: 18873265
1.) Well it depends on what data you keep on drive D, if that is your "virtual money" and drive C contains just the boot code... well you should get the point.

Basically you have to encrypt the partition that contains config files, the data, the temp files and the pagefile. All other parts are not really important.

I don't think one can make any profit from the knowledge, that I use openoffice or nero at home...

I wonder if one needs drivecrypt DCPP though.

How about this setup:

Use the free truecrypt and the free vmware server/player. Store your virtual client systems in a truecrypt partition.

Now work just in the virtual system, should be quite tamper proof.

You could even use linux as starting OS...

</just an idea, any comments, anyone?>

2. It depends on how often one can enter a wrong bootcode. If there is an increasing timeout after each wrong entry, well brute forcing could take a bit long...



Expert Comment

ID: 19091328
Tolomir, the guy asked a question about the encryption he already have installed on his machine. He asked a particular question about DriveCrypt Plus Pack 3.9. He DID NOT ask for suggestions about other encryption programs. So I think you're offtopic suggesting him to use TrueCrypt.
Besides, TrueCrypt DOES NOT encrypt the Operating System.
LVL 27

Expert Comment

ID: 19096377
@Q90887 I've used the normal drivecrypt myself fort a couple of years.

Now I'm using the free vmware server and keep the image in a truecrypt archive.

I no longer need full harddisk encryption, for being secure. So this was just an idea no recipe how to handle the "problem".


Regarding security @ boottime:

* Anti dictionary and brute-force attack mechanisms (due to the nature of DCPP, it is the most difficult system to attack compared to anything else available.)

@sun: If you really want to be secure: I suggest you get a Rainbow iKey 1000 USB-based two-factor authentication token, also available from Securstar (1) That way one cannot force you to tell them the DCPP password, since you simply don't know it.


Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Assisted Solution

q90887 earned 250 total points
ID: 19096841
I'm paranoid myself but not that paranoid :)
I think your sug
gestions are way too much (but of course good solutions).
Simple DCPP encryption should be enough and I don't think is possible to crack such encryption.
As about brute force, if you use a long password, nobody will brute it.
I'm sure that nobody will never even try to brute force such encryptions no matter who are you and what you did. Because it takes MONTHS of bruteforce. It's just a dead end for anyone who wants your data.

As about "being forced to provide the password", there Is no such laws. Few months back when I did this homework I was able to find that only in the UK they could vote such a law that allows Police to keep you arrested until you "remind" the password. But it was not voted yet, it was just a project with many against it.

Not even in US there is no such law. There are rumors that last versions of PGP have backdoors
for the US goverment. These are just rumors and PGP deny it, but as long as they are based in US and they are not open source... everything is possible.

Anyway the existence of the Hidden OS in DCPP cannot be proved.

DriveCryps and BestCrypt are also not open source, but at least they are based in Europe which is a Plus.

The only bad thing about DriveCrypt is that I have some windows problems because if it
(I even have ticket open at )

I'm also using BestCryp for another PC and it seems much better then DriveCrypt, but BestCrypt does not provide plausible deniability (Hidden OS).

Tolomir, whats your opinion about BestCrypt volume encryption? Ever used?
LVL 27

Expert Comment

ID: 19098643
Nope just truecrypt and drivecrypt.

Honestly securstar (drivecrypt) pissed me off by needing to confirm my order payed by credit card (just another year's maintenance) by a phone call.

I said WHAT????

Deinstalled that stuff, used truecrypt and it's smooth and I've even donated some money via paypal.


Here is some comparison:


P.S. regarding keyloggers: it's wise to keeps a part of the password on an usbstick. This leaves a keylogger quite helpless. That way the passphrase consists of a password and some filecontent, in truecrypt this could be some mp3 file, all that counts is data....

At least Truecrypt and Drivecrypt comes with that feature...

Expert Comment

ID: 19104244
What hapends if I lose the usbstick?
LVL 27

Expert Comment

ID: 19106352
Well it is just a file.

I.e. you give truecrypt a password + a file. Both could be stored anywhere.

You could even use c:\boot.ini as file. In that case you better make sure it is never changed :-)


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question