TrueCrypt File Container Over Samba. Is it safe from packet sniffers?

Hi Experts,


Samba share on a linux server.

True Crypt file container located on the samba share (on the linux servers hard drive).

True Crypt file container mounted on a remote windows computer as drive Z

Can the data between the linux server and the remote windows computer be snooped / packet sniffed? Or is the decryption done completely on the client side (windows computer)?

| samba | <------> | hostile network with sniffers | <------> | windows computer


Thanks for the help!

Who is Participating?
TalShyarConnect With a Mentor Commented:
Here is the link over at TrueCrypt:

Sharing over Network

If there is a need to access a single TrueCrypt volume simultaneously from multiple operating systems, there are two options:

A TrueCrypt volume is mounted only on a single computer (for example, on a server) and only the content of the mounted TrueCrypt volume (i.e., the file system within the TrueCrypt volume) is shared over a network. Users on other computers or systems will not mount the volume (it is already mounted on the server).

Advantages: All users can write data to the TrueCrypt volume. The shared volume may be both file-hosted and partition/device-hosted.

Disadvantage: Data sent over the network will not be encrypted. However, it is still possible to encrypt it using e.g. SSL, TLS, VPN, or other technologies.

Remarks: Note that, when you restart the system, the network share will be automatically restored only if the volume is a system favorite volume or an encrypted system partition/drive (for information on how to configure a volume as a system favorite volume, see the chapter System Favorite Volumes).

A dismounted TrueCrypt file container is stored on a single computer (for example, on a server). This encrypted file is shared over a network. Users on other computers or systems will locally mount the shared file. Thus, the volume will be mounted simultaneously under multiple operating systems.

Advantage: Data sent over the network will be encrypted (however, it is still recommended to encrypt it using e.g. SSL, TLS, VPN, or other appropriate technologies to make traffic analysis more difficult and to preserve the integrity of the data).

Disadvantages: The shared volume may be only file-hosted (not partition/device-hosted). The volume must be mounted in read-only mode under each of the systems (see the section Mount Options for information on how to mount a volume in read-only mode). Note that this requirement applies to unencrypted volumes too. One of the reasons is, for example, the fact that data read from a conventional file system under one OS while the file system is being modified by another OS might be inconsistent (which could result in data corruption).
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
It's mostly ok. The data sent to and from samba is encrypted; however, an attacker will have access to the before and after versions of any changed data which may aid him in a differential attack - Truecrypt should not be vulnerable to differential attacks but it is something you need to take into account for a threat analysis.
..also make sure the data is not sniffed on the target computer, the best encryption doesn't help when you have a trojan on the client, transferring all secret data.
Dave HoweSoftware and Hardware EngineerCommented:
Yes, always worth remembering that whenever the truecrypt volume is unlocked, the most vulnerable point is the machine with full access.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.