TrueCrypt File Container Over Samba. Is it safe from packet sniffers?

Hi Experts,

Question:

Samba share on a linux server.

True Crypt file container located on the samba share (on the linux servers hard drive).

True Crypt file container mounted on a remote windows computer as drive Z

Can the data between the linux server and the remote windows computer be snooped / packet sniffed? Or is the decryption done completely on the client side (windows computer)?

| samba | <------> | hostile network with sniffers | <------> | windows computer

?

Thanks for the help!

dr34m3r
LVL 1
dr34m3rsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TalShyarCommented:
Here is the link over at TrueCrypt: http://www.truecrypt.org/docs/sharing-over-network

Sharing over Network

If there is a need to access a single TrueCrypt volume simultaneously from multiple operating systems, there are two options:

A TrueCrypt volume is mounted only on a single computer (for example, on a server) and only the content of the mounted TrueCrypt volume (i.e., the file system within the TrueCrypt volume) is shared over a network. Users on other computers or systems will not mount the volume (it is already mounted on the server).

Advantages: All users can write data to the TrueCrypt volume. The shared volume may be both file-hosted and partition/device-hosted.

Disadvantage: Data sent over the network will not be encrypted. However, it is still possible to encrypt it using e.g. SSL, TLS, VPN, or other technologies.

Remarks: Note that, when you restart the system, the network share will be automatically restored only if the volume is a system favorite volume or an encrypted system partition/drive (for information on how to configure a volume as a system favorite volume, see the chapter System Favorite Volumes).

A dismounted TrueCrypt file container is stored on a single computer (for example, on a server). This encrypted file is shared over a network. Users on other computers or systems will locally mount the shared file. Thus, the volume will be mounted simultaneously under multiple operating systems.

Advantage: Data sent over the network will be encrypted (however, it is still recommended to encrypt it using e.g. SSL, TLS, VPN, or other appropriate technologies to make traffic analysis more difficult and to preserve the integrity of the data).

Disadvantages: The shared volume may be only file-hosted (not partition/device-hosted). The volume must be mounted in read-only mode under each of the systems (see the section Mount Options for information on how to mount a volume in read-only mode). Note that this requirement applies to unencrypted volumes too. One of the reasons is, for example, the fact that data read from a conventional file system under one OS while the file system is being modified by another OS might be inconsistent (which could result in data corruption).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave HoweSoftware and Hardware EngineerCommented:
It's mostly ok. The data sent to and from samba is encrypted; however, an attacker will have access to the before and after versions of any changed data which may aid him in a differential attack - Truecrypt should not be vulnerable to differential attacks but it is something you need to take into account for a threat analysis.
0
TolomirAdministratorCommented:
..also make sure the data is not sniffed on the target computer, the best encryption doesn't help when you have a trojan on the client, transferring all secret data.
0
Dave HoweSoftware and Hardware EngineerCommented:
Yes, always worth remembering that whenever the truecrypt volume is unlocked, the most vulnerable point is the machine with full access.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.