Discussion:
Comparison of repairs of FDE with PBA?
(too old to reply)
Guest
2008-02-06 16:52:39 UTC
Permalink
Raw Message
Glad to hear TrueCrypt 5 with FDE / PBA is finally out... Now that it is,
that got me to thinking... (Well, actually I was thinking before that, of
course...)

Does anybody have any comments / comparisons of the repair tools / ability
of the various full disk encrytpion packages that offer PBA?

SafeBoot, DCPP, BitLocker, PGPDisk, CompuSec, TrueCyprt 5 and whatever else.

What kind of tools are available when something goes wrong? To me, that's a
pretty big question.

Back in my DOS days, I've used SuperStor, Stacker & DriveSpace disk
compression. Plus I've used the ez-bios loaders to get around disk size
limitations. So I know first hand about needing to repair a damaged system
and having trouble getting to the data. (Although in all fairness, I rarely
had problems with the software itself. It was nearly always OS related.)

What if you need to load up BartPE or VistaPE or Knoppix or whatever to
repair the disk or just get some data off so you can reformat and reinstall?
Do any of these come with plugins for a stand alone bootable cd?

Do any of these come with any utilities that can repair a damaged encrypted
disk?

Do any of these offer the ability to install XP or Vista onto an already
encrypted disk? So you don't have to reformat, install, and then encrypt,
resulting in lost data if your backups aren't current? (I would think that
a good way to handle that would be just like loading a RAID driver. Without
it you can't properly see the disk. With it you can.)


I remember long ago talk about what TC or PGP 'should' do was put their disk
PBA stuff onto a bootable linux distro, and force you to install it from
there. The idea being that way you must have a bootable cd with repair
utils etc.

Obviously they didn't go that route, but I am curious about the various
support & repair abilities of the various disk encryption products.

And since I haven't actually used (only played with CompuSec, will try TC5
later), I figured I'd ask around.
Carsten Krueger
2008-02-06 18:35:12 UTC
Permalink
Raw Message
Post by Guest
Does anybody have any comments / comparisons of the repair tools / ability
of the various full disk encrytpion packages that offer PBA?
Assume that there is no way to recover. If things go bad all data is lost.
Truecrypt has a good "recovery" cd (repair broken mbr, repair first block
of container, decrypt hdd)
Post by Guest
What if you need to load up BartPE or VistaPE or Knoppix or whatever to
repair the disk or just get some data off so you can reformat and reinstall?
It should work with BartPE, but according to my test it didn't.
Can't mount the system partition.
Post by Guest
Do any of these offer the ability to install XP or Vista onto an already
encrypted disk?
No

greetings
Carsten

fup2 alt.security.scramdisk
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/
Guest
2008-02-06 23:18:54 UTC
Permalink
Raw Message
Post by Carsten Krueger
Post by Guest
Does anybody have any comments / comparisons of the repair tools / ability
of the various full disk encrytpion packages that offer PBA?
Assume that there is no way to recover. If things go bad all data is lost.
That's kind of what I have been, but I object to it on sheer principle.

I know about backups etc., but I just object on sheer principle any
situation where I have a disk & file system that is, by design, incapable of
being repaired. I've been using computers for 25 years now, and I just
object to anything that goes out of its way to prevent you from fixing it
when it breaks.

Disk compression & things like ez-bios, and even RAID drivers are definetly
a problem. But they aren't as inconvenient as disk encryption.

That's why tools are so important for full disk encryption with PBA.
Post by Carsten Krueger
Truecrypt has a good "recovery" cd (repair broken mbr, repair first block
of container, decrypt hdd)
Post by Guest
What if you need to load up BartPE or VistaPE or Knoppix or whatever to
repair the disk or just get some data off so you can reformat and reinstall?
It should work with BartPE, but according to my test it didn't.
Can't mount the system partition.
I wonder if that's a bug or by design. Maybe they'll change that in future
versions.
Post by Carsten Krueger
Post by Guest
Do any of these offer the ability to install XP or Vista onto an already
encrypted disk?
No
Thanks for the info.
Post by Carsten Krueger
greetings
Carsten
fup2 alt.security.scramdisk
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/
Carsten Krueger
2008-02-06 23:29:43 UTC
Permalink
Raw Message
Post by Guest
I wonder if that's a bug or by design. Maybe they'll change that in future
versions.
I think it's a bug. With DiskCryptor it works perfectly.

greetings
Carsten
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/
R***@remailer.metacolo.com
2008-02-07 04:30:14 UTC
Permalink
Raw Message
Post by Carsten Krueger
Post by Guest
Does anybody have any comments / comparisons of the repair tools / ability
of the various full disk encrytpion packages that offer PBA?
Assume that there is no way to recover. If things go bad all data is lost.
Depends how bad your encrypted system disk is damaged.

PGP makes you create a rescue disk which is capable of _decrypting_ the whole disk if something's wrong with the windows bootup. I think Safeboot and Truecrypt do the same thing, but I've only had to do it with PGP WDE (it worked). The rescue disks keep a copy of your boot track and can restore it.

Then you're back to fixing the windows problem from an unencrypted disk.

I've been using Safeboot and PGP WDE for about a year; no problems other than the usual install glitches with any software.
Guest
2008-02-07 15:13:52 UTC
Permalink
Raw Message
Post by R***@remailer.metacolo.com
Post by Carsten Krueger
Post by Guest
Does anybody have any comments / comparisons of the repair tools / ability
of the various full disk encrytpion packages that offer PBA?
Assume that there is no way to recover. If things go bad all data is lost.
Depends how bad your encrypted system disk is damaged.
PGP makes you create a rescue disk which is capable of _decrypting_ the
That brings me to another question.... Can these things stop and later
resume the decryption process?

With a big 750g drive, you could be looking at a very long decrytpion
process. You might not want to do the whole thing at one time.

Even with a smaller drive, it's reasonable to assume there will be
situations where you'll need to stop the decryption process and resume
later. (Lack of time. Low laptop battery. Power outage with a UPS battery
running low, etc.)

And even disk errors. I can just image that a disk error causes the
decryption process to fail for some reason. It'd be nice to be able to pick
it back up after the bad sectors. You might loose a few sectors worth of
data, but you'd be able to recover most of it.
Post by R***@remailer.metacolo.com
whole disk if something's wrong with the windows bootup. I think Safeboot
and Truecrypt do the same thing, but I've only had to do it with PGP WDE
(it worked). The rescue disks keep a copy of your boot track and can
restore it.
How compatible with hardware are they?

I assume these rescue disks can only do only the first physical hard drive.

Which would suggest they work on a BIOS level. Basically a raw hardware
program with no OS.

Since the BIOS is supposed to be able to at least boot from the first hard
drive, that shouldn't cause a problem. Right?
Post by R***@remailer.metacolo.com
Then you're back to fixing the windows problem from an unencrypted disk.
I've been using Safeboot and PGP WDE for about a year; no problems other
than the usual install glitches with any software.
And yet another question.... Can you run the encryption loader on the hard
drive, and then boot to cd or flash like the bios normally can?

I remember with the old ez-bios loaders (that fixed large drive issues), you
could boot the hard drive while pressing a key, and then after loading the
bios patch, it would go ahead and load from the cd or floppy. True, not
every OS could work with ez-bios (Linux, for example), but DOS, many backup
utils, etc. could. So you could save what you could before trying to fix
the whole drive?

Can any of the current FDE/PBA's do that?


Although I can try TrueCrypt this weekend on a VirtualBox, I'm not that
familiar with actually using the rest of the full disk encryption programs.
SafeBoot Simon
2008-02-07 15:14:34 UTC
Permalink
Raw Message
Post by Guest
Does anybody have any comments / comparisons of the repair tools / ability
of the various full disk encrytpion packages that offer PBA?
SafeBoot has a full DR toolkit which either runs under its own OS off
some bootable media, or you can run it as a Windows program under a
second OS like WinPE or BartPE (We provide bartPE plugins). It can fix
any internal issues, decrypt the drive, or give you plaintext access
to the drive as long as you have the recovery blob out of the SafeBoot
Admin database.

S.
Guest
2008-02-07 19:27:57 UTC
Permalink
Raw Message
Post by SafeBoot Simon
Post by Guest
Does anybody have any comments / comparisons of the repair tools / ability
of the various full disk encrytpion packages that offer PBA?
SafeBoot has a full DR toolkit which either runs under its own OS off
some bootable media, or you can run it as a Windows program under a
second OS like WinPE or BartPE (We provide bartPE plugins). It can fix
any internal issues, decrypt the drive, or give you plaintext access
to the drive as long as you have the recovery blob out of the SafeBoot
Admin database.
Thanks for the info.

It sounds like you people might have put a bit more thought into this than
some of the others. Kind of nice to see that you feel emergency situations
are just as important as the basic encryption itself.

Of course, time will tell how well TC works and what the response of the
others (PGP, DCPP, etc. etc.) will be of the release of TC5. I don't expect
too many waves in the sea, but who knows.

Loading...