Backing up with TrueCrypt
August 23rd, 2007
I’ve been talking recently about using TrueCrypt to encrypt your backups to keep them secure while they’re at your off-site backup or wherever they are. So I decided to do a little how-to on doing exactly that. Here we go:
First we need to create the template files. There’s no arguments in TrueCrypt to create new volumes from the command line, so we need to pre-create them.
1. Click the “Create New Volume…” menu item:
2. Choose the standard volume:
3. Choose the location of the new volume:
4. Choose the encryption algorithm (the default, AES, should be ok):
5. Chose the size you want for the volume. You won’t be able to change the size of the volume after it’s created, so make sure you have enough room for the stuff you want to store in here:
6. Choose a password. TrueCrypt really recommends a password with at least 20 characters and then if you add in special characters and mixed case, all the better:
7. Create it!
8. Badda boom! Badda bing!
Now you have a TrueCrypt volume file ready to put stuff into it. I use oneTrueCrypt volume file for each of my main folders:
Recently I wrote a batch file that will make a copy of this TrueCrypt file you just created (so you can use it as a blank template file for all further backups), mount the file, copy in the contents of a folder, dismount the file, and then archive the file to some location if you so choose. You can download it here.
Let me know if you use it and it’s awesome. Let me know if you’ve tried it and it sucked. Let me know if you just don’t care. Whatever. It’s all good. But if you really want to be slick, you should set up a task in Windows Task Scheduler to automatically archive using the script. Pimp.
I’m actually contemplating using jungledisk to backup my stuff and I know they have a way to do incrementals that only updates parts of files that changed. That way my 5gb tc file doesn’t get copied in full every day. Have you had any experience with Truecrypt and this sort of backup?
March 1, 2008 @ 5:44 pm
mmm… a 5gb tc file. Seems not the smartest thing to have.
There are a lot of bits in 5 Gb. What if only one bit changes (remember Murphy?)? All of your data in the file is lost …
I think you’d better split things up in smaller portions…
April 29, 2008 @ 4:40 am
Allart, it’s not really any different than storing a big zip file or image of the drive, but the truecrypt file would be encrypted. Hopefully, SpinRite would be able to fix any bit rot, but yeah that is a risk… as well as a reason to not save just one backup as well.
April 30, 2008 @ 10:03 am
David, I’m really considering doing something with A3/JungleDisk and Truecrypt, but since Google is supposedly coming out with a similar (and I think free) solution to A3, I’ve been holding off.
April 30, 2008 @ 10:04 am
@Allert, mike hall
Hey guys, I don’t think you have to worry about data corruption as much as Allert suggests. I don’t think the size of the tc volume affects what you might lose… Your exposure is slightly more with an encrypted volume (1 corrupt bit can make you lose 128 bits of data), but not as bad as losing the whole volume!
From http://www.truecrypt.org/faq.php:
Q: What do I do when the encrypted filesystem on my TrueCrypt volume is corrupted?
A: File system within a TrueCrypt volume may become corrupted in the same way as any normal unencrypted file system. When that happens, you can use filesystem repair tools supplied with your operating system to fix it. In Windows, it is the ‘chkdsk’ tool. TrueCrypt provides an easy way to use this tool on a TrueCrypt volume: First, make a backup copy of the TrueCrypt volume (because the ‘chkdsk’ tool might damage the filesystem even more) and then mount it. Right-click the mounted volume in the main TrueCrypt window (in the drive list) and from the context menu select ‘Repair Filesystem’.
January 28, 2009 @ 10:16 am
Sorry, I meant to quote this question! :
Q: What will happen when a part of a TrueCrypt volume becomes corrupted?
A: In encrypted data, one corrupted bit usually corrupts the whole ciphertext block in which it occurred. The ciphertext block size used by TrueCrypt is 16 bytes (i.e., 128 bits). The mode of operation used by TrueCrypt ensures that if data corruption occurs within a block, the remaining blocks are not affected. See also the question ‘What do I do when the encrypted filesystem on my TrueCrypt volume is corrupted?
January 28, 2009 @ 10:17 am