Tuesday, 24 April 2007

Hard Disk Encryption - FreeOTFE

Hard disk encryption is a way to protect data stored on a computer disk. Our operating system (OS) does provide access restrictions to protect data but unfortunately it can easily be by-passed e.g. when the OS is not active, then the data might be read directly from the hardware. I'm sure few of you ever use folder lock, or maybe software that allow to hide important stuffs from other people to see but that approach is not good enough.

I like to share an open-source software called FreeOTFE. This software use "on-the-fly" disk encryption (OTFE) technique. It creates "virtual disks" - anything written to which is automatically encrypted before being stored on the computer's hard drive or USB drive. Numerous encryption (including AES, Blowfish, Twofish, Serpent, etc) and hash algorithms (SHA-512, Tiger, Whirlpool, MD5, etc) are supported, with a modular architecture that allows 3rd parties to implement additional algorithms if required.

The program operates under both PC (MS Windows 2000/XP) and PDA (Windows Mobile 2003/2005) platforms. In case of Linux, please read the manual on the site. (p/s: i'm windows user and only run linux on virtual machine or live cd only). Note: never try this software if your are not so sure what your are doing.

Download the software here, http://www.freeotfe.org/download.html



Installation

1. Extract the zip file




2.



3. Install the drivers



4. First install FreeOTFE driver



5.



6.



7. After installing the FreeOTFE driver, then install the cypher and the hash. In this example, I'm using AES_Gladman cypher and whirlpool hash.



Configuration

Little knowledge on Hard Disk management is required here such as the physical hard disk and its partition. The screenshot shown below is taken from my virtual machine (that is why the disk space is very low). Go to start-> control panel -> administrative tools -> computer management -> disk management.

Disk 0 - primary hdd where the OS is running
Disk 1 - second hdd
Disk 2 - third hdd

I'm going to encrypt Disk 1, notice that there is only a single partition on that hdd. The hdd does not necessary to be empty, formatted or not. For this example, Disk 1 is not empty and has few files in it, and it uses NTFS file system.

8.



9. Now I start to configure a drive, and try to encrypt it.



10.



11.



12. Select the partition as identified in step 8.



13. Make sure the size selected is lower than the physical partition. My Hard Disk 1 partition is 2GB and the encrypted volume is 1GB.


14. Just follow it.



15.



16.



Mount the Encrypted Hdd

After the drive is encrypted, then it needs to be mounted in order to use it.


17.



18.



19.



20.



In My Computer, another disk will appear.. that disk is encrypted. Ok.. bah.

No comments: