4

I created a 200GB container to store files on my external USB drive. Can I just copy this (empty) container file to create another container of 200GB? I want to do this since it takes about 2 hours to create a 200GB container (NTFS formatted) and I want multiple containers of the same size. Thanks!

Improve this question
1
  • Don't do that. It compromises security.
    – CodesInChaos
    Commented Feb 4, 2011 at 18:26

4 Answers 4

Reset to default
5

If it's a container then it just behaves as any ordinary file, so yes, you can copy it, you can do just about anything with it.

Improve this answer
7
  • 3
    It's possible, but but you SHOULD NOT do that. The encryption mode used by TC doesn't deal well with copying. See truecrypt.org/docs/?s=how-to-back-up-securely
    – CodesInChaos
    Commented Feb 4, 2011 at 18:25
  • 2
    @Code, yes it does. It's just A FILE, TrueCrypt doesn't store any absolute paths.
    – Mircea Chirea
    Commented Feb 4, 2011 at 18:59
  • 2
    By "doesn't deal well" I mean that the cryptography is weakened considerably by having several containers with the same master-key. For example they strongly discourage copying a container as backup even though that'd be just a convenient file copy.
    – CodesInChaos
    Commented Feb 16, 2011 at 15:01
  • @Code, sure, if the key is weak. Otherwise breaking a TC container is impossible - the FBI has tried it.
    – Mircea Chirea
    Commented Feb 17, 2011 at 4:24
  • 6
    Cryptographically if multiple containers exist with the same master key but different data it does make certain types of attacks possible that would not otherwise be possible. This still does not make cracking it easy though, and for many users the risk is acceptable for the convenience of being able to copy and otherwise treat the container as a normal file.
    – TimothyAWiseman
    Commented Feb 13, 2012 at 17:32
4

If you are talking about backing up a truecrypt container that has data?

http://www.truecrypt.org/docs/?s=how-to-back-up-securely

Improve this answer
4
  • what about empty containers?
    – n1kh1lp
    Commented Dec 28, 2010 at 13:23
  • Note that I just want to avoid the time it takes to format the containers.
    – n1kh1lp
    Commented Dec 28, 2010 at 13:29
  • 1
    It's certainly possible to copy TrueCrypt volumes. Most of the TrueCrypt manual is written assuming you have adversaries willing and able to use any known methods of attacking your data, your computer, or your person, and therefore is often a little over the top in it's recommendations.
    – Stephen Jennings
    Commented Dec 28, 2010 at 13:48
  • All I can suggest it to try it on an experimental basis, see if it works, use it for a while see if any problems crop up.
    – Moab
    Commented Dec 28, 2010 at 17:37
2

To create a new 200G TrueCrypt volume faster, try this:

  1. Create an uninitialized large file by seek:

    # dd of=new-200g.tc bs=1048576 count=0 seek=200000

  2. Clone the header only, 

    # truecrypt --backup-headers old-200g.tc
(... backup to file header.bak)
(...)
# truecrypt --restore-headers new-200g.tc
(... restore from external file header.bak)

  3. Mount the new volume with no file system

    # truecrypt --filesystem none new-200g.tc

  4. Find out which mapper device is used?

    # truecrypt -l
4: /tmp/old-200g.tc /dev/mapper/truecrypt4 /tmp/oldfs
5: /tmp/new-200g.tc /dev/mapper/truecrypt5 -

    So, the new-200g.tc is mapped by /dev/mapper/truecrypt5

  5. Format the uninitialized volume

    # mkfs.ext4 /dev/mapper/truecrypt5
# e2label /dev/mapper/truecrypt5 "My second copy"

  6. Remount with the file system

    # truecrypt -d new-200g.tc
# truecrypt new-200g.tc /tmp/newfs

Now, you get it.

Improve this answer
3
  • thanks. Just copying the container file seems to work. I tried with small containers. Do you think there would be any problems with large containers? Copying the container file automatically copies the headers, right?
    – n1kh1lp
    Commented Dec 28, 2010 at 14:20
  • No problem! Just as you said, it took you 2 hours to create, so this maybe a bit faster to create very large volume.
    – Lenik
    Commented Dec 28, 2010 at 14:45
  • And, dd could be slightly faster then file copy.
    – Lenik
    Commented Feb 28, 2012 at 8:47
2

The TrueCrypt authors explicitly recommend not doing this. When you copy a container, all copies share the same master-key. While this doesn't allow an attacker to break the encryption itself, it leaks some information.

If you follow the above steps, you will help prevent adversaries from finding out:
Which sectors of the volumes are changing (because you always follow step 1). This is particularly important, for example, if you store the backup volume on a device kept in a bank's safe deposit box (or in any other location that an adversary can repeatedly access) and the volume contains a hidden volume (for more information, see the subsection Security Requirements and Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability).

From http://www.truecrypt.org/docs/?s=how-to-back-up-securely

And of course you can forget about plausible deniability if you use multiple containers with the same master key.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .