I created a 200GB container to store files on my external USB drive. Can I just copy this (empty) container file to create another container of 200GB? I want to do this since it takes about 2 hours to create a 200GB container (NTFS formatted) and I want multiple containers of the same size. Thanks!
4 Answers
If it's a container then it just behaves as any ordinary file, so yes, you can copy it, you can do just about anything with it.
-
3It's possible, but but you SHOULD NOT do that. The encryption mode used by TC doesn't deal well with copying. See truecrypt.org/docs/?s=how-to-back-up-securely Commented Feb 4, 2011 at 18:25
-
2@Code, yes it does. It's just A FILE, TrueCrypt doesn't store any absolute paths. Commented Feb 4, 2011 at 18:59
-
2By "doesn't deal well" I mean that the cryptography is weakened considerably by having several containers with the same master-key. For example they strongly discourage copying a container as backup even though that'd be just a convenient file copy. Commented Feb 16, 2011 at 15:01
-
@Code, sure, if the key is weak. Otherwise breaking a TC container is impossible - the FBI has tried it. Commented Feb 17, 2011 at 4:24
-
6Cryptographically if multiple containers exist with the same master key but different data it does make certain types of attacks possible that would not otherwise be possible. This still does not make cracking it easy though, and for many users the risk is acceptable for the convenience of being able to copy and otherwise treat the container as a normal file. Commented Feb 13, 2012 at 17:32
If you are talking about backing up a truecrypt container that has data?
-
-
Note that I just want to avoid the time it takes to format the containers.– n1kh1lpCommented Dec 28, 2010 at 13:29
-
1It's certainly possible to copy TrueCrypt volumes. Most of the TrueCrypt manual is written assuming you have adversaries willing and able to use any known methods of attacking your data, your computer, or your person, and therefore is often a little over the top in it's recommendations. Commented Dec 28, 2010 at 13:48
-
All I can suggest it to try it on an experimental basis, see if it works, use it for a while see if any problems crop up.– MoabCommented Dec 28, 2010 at 17:37
To create a new 200G TrueCrypt volume faster, try this:
Create an uninitialized large file by seek:
# dd of=new-200g.tc bs=1048576 count=0 seek=200000
Clone the header only,
# truecrypt --backup-headers old-200g.tc (... backup to file header.bak) (...) # truecrypt --restore-headers new-200g.tc (... restore from external file header.bak)
Mount the new volume with no file system
# truecrypt --filesystem none new-200g.tc
Find out which mapper device is used?
# truecrypt -l 4: /tmp/old-200g.tc /dev/mapper/truecrypt4 /tmp/oldfs 5: /tmp/new-200g.tc /dev/mapper/truecrypt5 -
So, the new-200g.tc is mapped by
/dev/mapper/truecrypt5
Format the uninitialized volume
# mkfs.ext4 /dev/mapper/truecrypt5 # e2label /dev/mapper/truecrypt5 "My second copy"
Remount with the file system
# truecrypt -d new-200g.tc # truecrypt new-200g.tc /tmp/newfs
Now, you get it.
-
thanks. Just copying the container file seems to work. I tried with small containers. Do you think there would be any problems with large containers? Copying the container file automatically copies the headers, right?– n1kh1lpCommented Dec 28, 2010 at 14:20
-
No problem! Just as you said, it took you 2 hours to create, so this maybe a bit faster to create very large volume.– LenikCommented Dec 28, 2010 at 14:45
-
The TrueCrypt authors explicitly recommend not doing this. When you copy a container, all copies share the same master-key. While this doesn't allow an attacker to break the encryption itself, it leaks some information.
If you follow the above steps, you will help prevent adversaries from finding out:
Which sectors of the volumes are changing (because you always follow step 1). This is particularly important, for example, if you store the backup volume on a device kept in a bank's safe deposit box (or in any other location that an adversary can repeatedly access) and the volume contains a hidden volume (for more information, see the subsection Security Requirements and Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability).
From http://www.truecrypt.org/docs/?s=how-to-back-up-securely
And of course you can forget about plausible deniability if you use multiple containers with the same master key.