Saturday, December 14, 2013

TrueCrypt - Can it replace what 1Password and LastPass do best ???

If you are not familiar with 1Password and LastPass password management solutions, you can refer to my post: http://almirscorner.blogspot.com/2013/03/1password-vs-lastpass-which-password.html

If you are not familiar with TrueCrypt, you can refer to my post: http://almirscorner.blogspot.com/2013/07/truecrypt-open-source-encryption-very.html

Now the question is: Can TrueCrypt replace what 1Password and LastPass do best ???

TrueCrypt is the tool that you would typically compare to WinZip and you may ask why compare TrueCrypt to 1Password or LastPass. Why not?

Let me use an example to explain this.

(1)
Let's say you create a TrueCrypt file in C:\MyStuff\ImportantInfo.tc
with 256bit encryption using Whirlpool type of algorithm and assigning a very STRONG password.

OR

You can create a TrueCrypt file in the Dropbox folder on your harddrive that syncs to Dropbox.


(2)
You create/mount a volume "M:" on your computer pointing to C:\MyStuff\ImportantInfo.tc

and as part of mounting this volume, you have to enter your strong password.

NOTE:
It is important to set the properties:
 - to dismount the volume after X minutes of inactivity
 - to dismount the volume when you log off


(3)
Now you treat the "M:" volume as any other volume on your computer and you create folders and files in it. Let's say you create the following files on your "M:" volume:

M:\SocialSites\Facebook.txt
M:\SocialSites\twitter.txt
M:\Shopping\Amazon.txt
M:\Shopping\eBay.txt

Inside those text files you put the username and passwords for each site.

NOTE:
You would mount this volume ONLY when you want to get the username and password for a specific site and then you dismount after that and nobody would be able to access it as the whole volume is protected by a strong password and 256bit AES Whirlpool encryption.


(4)
If your TrueCrypt file is stored in your Dropbox folder, then it syncs to the cloud. Then if you have an iPhone, you can use "Disk Decipher" app in order to get the TrueCrypt volume mount on iPhone and keep it in memory. As soon as you leave the app, it gets dismounted automatically and the app itself can have another password on top the regular TrueCrypt mounting strong password that you used when creating the TrueCrypt file.


Pros of TrueCrypt or what it does as good as 1Password locally or LastPass in the cloud:
  1. It has 256 bit encryption with strong password protection and you can choose the algorithm.
  2. It is easy to use on your PC or Mac because it is just like any other volume on your computer where you can manage your files. You don't have to zip and un-zip a file constantly the way it is done for WinZip.
  3. You can easily mount and dismount the volume ONLY when you need to use it.
Cons of TrueCrypt when used as password management tool:

  1. When you mount a TrueCrypt volume, the contents of all files are in clear text. That means that if somebody hacks into your computer while your TrueCrypt volume is mounted, there is a chance that they will be able to just take all those files that are clear text. That's a big risk
  2. If you are on a mobile device, you can only use it as read-only. The mobile support for 1Password and LastPass is much better.

Conclusion:

TrueCrypt is a very good tool and in many ways I prefer it over WinZip, but I am not sure if I could live with the con outlined above when used for password management. It is up to you to decide for yourself. One hybrid approach that could make it much safer is that you use the TrueCrypt solution described above in combination with WinZip. You can have all those individual .txt files on the TrueCrypt volume zipped with WinZip and 256bit AES encryption. With this approach if somebody hacks your computer while your TrueCrypt volume is mounted, then they still have a challenge of decrypting the individual zip files. When this hybrid solution is used, it is definitely very safe and even safer than 1Password because you have double 256bit encryption, but you lose on the convenience factor; you will probably not be able to use it on a mobile device.

I use all four (TrueCrypt, WinZip, 1Password and LastPass) for different purposes utilizing what each does the best.


Keywords: #truecrypt #1password #lastpass #winzip #password #passwordmanagement #security #encryption
<the end>

No comments:

Post a Comment