Advanced Topics

• Keyfiles
• Partition/Entire Disk Based Volumes
• Creating Hidden Volumes
• Volume Creation: Advanced Options
• Password Entry: Advanced Options
• Password management
• Driver Control
• Enabling/Disabling Hash/Cypher Algorithms

A "keyfile" is a small file (about 512 bytes) which can optionally be created for a volume, and contains a copy of the information required to mount a FreeOTFE volume. Keyfiles are encrypted based a user-supplied keyfile password, which must be supplied in order to use the keyfile.

More than one keyfile can be created for the same volume.

Keyfiles are useful as they allow critical information which is required in order to mount a particular volume to be stored separately to the volume which they relate to; on a floppy disk, or USB drive, for example - which would be too small to store the entire volume on. In this way, your volume may be stored on your computer, but the information required to access it can be stored in a physically more secure location (e.g. in a locked safe)

In a business environment, keyfiles may be used as a form of password recovery, or to reset forgotten passwords. When confidential information is held within a FreeOTFE volume, a keyfile can be created for that volume and stored in a safe location. Should the employee which normally uses the volume be unavailable, or cannot remember the volume's password, the volume may still be mounted using a keyfile that has was previously created for it (together with that keyfile's password) - even if the volume's password has been subsequently changed.

Keyfiles may also be used to provide multiple users with access to mount and use the same volume; each using a password of their own choosing.

Note: Keyfiles are specific to the volume they are created for! Although a keyfile for one volume may be able to successfully mount another volume, the virtual drive shown will appear to be unformatted - the files within the volume will remain securely encrypted and unreadable.

Creating a new keyfile

To create a new volume, select "Tools | Create keyfile..." to display the "keyfile wizard", which will guide you through the process in a series of simple steps.

Mounting a volume using a keyfile

The process of mounting a volume using a keyfile is identical to the normal mount procedure, with the exceptions that:

1. The password used should be the keyfile's password, and not the volume's password.
2. The full path and filename of the keyfile should be entered as the "keyfile file"

This section applies to the PC version of FreeOTFE only

As well as being able to storing encrypted volumes in flat files, FreeOTFE also provides the option of encrypting partitions, and even entire physical disks, by selecting "Partition/disk" when prompted during the volume creation process.

It is not recommended that inexperienced users do this - is the kind of operation that should only be carried out by those familiar with disk partitioning and fully understand what they're doing.

Safety Precautions

It is extremely important that you make absolutely sure you have selected the correct disk/partition to be used when creating a new partition based volume!

Backing up

The volume creation process will overwrite the first 512 bytes of the selected partition (or start of the disk, if using the entire disk).

You might wish to use the FreeOTFE's backup functionality ("Tools | Critical data block | Backup...") to back up this part of the disk, prior to creating a partition/disk based volume - which will allow you to revert the changes FreeOTFE makes to your partition/disk should you realise that you've selected the wrong one.

Note: Such a backup will be of limited use after the volume created has been mounted and formatted, since formatting will carry out further overwrites to the partition/disk.

Ideally, you should backup your entire system before creating encrypted partitions, just to be on the safe side - though this is unlikely to be particularly practical for many users.

Create New Volumes as an Administrator

The partition display shown by FreeOTFE will give more information about the partitions on a disk (e.g. drive letters allocated, size of partitions, proportional display) when used by a user with administrative privileges. A user with normal privileges will be shown less information due to their restricted access rights.

New volume wizard showing full partition information

Therefore, it is recommended that you create any new partition based volumes while logged in as an administrator. To do this under Windows Vista, you will need to run FreeOTFE with elevated permissions; locate the "FreeOTFE.exe" executable where you installed it, rightclick on this executable and select "Run as administrator" from the context menu.

Special Note for Windows Vista x64 (64 bit) and Windows 7 (64 bit) Users

In order to format a new partition or disk based volume under Windows Vista x64 (64 bit), the volume must be mounted while FreeOTFE is running with elevated permissions.

To do this:

1. Locate "FreeOTFE.exe" where you installed it, rightclick on this executable, and select "Run as administrator" from the context menu)
2. Mount the partition/disk as normal
3. Format the mounted volume

This procedure only needs to be carried out once in order to format the volume; it may subsequently be mounted and used by any user.

Elevated permissions are not required to format file based volumes.

FreeOTFE offers users the ability to create "hidden volumes" stored inside other "host" volumes.

To create a hidden volume:

1. If the volume you wish to create a hidden volume in is mounted, dismount it.
2. Start the volume creation wizard as normal (select "File | New..." from the main menu).
3. When prompted to select between creating a file or partition based volume, select "File" or "Partition", depending on whether the host volume you wish to use is file or partition based.
4. When prompted for the filename/partition to create your hidden volume on, select the host file/partition you wish to create the hidden volume inside.
5. The next step in the wizard will prompt you to enter an offset. The offset is the number of bytes from the start of the host volume where you wish the hidden volume to begin. Make sure that the offset you specify is large enough such that it does not overwrite any of the system areas of that host volume (e.g. the FAT), or files already written to it.
6. Continue with the volume creation wizard as normal.

To mount your hidden volume, proceed as if mounting the host volume, but when prompted to enter your password, click the "Advanced" button and enter the offset. (See the section on advanced password entry options).

Make sure you remember the value you enter for the offset value! For security reasons, FreeOTFE doesn't store this information anywhere, and so you will have to enter the same offset into the password entry dialog every time you wish to mount your hidden volume.

More than one hidden volume can be stored within the same host volume, by using different offsets

If you create a hidden volume within an existing volume, be warned: subsequently mounting and adding data to the host volume can potentially result in parts of the hidden volume being overwritten, and its data destroyed. This is by design, and increases the security of the hidden volume.

Please see the Plausible Deniability section for further information on the practical uses and considerations of hidden volumes.

At the end of the volume creation process, FreeOTFE will display a summary of the volume it is about to create. At this stage, more advanced options be configured for the new volume, by selecting the "Advanced..." button (PC version), or by selecting "Menu | Next" and "Menu | Back" (PDA version).

(PC version)	(PDA version)
Advanced volume creation options

Before the user's password is used to encrypt/decrypt the CDB, it is processed using PBKDF2 to increase security.

This tab allows the number of PBKDF2 iterations to be set by the user; higher values increase security, but will also increase the amount of time taken to mount the volume. This becomes more significant when mounting volumes on a PDA, which typically have slower CPUs.

The default number of key iterations is 2048.

Salt

Before the user's password is used to encrypt/decrypt the CDB, it is processed using PBKDF2 to increase security.

Part of this processing involves the use of a random "salt" value, which reduces the risk of dictionary based attacks. This tab allows the length of the salt value (in bits) to be set by the user.

It should be noted that every time a volume which has a non-default (256 bit) salt length is mounted, the user must specify the correct salt length (unless using a keyfile; in which case the keyfiles salt length must be specified) by using the "Advanced" options available on the FreeOTFE password entry dialog.

The default salt length is 256 bits. Any salt length entered must be a multiple of 8 bits.

Drive Letter

By default, FreeOTFE will use the next available drive letter when mounting a volume.

This behaviour can be changed to use a specific drive letter on a volume-by-volume basis by setting it on this option.

The default setting here is "Use default"; use the next available drive letter

Note: If the chosen drive letter is in use at the time of mounting, the next free drive letter will be used

CDB Location

Normally, a volume's CDB will be stored as the first 512 bytes of the volume.

However, this does increase the size of the volume by the size of the CDB, which can FreeOTFE volumes more distinctive, and making it slightly more obvious that a volume file is volume file.

This is most clearly shown when creating a file based volume: a 2GB volume, for example, will be 2,147,484,160 bytes in length - made up of a 2,147,483,648 byte (2GB) encrypted disk image, plus a 512 byte embedded CDB.

To reduce this, it is possible to create a volume without an embedded CDB; the CDB being stored in a separate file as a standard FreeOTFE keyfile.

In this case, a 2GB volume would comprise of a 2,147,483,648 byte (2GB) encrypted disk image, plus a separate 512 byte keyfile which may be stored in a separate location to the volume.

Note that if you store the volume's CDB in a keyfile, you will always need to supply a keyfile when mounting the volume, and ensure that the "Data from offset includes CDB" advanced option shown on the FreeOTFE password entry dialog shown when mounting must be unchecked after the keyfile is specified.

By default, FreeOTFE includes the CDB will be included as part of the volume.

Padding

"Padding" is additional random data added to the end of a volume file. Any padding added will not be available for use as part of the mounted volume, and serves to increase the size of the volume.

Encrypted volumes typically have a file size that is a multiple of 512 bytes, or a "signature size" beyond the last 1MB boundary. To prevent this, you may wish to append random "padding" data to the new volume.

Padding also reduces the amount of information available to an attacker with respect to the maximum amount of the encrypted that may actually be held within the volume.

Note: This section only covers the password entry dialog shown when mounting FreeOTFE volumes. For mounting Linux volumes, please see the section on Linux volumes.

(PC version)	(PDA version)
Advanced mount options

Advanced Security Details

Salt length

This should be set to the number of salt bits used in the PBKDF2 processing of the user's password, before using it to decrypt the volume's CDB/keyfile being used.

By default, this is set to 256 bits - the same default length used when creating a new volume.

Key iterations

This should be set to the number of key iterations used in the PBKDF2 processing of the user's password, before using it to decrypt the volume's CDB/keyfile being used.

By default, this is set to 2048 iterations - the same default number used when creating a new volume.

PKCS#11 secret key

This option is only available if PKCS#11 support is enabled (see the section on Security Token/Smartcard Support for more information on how to use this setting.)

Mount Options

Mount as

FreeOTFE volumes may be mounted as any of the following types of virtual drive:

• Fixed disk
• Removable disk
• CD
• DVD

Under normal operation, users should select either fixed disk, or removable disk.

Selecting the "removable disk" option causes the volume to be mounted as though it was a removable drive. By mounting volumes in this way, among other things, files deleted from your volume will not be moved to a "recycle bin" on your encrypted volume, but will be deleted immediately.

By default, FreeOTFE mounts volumes as a fixed disk.

Mount for all users

If this option is checked, mounted drives will be visible to all users logged onto the PC.

By default, this option is checked.

Volume Options

These options are intended for use with hidden volumes, and volumes which were created without a CDB embedded at the start of the volume Offset

When attempting to mount a hidden volume, this should be set to the offset (in bytes) where the hidden volume starts, as specified when creating it.

By default, this is set to an offset of 0 bytes. Data from offset includes CDB

This checkbox is only enabled if a keyfile has been specified.

If you are attempting to mount either a hidden, or normal, volume which was created without a CDB embedded at the start of the volume, this checkbox should be changed so that it is unchecked.

For mounting all other volumes, this checkbox should be checked.

By default, this checkbox is checked.

Mountpoint

This is the name of the new "folder" where the mounted volume will appear. For example, you may already have a "mountpoint" called "SD Card" where your SD storage card appears under.

This section applies to the PC version of FreeOTFE only

When setting the password on a FreeOTFE volume, the date on which the password was changed is stored in the volume's CDB. If password expiry is turned on (via the "Password Expiry" tab on the Options dialog), the user will be prevented from mounting the volume when a specified number of days from this date have elapsed. Prior to this, the user will be warned when mounting volumes that are nearing their expiry date.

Changing the volume's password will reset the "password last changed" date within the volume's CDB, and effectively reset password expiry on that volume.

Note: Password expiry is not intended, and should not be used, as a "volume timeout" feature for distributing "time-limited" volumes which cannot be accessed after a certain period of time. The purpose of password expiry is to assist the user in periodically changing their password to improve security.

Volumes which have use CDB v4 or earlier (i.e. those created prior to FreeOTFE v6.00, FreeOTFE Explorer v4.00 and F4PDA v6.00) do not store the necessary "password last updated" date in the CDB, and will not have expiring passwords, even if this functionality is turned on within FreeOTFE. To upgrade such a volume to allow password expiry, simply change the volume's password. This will update the CDB to v5 or later.

Password Strength

The user can set various requirements that new passwords must meet before they will be accepted, including:

• Minimum password length
• Characters which must represented in the password (e.g. uppercase letters, numbers, punctuation characters)
• The password must not appear in a user-supplied dictionary (wordlist) file
• The password cannot be a keyboard pattern (e.g. "qwerty")
• The password cannot contain a repeated character (e.g. "abc11111xyz", "aaa")
• The password cannot be a repeated word (e.g. "11111", "fredfred")
• The password cannot contain a sequential string (e.g. "xyz12345", "abc")

When changing a volume's password, the user can also further require that the new password is not similar to the old password. This is especially important when password expiry is turned on, and prevents the user from reusing their old password with only trivial (and often highly predictable) changes made to it (e.g. Changing "SecurePassword1" to "SecurePassword2", or "SecurePassword2" to "SecurePassword3").

Password similarity is determined by calculating the Levenshtein distance between the old and new passwords. This figure is then changed into a percentage of the length of the longer of the two passwords and checked against a user configured threshold.

For example, if a volumes original password was "myPassword!1111", and the user tried to change it to "myPassword!2222", the Levenshtein distance would be 4. As a percentage of the longest password (15 characters), this would represent a (4 / 15) 26.67% change from the old password. If the user required a minimum 50% change, this password would not be accepted. The new password "theNew%Password!9999" (with a Levenshtein distance of 12 from the old password, representing a (12 / 20) 60% change, would be accepted as being sufficiently different.

Password Analysis

When the user specifies a password for a new volume, or changes an existing volume's password, they have the option of carrying out analysis on the password entered in order to check it against a range of characteristics that are characteristic of weak passwords.

Unlike many security applications, FreeOTFE does not include a "password strength" meter, as these typically carry out fairly arbitrary checks, and often yield misleading results.

Dictionary (aka Wordlist) Files

FreeOTFE and FreeOTFE Explorer can be configured to check passwords against such files, to filter out weak passwords.

FreeOTFE also supports wordlists in the Diceware (5 digit number, single space/tab, then word) and Mozilla Firefox (word followed by a single "/") formats.

Suitable dictionary files are widely available on the Internet; for example:

This section applies to the PC version of FreeOTFE only

The driver control dialog may be accessed by selecting "File | Drivers...". From here you may see all drivers installed, and their current state.

A summary of all available hash and cypher algorithms can be found by selecting "Help | List hashes..."/"Help | List cyphers...".

Driver control dialog

FreeOTFE drivers may be installed by clicking "Install...", and selecting the driver file to be installed.

FreeOTFE will then install the driver selected (adding it to the list of installed drivers), start it, and sets it to automatically start up whenever the PC boots up.

More than one driver can be installed at the same time by selecting holding down <SHIFT>/<CTRL> when selecting driver files in the "Open" dialog shown when "Install..." is clicked

The lower half of the Driver Control dialog lists all drivers currently installed, together with their status indicated with the icons listed below:

Column	Icon	Description
Start up		Driver must be started manually
		Driver will be started automatically when the computer starts up
Installation mode		Driver is installed normally (no icon)
		Driver is installed in portable mode (world icon)
Status		Driver started
		Driver stopped

After selecting an installed driver from the list, the operations listed below may be carried out on it:

Driver startup

Changes whether the selected driver is automatically started when the PC boots up. After changing this setting, click "Update" for the change to take effect.

Change driver status

The start/stop buttons start and stop the selected driver

Uninstall

Uninstalls the selected driver, and removes it from the drivers list.

This section applies to the PDA version of FreeOTFE only

FreeOTFE4PDA comes with a wide range of hash/cypher drivers. From v3.75 onwards however, only the SHA hashes (i.e. SHA-1, SHA-224, SHA-256, SHA-284 and SHA-512) and AES cyphers are enabled by default.

This change was introduced to improve performance for the majority of users (see FAQ How can I speed FreeOTFE up when mounting my volumes?). Other drivers can be easily enabled, if required.

To enable or disable a hash/cypher driver:

1. From the main menu, select "View".
2. Select "Options...".
3. Select either the "Hashes" or "Cyphers" tab as appropriate.
4. Select which of the hash/cypher drivers you would like enabled.

Options dialog; enabling/disabling cypher drivers