Friday, March 03, 2006

TrueCrypt encryption

After some trouble with a hard drive this fall, I decided to encrypt more information. Identity theft is a real problem, and you can’t be too careful, especially with portable devices like laptops, external hard drives and thumb drives.

I did some investigation and installed CryptoExpert LE. It is a fine solution, but the 20 Mb limitation on container size in the free version is annoying. I suppose I should have purchased the full version, but occasional stability issues on Windows 2000 also troubled me. Procrastination paid off, though, as I have just found a better, free application: TrueCrypt.

TrueCrypt is open source and, as such, it is subject to continual community review for security flaws. It implements a large selection of currently unbreakable encryption algorithms (AES, Blowfish, CAST5, Triple DES, Twofish, etc.) and hash algorithms. And, it can create containers or encrypt entire volumes.

A container is a virtual drive that acts just like a real drive. To create one, decide where you want it to be (your C drive, your D drive…) and specify a size. If you want a 5 Gb container, TrueCrypt creates a 5 Gb file in the folder you specify and fills it with random data.

A container can be formatted with the file system of your choice, and you can run file repair programs like CHKDSK when the container is mounted. Once your provide your password, the container appears with its own drive letter and you can access it the way you would access any other storage device. All encryption and decryption is on-the-fly.

The same is true when you encrypt an entire volume. Volume encryption is handy for easy-to-lose thumb drives and small 2.5" externals. Like the container, when a TrueCrypt volume is mounted using your password, the encrypted drive appears just like a normal drive to your operating system and applications. Dismount, and without your password all of your data is inaccessible, so pick a strong password and don't forget it.

TrueCrypt has a stenographic capability as well. With entire volumes or normal containers, someone attempting to discover your data will know that there is something there but won’t be able to see any folder names, file names or content. With stenography, the container itself is hidden. That’s a little too James Bond, even for me, but it is nice to know that TrueCrypt is state of the art.

TrueCrypt installs easily, is simple to use and comes with excellent documentation. It has worked flawlessly for me over the past days of testing (and for a large number of reviewers for much longer), and it is available for both Windows and Linux. Don’t feel too bad for Mac users, though, as they have FileVault built in to the OS.


At 10:52 AM, Blogger Anonymous Economist said...

stenography is not to be confused with steganography.

At 3:56 PM, Blogger paul said...

a fine observation. stenography in the above article should be steganography. the interested can read more on the wikipdia:


Post a Comment

<< Main page