March 09, 2011 (updated 4 weeks ago), Chemtable Software
Data Encryption Using TrueCrypt
The significant part of our everyday information neither is stored in paper notebooks, nor is it written down somewhere else. We have got used to computers so much that we don’t even think of where to store our data. Our hard drive – that is the place where we keep everything – notes, passwords, personal data, projects and documents. But we usually forget that this place is open to anybody, not only to its owner.
That’s why information storage safety is one of the most important questions nowadays. There are plenty of safe ways to store information. The main principle all of them utilize is encryption. There are both software and hardware encryption solutions. Most of them are paid, but there are also freeware products. One of them is TrueCrypt – a free encryption tool that works under Windows, Mac OS X and Linux.
How does TrueCrypt provide information security? What about convenience? Does it influence the performance of a system? Let’s take a closer look and try to answer these questions.
Information is stored within special virtual encrypted disks (containers) that are physically located at the encrypted hard drive partitions or a flash drive. For experienced user we can also recommend the boot partition encryption option that encrypts a boot disk and asks for a password on the pre-boot stage. The encryption is performed with various algorithms (AES-256, Serpent, Twofish), or with cascade encryption using several different algorithms.
Are the algorithms used by the program strong and safe? Despite the algorithms are safe, the hack strength highly depends on the password you choose. For maximum security we recommend using passwords 20 or more symbols long. Short passwords, especially if a password is a sensible word, are easily brute-forced by specialized programs (there is a special auto-brute-forcer for TrueCrypt too), that slowly yet steadily (up to 3 passwords per minute) advances through various values. So keep your data safe and choose a strong password.
Let’s see how you can create and use encrypted containers. But at first we recommend to run a performance test for different encryption algorithms and their combinations. The results are dependent not only on the algorithms, but also on the amount of free RAM of your computer, hard drive or flash drive capabilities. Basing on the results of the test you can select the algorithm that suits your system performance best of all.
Now select the “Create volume” option using the interface of the program, and from the list of available options select creating of an encrypted file container. On the next page of the wizard you will be asked of whether you want to create a hidden container or not. In some situations you may have to give a password to the container to a third person, so he will be able to access your encrypted files. The hidden volume allows you to allocate a part of the encrypted container to the internal hidden storage that is additionally encrypted with another password. This way, even if someone will have an access to the encrypted volume, the hidden part will remain unavailable.
Ok, now we should choose a place to store the encrypted container, its size and the encryption algorithm. On the next step you can set the password and, as an optional way to additionally strengthen the encryption, a key file. This could be any of your existing files of any format (including mp3, jpg etc). The size of a key file is unlimited, but only the first megabyte of its contents will be used. Encryption doesn’t change the contents of a key file, but if you change it yourself you will not be able to access the contents of the encrypted storage anymore.
On the next step you should provide enough data for encryption keys. To do this, simply move the mouse across the screen, and then click the “Format ” button. Your container has been created and encrypted. Now you can start working with it. Return back to the interface of the program and click “Mount”. If you enter the password correctly the encrypted container gets mounted to your system, and you can work with it just like with a usual disk drive. You can store any information there, run applications and so on.
If you don’t need the encrypted volume anymore, unmount it. All data in the container are encrypted at the moment they are written to the volume, so after unmounting they will become unavailable for any tools.
You can create as many encrypted containers as you need. The size and the number of encrypted volumes depend on your needs and on the amount of free disk space you have.
The encryption is performed on the fly and is unnoticeable in any usual office applications. It may become notable in audio and video processing programs, though. You should decide yourself whether you are agree to sacrifice some performance to data safety.
The situation with encrypted partitions is more complex, especially in case of the system partition. You should understand that faults are always possible, so before creating an encrypted partition you should make a full backup of your data first, so you could restore your system if something went wrong. Our general recommendation is: try yourself with encrypted containers first, and then start working with encrypted partitions.