Helping people with computers... one answer at a time.
Laptops are portable, convenient and easily lost. When lost, all the data could easily be available to the finder. Encryption is the answer.
I travel a lot, and have sensitive data on the laptop I take with me that I need as part of my job. But I'm in fear of losing the laptop and that this data will fall into the wrong hands. What do you suggest?
I know how you feel. I also have sensitive information on my laptop that I would prefer not to fall into the wrong hands. I can handle losing the laptop, but thinking about the data in the wrong hands ... well ... that would be bad.
I do have a solution that I've been using for several years now, and it turns out to be fairly easy, secure, and free.
Now, naturally, you can encrypt your data using various archiving tools that allow you to assign the resulting file a password. The problem is that many are easy to crack, and to be honest, it's a hassle; in order to encrypt a file you have to take care to place it in the archive and erase unencrypted copies, and in order to use a file you need to extract it from the archive.
For some time now, I've been using TrueCrypt. TrueCrypt is free, open source, on-the-fly encryption software. It provides serious industrial-strength encryption while still being fairly easy to use.
TrueCrypt can be used in several ways, the two most common:
it can encrypt an entire disk volume - such as a USB thumb drive, floppy disk, or an entire hard disk
it can create an encrypted virtual disk "volume" or container
It's the later approach that I like to use, as it makes it easy to copy entire containers from machine to machine.
An encrypted virtual disk is simply a file that TrueCrypt "mounts" as an additional drive letter on your machine. You specify the pass phrase when the virtual drive is mounted and thereafter everything you access from there is automatically DEcrypted and anything you place there is ENcrypted.
For example, you might have TrueCrypt create an encrypted drive as c:\windows\secritstuf. If someone were to look at the contents of that file directly, they would see only random gibberish - the result of encryption. When using TrueCrypt to mount that file as a virtual drive, (for example selecting the drive letter "P:") then P: would look and operate like any other disk, and would contain the contents of the encrypted drive. Encryption is as simple as moving a file to the drive.
While the encrypted volume is mounted, its contents are visible in their unencrypted form, and can be accessed by any program you might want to run.
The trick is to never mount the drive automatically. When your machine boots up, "P:", for example, would be nowhere to be found. The file c:\windows\secritstuf would be present but only visible as encrypted gibberish. If someone stole your machine that's all they would find.
Only after you've used the TrueCrypt program to select the file (c:\windows\secritstuf), choose the drive to mount it as (P:) and supply the correct pass phrase, would the virtual drive be "mounted" and the encrypted data become accessible.
TrueCrypt supports a number of different high-powered encryption algorithms. The documentation for TrueCrypt is clearly targeting at the seriously paranoid, including instructions on how to maintain "plausible deniability" should a thief ever force you to supply a password. Let's hope that'll only be of passing interest to any of us.
Now, a couple of caveats:
The password or passphrase you choose is the weakest link. Encryption does not make a bad password any more secure. If you choose an obvious passphrase, a dictionary attack can certainly be mounted that could unlock your encrypted volume.
An encrypted volume does you no good if the files you care about are also elsewhere on your machine in some unencrypted form.
That being said, make sure you have secure backups, updated regularly. Preferably keep them UNencrypted, but secure in some other way, in case you lose your encrypted volume or forget your password. Without the password, the data is not recoverable.
That last statement is technically inaccurate. You should always be aware that things are never 100% secure. All encryption can, theoretically, be hacked. The purpose of encryption is to make the cost of that hacking so astronomical as to be impractical. For example, spending a calendar year on a brute force hacking attempt is kinda pointless to discover next month's sales forecasts. Similarly hiring the expertise required to attempt such a recovery might also be astronomically costly.
Data encryption is an important part of an overall security strategy. Keeping your sensitive data secure requires a little forethought and planning. With viruses and spyware running amok, not to mention the theft scenario that I started this article with, there's no excuse not to take that time, and save yourself some serious grief later if the unthinkable happens.
(This is an update to an article originally published in April, 2005.)
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.