Summary: TrueCrypt provides a solution for encrypting sensitive data - everything from portable, mountable volumes to entire hard disks.
TrueCrypt comes up frequently in Ask Leo! answers. Many people are concerned about things like privacy, identity and data theft, particularly on computers or on portable devices where they might not always have total physical control of the media.
Someone might gain access to sensitive data stored on your computer.
Encrypting your data renders that access useless, even when your computer or your thumbdrive falls into the wrong hands.
And TrueCrypt makes it not only easy, but nearly un-crackable.
•
There are two approaches to using TrueCrypt:
-
Whole Drive Encryption - you can use TrueCrypt to encrypt your entire hard disk, including the partition you boot from. In order to boot the machine, you must first supply your pass phrase to enable decryption. Once booted, data is automatically and transparently encrypted and decrypted as it travels to and from the disk. Once your machine is turned off, the data is unrecoverable without knowing the pass phrase.
-
Container Encryption - with this approach you create a single file on your computer's hard drive that is encrypted. You then "mount" that file using TrueCrypt, supplying the correct pass-phrase to decrypt it after which the contents of that file appear as another drive on your system. Reading from and writing to that "drive" automatically and transparently decrypts and encrypts the data. Once the drive is unmounted, the data is once again unrecoverable without knowing the pass phrase.
It's both simple and elegant.
I tend to prefer container based encryption for its portability, and for the fact that you need only mount the encrypted drive when you need access. I keep a bunch of my personal information in a TrueCrypt container that I regularly copy between machines, onto a thumbdrive, and I even back it up to the internet. When I need the data thereon, I simply mount it, specify my pass phrase to unlock it, and use the files that are stored within it however I need. In my case, I keep spreadsheets, public and private keys, documents, and even my Roboform password database on it, all securely encrypted when not in use.
TrueCrypt is not tied to any one platform, your user account or anything else; just the pass phrase. In fact, you can copy your encrypted file to another machine entirely and mount it with TrueCrypt. Even using other operating systems such as Mac or Linux.
I do have to throw out a couple of important caveats:
-
Encryption does not make a bad pass phrase any more secure. If you choose an obvious pass phrase, an attack can certainly be mounted that could unlock your encrypted volume. This is why we talk about pass phrase instead of password. Use a multi-word phrase that you can remember to be the key to your encrypted data, and it'll be much, much more difficult to break.
-
An encrypted volume does you no good if the files you care about are also elsewhere on your machine.
-
That being said, make sure you have secure backups, updated regularly. Preferably keep them UNencrypted, but secure in some other way, in case you lose your encrypted volume or forget your pass phrase. If you've chosen a good passphrase, without it the data is not recoverable.
Data encryption is an important part of an overall security strategy. TrueCrypt can be a key part of that strategy.
I recommend it.
Related:
-
Can I password-protect a folder? Keeping data on your computer secure is important. Being able to password protect a folder seems an obvious approach. Unfortunately it's not that simple.
-
How can I keep data on my laptop secure? Laptops are portable, convenient and easily lost. When lost all the data could easily be available to the finder. Encryption is the answer.
-
Will hard disk encryption protect me from network attacks? Whole disk encryption, or encryption in general, is an important tool in the security arsenal, but it shouldn't be the only tool.
Article C3444 - July 13, 2008
trueCrypt -
FANTASTIC
I personally use Winmagic-SecureDoc (paid program) for full disk encryption, needs passphrase at bootup, have been doing this for many years, VERY secure (TrueCrypt did not have this feature when I started using WinMagic)
BUT, BOOT enryption is very secure; once machine is off, data cannot be extracted from the hard drive.
AND, you can encrypt the vaults on the hard drive, only mount themn when you need them
RE: EMAIL and secure stuff, YES, you could create a small truecrypt vault, include your data, email the truecrypt vault, and either phone your friend with the decryption key, OR evn send them the key in a different email from a different account (depending on sensitvity of info in that vault)
AND, you can create your own personal USB stick, with password programs, ec, on it; create a truecrypt vault on the usb stick, and copy over your programs.
Posted by: nick at October 27, 2009 4:57 PMTHEN, in the root directory of the usb stick (unencrypted), copy over the TrueCrypt program folder itself.
then, when traveling, you have the trueCrypt program, AND you have an encrypted vault on your USB stick, with your data protected, and can use it when you need it
As I have many invention circuits and idea's to keep safe, I have been using True Crypt for years.
Posted by: john neeting at October 27, 2009 5:22 PMI use a pass phrase with no spaces and it's one that I cant forget but over 30 letters long.
With regards to being able to crack it - not possible without a cray computer and 2000 years to work with. I selected the 256 bit DES blowfish military encryption and NO, you can't find the pass phrase on the disk because it doesn't exist on the disk. Each letter is filtered through another algorithm in the program which changes each time you use it much like PGP where you have essentially 2 keys. So your pass letters are re-translated with another different code table which itself changes. Do you ever wonder why the military use it?. I personally know of one case in the local paper where Authorities tried to break it on someones computer and failed dismally [ Only had 30 days to do it by law ].
Since the container itself is invisible and direct access reveals random data on the disk [ junk] it's absolutly secure. Renaming the container to a common extension [ zip ] just like a valid file assures the attack to open it will start with zip crackers - a waste of more time trying to get into it.
If I use TrueCrypt to encrypt the boot/system drive, and move that drive to a new computer as a data drive (a common tactic to save everything from the old computer on a new computer), can I access everything on that drive OK if I know the passphrase?
Posted by: Mikey at November 3, 2009 6:21 AMTrueCrypt provides additional protection to your data so that when your storage device falls into the wrong hand, the data cannot be retrieve easily. But it does not mean that the data cannot be retrieve at all.
20-Dec-2009
Posted by: maxkam1 at December 19, 2009 7:18 AM
I hate to be a wet blanket but I had a horrible experience with TrueCrypt. I followed instructions and encrypted a external hard drive. The password worked several times and then suddenly the software didn't recognize the password and my files were lost to me forever.
29-Dec-2009
Posted by: Bert at December 28, 2009 9:14 AM