Helping people with computers... one answer at a time.
TrueCrypt provides a solution for encrypting sensitive data - everything from portable, mountable volumes to entire hard disks.
TrueCrypt comes up frequently in Ask Leo! answers. Many people are concerned about things like privacy, identity and data theft, particularly on computers or on portable devices where they might not always have total physical control of the media.
Someone might gain access to sensitive data stored on your computer.
Encrypting your data renders that access useless, even when your computer or your thumbdrive falls into the wrong hands.
And TrueCrypt makes it not only easy, but nearly un-crackable.
•
There are two approaches to using TrueCrypt:
-
Whole Drive Encryption - you can use TrueCrypt to encrypt your entire hard disk, including the partition you boot from. In order to boot the machine, you must first supply your pass phrase to enable decryption. Once booted, data is automatically and transparently encrypted and decrypted as it travels to and from the disk. Once your machine is turned off, the data is unrecoverable without knowing the pass phrase.
-
Container Encryption - with this approach you create a single file on your computer's hard drive that is encrypted. You then "mount" that file using TrueCrypt, supplying the correct pass-phrase to decrypt it after which the contents of that file appear as another drive on your system. Reading from and writing to that "drive" automatically and transparently decrypts and encrypts the data. Once the drive is unmounted, the data is once again unrecoverable without knowing the pass phrase.
It's both simple and elegant.
I tend to prefer container based encryption for its portability, and for the fact that you need only mount the encrypted drive when you need access. I keep a bunch of my personal information in a TrueCrypt container that I regularly copy between machines, onto a thumbdrive, and I even back it up to the internet. When I need the data thereon, I simply mount it, specify my pass phrase to unlock it, and use the files that are stored within it however I need. In my case, I keep spreadsheets, public and private keys, documents, and even my Roboform password database on it, all securely encrypted when not in use.
TrueCrypt is not tied to any one platform, your user account or anything else; just the pass phrase. In fact, you can copy your encrypted file to another machine entirely and mount it with TrueCrypt. Even using other operating systems such as Mac or Linux.
I do have to throw out a couple of important caveats:
-
Encryption does not make a bad pass phrase any more secure. If you choose an obvious pass phrase, an attack can certainly be mounted that could unlock your encrypted volume. This is why we talk about pass phrase instead of password. Use a multi-word phrase that you can remember to be the key to your encrypted data, and it'll be much, much more difficult to break.
-
An encrypted volume does you no good if the files you care about are also elsewhere on your machine.
-
That being said, make sure you have secure backups, updated regularly. Preferably keep them UNencrypted, but secure in some other way, in case you lose your encrypted volume or forget your pass phrase. If you've chosen a good passphrase, without it the data is not recoverable.
Data encryption is an important part of an overall security strategy. TrueCrypt can be a key part of that strategy.
I recommend it.
Article C3444 - July 13, 2008
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
I just worked it out. If a computer could work at 1 trillion tries a second and used just each letter of the alphabet in upper and lower case plus all the keyboard symbols; and the pass phrase was 30 letters long - it would take 256,000
Posted by: john neeting at September 21, 2010 4:49 PMyears to crack the pass phrase. Can't get more secure than that.
I wouldn't use TrueCrypt for email because the file system of a FAT volume occupies 275 KB for starters. But I have a 100 MB TrueCrypt volume in my Dropbox, and it doesn't get completely up/downloaded when the content changes. Which is good.
Posted by: James at September 22, 2010 9:03 AMIn the context of this article, what does the word "mount" mean (ie., "...'mount' that file using TrueCrypt...")? I see that word used more and more lately in PC articles, but I am never quite sure as to what the authors are trying to say. Thanks...
12-Apr-2011
Posted by: Yeppers at April 12, 2011 6:16 PM
I've used TrueCrypt for security on my PC's and my portable devices and strongly recommend this form of security. Safe and easy to use.
Posted by: Denis Paley at June 28, 2011 5:51 PMIs there a way to de-crypt a TrueCrypt file using an Android system. There are millions of Android Smart Phones out there that could use a program like TrueCrypt. The problem exists that one can encrypt a file on the PC side but when sent to an Android system the file becomes useless.
27-Jul-2011
Posted by: Logan at July 26, 2011 4:43 PM