Free Open-Source On-The-Fly Encryption
Current Homepage: http://www.truecrypt.org
Created by: The TrueCrypt Foundation

Abstract

TrueCrypt offers those that want to protect their personal data some peace of mind. TrueCrypt allows any user to create an encrypted “virtual hard drive” with no more than the TrueCrypt application and some free diskspace. Accompanied with a modicum of common sense, the data stored in the encrypted drive will be both highly accessible to those that need it and highly protected from unwanted intruders.

Synopsis

What was the impetus for beginning use of TrueCrypt? Getting my laptop stolen out of my car in May of 2005.

With what other programs did I compare it? I looked around for the best encryption solution for my needs, but I haven’t seriously tried any other encryption solutions.

How technical do you have to be to use TrueCrypt? Not much nerdiness involved with TrueCrypt. Users will likely need to do a bit of data reorganization to make good use of any sort of encryption solution.

Who do I believe will benefit the most from using it? Those who want to store private data on some sort of encrypted drive but don’t want the hassle of connecting an external drive to their computer.

Do I recommend TrueCrypt for general use? Yes, but only if you have data that really needs encrypting.

The Details

Through college and into my first dot-bomb job I didn’t give much thought to organizing the stuff on my hard drive. An overly simplified diagram of my computer organization follows, but is quite representative to the thought and care I put into maintaining my computer.

^{Click image to enlarge}

After avoiding any real data loss through my first 15 years of computer use, I suffered two hard drive failures in pretty quick succession. Each time I lost almost every address, phone number, email, saved game, scraps of stories and back-of-the-napkin video game design stored on the ill-fated platters. I didn’t learn the first time, but the second time taught me the importance of regular, disciplined data backups.

^{Click image to enlarge}

In May of 2005, my car was broken into. My laptop was stolen, along with a bag of clothes I had idiotically left out in plain sight in the backseat of my car.

Good news: The clothes weren’t that important and with my backed up data I only lost a weeks worth of email, a few calendar appointments, and a couple minor documents that my work colleagues and friends helped me recreate.

Bad news: I had been lazy with my data security. My instant messenger had auto-log-on enabled, so did my email client, my social-networking sites had “remember me on this computer” activated, even my VPN connection to the office could be activated with a double click and nothing else. My financial data was completely unlocked and accessible through Microsoft Money, and there were more things that I’m probably forgetting at this moment. I hardly lost any data, and the data I did lose was effectively 100% recovered with the help of workmates and friends. But damn! do I never again want to cancel my credit cards, get new checks, and change every single one of my passwords. The last one was so annoying, I still get irked when I think about it.

Once I made all the necessary phone calls and changed my passwords, I reviewed my data.

^{Click image to enlarge}

I identified a small, relatively constant amount of data that, were I to be able to encrypt it, I would never again need to worry about where I left my computer (at least, as long as the data was concerned). I had been hearing a lot about external encrypted drives, things like encrypted thumb drives and cool finger print scanning drives. Buying one of these would have been cool, but then I would have had an additional piece of equipment to maintain and somehow make redundant (as in, solve the problem of, “What happens if my encrypted hard drive fails?”).

After some more looking around, I found the TrueCrypt website and decided to give their software a try. TrueCrypt offered a very simple solution that met my requirements of:

• Heavy duty security
• Encrypted data must be easily accessible
• The encryption could not noticeably hinder my day to day writing to and accessing from my data files
• I must be able to backup all encrypted data in my standard data backups

TrueCrypt met and continues to meet all of these requirements.

I did have to do a bit of a refresher on cryptography to convince myself that an open source encryption program would be just fine. I’m not a cryptography expert, or even an amateur, but here’s the summary: shows like Alias and Numbers and any other stupid show that talks about “backdoors” in real encrypted data that can be opened in 5 minutes are full of shit. I’m convinced that while no solution will ever zero perfect, TrueCrypt does meet my needs for hard to crack security. If you are feeling particularly nerdy, you can check out the info on their website.

Getting started, you first encrypt a portion of physical diskspace somewhere, from a few Megabytes to thousands (even millions) of Gigabytes.

^{Click image to enlarge}

There are different cipher choices, and even a live benchmarking test. The benchmarking test gives you real stats of how fast you’ll be able to read and write to your new encrypted drive with the different algorithms. The choice is simple: superhardcore security and slower data access vs. hard-enough-core security and fast data access.

Once you’ve made your encryption choices and input your password, TrueCrypt builds your new data vault in a matter of moments. When the vault is not in use, it looks and acts just like any other file on your system. The image below is the actual file that I have been storing my sensitive data in for over two years.

^{Click image to enlarge}

When I need to access my data, I load up the encrypted drive, a process referred to as “mounting.”

^{Click image to enlarge}

Once mounted, the encrypted file behaves exactly like an additional hard drive mounted on your computer. The mounted, encrypted drive is referred to as a “virtual-drive.” You can now interact with the drive as with any other drive on your computer. For example, the total amount of space left on the encrypted drive is never a mystery.

^{Click image to enlarge}

For all intents and purposes, there is zero difference for the user interacting with information within a TrueCrypt drive and any other hard drive or connected external storage device.

^{Click image to enlarge}

You can copy, create, move, duplicate, replace, modify, run and edit files, folders, and applications on the TrueCrypt drive.

Obviously, when the encrypted drive is mounted and live, anyone with access to your computer can access your files. When you are done using the data, “unmount” the encrypted drive and your data is locked down. TrueCrypt drives will automatically unmount when the computer shuts off but should be unmounted whenever they are not needed. Good security practices are available all over the internet, and I may discuss my opinions on the topic in a later article, but I won’t address them now.

The only annoying thing I found with TrueCrypt was the method of mounting and unmounting my encrypted drive. With a bit of instruction reading, and advice from a blog that I don’t remember (and can’t pass credit to), I came up with two batch scripts to solve my mounting and unmounting of TrueCrypt drives. Below is how I solved my only annoyance.

Mounting a TrueCrypt drive

Assuming you want to map your drive to the o: drive letter and your encrypted file is called ‘TrueCrypt.file’

[path to truecrypt application]\TrueCrypt.exe /v [path to your encrypted file]\TrueCrypt.file /m rm /l o: /a /q

(The above should be one line.) Make the appropriate changes to the script to match your computer, and then place this into a file named something like mount.bat. When you want to mount the drive, double click on mount.bat, enter your password, and you are ready to go.

Unmounting all TrueCrypt drives

To unmount, or safely remove, all mounted TrueCrypt drives:

[path to truecrypt application]\TrueCrypt.exe /d /q

(The above should be one line.) Make the appropriate changes to the script to match your computer, and then place this into a file named something like unmount.bat. When you are done using your TrueCrypt drives, safely remove them by double clicking on unmount.bat.

Conclusion

I’ve been pleased for over 2 years by the peace of mind encrypting my data has brought. Sure, if someone really wants to gain access to my stuff, they can find a way. I also hope my computer never gets stolen again, but this time I’m reassured that if even an above average thief steals my stuff I can just go buy another laptop and move on with my life without any of the previous fire drills.