Print
TrueCrypt is a very full featured encryption tool and the author's commitment to customization shows. When you reach the encryption options step (shown above) you will be able to pick from the dizzying array of encryption algorithms built in. But for those of you who don’t feel like putting in years of research on learning the differences of each, I highly recommend selecting AES.
Advanced Encryption Standard, which is also known as Rijndael is the encryption standard used by the U.S. government and is widely regarded as a benchmark in terms of security. In addition to being very robust, it is surprisingly lightweight computationally. What does all this mean? It gives you super strong protection and very fast encryption/decryption. This is becomes extremely important since everything you do from now on will need to be encrypted/decrypted on the fly. The default Hash Algorithm – RIPEMD-160 is a good match and doesn’t need to be changed. When you are ready to proceed, click Next.
The next screen will allow you to set your master password and this step is by far the most important yet. Many people out of habit, and convenience, select relatively weak passwords. And while a simple three letter password might be good enough to protect your Maximum PC comment account, you wouldn’t actually use “dog” to protect your bank accounts would you? Below the password selection window True Crypt will give you some tips for selecting a good password. In addition here are some practical and sound tips for selecting a password.
1.)
TrueCrypt is going to strongly recommend that you select a password that is 20 characters or more. Selecting a password of this length, with a good mix of non dictionary alpha numeric’s, is generally considered “unguessable”. The only way to unlock a properly encrypted system would be to use a method known as brute force. This method essentially tries every combination of characters until it stumbles upon your password. Usually, they make use of the dictionary to help narrow down the choices. Assuming you aren’t using common words, a 20 character password could take decades to brute. Anything less will reduce the amount of time it would take a crack your code, but is still ultimately much more secure then when you started. If you don't think you can remember a 20 character password just continue ahead. You're better off picking a smaller password you can remember, then a longer one you will forget. .
2.)
Need to use words for the dictionary? Try using them backwards, or splice in upper and lower case letters or punctuation.
3.)
Using a number combination that might be guessable? Try using the shift key to turn them into random looking symbols.
4.)
Make sure you can remember it! In the next step we will build an ISO CD that will be able to restore your computer to its current state but if you forget your password 2 months from now your out of luck. TrueCrypt offers no means of recovering you're password, lost passwords are gone forever, along with your data.
5.)
If you absolutely have to write it down, don’t stick it to your monitor!
The guys at TrueCrypt clearly leave no details to chance and now give you the opportunity to salt your encryption keys by using random data generated by your mouse movements. It’s important to notice that this step, though comforting, is highly unnecessary. Before you ever move your mouse you can see from the content pool that a great deal of information already exists. This is because TrueCrypt is taking random data from all over your system before you even begin. This includes information from clocks, globally unique ID’s, serial numbers from hardware components, etc.
My point here is to simply let you know that wearing all the material off your mouse pad during this step won’t help you much. Slowly swirl your way slowly down to NEXT and click past the screen shown below that display’s a snippet of your encryption keys.
The next few screens are going to walk you through creating a rescue CD which is a required step for a very good reason. If something goes wrong during the encryption stage the rescue CD is the only tool that will allow you to recover your data. The rescue CD contains a utility which will allow you to decrypt your drive or restore your master boot record if it ever becomes damaged. Damage to the MBR can happen in many ways, but it is most often caused by some invasive form of DRM that embeds itself in the MBR or some form of malware like a root kit. Essentially anything that writes to the MBR following the installation of TrueCrypt stands a pretty good chance of making your system unbootable.
Your rescue CD is your first and last line of defense here. In the troubleshooting section we will go over how to use the rescue CD should something ever go wrong. In the dialogue box above you’re a picking a path where TrueCrypt will deposit the recovery CD's ISO file. After clicking Next you will be reminded again to burn the ISO to CD and this is where CDBurnerXP (free CD burning utility) comes in handy. This step can be “faked” by using an ISO mounting tool such Windows Virtual CDROM but doing so is not recommended and should be done so at your own peril.
It is also important that you create a Rescue disk for each separate computer you encrypt. The reasons for this are explained in the troubleshooting section if you are interested.
Assuming you were successful in verifying the rescue CD TrueCrypt will give you the option to move ahead.
Comments are closed on this article
Cmsgstockton
August 04, 2010 at 1:13pm
CMS has a full-disk encrypted hard drive upgrade that makes the process very easily. All you need to do is place the encrypted drive in our enclosure, run the transfer software, setting the drive passphrase, and all programs etc. are moved onto the encrypted hard drive. Once you are done it's just a matter of swapping drives. We describe how to do this in a demonstration here.
robotcat
October 22, 2009 at 7:57am
Whole-drive multiboot encryption under Truecrypt (as of 6.2 anyway) has some pretty severe limitations. For me, at least, it insisted that the bootloader OS had to be on a physically separate drive from other OS's. It's cool that it works under any circumstances, but this keeps it from being useful for me (and I assume for many others).
PhoneyVirus
September 04, 2009 at 9:15pm
TrueCrypt I use this before and found it to be good for Passwords and Game Keys
routine
February 04, 2009 at 4:48pm
TrueCrypt vs BitLocker:
So, how do the two compare in performace, security, easy-of-use, etc?
horzo
February 02, 2009 at 2:30pm
I'm not nearly paranoid enough to do full disk encryption, but I've been using Windows & Linux TrueCrypt for a couple of years to protect password files and the like. Great little piece of software. I actually gave them a donation.
savage4naves
February 02, 2009 at 12:25pm
at system start up I get a quick message from acronis stating to press the F11 key to start recovery (acronis is pure awesomeness by the way) By encrypting the hard drive will that mess up the recovery from acronis? should I or can I image my hard drive again while running true crypt?
krj15489
February 02, 2009 at 11:45am
The finger print reader wont protect your data. someone could take out the drive and plug it into another computer and access the data or use a windows password cracked to get in. Drive encryption is the only thing that will really protect you.
nekollx
February 02, 2009 at 10:59am
i have a biometric fingerprint scanner in my laptop, cant acess my user accout without my fingers.
How does that compare to true crypt?
jcollins
February 02, 2009 at 12:00pm
It really depends on the setup, but you have to understand how Windows works. In general, if you can log into a computer, you can access anything on the computer (even if it isn't under your particular login). So if they somehow manage to bypass your login, they can still see your data.
The Fingerprint Scanner takes the place of your login for the most part. So if they can bypass that (through breaking the hardware, using gummi bears, taking the hard drive out, etc.), they have access to all your data. TruCrypt and the like protect against those situations. You have to actually have the password in order to see the data.
nekollx
February 02, 2009 at 12:04pm
as the sole administrator of the laptop though isn't is the same thing. if the biometric scanner wont let them log into the admin how can the acess the data short of takingthe drive apart (and id think id notice somoen removing the drive while im working on it :P)
jcollins
February 02, 2009 at 3:04pm
In re. the laptop, the assumption in these things are that the crook's not going to do anything while you are there. Let's say you leave the laptop in your apartment and go off to the grocery store. Bam, someone breaks in and grabs everything visible, including your laptop. Or let's say you took it with you to the store in your car and leave it in the trunk. You get out and your car is gone. Both situations, they have your physical laptop.
Once they have the laptop:
Example 1: They take the hard drive out and plug it into another computer running WinXP (not sure on the Vista end, but it is probably something similar). They tell it to take ownership of all the files on the drive and boom, they've got access to all the files. There are some things you can do to prevent this (encrypting folders for example). However, there are various softwares out there that may be able to get past this.
Example 2: A lot of the fingerprint scanners have "issues" where they'll accept scanned images or even totally fake things (gummi bears).
krj15489
February 02, 2009 at 2:08pm
The easiest way to get to the data without taking out the hard drive would be too run a program callled oph crack. it is a windows password cracker and can be booted from a cd. I have tried it out and it does work. But it can be slow depending on how fast the computer is.
http://ophcrack.sourceforge.net/
Block_Dude
February 02, 2009 at 5:38am
Just a few words of warning when using Truecrypt:
1. Encrypting the entire system drive will SIGNIFICANTLY decrease hard drive performance, especially if you choose cascade encryption. Think about it, every byte a data written and read needs to be on-the-fly encrypted or decrypted before it can be handled. You may want to consider making a standard container first before choosing full system encryption - otherwise expect to wait 2.5x longer (or more) if you're unraring something.
2.TrueCrypt disables the pagefile by default. This can mean serious havok/memory errors when running popular steam games like CS:S, TF2, and L4D. The reason why it is disbaled is because sensitive data can be written to the pagefile if the entire system is not encrypted. But I think it will disable it even before you chose to encrypt anything - when you first install the TruCrypt app - so make sure you leave "disbale pagefile" unchecked when installing - if you don't have 4GB of RAM or more, expect to see "direct3d device" errors if the pagefile is disabled and trying to join a server. A good rule of thumb is to keep the pagefile at 1.5x your current RAM - so if you have 2GB, then set the pagfile max file size at 3GB. Sometimes the errors can be cached as well, so use CCleaner to remove old temp files.
3. TrueCrypt modifies the MBR in ways that might cause alarms with some monitoring/security apps. Rootkit detectors like GMER will only be able to see "root-kit like behavior in sector 63" - and this is actually TrueCrypt's bootloader.
Tagge
February 02, 2009 at 11:16am
Hey just a note Block, TrueCrypt has actually been proven to have 0 performance hit on any PC it's installed on. I can also speak from experience in this matter. Every HDD I own has full disk system encryption installed on it. It doesn't slow down Vista, Windows XP, or Ubuntu Linux. Or on any media drives I have it installed on.
"Two things are infinite the universe and human stupidity; and I'm not sure about the the universe."
-Albert Einstein
Justin.Kerr
February 02, 2009 at 6:19am
Thanks for your observations, to be honest though on my side, I didn't notice much of a hit. In my unoffical benchmarks write performance took about a 5% hit, but read rates remained the same. CPU utalization went up a touch as well during reads/writes, but most of us have several cycles (and cores) to spare these days.
I was actually very impressed how lightweight the package was. As for point 3, that was noted in the several places throughout the article but is definatly important to call out. Thats just poor coding style in my opinion on behalf of the software manufacturers who tie into the MBR.
