Bill Detwiler: Whether you're working with sensitive information for your organization, or you just like to safeguard your own privacy, encryption is a good way to protect your data from all but the most determined attackers. And luckily, encrypting software doesn't have to be complicated or expensive.
I'm Bill Detwiler, and during this episode of TR Dojo, I'll show you a free, open source product called TrueCrypt that allows you to encrypt files on the fly.
TrueCrypt is a free download from TrueCrypt.org. It supports Windows 2000/XP/Vista, Windows 7, OS X, and Linux.
It provides real-time encryption and depending on how many cores your machine has, can encrypt and decrypt files extremely quickly.
It can be used to create hidden volumes and hidden operating systems.
It supports AES-256, Serpent, and Twofish algorithms.
And, it can encrypt files on both hard drives and USB flash drives or solid-state drives.
To get started, download the appropriate version for your operating system and run the installation file. The installation process is straightforward and the real work comes afterward when you setup your encrypted volume.
Once the application is installed, you should find a clickable icon for TrueCrypt on your desktop.
Upon opening TrueCrypt, you'll see a list of available drive letters that you can use for your new encrypted volume and most importantly at this point, the Create Volume button. Click this button to open the Volume Creation Wizard.
Now, TrueCrypt can create three types of encrypted volumes. The first is the encrypted file container option. Choosing this option creates an encrypted file (also called a container) that will be mounted by the operating system as a virtual disk. Anything you put in the disk gets encrypted.
The second option is to encrypt a non-system partition or drive. As the name implies, this option encrypts an entire partition or drive, but one that does not contain the operating system.
And, the third option, allows you to encrypt your system partition or the entire system drive. Using this option, you'll need to enter your TrueCrypt password before Windows will even boot.
If you want to get really creative, TrueCrypt can also create hidden volumes or even hidden operating systems (with a separate password) within the first volume or partition. The first volume or operating system would serve as a decoy containing only marginally sensitive or even fake files. You would keep your highly sensitive files in the hidden volume or system.
Why do this? Well, imagine if someone gained access to your machine and detected the encrypted volume. If they forced you to turn over your key, you could do so without giving them access to your really sensitive files.
With a little luck and act of initial reluctance on your part, you'll hopefully be able to convince your opponent that you've given them your sensitive files without actually doing so.
As the first option is the best place to start for those new to TrueCrypt, that's the option I'm going to demonstrate during this show. I'll create a new volume with an encrypted file container. So, from the first Volume Creation Wizard window, select the Create an encrypted file container option (which should be selected by default). And then, click Next.
You now have the option of keeping the container visible or making it hidden. For the sake of simplicity, let's stick with the default and keep the container visible. If you want to create a hidden volume I strongly recommend you read the related documentation on TrueCrypt's Web site.
In the next window, you need to select the file that will be used for the container. Since this is the first time we've used TrueCrypt, there is no file available for use. So, when you click the Select File button, you will not actually select a file but instead give it a name.
The next window asks you to select your encryption options. Here you will select which encryption algorithm and hash-algorithm you want to use.
Make your selections, and click the Next button. In this window, you must define a size for your container. The size can be set in kilobytes, megabytes, or gigabytes. Make sure you give your container enough space to hold all the files you'll require.
Now that you've configured the necessary space for your volume, click Next. Now you will to set the password for your encrypted volume. You can also choose to use a keyfile in conjunction with your password. You can use almost any type of file as a keyfile and TrueCrypt can even create one for you. I'm going to skip the keyfile option for this demonstration, but you can learn more about using them in Jack Wallen's original TrueCrypt article, which I'll link to from the TR Dojo blog.
Once you've entered your password, click Next. TrueCrypt will now display the Volume Format window. In it, you will see a random pool being generated. This pool will contain a series of random values that will be used to generate your encryption keys. True crypt uses several sources to generate these random values including mouse movements, keystrokes, your operating system built-in random number generator, and the like.
So, move your mouse randomly within The Volume Format for at least 30 seconds. Then click Format. The formatting shouldn't take very long and once it's done, you will have a working encrypted container.
With our new container created, we now need to mount it as a virtual drive. So go back to the main TrueCrypt window, click the Select File button, navigate to the container file you just created, and click Open.
Select a volume letter to mount the container to and click the Mount button. A small window should open and ask you to enter the password.
After you enter your password successfully, the container will be mounted to the drive letter you associated it with. In My Computer, you will see the drive listed and ready for use.
Once you have saved all the necessary files to the encrypted container, you can go back to the main TrueCrypt window and click the Dismount All button, and the container will no longer be accessible. To use that same container, just go back to the mounting procedures and repeat the steps.
Now, encryption may not be perfect. Even if your files are encrypted, it may be possible for a determined attacker with physical access to your machine to pull information, including your passwords, from RAM. The creators of TrueCrypt discuss this in more detail on their Web site and there are ways to defend against these types of attack. I'll link to several encryption resources and Jack Wallen's original TrueCrypt article, on which this video is based, from the TR Dojo blog.
Also, if you encrypt files on a regular basis already, let us know what tools you use and how well they work.
And as always, for more teachings on your path to becoming an IT Ninja, visit trdojo.techrepublic.com, or you can follow me on Twitter at twitter.com/billdetwiler.
Thanks for visiting the TR Dojo.
