Leadership

Video: File encryption made simple with TrueCrypt

Bill Detwiler shows you how to encrypt and hide your sensitive date using a free, open-source application called TrueCrypt.

Whether you work with sensitive information at work or you just like to safeguard your own privacy, encryption is a good way to protect your data from all but the most determined attackers. And luckily, encryption software needn't be complicated or expensive. In this TR Dojo video, I show you a free, open-source product called TrueCrypt that allows you to encrypt files on the fly.

For those who prefer text to video, you can click the Transcript link that appears below the video player window or read Jack Wallen's article, "How do I use TrueCrypt for on-the-fly encryption?"

You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

112 comments
JCitizen
JCitizen

The paid version. Since I need this utility anyway to get personal data off my drive or encrypt it; I might as well let ID finder do the encrypting. It has a fairly cheap yearly license fee, and makes the job of finding unprotected files easy. It uses the same technique the crackers do to quickly recover any sensitive information you may have left on your hard drive, from forgetting to use your password manager to enter data - for example. It is a very good utility, and it scares me every-time I run it, to find out I didn't set CCleaner correctly to clean information off my browsers! I do not work for any single person or company; I just detest crime crackers, and will do anything to spread the word for good PC security practices.

Java_Dave
Java_Dave

I've used several encryption programs, but every time I would sign in, I would also have to sign in again to what ever program I want want to use, with my old password. In other words, I had to sign in twice. It was just too irritating for me.

imwds
imwds

I have always been interested in encryption I just havent investigated any options.

Gretsch001
Gretsch001

What I envision as a problem with encryption is that there does not seem to be a standard that evaluates the speed of the encryption/decryption process OR the level of security offered. Speed of encryption/decryption could easily be determined by a standard sample of files eg. a folder consisting of a specified number of pictures, say 2 Gb of 500 pics averaging 4 Mb/pic; OR 5 Gb video; OR a test spreadsheet of x Mb or Gb; OR a manuscript of x Gb. Also there is lacking a standardized comparison of the security offered making it impossible for the user to compare the security from one program to the next. TrueCrypt offers AES 256 and Two Fish. BUT, 448 BlowFish has been touted as "unbreakable". Then there is the vague "Military Grade Encryption" but whose military? Just my thoughts...

Pammie
Pammie

Surprised this is the first I've seen mention of TrueCrypt from TechRepublic...I've been using it for some time.

dstreifling
dstreifling

Great info, Bill. Very informative. Based on your video I plan to use TrueCrypt. Right now I am using FileWarden. Its works quite easily but is probably not as sophisticated at TrueCrypt.

alan
alan

When I've used a number of data "protection" systems, I can still access them via DOS.

boilermaker_z
boilermaker_z

Key management and lack of an Enterprise Key Management strategy has held us back from using this on a widespread basis.

gtrrz_rmnd
gtrrz_rmnd

am new at this were do i find TrueCrypt???

Joyce198608
Joyce198608

For encryption of a file, there is one way you need not to install any software, you just use Kingsoft WPS Office.http://www.itreadme.com/?p=502 Another tool for encryption of any kind of documents is Glary Utilities' File Encrypter and Decrypter

scrome
scrome

Quite often the encryption does not work well and corrupts the data. Thus resulting in work to recover, lost data and very lower user satisfaction and confidence

rkljr
rkljr

For sensitive files, I would use TrueCrypt but for most stuff it is not worth the effort. The solution is a system that encrypts all data saved. Think encrypted drives etc. The disadvantage with the latter is that if a file is transmitted it is not encrypted and thus you still need to encrypt it before transmission.

intoko
intoko

I do not encrypt data because I use to backup my data every 5 minutes and I haven't found a software capable to backup encrypted data to an external hard disk in real time. Also, I need to open my backup portable HD wherever I have a computer.

theccur
theccur

My secured files are stored seperately on SD cards. No files that require security are stored on my computer. I don't have any videos that require security.

ifallsguy
ifallsguy

Maybe this will keep my files encrypted and hidden from the search by Customs when I reenter the US

davidn
davidn

Someone somewhere has the ability / facility to crack the encryption

lister
lister

While TrueCrypt is an effective and easy-to-use application - it has been bulletproof and unobtrusive for me - it's not a FIPS 140-2 product. If you are looking for compliance tools for HITECH or any other law or regulations that require FIPS 140-2 compliance TrueCrypt is not for you.

hjohnso6
hjohnso6

Thank you, Bill, for this nice tutorial. I've been using TrueCrypt to encrypt the entire system drive for a while (and love it - it's very fast with hardly any performance hit), but never took the time to understand the file/volume encryption options that you discussed in your video.

bspreng
bspreng

I have no need to encrypt an entire disk, USB or otherwise. Now a file, folder or folders would be very interesting. I am not in the spy business nor all that paranoid as to have an interest in entire volume or partition encryption. Intego type products are too cumbersome and flag the folder as encrypted providing a temptation to prying eyes.

jturnernib
jturnernib

In addition to the complexity for regular users is the possibility that secured data cannot be reclaimed due to poor practice executing the encryption. This defeats the primary purpose of an information system. Systems integrated with the AD make more sense since with double key encryption a system admin can still help retrieve your secure data (if he/she is provided your key) while being unable to access it alone.

frank.vanderveken
frank.vanderveken

Encryption is NOT the silver bullet solution for security. First of all, it should be clear which information to encrypt and which not (information classification and handling policy/guidelines). Second, security requirements should be applied consequently (e.g. over all platforms, including handhelds). In many cases encryption will increase in stead of decrease security risks, for instance relating to: * Data Leakage (encryption is ideal tool to bypass the prevention mechanisms) * Data Loss (good processes should be available for key escrow and recovery) * Awareness and human behaviour (often encrypted information gets dupplicated in an unencrypted form because of usage constraints - such as to complex password - at a user level. As a result, there are several unencrypted versions that circulate in user systems that are more exposed, than if only one uncenrypted version resides on a correctly managed (e.g. access rigths) shared drive that is better protected and less exposed than an enduser system.). * If a tool angle is taken towards encryption, it is likely that the value of the encryption is reduced to close to zero while impacting aversely the user experience. To give an example: If mail encryption is a requirement, one should be aware that certainly VIP users will never accept that they are not able to read their encrypted mail on their handheld. If that handheld is a BlackBerry, this should not be a problem. But if it is f.i. an iPhone, you will expose your encryption certificates hence reducing the value of the PKI and encryption and we are back to step 1. Conclusion: Altough encryption certainly is a valid IS secruity control, take an information security approach to encryption rather than an IS (information systems) security approach.

eternal_life
eternal_life

as even considered as complete Idiot NOT can define it/her/him self as NOT able to understand this SO VERY GOOD and GREAT informaton that Bill Detwiler gives provides in this great article

Snak
Snak

We had a user who installed TrueCrypt and followed the intructions to encrypt a complete hard disc. Unfortunately, it was their C: drive. It took a week running a decrypt on it and it was still sat at only about 50%. We gave up in the end and formatted it. On another occasion, we found that when a user tried to open a TrueCrypt file, entering the password caused the PC to crash. We do have users who use TrueCrypt successfully; indeed it is made available to users, but I have found ABI Coder (http://download.cnet.com/ABI-Coder/3000-2092_4-10039202.html) to be useful for encrypting a single file or folder and Rohos (http://www.rohos.com/) useful to encrypt a USB drive, or local partition.

3dBloke
3dBloke

A useful overview of TrueCrypt. I will now be trying TrueCrypt at some point: I can see the "container" option as being useful, to begin with. I guess this is several steps up (in terms of sophistication) from a password-protected ZIP archive :) Does anyone still use these? The encryption I have used recently is on a SanDisk Cruzer U3 USB flash drive. The drive has two partitions: the first (small) partition contains an executable that prompts for the password to unlock the second (main) partition.

davidmaxwaterman+techrepublic
davidmaxwaterman+techrepublic

I just want to encrypt a single file, so I can 'send' it to someone else (via some public/insecure mechanism like and ftp site). I don't really want to make a whole volume or container - that's not convenient/intuitive wrt what I am want to do. I figure it might work like this : 1) $ encrypt myfile.txt > myfile.encrypt 2) $ ftp myftpservice.com put myfile.encrypt 3) $ mail -s file recipient file is here and passphrase is bla (or some other method of sending the passphrase, eg sms) Do you know of a mechanism that is more suited for this sort of thing? Maybe the pgp/gpg mechanism can work in this way?

dayen
dayen

We all know that we will have to use encryption soon there no way around it. It is the next level of security other then locking the computer in a vault and no connections to outside world witch just won't work because here in Michigan they just crack the vault, I saw a program once that had a logic bomb if you tried to hack the database it destroyed it. the company claimed it was better to lose the data then to have it fall into the wrong hands. so it a choice of risks. thank all of you for the ideas on what to test and try,

Zwort
Zwort

The container is opened as a virtual drive. I can make my software back up from it. If yours doesn't I'll be surprised, but a simple measure such as Comodo backup will do the job. The point though is to have material encrypted on the road. Back at base if you have no security then, hell, you have no security, right?

SgtPappy
SgtPappy

What is so important that it needs to be backed up every 5 minutes?

MWatch
MWatch

Video: File Encryption made ... So if you want to encrypt text files you are in the wrong place.

SgtPappy
SgtPappy

Why do you specifically mention videos? No really officer there is nothing under my car seat.

Zwort
Zwort

I once worked in a very sensitive job, and went through a lengthy period of security training. The trainer indicated a truth; no security system is perfect, no security system is infallible. What they do is to delay intruders, because this increases the probability that they will be apprehended, to use a scientific term from statistics. My instructor was infamous; he broke into a brand new safe (masked by a curtain for obvious reasons), for an assembled host of generals and other military personnel in a large audience. It took him a limited time and upset the manufacturer. He is a legend. His office was the most impenetrable that I have ever seen, and he was not satisfied with his security. OK? :-)

SgtPappy
SgtPappy

but it stops the other 5.9 billion people on the planet from simply inserting my lost thumb drive and opening my files doesn't it?

Zwort
Zwort

Who are MS? The point is that this is an open source development. Everything is up for public scrutiny. Don't like it? Check the code yourself. Subject it to destructive testing. That is the strength of open source software. True Crypt's code does not know that you are a hacking dog, and it lies there quivering, waiting for you to pick its locks. Oh how I love The Wall. ;-)

SgtPappy
SgtPappy

explicitly, but I trust that it being open source and as poplular as it is, that it has stood up to the scrutiny of the people in the open source community. I would think someone would have discovered the dreaded "back door" by now. If you are really really worried about a back door being open close it (disconnect from the internet) or at least monitor what traffic is passing through your firewalls.

Bill Detwiler
Bill Detwiler

I'm glad you found the video helpful. Thanks again!

Zwort
Zwort

Defence in depth, which assumes even before you install the layered protection the name implies that you have a clean drive. This also means that using other people's systems is a weak link in the chain. There are other stipulations to be made of course, but thowing one's hands up in the air and NOT encrypting sensitive files, simply because there are weaknesses is an option only for those who don't mind being vulnerable.

Bill Detwiler
Bill Detwiler

Thank you for the compliment. I'm glad you find our TR Dojo videos helpful.

Zwort
Zwort

Well yes. I frequently recommend his video articles to people who are not IT savvy. In fact, having nagged a few people for several months about encrypting their sensitive files, I am sending them a link to this one. So, if they read this; have you encrypted your files yet people?

l_creech
l_creech

No idea if TrueCrypt uses a Private/Public keyring schema, but PGP does. Using PGP you can send anyone encrypted data/files/whatever if you have a copy of their public key to encrypt it with. They can then decrypt using their private key. PGP works well for this, I've used it this way to transfer sensitive data over the Internet for many years. TrueCrypt does work well for encrypting file systems or individual files where you need local or portable security. I haven't run into any issues with my backup volumes disappearing yet, though I have a bit of overkill in UPS available with a natural gas genset to back that up.

peterfairchild
peterfairchild

You can always password protect any file (Word, Excel, WordPerfect), zip it and password protect the zipped file that you then send to someone. In a separate e-mail you send the passwords. Notice it is passwordS, make them different.

rpetitpas
rpetitpas

I found that the easy way was to compress the file with a password. I can do it for one file or a bunch of files. Winzip can be used to accomplish that.

3dBloke
3dBloke

There must be tools out there to encrypt individual files. A simple solution is to ZIP the file(s) and include password protection. Not sure how un-crackable ZIP archive passwords are, though. An alternative is not to encrypt at all, but to put the file in private, password protected cloud storage. I've played with this using the Screencast site, for video sharing.

Zwort
Zwort

I suppose it's always possible that the OP has software that saves a backup copy to another location; all of the Lotusware that I use does this. It could easily be configured to do so to anothe encrypted volume.

Zwort
Zwort

Could be videos taken on holiday, Squire, if you know what I mean?

RudHud
RudHud

Is there any discussion of such an analysis and testing? It's okay to say that I can test it myself, but I barely have time to skim the 109 page manual. Is everyone assuming that because you can test the code, that someone has actually done it? And yes, I know who MS is. It's run by Steve Balmer out of Washington State, USA. Who is running the True Crypt Foundation? And where? It's an evil world out there. If it wasn't, we wouldn't need True Crypt -- but because it is, we need to know something about the underlying motives of its owners. And no, I don't trust the unsupported assertion of an anonymous stranger who won't even tell me his country of origin.

BroadcastArashi
BroadcastArashi

E-mail is usually insecure. Most of the data people send through SMTP and webmail are insecure. They're not encrypted. The password can be sniffed using a packet sniffer.

davidmaxwaterman+techrepublic
davidmaxwaterman+techrepublic

I was looking for something on Linux...but I see that there's a zipcloak command that might do what I want : zipcloak (1) - encrypt entries in a zipfile however : zipcloak uses original zip encryption which is considered weak. Not a great endorsement :/

Zwort
Zwort

I have password crackers that will rip the file open very quickly, unless the password is extremely complex and long. Zip files are very, very vulnerable.

Zwort
Zwort

PGP can encrypt a file.

JCitizen
JCitizen

even SSL Gmail is insecure, as some of the hops feature insecure communications between servers. So even if the recipient has SSL turned on the Gmail account, their will be leaks along the path. Managing your own VPN email is probably the only way, or pay for web mail as such. OWA was fairly secure for remote offices, provided the remote PC was not infected, of course! ;)

BroadcastArashi
BroadcastArashi

Security is a chain only as strong as it's weakest link. You can encrypt your e-mail while it's being sent to your local SMTP server, but from there, you can't guarantee that your local SMTP server will encrypt it going to the remote POP or IMAP server, or that the remote POP or IMAP server will encrypt it while sending it to the client, or that the client will support encryption, particularly with people who have their e-mail delivered to their phone, which is most likely insecure.

Zwort
Zwort

I use an email package with full PGP integration. In the address book I can specify whether or not email is automatically encrypted to a particular recipient. There is one weakness that I know of, which occurs under certain circumstances. It's important to send encrypted email only from a secure environment, else you might as well invite the world in. Anyhow, that is how email can be made secure, from me to you, and you to anyone else in the world.

wolsonjr
wolsonjr

I've been using ccrypt for some time with Linux. Easy to use, a nice command line program, wrote a couple shell scripts to handle some of my common tasks.

Zwort
Zwort

I've not done enough work on Linux, and kudos to you for using it, but I do know of a place where you can download an appropriate package: http://www.gnupg.org/download/ I expect that source forge will have something too: http://sourceforge.net/search/?type_of_search=soft&words=pgp As a caveat I have no idea of how good this stuff is, but I have a higher opinion of much open source software than I do for MS ware. Remember, MS tried to claim it had patent on some Linuxware. I suspect a TechRep search might be helpful to you also.

davidmaxwaterman+techrepublic
davidmaxwaterman+techrepublic

It seems like you're giving me instructions for Microsoft, while I'm trying to find something for Linux - preferably something simple that I can run from the command line, though I guess GUI stuff would be ok too.

Zwort
Zwort

OK, here's the typographical, though I can see your point!: install the latest PGP freeware from their homepage - they've got a business model now and you have to be patient - right click on the icon in your icon tray, run PGP keys, generate a key with a strong password, using the usual mouse waving tricks referred to in the current example; save your strong password in your password saving file; now you have a PGP key, right click on the PGP icon, select PGP tools, and then click on the icon to encrypt a file. You will be rewarded with a dialogue box, find the file, do the business. :-)

Castlewood
Castlewood

Hi, There is a free application called Axcrypt which will encrypt single files or folders without needing to do a whole drive. You select the file(s) you want to encrypt, right click the selection and from the menu choose to encrypt the file/folder(s); encrypt a copy of them (useful if sending by email); or encrypt to an .exe file. It's been around for a while, so see the following reviews: http://www.softpedia.com/reviews/windows/AxCrypt-Review-68081.shtml & http://download.cnet.com/AxCrypt/3000-2092_4-10564424.html. The latest beta version (1.7) is available at http://www.axantum.com/AxCrypt/Default.html and as this is the developers site there are full FAQ's to show it can be run on Win7. The latest stable version is 1.6.4.4 so note the versions used in the above reviews. Hope that helps. Peter Johnson