So, last week I talked about TrueCrypt, the disk/file encryption package
for both Windows and Linux. With the rising threat posed by identity theft, we
should all be careful of what information we store on portable mediathe devices
are easily lost, so we need to assume that all of the data stored can be
accessed by any random individual (be they good or bad). Encrypting our stored
data negates this risk. At the very worst, you simply lose your data, but you
dont reveal anything. The most anyone who finds the media can do is format it
and keep it. Losing your data may be a minor inconvenience, but it would be far
worse to lose your data and also find out that £50k in debt has been createdunder your identity!
Luckily, we now have a way to consistently encrypt and decrypt
in both a Windows and Linux environment. Let's start by taking a look at
TrueCrypt in Windows. The package can be downloaded here, and installation is
pretty self-explanatory. Download the archive, unpack the files in a temporary
directory, and then run the TrueCrypt_Setup.exe application. During the
installation, there is an option to create a system restore pointI used this,but I dont think its a necessary step; it's more for peace of mind.
Once installed, a TrueCrypt shortcut will be accessible from
either the Desktop or StartMenu. When the application is opened, it will remain
minimised in the tray when closedin the preferences there is an option to haveTrueCrypt run on startup.
So let's take a look at the main application:
Its all pretty standard with the main functions well
placed. Creating a new encrypted volume is simple: Tools > Volume Creation Wizard. The wizard guides us through the
creation of a new volume very smoothly, offering support content along the way
so as to explain everything. First we need to select whether we want to create
a hidden or standard volume; since I just want to keep my data secure in case
of loss, I dont see the need for hiding the volume, therefore Im creating astandard one.
Next up, we need to select a file or device to encrypt. The
nice thing about TrueCrypt is that it gives this choiceif encrypting an entire
hard disk, we may well want to select the entire device or a partition on that
device; however, for the USB key, I have taken a different approach and used anencrypted file. Youll see why later.
I created a file called 123.iso placed on my freshly
formatted (FAT32) 2GB pen drive. Click next and you get a choice of encryption.
Many algorithms are available for use, and I quite like the fact that it lets
me choose. I have gone for Twofish, which uses a 256-bit key and 128-bit blockgood
enough, I think. The next screen asks you how large the encrypted filesystem
should be. Underneath the box, it shows you the amount of free space on the
device where the filesystem will be created. I choose to use all but 10-MB of
the space for my volume. The final steps before creation are setting a password
and selecting a filesystem. For the password, over 20 characters are
recommended and up to 64 are allowed; ten characters seem a bit more likely to
me. Yes, its not as secure as 20, but you try remembering a 20-character
string of jumble and then typing it every time you switch computers! I opted
for a FAT filesystem with the default cluster size. Hitting format will createthe volume, which can then be mounted in the main application.
Now youre probably wondering why I left 10MB of wasted
space on the disk? TrueCrypt allows us to create a traveller disk. The
traveller disk basically contains the application and driver which need to be
used to access the encrypted volume in Windows; this can be run on any Windows
machine (if you have rights to run executables) and can even automatically
launch when the disk is inserted (if using Windows XP SP2). The traveller
disk option in the Tools menu
simply asks for the root directory of the disk and auto-mount options. It then
creates the necessary files on the disk. Its a shame there isnt a feature
like this for roaming on Linux machines, however I doubt it would be possible
due to the way in which the Linux program runs (loadable Kernel module
required). A few MB of leftover space will provide fast access to some
unimportant small files which you want to quickly move from one place toanother. How much you leave (if any at all) is down to personal preference.
Next week Ill take a final look at TrueCrypt; I plan
to install the Linux variant on my Ubuntu workhorse and attempt to mount thevolume I have created in Windows.