Encrypt portable storage in Windows/Linux with TrueCrypt

So, last week I talked about TrueCrypt, the disk/file encryption package

for both Windows and Linux. With the rising threat posed by identity theft, we

should all be careful of what information we store on portable media—the devices

are easily lost, so we need to assume that all of the data stored can be

accessed by any random individual (be they good or bad). Encrypting our stored

data negates this risk. At the very worst, you simply lose your data, but you

don’t reveal anything. The most anyone who finds the media can do is format it

and keep it. Losing your data may be a minor inconvenience, but it would be far

worse to lose your data and also find out that £50k in debt has been created

under your identity!

Luckily, we now have a way to consistently encrypt and decrypt

in both a Windows and Linux environment. Let's start by taking a look at

TrueCrypt in Windows. The package can be downloaded here, and installation is

pretty self-explanatory. Download the archive, unpack the files in a temporary

directory, and then run the TrueCrypt_Setup.exe application. During the

installation, there is an option to create a system restore point—I used this,

but I don’t think it’s a necessary step; it's more for peace of mind.

Once installed, a TrueCrypt shortcut will be accessible from

either the Desktop or StartMenu. When the application is opened, it will remain

minimised in the tray when closed—in the preferences there is an option to have

TrueCrypt run on startup.

So let's take a look at the main application:

It’s all pretty standard with the main functions well

placed. Creating a new encrypted volume is simple: Tools > Volume Creation Wizard. The wizard guides us through the

creation of a new volume very smoothly, offering support content along the way

so as to explain everything. First we need to select whether we want to create

a hidden or standard volume; since I just want to keep my data secure in case

of loss, I don’t see the need for hiding the volume, therefore I’m creating a

standard one.

Next up, we need to select a file or device to encrypt. The

nice thing about TrueCrypt is that it gives this choice—if encrypting an entire

hard disk, we may well want to select the entire device or a partition on that

device; however, for the USB key, I have taken a different approach and used an

encrypted file. You’ll see why later.

I created a file called ‘123.iso’ placed on my freshly

formatted (FAT32) 2GB pen drive. Click next and you get a choice of encryption.

Many algorithms are available for use, and I quite like the fact that it lets

me choose. I have gone for Twofish, which uses a 256-bit key and 128-bit block—good

enough, I think. The next screen asks you how large the encrypted filesystem

should be. Underneath the box, it shows you the amount of free space on the

device where the filesystem will be created. I choose to use all but 10-MB of

the space for my volume. The final steps before creation are setting a password

and selecting a filesystem. For the password, over 20 characters are

recommended and up to 64 are allowed; ten characters seem a bit more likely to

me. Yes, it’s not as secure as 20, but you try remembering a 20-character

string of jumble and then typing it every time you switch computers! I opted

for a FAT filesystem with the default cluster size. Hitting format will create

the volume, which can then be mounted in the main application.

Now you’re probably wondering why I left 10MB of ‘wasted’

space on the disk? TrueCrypt allows us to create a ‘traveller disk’. The

traveller disk basically contains the application and driver which need to be

used to access the encrypted volume in Windows; this can be run on any Windows

machine (if you have rights to run executables) and can even automatically

launch when the disk is inserted (if using Windows XP SP2). The ‘traveller

disk’ option in the Tools menu

simply asks for the root directory of the disk and auto-mount options. It then

creates the necessary files on the disk. It’s a shame there isn’t a feature

like this for roaming on Linux machines, however I doubt it would be possible

due to the way in which the Linux program runs (loadable Kernel module

required). A few MB of leftover space will provide fast access to some

unimportant small files which you want to quickly move from one place to

another. How much you leave (if any at all) is down to personal preference.

Next week I’ll take a final look at TrueCrypt; I plan

to install the Linux variant on my Ubuntu workhorse and attempt to mount the

volume I have created in Windows.

Editor's Picks

Free Newsletters, In your Inbox