TrueCrypt

Did you hear about the joke of the politician who lost his laptop or USB disk and had sensitive data leaked out? Actually that was not a joke but a reality. It happens so often that sensitive data is leaked out through the loss of USB disks and laptops.

Why does this happen so often? Are people too cheap to pay for good encryption? Do people believe they need to hire some expert to have their data protected? Or are people too lazy to even think about all the �trouble� it would take to protect all that data? Do they believe they are incapable of doing it themselves?

Here is the answer; No you do not need to be or hire a genius, you don�t need money, you don�t need special hardware and it�s really easy to do.

TrueCrypt is a free disk / file encryption tool that uses military grade encryption techniques. It offers various types of encryption from simple passwords to large key files that you can store on a usb �key� and thus use a usb storage device like a physical �key�.

You can create encrypted �storage files� that you can mount to a free drive letter like a physical disk. You can have encrypted data on a USB disk and create a �traveler disk setup� that copies TrueCrypt to your USB disk so you can mount your encrypted volume on any Windows computer.

You can even encrypt your entire operating system harddisk and enter a password on boot. The advantage of this is that if you have lost your laptop, people will not be able to read any data from your laptop, even if they pull out your harddisk and try to read it by plugging it in as a USB disk.

Here is a simple tutorial on how to create an encrypted volume file and how to encrypt your entire disk.

Create Encrypted Volume
In TrueCrypt, click on Volumes, then Create New Volume�. Select Create an encrypted file container. In the next screen select Standard TrueCrypt Volume (Hidden TrueCrypt volume will create an encrypted volume within an encrypted volume. It�s like a safe with a secret compartment inside.). Next, select where you want your encrypted volume file to be stored. You can use a USB disk if you want it to be portable. Give the file any name you like with any extension you like. You can even give it an mp3 or avi extension (but you will not be able to play them as video or audio files). This can be useful if you do not want your file to draw attention. You can also leave out the extension, be creative. Next select your encryption method. AES is the default encryption method and is very safe. Next select the volume size. This will be the size of the volume file. Make sure you do not select a file size that is bigger than the amount of disk space you have left on the disk you are creating that file. Think about what you want to put in that volume and make it an appropriate size. For example a 10Gb size would be overkill if you will only put some word documents. Next type in a password. The longer the password, the smaller the chance that your volume file will be �cracked� by password guessing tools. Use a combination of letters, numbers and special characters to beat �dictionary hack attempts�. You can also use keyfiles and have it create a file that is needed to decrypt your volume. You can store this file on another (small) usb disk and keep it safe. Next select the filesystem of the encrypted volume. If you will store files larger than 4Gb then select �NTFS� otherwise keep it in �FAT�. Click on Format when done and wait for it to complete. Then click on Close. Now you have created your encrypted volume, but you need to �mount� it to be able to read and write from it. In TrueCrypt click on �Select File� (lower right) and select the volume file you just created. Next click on a driver letter that you want to mount your volume on in the list above and click on Mount in the lower left corner. Enter the password you chose when you created the volume and select �use keyfiles� if you chose to create those too. When done, your volume should be available on the drive letter you selected. Simply open an Explorer window (Windows key + E) and browse to the volume letter you used for the encrypted volume. To dismount the volume go to TrueCrypt and select the drive letter you wish to dismount and click on Dismount in the lower left corner, or click on Dismount All and it will dismount all drive letters. If you created the encrypted volume on a portable disk, you might also want to include the TrueCrypt files on it so that you don�t have to install TrueCrypt on other computers where you want to use it. Simply go to Tools and click on Traveler Disk Setup. Click on Browse and select the disk where you created your encrypted volume file. Set any other options you desire and click on Create.

Encrypt your entire system disk
Make sure you have an empty CD ready and a CD burner.
To encrypt your entire harddisk and prevent people from snooping into your laptop or computer disk when it is lost or stolen, do the following. Click on Volumes, Create New Volume� Select Encrypt the system partition or entire system drive, next select Normal and click Next. If you store all your files on the C: volume only, you can select Encrypt the Windows system partition otherwise select Encrypt the whole drive if you also store files on other internal partitions. Next select �Single-boot� if you have only Windows running on your machine. Next select the encryption (AES is good). Next select a password and / or a keyfile. Next move your mouse around to generate random data that will be used for the encryption. This random data is generated from your random mouse movements. Click on Next and Next again. Now you need to have an empty CD ready to burn a rescue disk. You cannot continue unless you create a rescue disk. This rescue disk is bound to the specific computer and should not be used on other TrueCrypt volumes. If you do not have a CD burner on the system you are encrypting, then copy the ISO file to a USB disk and burn it on a computer that does have a CD writer. If you have no CD writer anywhere, then you can trick it by mounting the ISO file using a tool like OSFMount. Next, insert the CD into the CD drive of the system you want to encrypt and click Next to verify. Click Next. If you already have sensitive data on your system and have lots of time left, then read the description and select a wipe mode, otherwise leave to None and click Next. Click on Test to begin an encryption test. Your system will reboot and you will have to enter the password you chose. When boot is done, continue the wizard and your system will be encrypted while you continue to use your computer.

So now you have no excuse to not have your sensitive data unprotected and you no longer have to worry if it will fall into the wrong hands.

One more word of advice, if you use a laptop and have encrypted your entire disk, make sure you use a password on your Windows account. If you do not have a password on your account and someone finds your laptop while it was running, they can still read all your data because they do not need to boot your computer, as it is in sleep mode and you did not set an account password. Best practice is to always turn off your computer when you are done and have an account password even if you only have one account.