I have spent many hours of troubleshooting, researching, and scouring the net for a good encryption software program to encrypt a few sensitive files. After all kinds of high-end apps and expensive apps and open-source apps, I came across the gem. The best of them all: Truecrypt.
Backstory of Truecrypt
The backstory of Truecrypt is, like their service, slightly encrypted! There’s not that much information on the people behind Truecrypt, but it is open-source. This means that the code behind the program can be examines by all. While that’s nice and nifty and great for free softare and open-source (stuff I absolutely love because of it being quality, the community, and the beliefs behind it); having truecrypt’s code being opensource is additionally important for security. Because it’s open-source anyone can examine the code of the application to ensure that there’s no back-doors built into the security algorithms. Because nothing is hidden in its design, people can see and verify that it is safe.
File or Partition?
I had difficulty deciding on if I should use a file-container or partition. I quickly decided on partition after getting more information. Truecrypt file-containers/volumes are like normal files that can be put in folders, moved, copied, and deleted. That’s interesting, but not as simple as a partition. Most importantly, a partition has better performance than a container and reading and writing to a container file (just as with the partition, involves encrypting and decrypting on the fly) becomes very sluggish if the drive/system is heavily fragmented. So for faster read/write (which includes encryption) and performance and the fact that I wanted the truecrypt area to be accessible, I went with truecrypt partition. The idea of truecrypting an entire system is pretty interesting, and I may look into that, but for now the partition is a great method for having outrageously DOD, NSA-security on a select space of files.
The encryption/decryption methods and numbers of truecrypt are pretty advanced, like John Nash, Phd number theory mathematics advanced. So that’s reassuring and, additionally, interesting for a (very) side project of learning. It was pretty fascinating
There’s three things you can encrypt. In order of least to most comprehensive, they are:
1. Truecrypt Volume
2. Partition Encryption
3. System encryption.
1 creates a truecrypt file on an existing partition. In linux, this single encrypted file shows up as an unopenable program file.
2 encrypts an entire partition.
3 encrypts an entire operating system.
Hidden Volume Setup
This was so ingenious of an idea I had to try it out. The hidden volume setup creates an outer volume in which you put decoy data and within that encrypted outer volume, a hidden volume which contains your actual data. Both the outer and inner volume’s are unencryptable but this adds a second layer (to an already unimpenetrable security line) of protection.
I tested making a 600gb truecrypt volume file (called a container) and on my netbook it would take 18 hours. This time would likely be one quarter of the time on a faster machine, but needless to say, the formatting, and encryption process is very very very comprehensive and secure!
I considered using AES (advanced encryption standard), although there were many many many options for encryption. Truecrypt uses AES with “14 rounds and a 256-bit key”. I’m not John Nash, so not sure what those details mean, but I trust (and know and understand) that the data is very very very secure. But I went with Serpent which sounds equally secure.
In addition to encryption method, you can also pick the hash algorithm for your encryption. I chose RIPEMD-160, which was developed by EU’s project RIPE (RACE Integrity Primitives Evaluation) and then adopted by the International Organization for Standardization (most commonly recognized as ISO), in the early 1990s.
The Hidden Volume.
This is AMAZING. This is one of the coolest things I’ve ever seen. With the same encrypted container/partition/system you have one truecrypt encrypted “file”. Now with that EXACT same file if you enter the outer volume password you get the outer volume (with decoy files) and then with the EXACT same file if you enter the hidden volume password, you get the hidden volume. Essentially one file has two doors. This would be like a house having a door. You use a key (password) to enter it. If you wanted to show someone that you would use a key (password) and it would open up and there would be your kitchen and table and chairs and desk and whatever. But with hidden file systems it’s like you go to the same door but use a different key (password_secret) and that exact same door opens up to an entirely different house. Instead of those normal things you’d see some sleek office area. This is so cool. This is more advanced than I thought. I thought it was a folder within a folder (outer). Not so, it’s one single file that unlocks two different ways. Wow this is awesome! That is easily one of the most impressive features I’ve ever seen in a program. Far exceeded my expectations.
Youtube tutorial on hidden volumes (horrible sound quality) – http://www.youtube.com/watch?v=3wUbnsEV0s0&feature=related
TrueCrypt and DVDs
This is a splendidly nifty idea. Create a truecrypt file-container and burn it onto a DVD. Now some backed-up files on disposable media (DVDs are cheap!) is now encrypted!
Very delighted with this find. It works because of its cross three-OS platform compatibility (something very important for me because I work in at least three OSes at times. Additionally, it works flawlessly and is uses by some big organizations (schools, huge companies) and has good repute.