Got security? TrueCrypt allows you to create and use encrypted volumes and reduce the risk to your sensitive data.
Let’s face it — these days it’s almost a certainty that some information on your computer is not for public consumption. Be it your accounting data on a personal machine or valuable trade secrets on a corporate machine, for better or worse, computers are part of our daily lives. In many cases, the theft of that data could have serious repercussions. The situation is exacerbated by the fact that a greater and greater percentage of computers sold are laptops. Losing a laptop now has the potential to make national news and could even result in a costly lawsuit.
With this information in mind, it makes more and more sense to utilize some level of disk encryption on your machine. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume. On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read without using the correct password/keyfile(s) or correct encryption keys. All encryption is automatic, real-time and transparent. Available from here, TrueCrypt is available under the TrueCrypt Collective License and works with Linux, OS X and Windows. It can use AES, Serpent and Twofish as encryption algorithms and supports RIPEMD-160, SHA-512 and Whirlpool hashing. When used in “traveler” mode, it does not even have to be installed on the machine on which it is run.
The TrueCrypt download section contains binary packages for some popular Linux distributions. If your distribution does not have a package available, you’ll need to install from source. Further instructions for source installation can be found in the included Readme.txt. Note that to use TrueCrypt you’ll need to have the FUSE library available.
Once installed, the truecrypt binary supports both a graphical and text user interface. It will run in graphical mode by default and automatically fall back to text mode if needed. You can use the -t flag to force text mode. TrueCrypt can either encrypt entire storage devices/partitions or create virtual file hosted volumes. You should be aware that if you encrypt a partition or device, all data will be lost. To create a new volume from the GUI, select Tools->Volume Creation Wizard.
The first step of the wizard will ask if the volume should be standard or hidden. A hidden volume is basically a volume within another volume, and is one of the two ways TrueCrypt provides you with plausible deniability (the other is that it is impossible to identify a TrueCrypt volume). The next step is to select a file or device. In this example we’ll create a virtual file-based volume. Keep in mind the file can have any extension and location, so is extremely easy to conceal. Next, you’ll need to pick a volume size. For this test we’ll create a 10M volume. You’ll now need to choose the encryption algorithm and hash algorithm. The defaults are acceptable is most cases. Finally, you need to create a volume password using the guidelines given by the wizard. The volume will then be created and formatted. Now that the volume is created, you can mount it via the mount button.
A volume can also easily be created and mounted in text mode.
Figure One: TrueCrypt Screenshot
To create a volume: truecrypt -t -c
To mount a volume: truecrypt /truecrypt/linuxmag.tc /media/truecrypt1
Both the GUI and text mode support additional functionality such as using keyfiles and passing specific mount options to the OS. For a full list of options, run truecrypt -h. Note that when using TrueCrypt to backup critical information, it’s important to backup both the volume and volume headers. The online documentation walks you through how to do this properly. Before using TrueCrypt I also recommend you read the online FAQ, which contains a lot of useful information.
A little bit of time spent implementing TrueCrypt to encrypt your sensitive data on the fly could save you a huge amount of time and money in the long run. Don’t leave your data at risk.
Comments on "On-the-fly Encryption with TrueCrypt"
Perfect timing! I’ve just been asked to look at file encryption today.
There is also encfs… it does not create a encrypted volume, so you don’t are limited by the dimension of the encrypted volume, and it’s good if you don’t need to hide the existence of the encrypted files… I use it with gmailfs to backup some important data on gmail.
But obviously if you need portability on windows and mac os x and if you need to hide the existence of the encrypted files, truecrypt is better.
Since I’m going on a business trip for 10 days and will need my laptop I will definitely look into this further as a viable option for protection.
Well I gave this a try and I keep getting prompted for an ‘administrator password’ when none has been set up. Wasn’t even asked to set one up and cannot find where to add one.
sorry but I have a question. What if I upgrade the OS or change the OS?! Will I still be able to access my encrypted data on the drive and will be able to decrypt it?!
Yes. I share data between vista and kubuntu. No problem.
Great application!!
If traveling a lot, why not install [K]ubuntu[-8.04] with optional dm-crypt/luks/aes256 encryption from alternate install media ?
Works right from the box, related information has been available sans 2002 (albeit _much_ more complicated).
And you can use same encryption scheme to portable storage and GUI (both Gnome and KDE in Kubuntu-8.04) recognized those and prompt for password prior to mounting.
FreeOTFE provides Windows software to share these encrypted medias with Windows (haven’t tried that personally).
Cheers,
-Mika
I found that encfs (a FUSE application) was easier to use, and you’re not limited by the rather annoying startup hinderance; “how big do I make my encrypted partition?”.
http://www.arg0.net/encfs allows you to mount an encrypted filesystem in userspace and just add stuff on the fly; the only limit is the size of the partition under which you’re hosting the encrypted files.
Having said that I use TrueCrypt all the time in Windows, so I suppose it’s a matter of taste. TrueCrypt *may* be faster, too, although I have no benchmarks to prove that.
FreeOTFE does something a bit different as far as i can remember. It does not encrypte the file itself but the data about the file in the MFT or FAT table… It is waaay faster and consumes mUUCH less battery life form notebook. But i’d say it’s less secure because of that… doesn’t offer hidden partitions as far as I can remember and I had problems with getting it to work on some windows machines (but the OS was NLIGHTed so possibly because of that..)
(1) What file system did you choose? I was given a choice of “FAT” or “None”.
(2) When I mounted the encrypted file system (via truecrypt) only the root user had ANY access to the files in the container, and I couldn’t find a way to change that behavior. Is there some way to allow others to access the files?
(3) The files in the container are, for practical purposes, unencrypted for the root user (or whoever owns the container). If my system gets cracked, how does the encryption protect me?
(4) This approach seems to fit the model of a laptop, more than a desktop or server system.
Truecrypt is a great program but they do not support whole disk encryption in Linux and they support that for Windows users.
This is not the way to go for open source software, encouraging people to use Windows giving them more features on that platform.
Third vote for ENCFS. And Gerlos, it works on MAC OSX as well. Just not Windows…… But maybe that will happen once Fuse is fully ported over to Windows.
For everyone else, if you haven’t checked it out, you can read more at:
http://www.arg0.net/encfsintro
I did not get it. Why when a partition or a device is encrypted all data is lost??? I might be missing something, but if it means that the existing data residing on the disk can not be encrypted without loss, what is the benefit?
My company used zecurion for encrypting server data on linux and windows servers(both backup and storage) and the software encrypted all of the existing data without loss. check them out … http://www.zecurion.com/software-products.php
I really liked your blog. Much obliged.
I value the article.Really thank you! Much obliged.
My developer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the expenses. But he’s tryiong none the less. I’ve been using WordPress on numerous websites for about a year and am worried about switching to another platform. I have heard excellent things about blogengine.net. Is there a way I can import all my wordpress posts into it? Any help would be really appreciated!
Please let me know if you have any suggestions or tips for new aspiring blog owners.
H3YoRn Please forgive my bad English.I have been reading out many of your articles and i can state nice stuff. I will make sure to bookmark your blog.
You have remarked very interesting details! ps nice site.
Below you?ll discover the link to some web pages that we consider you should visit.
“I’m not sure exactly why but this site is loading very slow for me. Is anyone else having this issue or is it a issue on my end? I’ll check back later on and see if the problem still exists.”
Please check out the web pages we adhere to, such as this 1, as it represents our picks through the web.
“I don’t even know how I ended up here, but I thought this post was good. I do not know who you are but definitely you’re going to a famous blogger if you aren’t already ???‰ Cheers!”
If some one needs expert view about running a blog afterward i recommend him/her to go to see this blog, Keep up the good job.
Here are some links to internet sites that we link to mainly because we assume they are really worth visiting.
The time to study or go to the material or web pages we have linked to beneath.
Fantastic post however , I was wanting to know if you could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit further. Many thanks!
I am just now not sure the area you’re getting your
info, however great topic. I must spend some time studying more or understanding more.
Thanks for wonderful information I was looking for this info for
my mission.
my page MinaOEaley
Just beneath, are quite a few entirely not related sites to ours, however, they’re surely worth going over.
I check this out paragraph completely regarding the
difference of most up-to-date and earlier technologies,
it’s remarkable article.
Here is my page – SantosUDurun