Disk Encryption with TrueCrypt – UPDATED!

With TrueCrypt there is no longer any reason NOT to encrypt your hard drive.

630 0
630 0

Update May 28, 2014

The Truecrypt website is in a state of flux. We do NOT recommend using Truecrypt at this time. Please check back often until we have more clarity on the Truecrypt situation.

Original Post

Disk encryption is the big enchilada on the menu of things you need to do to improve your digital security.

What is disk encryption you ask? It’s basically a method of storing data on your hard disk so that only someone with the right password or key can access it. Disk encryption protects your sensitive data and digital identity should your laptop, computer or USB backup disk ever be stolen.

You may think that you don’t have that much important data on a disk so why bother with the hassle of encryption. I will counter and ask if you have any proprietary data on your disk for your company or a client? You will note that most NDA (Non Disclosure Agreements) require the recipient to “care for the disclosed proprietary data with the same you degree of care as you give your own proprietary data,” (AND THIS IS THE IMPORTANT PART) “not with less than a reasonable standard of care”. This last phrase leaves open the possibility that you could be sued by those who disclosed to you data under NDA should your laptop ever be stolen! While I am not an attorney, it is my opinion that if you take the step of encrypting your disk and using good password management you will have demonstrated that you have met the requirement “not with less than a reasonable standard of care” and likely avoid potentially large financial losses should the worst ever happen.

So you know you need it. Now on to the business of implementing disk encryption.

There are two approaches to encrypting your files. The simplest approach just encrypts the most sensitive files using a password that you’d keep in your password manager. This is easy to do using tools that are built right into many operating systems. The problem however is that you only are securing a relatively small subset of the files on your computer and how secure they remain depends on how careful you and your operating system and software programs are with managing copies of both the files and the passwords used to secure them.

Ultimately, there is a better approach called Full Disk Encryption (FDE). With FDE nearly everything including the OS and system partitions and even the swap areas used to store RAM for hibernation are all encrypted. With FDE it is impossible to boot the computer without the proper pass phrase or a key file or both! If you use FDE and a thief makes off with your computer they will be very unlikely to be able to access the data on the disk. Your loss then, provided your data is backed up on another location, is simply a piece of relatively cheap and replaceable computer hardware that is often covered under business or home insurance policies.

The trouble with FDE is that it sometimes requires a complete wipe and re-installation of the operating system, programs and data in order to implement it. Fortunately, times have changed and with most Windows systems is it is now possible to implement FDE without going through that painful and time-consuming process. If you run Windows, the solution you want is called TrueCrypt. This software is both free and open source and can be easily installed on nearly any Windows computer. With Truecrypt you can even encrypt the disk on the fly while you’re doing other things! Truecrypt makes FDE so easy that there’s almost NO EXCUSE for not using FDE on all your Windows computers.

Some of you may have concerns about performance impacts of using FDE. I have used FDE extensively the last few years on both Linux and Windows XP based machines and has noted little if any substantial performance penalties in my day-to-day computing tasks or even with high-powered engineering simulation tools. On the other hand I sleep much better knowing my data is safe and secure.

Lastly, let me remind you that you must backup your data prior to attempting to install TrueCrypt or any other FDE type software. If something goes wrong in the encryption process or you somehow manage to forget your password then your data is LOST FOREVER!

The proper sequence is  as follows:

A. Backup your data!

B. Install TrueCrypt and confirm that it works properly.

C. Encrypt your backup drive.

Note that step C is essential unless you store all of your backups somewhere very safe like a bank deposit box.

Update: I’ve posted a follow up article here with step-by-step instructions for installing TrueCrypt on a Windows XP system drive.

In this article

Join the Conversation