TrueCrypt is a popular open source software package used to encrypt files on a PC or laptop.
Why do I need it?
Let's face it, you probably keep data on your computer that you would not want to fall into the wrong hands. Stored passwords, online and financial account information, browser history, email history, bitcoin wallets, etc. The information itself is probably much more valuable than the hardware it is on.
If your computer was stolen, the thief could make use of that information for his own profit, at your expense. Just imagine him accessing your bank accounts, web sites you are a member of, etc.
Should you happen to have an incident with the law, they will likely seize the computer and every storage device you have to analyze it for evidence to use against you. You are best off if you minimize what information they can get.
Your best option is to always keep your stored data encrypted. TrueCrypt will do that for you.
Overview of TrueCrypt
TrueCrypt is free software, and open source, meaning anyone can look at the actual source to confirm it doesn't contain any back doors or other objectionable features. You can download it for Windows, Mac or Linux at truecrypt.org.
There are several ways to use it. These include:
- Full disk encryption. With this, you simply encrypt the entire hard drive. This is the best way to ensure no file on the computer is accidentally left unencrypted. You may encrypt the system (boot) disk, or another non-boot disk as well as external USB drive or memory stick.
- File-hosted volume. Here, you create a TrueCrypt volume on a single file, then "mount" that file as a TrueCrypt volume. On Windows, the mounted volume will show up as a new drive letter for you to use. Anything saved in that volume will be automatically encrypted. The file that the volume is hosted in can then be copied as a regular file (e.g. to back up) and used elsewhere.
Suggestions for using effectively
Care should be taken to ensure you are effectively and securely using TrueCrypt. Beginner users of TrueCrypt could accidentally expose their data without realizing it. Here are some suggestions to prevent that from happening.
A file-hosted volume may not be your best option. You may be thinking that you can create a file (e.g. a Word doc) and place in this volume, then be all set. However, the software package you are using to edit the file may create temporary or backup copies of your file outside of that volume. Such files will not be protected. And, they can be difficult to discover; you would need to research each software package you wish to encrypt the data of to learn where it keeps its data. Many software packages keep their data in out-of-the-way places, such as the Application Data or Local Data directories on Windows. Browsers, for example, like to do that. Also, software data can be copied to the swap file and possibly read later.
It is easiest just to encrypt everything with full disk encryption. So, go with that if you're not absolutely sure what you are doing. You can still create file-hosted volumes within the fully encrypted disk if you like. That way, any data that happens to spill out of the volume is still encrypted on the system disk.
Another concern is your backup strategy. If you encrypt your system disk but perform a backup by sending all your data to the cloud, or copying it to a DVD or an external USB drive, you are copying unencrypted data. Should all your equipment ever get stolen or seized, this theft will likely include the backup media. So, make sure all backups are encrypted too. Some ways to do this include:
- Perform full disk encryption on a USB drive, mount that drive as a TrueCrypt volume, then do a regular file copy to that.
- Keep the files you want to back up in a file-hosted volume, then copy that file to an external location. (You will need to make sure the file size is less than the capacity of your destination for the copy.)
And, of course, choose a good password and never let it get exposed anywhere. The password should be unique, never having been used for any other account or ever transmitted over the Internet. And, at least 20 characters is the preferred length.
Be sure to use TrueCrypt's features to create a recovery disk for your encrypted system disk, and also back up the TrueCrypt headers for any volume you have created.