123 Technology News, Views, and Reviews

If you don’t know by now, having a Windows logon password is NOT sufficient to protect the data on your computer. There are many ways, both remotely and locally, that your data can still be accessed.

There are really only two ways to absolutely protect data from prying eyes:

1. Keep the data off your computer, in a safe somewhere, or
2. ENCRYPT your data with a strong and reliable encryption code

Since we’re computer people and can’t imagine having to keep our data jewels in a physical safe, how about an encryption safe on your computer?

TrueCrypt

TrueCrypt is an encryption program that enables you to create your own digital safe. You can create an encrypted file container, or you can encrypt entire hard disk partitions, floppy disks, USB memory sticks, and other storage devices - openable only by you with your secure (!) password. If anyone gets access to that digital safe, they would see the safe as an unintelligible file only.

The rest of this article assumes that you have created a file-hosted safe.

BTW, this tool is FREE. As always, we love FREE.

You can find the download at:

http://www.truecrypt.org. When there, click on Downloads in the toolbar, and then grab the latest stable version (version 4.3a as of the time of this writing). Open and run it to install. At the end of the installation it recommends that you read the Beginner’s Tutorial. We suggest that, too.

Creating Your Encrypted File Container

TrueCrypt creates a file of a size of your choosing, which acts as the container for all forms of data that you’d like to save in it:

• Double-click the TrueCrypt icon on your desktop
• In the dialog box, click the Create Volume button. You have the option of creating a standard or a hidden volume. Select standard, and click Next.
• In the Volume Location dialog box, click the Select File, and browse to the location where you want to place your file store. Give the file store a name (any name; preferably nothing obvious like “encryptedfiles”), and click Save. Then click Next.
• On the next page you have your choice of encryption algorithms; the default settings are perfectly fine (algorithm is AES, and the Hash Algorith is RIPEMD-160). Click Next.
• Next, decide how big you want your file store to be. If you want a 1 GB file store, enter 1000 (1000 MB = 1 GB). Click Next.
• On the Volume Password screen, you need to create your password. This is critical. You want it secure, but you don’t want it so cumbersome that it’s difficult to open the file store every time you want to access it.

As an aside, Microsoft defines a strong password as one that has the following characteristics:

1. Is at least seven (7) characters long
2. Has at least one character from at least three of the four following categories:
   1. Capital Letters
   2. Lowercase Letters
   3. Numbers
   4. Characters (such as #,$, %)

An example of a safe password:

Tio9*az – Capital letter, lowercase letter, number, AND character.

• Once your entered and confirmed your password, click Next.
• On the Volume Format page, set the filesystem to NTFS if you’re running anything later than Windows 98. Then (and this might sound strange), spend 30 seconds wiggling your mouse around on the dialog box. This randomizes the hash algorithm for your data store. It’s actually important.
• Once you’re done wiggling, click Format. TrueCrypt will now build your file store.
• When it’s done, you’ll see the Volume Created dialog box. Click Exit.

Using TrueCrypt

Here is a picture of the main TrueCrypt interface:

(Click to Enlarge)

Click on Select File and find the file store you created. If you want TrueCrypt to remember that location and automatically fill in the location for you in the future, Uncheck the Never Save History box. It’s less secure (anyone who accesses your machine and opens TrueCrypt would know the name and location of your file store), but it’s more convenient. Your call.

Then click an open drive letter from the list at the top, and then click the Mount button and enter your (safe!) password. Leave the check boxes unchecked, and click OK.

Your file store will now be unencrypted and will appear as the drive letter you selected. You now have full access to the data in the file store.

When you’re done working on your files, re-open TrueCrypt, click the Dismount button, and the file store is safely encrypted again.

Usability Notes

A few quick tips will make TrueCrypt a bit easier to work with:

1. Right after you’ve selected a drive letter, clicked Mount, and entered your password, go up to the toolbar and select Volumes, and choose Save Currently Mounted Volumes as Favorite. This will set it so that the same drive letter is always used for that particular file store. You won’t have to choose a drive letter, and it’s also good if you have more than one file store – assign them to different drive letters.
2. In the toolbar, choose Settings > Preferences. We recommend you Check the following settings:
   1. Auto Dismount: Auto-dismount volume after no data has been read/written to it for 60 minutes (or less).
   2. Windows: Open Explorer window for successfully mounted volume
   3. Password Cache: Wipe cached passwords on exit

There are lots of other options, a way for you to place an encrypted file store on a USB key (or encrypt the whole key), and more. Read the Help files for details.

Randy Garland 123 Technology

 

This entry was posted on Thursday, June 28th, 2007 at 3:58 pm and is filed under Windows Software, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.