I wrote this for my boss in a few minutes....
Encrypting Data with TrueCrypt
Using an on the fly encryption program called TrueCrypt (located at
http://www.truecrypt.org ) encrypting mass amounts of data.
TrueCrypt does not just encrypt a single file, lets say an Excel spreadsheet of passwords, other programs are better at performing that. TrueCrypt (TC from here on out) can create a wholely encrypted file that can be mounted as a separate drive, very similar to a mapped drive.
The best way to really explain what TC can do is actually illustrate some examples on how it works:
1) Create a single encrypted volume that is all encapsulated in a single file
Imagine you have a 1 GB USB Thumbdrive. You wish some data to be encrypted for security and some data not to be, as its not needed.
Using TC, I can create a 500MB (it can be any size of course, up to the maximum size of the drive) for my encrypted files volume. You use TC to create a new 500MB encrypted file. This file is allocated, encrypted and hashed before anything is ever added to it. You assign a password to the volume and can even have a key file for two part authentication (basically you need a password and a file to allow you to open the volume, so if someone get their hands on the encrypted volume without the file, they cant open it.)
This encrypted file volume now exists on your USB drive as a 500MB file. Unable to be opened at all. Using TC you then have to mount it, you point to it, enter your password and state what drive letter you want that volume to use. Lets say I open it using the Z: drive letter. In windows explorer, I now have a Z: drive, with 500MB of space. This volume acts like an independent drive as far as windows goes. I can put any data in this Z: drive, and once I unmount that encrypted volume, its completely accessible as if it was a standard mapped drive or hard drive.
So in this example, I have now on my 1GB USB key, 500MB of space for unencrypted data and 500MB of space for encrypted data, that can only be accessed using TC.
2) Create a single encrypted USB Drive
In the first example, you had a single encrypted file volume, here, we will simply encrypt the drive. Its faster since the data is not being pulled from a single file. Assume we have another 1GB USB key. I can set TC to encrypt the entire device. This means without TC and the password, there is no getting at any data on the device.
3) Create a encrypted file on your hard drive
This is pretty much exactly like the first example. Imagine I have a laptop with 100GB of space, and I want to create a 5GB encrypted file volume. I follow the same steps as in example 1 and at the end, once I mount the drive, I have a 5GB encrypted volume. If someone was to get their hands of the file, it would simply be a 5GB file that they cant read without TC and the password.
This is a great suggestion for those that have laptops to store ANY proprietary data on.
Other Issue with TrueCrypt
- Once encrypted there is no recovery, so if you copy all your data to an encrypted volume, and then dont remember the password, there is no getting your data.
- The Encrypted File Volumes created by TC, are completely portable. So if I create my 5GB encrypted file volume on my laptop, I can actually copy that to my network for backup. Ssay my laptop dies, and I get another, all I have to do is install TC and then copy down the backup 5gb file, then I am back, I can open it like before, even though its on a completely different machine.
- Uses 256 bit encryption using: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-Sepent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent
(as you can see, there are three types of encryption, but TC can allow you to encrypt using three different encryption schemes at once)
- Can be set to use only a password, or can be set to use a password AND a keyfile. This means if someone got the Encrypted File Volume, but had only the keyfile, it wont open, or if they had the password without the keyfile, it wont open either.
- Hidden volumes - Hidden volumes allow you to mount two partitions within a given TrueCrypt volume: a regular one, revealed by default when you supply a password, and a second one, which is not detectable (and is concealed with a different password). The designers of TrueCrypt created this feature to allow a degree of plausible deniability for the end user; you could place a certain amount of non-crucial information in the outer volume, and if you were forced to reveal the main password for the volume, you could do so without compromising the truly sensitive data on the inner volume.
- Traveler mode - This allows you to place a runtime copy of TrueCrypt on a removable drive and run it on Windows systems where TrueCrypt is not installed. The TrueCrypt program has a wizard to automate this process and even makes it possible for the volume to mount itself (with the proper password, of course) when the volume in question is inserted. Note that you cannot use traveler mode in Vista unless you are using an account with admin privileges.