TrueCrypt is a FREE tool that will encrypt your entire hard drive, or allow you to create encrypted virtual hard drives. Or even virtual virtual hard drives if you want to get tricky.
Why You Need to Encrypt Your Files
It’s very simple – you need to encrypt your files so that people you don’t trust cannot see them. Now, you might not need to encrypt ALL of your files. It probably doesn’t matter if your OS, your music or your holiday snaps are in the clear.
But think of all the files that have Personally Identifiable Information sitting on your computer right now: bank statements, tax returns, treasure maps, passport scans, credit card statements, password files, budgets…. How would you like it if your computer was stolen or broken into and all of that information was available to the bad guys?
There are 2 schools of thought when encrypting files:
Encrypt the entire drive – it takes longer initially, but it’s easier in the long run
Just encrypt what you need to encrypt, it’s quicker and stealthier
It’s up to you which model you believe fits you. For this page’s purposes, we will build an encrypted virtual drive for just the files you want to keep secret – model #2. This is because it is quicker and because it is the more likely scenario for our readers.
Download the appropriate installation package and run it:
Don’t forget to download the TrueCrypt User Guide. It’s quite long, so I wouldn’t recommend reading it except as a reference.
Setup a Virtual Hard Drive with TrueCrypt
Setting up a Virtual Hard Disk Drive (VHDD) with TrueCrypt is easy:
Run the program. You’ll see this screen. Choose a drive letter and select Create Volume. This will start the Volume Creation Wizard, a step-by-step guide to building your own VHDD.
The wizard will ask you what you want to create. For this exercise we will choose the first option, Create an encrypted container. When we’re done, we’ll have a simple file that TrueCrypt can mount as a VHDD. You would choose option 2 if you want to encrypt an entire drive such as an SD card or USB stick.
For Volume Type we’ll choose Standard. You can learn more about hidden volumes on your own.
Choose a location. Simply tell TrueCrypt the name of the file you want to create, and where it should create it. I chose something very simple, you might elect to put the file somewhere a lot more obscure to make it harder for bad guys to find. Note that the file can be named anything – you can disguise your TrueCrypt volume by calling it something very boring like “2011 Vacation Slideshow.mpg” or “trc89a.dll” and putting it in a buried folder.
For encryption options I recommend selecting the AES algorithm for encryption and the SHA-512 algorithm for the hash. You can choose whatever you want, but if you choose something different make sure you understand the advantages and disadvantages of going with something less standard.
Now you simply need to choose how big you want your VHDD to be. You can’t make it bigger than your existing hard drive, obviously. One way to pick a good size is to survey the existing files that you want to put in there, then double that capacity. Or just pick a number. Note that the larger the volume size, the longer it will take to prepare the volume.
Volume Password – here’s where you need a really good password such as one created according to the rules presented in my eBook, Your Password Sucks. Assuming you’ve followed all the steps in that book, you can also use your password manager to generate a good password for your TrueCrypt volume, but then you will need internet access every time you want to access your TrueCrypt volume. Perhaps a good compromise is to create a good password yourself, and then store it in your password manager. If none of this makes sense, please get my eBook – good passwords are way more important than setting up TrueCrypt if you ask me.
Volume Format – This is kind of fun. There’s nothing to do here except move your mouse around a lot. As you move your mouse, you create “random” data that helps with generating the cryptographic key for your TrueCrypt volume. You can move your mouse a little or a lot. The more the better. When you think you’ve had enough mouse jiggling, click Format.
Use a Virtual Hard Drive with TrueCrypt
After you have your VHDD setup with TrueCrypt, it’s time to use it:
Back on the home screen, choose a drive letter, then click Select File
Find your TrueCrypt volume and open it. Click on the Mount button when you see your file displayed. I recommend clicking the Never Save History checkbox. If it’s not checked, you’ll get the convenience of not having to search for your TrueCrypt volume ever again, but so will the bad guys.
Enter the password you used when you created the volume. Do not cache passwords and keyfiles in memory for industrious hackers to get. If your password is particularly complicated, and you are 100% certain that there are no cameras or wandering eyes watching you, it’s OK to check Display Password.
That’s it! The file you created in the previous set of steps is now an encrypted virtual hard disk drive.
In my example I can now use File Explorer to copy files back and forth to the T:\ drive just as if it were a real hard drive. But anything that gets copied to T:\ is actually encrypted within that volume file and is completely inaccessible after the virtual drive is dismounted. After clicking the Dismount button, the drive “disappears” – nobody can access your files without knowing the password! (Of course the data doesn’t really vanish. It’s available any time you want to remount)
Things to watch out for
TrueCrypt is not perfect. Here are a few things to watch out for:
Unmount your virtual drive when you are done. It is unlikely that you need the data on it all the time. Keep it away from prying network bad guys whenever it’s not in use. Do not Auto-Mount anything unless you really use the encrypted data all of the time.
Be aware that just like a regular hard disk, your VHDD size does not grow automatically. If you created a 5GB VHDD during the setup, that’s all the space you get. Luckily if you need more space you can just create a new, larger TrueCrypt volume and transfer files over. I’ve had to do this.
Something very annoying about TrueCrypt is that the timestamp on the TrueCrypt Volume file does not change. You can write files onto your VHDD for years, and the volume file will still show the date you created it. This can help to further disguise your volume file as uninteresting, but it can be problematic for automatic backup programs. As a precaution, make sure to manually backup that volume file. Either that or have your TrueCrypt Volume file mounted when you perform your backups. Inside a VHDD timestamps are well maintained
TrueCrypt is open source code. This means anyone can download the source code and look to see how it works. The license file stipulates that you cannot modify the source code, but since the original coder is anonymous it will be hard for him to sue.
In 2014 some well-known cryptographers and programmers began an audit of the TrueCrypt source code and found only a few very minor things that could cause some security vulnerabilities in some extremely limited circumstances, none of which any ordinary user will encounter. The anonymous Truecrypt author(s) panicked and strangely abandoned the project on their website. The audit concluded in 2015 still finding only extremely minor issues.
This is great news – TrueCrypt is officially deemed safe to use!!! Especially since no other hard disk encryption solution has been publicly audited like this.