OCS banner and logo
Keeping clients' computers safe and profitable for over 25 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Using Truecrypt

If there is information on your computer that you want to keep secret Truecrypt is the solution I normally recommend. I'm not talking about just passwords and credit card numbers and bank accounts. I recommend Keepass for that. I'm talking about employee records, confidential client information, accounting you want secret, or your backup.

I recommend that most of my clients call me in to discuss this issue and have me set it up for you. However, for those of you who are do it yourselfers and for those who are computer consultants yourselves, this should be useful.

Sometimes the program you are using actually has good encryption and you can safely use the program's built in encryption. Obviously Keepass is an example. I keep my client work orders in Treepad business which uses the excellent 256 bit TwoFish encryption and is completely secure. Quickbooks however, does not have good encryption, so the encryption they use can only be acceptable to keep out casual people who don't really want to get into the data. If a program doesn't explain how they encrypt data, then it is probably weak encryption.

Truecrypt uses fantastically good encryption. If you have a good password, no one in the world can decrypt your files. Truecrypt can be used in many ways, including full disk encryption. I'll cover the most common scenarios I setup for clients.

Scenario 1. A small amount of total information, occasional access.

By a small amount, I mean perhaps 1,000 typed pages, and a few spreadsheets, or the books for a single company that isn't too extensive. All of which can fit into 100 Megabytes of hard drive space. This must include the automatic backup copies made by the software. So, if you have a 25 megabyte Quicken file, and you want to keep 3 automatic backups, you'll consume 100 megabytes of space. By occasional access, I mean once a week or so. If this is the situation, making a Truecrypt File Vault is a good solution.

A Truecrypt vault is a single file that you create and is filled with random data. The vault appears to be a single file but the contents are unreadable. I recommend you make it about 3 times as large as you think you'll need. However, because a small change will change the complete file, whenever you add to, or change this file, you'll have to backup the whole thing, so I recommend you keep it under 1 Gigabyte and I try to keep it under 500 Megabytes.

Once the file is created, you will access it by running Truecrypt and then "mounting" it as a drive. It will look like a drive to Windows. Then use it as you'd use a normal drive. When you are done, just dismount the Truecrypt volume and the "drive" will disappear and you'll have a simple file which can be backed up, but which will be inaccessible without Truecrypt and your password.

I've made a demonstration YouTube Video.

Scenario 2. Much more data and frequent access. The concern is not someone coming into the company and accessing it, but protecting it from theft. What happens if they steal the computer?

In this case, I recommend partitioning your hard drive into a C drive with the operating system on it and also a D drive for data. Sometimes this can be done with a smaller SSD drive for the operating system and programs, and then another drive to store your data on. In this case you can encrypt the entire D drive or the entire partition to be used for data. With this system, you will set Truecrypt to force you to login whenever you start Windows. The partition will remain in effect and appear as a normal drive until you logout or reboot.

As I've set it up above, unless I logoff or shutdown, the drive remains open and accessible, so there is no protection. However, if I logoff, or shutdown or reboot, then the data will be secure. By checking the Dismount all when: screen saver is launched option, you would need to mount with the password whenever the screen saver was enabled. In the setup above, I'm not worried about people sitting at my desk and looking, I'm worried about someone stealing the computer and then booting up somewhere else.

Scenario 3: I want to protect my backup drive.

This scenario is the same as 2, but with an external drive.

Scenario 4. A transportable Flash drive with protection for the data on it.

You can create a volume (as in scenario 1) above for part of your flash drive or usb hard drive. Now you have a large encrypted file on your flash drive. Then have Truecrypt copy a portable version of Truecrypt to the drive. This will allow you to access this encrypted data from any Windows machine even if Truecrypt is not installed on it.

This completes my outline of four ways to use Truecrypt to solve security issues. I'll be happy to consult with you regarding your own issues and how Truecrypt, or some other solution, could be used by you.

Date: June 2013

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster