|
File Encryption Revisited TrueCrypt
by Alan German
I recently
obtained a new laptop computer which, of course, runs
Windows Vista. Now, no doubt you have heard that this is
a locked-down operating system, and permission is
demanded by the User Account Control system to do just
about anything. Well, that might be a little overstated,
but it certainly wasn't long before I hit a Vista
roadblock in trying to install my old utility programs on
the new machine.
In particular, one program that I use quite regularly,
Cryptext, my tried-and-true file encryption utility (http://opcug.ca/Reviews/cryptxt.htm), couldn't install itself under
Vista. The installation routine was trying to unpack DLL
files into the Windows' system area and Vista wasn't
having any of that. No request for authorization; it just
simply refused to allow the files to be copied to disk.
And, that was probably only going to be the first little
snag. Cryptext also hooks itself into Windows Explorer so
that both the encrypt and decrypt options are available
at the click of the right-mouse button for the file
system being displayed. Without a doubt, Vista wouldn't
have thought much of that process either a foreign
program linking itself to a system utility I don't
think so! So, it was evidently time to seek out a new
encryption program, one that is compatible with Vista.
A little surfing revealed reviews of a number of
candidate products at PC World's web site (http://www.pcworld.com/browse/1445/topic.html?page=1). One of these Truecrypt
was both free and open-source. Now, that's often
my kind of utility program. And, the description made it
seem like the ideal package for my purpose, an
encryption program that lets you place files and
folders in 'safes' of any size.
Basically, the program lets you create a secure
volume, actually an encrypted file, that can
be almost any size (minimum of 19 KB for FAT, 2.5 MB for
NTFS). TrueCrypt volumes can apparently be up to
8,589,934,592 GB but, personally, I can't count that
high! Once created, the volume is mounted as
a logical disk, with any previously unused drive letter.
Files, or even whole directories, can then be dragged
onto the new drive, or retrieved from the drive, with
TrueCrypt encrypting or decrypting the information
on-the-fly.
TrueCrypt offers (to me) a bewildering array of
encryption options, including the Advanced Encryption
Standard (AES) using 14 rounds and a 256-bit key, and
Blowfish with 16 rounds and a 448-bit key. There is also
a choice of the Whirlpool (512 bits), SHA-1 (160 bits),
or RIPEMD-160 (160 bits) hash algorithms that are
evidently part of creating master and secondary
encryption keys. I have no idea what all of these are,
but all those big numbers sound really good! Anyway, all
I want is a password- protected data vault to hold a few
files on my backup USB memory stick just in case I
lose it so just about any degree of security is
fine.
And, those capabilities are precisely what Truecrypt
provides. A wizard guides you through the process of
creating a new volume: selecting a file and location,
choosing the encryption and hash algorithms, specifying
the volume size, assigning a password (with dire warnings
if, like me, you choose a short password),
and formatting the volume based on a sequence of random
numbers. Then, it's simply a process of selecting an
unused drive letter from a list and clicking on the Mount
button. The logical drive just created shows up in
Windows Explorer, and files can be dragged and dropped to
and from the secure volume.
Once the volume is dismounted, the result is a single
encrypted file occupying the maximum disk space size
assigned. A little consideration should be given,
therefore, when determining the size of volume to be
created. The good news is that this file can be readily
copied or moved between disks so it does make a very
useful container for backup of a group of
sensitive files. Truecrypt must be running in
order to re-mount the volume, and the program will prompt
you for the assigned password before opening a new
logical drive. So, don't forget your password, or your
sensitive files will remain really secure!
The basic
program operation outlined here, together with a number
of additional program options, is more fully described in
a comprehensive, 105-page (PDF) User's Guide. The text
includes information on the encryption and hash
algorithms and, if you are really paranoid about
security, indicates a means of completely hiding an
encrypted volume inside a second encrypted volume. More
information is available on the program's web site,
including an extensive list of frequently asked questions
(FAQ), and several discussion forums.
So, if you need a file encryption utility, Truecrypt will
run under Windows Vista, XP and 2000. There's even a
version for Linux. Set up your encrypted volume, store
your sensitive files but, don't forget your
password!
Bottom Line:
TrueCrypt (Open-source)
Version 4.3a
TrueCryptFoundation
http://www.truecrypt.org/
Originally published: June, 2007
top of page
|
Archived Reviews
A-J
K-Q
R-Z
The opinions expressed in these reviews
do not necessarily represent the views of the
Ottawa PC Users' Group or its members.
|