SEARCH

How-To Geek

The How-To Geek Guide to Getting Started with TrueCrypt

2012-03-13_153458

If you’re looking for a simple and powerful way to encrypt everything from system drives to backup discs to everything in between, TrueCrypt is an open-source tool that will help you lock up your files. Read on as we show you how to get started.

What Is TrueCrypt and Why Should I Use It?

TrueCrypt is an on-the-fly encryption application that allows you to work with encrypted files as you would work on files located on a regular drive. Without on-the-fly encryption, actively working with encrypted files is an enormous pain and the outcome is usually either that people simply do not encrypt their files or they engage in poor security practices with their encrypted files because of the hassle of decrypting/encrypting them.

How does this play out in real life? Let’s take a look at a simple hypothetical situation. You’re a lawyer (or anyone, for that matter, that works with sensitive information). You have some client files that need to remain absolutely secure. Using a system that does not provide on-the-fly encryption and decryption you’d need to open the encrypted container file, unpack the files you wanted to use (into the insecure operating system), work on them, and then repack them once you had worked with them. To make sure the files were totally secure, you’d then need to secure wipe the space on the drive the unencrypted files had occupied. There are so many points in that process where things can go wrong that’s its not really practical to use such a workflow for anything but static files which will be encrypted and, more or less, permanently archived.

With an on-the-fly system like TrueCrypt you have an encrypted container (or even an entirely encrypted system drive). All the files within the container are encrypted and TrueCrypt, acting as an intermediary, decrypts each file on the fly (in the computer’s memory) so that you may interact with it like a regular file. You simply mount the encrypted volume, work within it, and unmount it. TrueCrypt takes care of everything, keeping the files temporarily in the RAM, sweeping up after itself, and ensuring your files remain uncompromised.

Whether you just want to encrypt a flash drive to store your tax data and personal documents as a safeguard against identity theft or you want to encrypt your entire computer to keep The Man out of your business, TrueCrypt is a comprehensive and easy to use tool.

What Do I Need?

For this tutorial you’ll only need a few simple things:

  • A free copy of TrueCrypt.
  • Administrative access to a computer.

That’s it! You can grab a copy of TrueCrypt for Windows, Linux, or Mac OS X and then settle in at a computer that you have administrative access to (you can’t run TrueCrypt on a limited-privilege/guest account). Have a copy on hand? Great, let’s get started. For this tutorial we’ll be using the Windows version of TrueCrypt and installing it on a Windows 7 machine.

Installing and Configuring TrueCrypt

3-13-2012 3-21-0ff4 PM

The initial installation of TrueCrypt is very straight forward. Run the installation application, accept the user agreement, and then select Install. (The extract option is of interest to those who wish to extract a semi-portable version of TrueCrypt; we will not be covering that method in this beginner’s guide.) You’ll be given a battery of options like “Install for all users” and “Associate .tc file extension with TrueCrypt”. We left all of them checked for the sake of convenience. Once the application finishes installing, navigate to the Start Menu and launch TrueCrypt.

3-13-2012 2-48-51 PM

TrueCrypt will ask you if you’d like to view a tutorial on getting started; since we’re already walking you through the process go ahead and skip the tutorial. You’ll be greeted with a screen that looks like the one above. The very first thing we need to do is create a volume.

Click on the “Create Volume” button. This will launch the Volume Creation Wizard and prompt you to choose one of the follow volume types:

3-13-2012 2-50-18 PM

Volumes can be as simple as a file container you place on a drive or disk or as complex as a whole-disk encryption for your operating system. We’re going to keep things simple for the first section of our TrueCrypt guide and focus on getting you set up with an easy to use local container. Select “Create an encrypted file container”.

Next, the Wizard will ask you if you want the create a Standard or a Hidden volume. Again, for the sake of simplicity, we’re going to skip messing around with Hidden Volumes at this point. This is no way lowers the encryption level or security of the volume we’re creating as a Hidden Volume is simply a method of obfuscating the location of the encrypted volume.

3-13-2012 2-53-56 PM

In the next step we need to pick a name and location for our volume. The only important parameter here is that your host drive have enough space for the volume you with to create (i.e. if you want a 100GB encrypted volume you’d better have a drive with the space to spare). We’re going to throw our encrypted volume on a secondary data drive in our desktop Windows machine.

3-13-2012 2-55-37 PM

Now it’s time to pick your encryption scheme. You really can’t go wrong here. Yes there are a lot of choices, but all of them are extremely solid encrypt schemes and, for practical purposes, interchangeble. In 2008, for example, the FBI spent over a year trying to decrypt the AES encrypted hard drives of a Brazilian banker involved in a financial scam. Even if your data-protection-paranoia extends up the level of acronym agencies with deep pockets and skilled forensics teams, you can rest easy knowing your data is secure.

In the next step, you’ll select the volume size. You can set it in KB, MB, or GB increments. We created a 4.5GB test volume, for no other reason than it fits neatly on a DVD if we wish to burn it for backup purposes.

3-13-2012 2-57-43 PM

Next stop, password generation. See that screenshot? That’s a short password. Short passwords are a bad idea. You should create a password at least 20 characters long. However you can create a strong and memorable password we suggest you do it. A great technique is to use a passphrase instead of a simple password. Here’s an example: In2NDGradeMrsAmerman$aidIWasAGypsy. That’s better than password123 any day.

Before you create the actual volume, the creation Wizard will ask if you intend to store large files. If you intend to store files larger than 4GB within the volume, tell it so—it will tweak the file system to better suite your needs.

3-13-2012 3-00-53 PM

On the Volume Format screen, you’ll need to move your mouse around to generate some random data. While just moving your mouse is sufficient you could always follow in our footsteps—we grabbed our Wacom tablet and drew a picture of Ricky Martin as an extra on Portlandia. How’s that for random? Once you’ve generated enough random goodness, hit the Format button.

Once the format process is complete you’ll be returned to the original TrueCrypt interface. Your volume is now a *.TC file wherever you parked it and ready to be mounted by TrueCrypt.

3-13-2012 3-18-25 PM

Click the “Select File” button and navigate to the directory you stashed your TrueCrypt container in. Because we’re extraordinarily sneaky, or file is in \TrueCrypt\The How-To Geek Super Secret File Dump. Nobody will ever think to look there. Once the file is selected, pick (in the box above) from one of the available drives. We selected Y. Click Mount.

3-13-2012 3-19-00 PM

Enter your password, again we’re going to emphasize our short password. We picked a short one for testing purposes; if you’re smart yours will exceed 20 characters. Click OK.

Let’s go take a look at My Computer and see if our encrypted volume was successfully mounted as a drive:

3-13-2012 3-21-04 PM

Success! One 4.38GB volume of sweet encrypted goodness, just like the kind mom used to make. You can now open the volume and pack it full of all the files you’ve been meaning to keep from prying eyes.

Don’t forget to secure wipe the files once you’ve copied them into the encrypted volume. Regular file system storage is insecure and traces of the files you’ve encrypted will remain behind on the unencrypted disk unless you properly wipe the space. Also, don’t forget to pull up the TrueCrypt interface and “Dismount” the encrypted volume when you aren’t actively using it.


Have a TrueCrypt tip, trick, or super-spy-guy workflow to share? Sound off in the comments with your encryption know-how.

Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on if you'd like.

  • Published 03/13/12

Comments (19)

  1. Huseyin

    Excellent write up. Next, incorporate dropbox/sugarsync, etc..

  2. Jay

    Great article!!! thanks so much guys!

  3. Josh B.

    Hear Hear… now, how about how to encrypt an entire bootable drive in linux?

  4. shekharshekhar3

    Thank you very much. On this site I always find good detailed articles from beginner’s point of view. Going step by step and on each step right suggestion is what a newbie look for. How To Geek Is the best.

  5. darylgriffiths

    How about a How-To for securely sending a file/files (by email or CD/USB stick) to someone who doesn’t have Truecrypt installed AND have it autorun and unencrypt when the correct password is entered – as the recipient is not particularly computer literate?

  6. Banyu

    TrueCrypt another method to hide porn files

  7. Marg

    Once I install TrueCrypt with Admin priviledges can a limited-privilege/guest account run it? My supervisor is convinced this can be done but in all my testing I’m finding it impossible..

  8. Colin

    Only problem with TrueCrypt: You can delete the container that the files are in, it doesn’t matter if they are protected or not they can still be deleted.

  9. bob

    Great read. thank you HTG.
    Can you please write about TruCrypt and Dropbox combo article.
    I’m trying to find a way to use truecrypt on my dropbox.

    thank you,

    Bob.

  10. moin sayed

    Thanks

  11. robert

    Good to know the Guide to Getting Started with TrueCrypt.

  12. Benoît

    I’ve been using truecrypt for a while and I’m really happy with the results!! Good post.

  13. Benoît

    Forgot to mention that the software is running smoothly on Linux!

  14. Arland

    Does truecrypt formats the contents on the host device or only the folder or container(you’ve mentioned)?

  15. jonrichco

    Truecrypt works well. It does annoy me telling me every time I create a container that short passwords are bad. I think that my 8 character password, with different character types is 99.99% ok if not more. HTG could maybe explain why a 20 character password is needed. Can you set up a brute force password cracker in TC as you can for MS Office password protected files? Even if possible, it would take 2287 years to break a 96 charset 8 character password at 100,000 passwords per second (http://lastbit.com/psw.asp). So why do HTG and TA want me to waste my time typing a 20 character password?

  16. Jehanne

    Be sure to disable the Firewire port on your PC and all autoplay options. Choose a 30+ length passphase consisting of upper and lower case letters, numbers and some “special characters” atop the number keys. Also, create a FAT32 (to prevent journaling) hidden file container (even if you are using system encryption) which uses triple cascading encryption along with several obscure keyring files on your PC’s hard drive which you should use with your hidden file container.

  17. BSquared

    Thanks for the great write up! Would you use the above instructions to create a encrypted container on a USB flash drive?

  18. ITJoe

    Great article! Thanks!

    In response to jonrichco:

    Check out this CNN article:
    http://articles.cnn.com/2010-08-20/tech/super.passwords_1_passwords-character-websites?_s=PM:TECH

    and (if you’re interested) the original article from GTRI:
    http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System

    I work IT for a law firm and needed this info for whiny users who didn’t want to have to change their password from their initials to a 12 char complex password (at least one each upper, lower, number, and symbol). The preceding articles are soon two years old. If anyone can find an article with newer research, I would love to read it!

    Thanks,
    Joe

  19. Graham

    A 12-character alphanumeric password being attacked with smart bruteforce involving sequence frequency prioritising will have about 50 effective bits of entropy. That amounts to an average 420,000,000,000,000 tested passwords before it gets cracked. A reasonable scale attack using several high-end GPU-assisted cracking machines could test 1,000,000,000 passwords per second, so that’s 420,000 seconds – less than 5 days.

    Every time you add a character, you multiply the cracking length by about 20.

Enter Your Email Here to Get Access for Free:

Go check your email!