SEARCH

How-To Geek

Getting Started with TrueCrypt (to Secure Your Data)

BitLocker is a hard drive encryption utility in Windows 7 and Vista, unfortunately it’s only available in Ultimate and Enterprise editions and not in XP at all. Today we take a look at TrueCrypt, which is a free utility that will enable encryption functionality to other versions.  

TrueCrypt

TrueCrypt is a free Open Source disk encryption utility that works with Windows, Mac, and Linux. It allows you to encrypt an entire drive, partition or flash drive and ensure no one can access the data without the right password. It provides on-the-fly encryption and after the drive is encrypted you can continue to use everything like you normally would. 

Installation is straight forward and it’s recommended to create a system restore point before installing.

3-tc  

Click on the Create Volume button to begin setting the disc up for encryption.

15-tc

The entire process is wizard driven which makes it easy to use even for beginners. You can encrypt a virtual disk, removable drive, or an entire system drive. There are a lot more steps than what we show here, but the wizard makes all of your choices easy.

2-tc

You can choose different levels of encryption. There are several types to choose from and each has its unique qualities…but for most users you will be fine with AES.

7-tc

To complete the process you will need to restart the computer.

12-tc

The amount of time it takes to encrypt a hard drive will vary depending on the size and speed of the system. In our test we encrypted an entire 320GB drive and it took about 4 hours.

13-tc

To complete the process a restart is required.

12-tc

Now anytime you start up your PC you will need to log in using the password you created in TrueCrypt.

2-tc

If you’re worried about private or sensitive data being compromised, TrueCrypt is a simple and effective free option. If you have a version of Windows or other OS that doesn’t include BitLocker or another encryption feature, TrueCrypt has you covered. It’s a versatile utility as it can encrypt partitions, VHDs, Flash Drives, or entire hard drive like we showed.

Download TrueCrypt for Windows, Mac, and Linux

Brian Burgess worked in IT for 10 years before pursuing his passion for writing. He's been a tech blogger and journalist for the past seven years, and can be found on his about me page or Google+

  • Published 11/5/09

Comments (16)

  1. Indisent

    Good article. I’ve been using truecrypt for a while now and i love it. I use it to encrypt folders that contain sensitive data.

  2. Alex Leonard

    I’ve just decided to go for Windows 7 Pro on the basis that I can’t seem to actually get a full retail copy of Ultimate (I need a retail copy as I’m in 32/64 bit limbo thanks to certain software apps and have to run 32 bit for a while before I can go fully 64 bit).

    Ultimately the existence of TrueCrypt was the deciding factor as the only advantage Ultimate offered in my eyes was BitLocker.

  3. Roi

    am i going to have to type the password EVERY SINGLE time I boot up my computer??
    Is there any way for it to automatically type it?

  4. Matt

    @Roi

    How would the encryption be of any use if it typed the password for you? People could just log on to your PC and see everything anyway.

  5. Mark

    I have a duel boot laptop with XP and openSUSE .

    If I install TrueCrypt on my XP Machince and encrypt the hard drive will i be able to read the hard drive using openSUSE if i install the program there too and use the same key.

    Would it just be a matter of typing the password before i get the OS boot option.

  6. Tracy

    I don’t get the part about entering my password every time I boot up. Why can’t I just enter a password when I need to access the encrypted folder in question? Why at bootup? I often leave my computer on for a day or two at a time, often unattended. If I enter the password at bootup, that means anytime I walk away from my computer while it’s on anyone can access my encrypted files? I must be missing something here.

  7. lori

    I suspect entering the password in boot time is just for the case when you encrypted the system partition/drive (booting from an encrypted drive would not possible without the password to decrypt).

  8. DON M.

    i have windows 7 and ubuntu 10 on my computer,if i install truecrypt for windows ,will i still be able to use ubuntu?? i also have an EXT. hard drive,will it work ok??

  9. G.J.

    The idea of encrypting the whole partition/volume/disk seems completely moronic. Same with BitLocker.

    The way to go is to use TrueCrypt capabilities of encrypting separate files/folders into containers.

  10. Marshy

    @G.J.

    If you encrypt your whole drive, you no longer have to worry about having or managing separate files and folders to encrypt, and having different passwords to remember for each (unless you use the same pw on all, which is not a good idea).

    Additionally, all you files are then automatically encrypted, so you don’t need to worry where they are. Even your hibernation file is encrypted. There’s no performance hit, and you just need one password.

    I have been using full encryption for several years now, on XP, Vista and now Windows 7, and it runs fine. I additionally have some external USB drives that are also fully encrypted, and I mount those from within my system drive using a script. I don’t need to worry about the embedded password in the script, because no matter where the script lives on the drive, it is always encrypted.

    Basically if you’re going for encryption, you have a healthy amount of paranoia — you might as well go the whole way.

    @howtogeek: love your site!!

  11. Pai

    @Marshy
    “Basically if you’re going for encryption, you have a healthy amount of paranoia — you might as well go the whole way.”
    you just made my day ^^

    @everyone else who doesn’t want to type in a password every time
    There is also the option to use a File stored on a USB Drive as a Loginkey for more information go here:
    http://www.truecrypt.org/docs/?s=keyfiles

  12. mountain techs

    if you encrypt the whole system, or drive, so that you must authorize or log on to boot, then isn’t every encryted file on your drive available to be hacked while you or logged in? I dont understand this, I may like to create just one folder to encrypt for sensitive stuff. If I use this in conjuction with a briefcase on a jump drive, will it mirror the encrypted files, and thus work with the same password? or would a seperate crypt folder (and password) be needed on each PC? Where is there a more complete article about encrypting?

    Thankyou,
    Ken

  13. Parrotlover77

    @mountain techs – If your PC is on, presumably you also have a logon username/password preventing attackers from getting the info from your booted (and decrypted) live session. What full drive encryption protects is the removal of your hard drive from your PC, not the live booted session. A locked screen with a password prompt is the usual way to protect a booted session. And it’s more than sufficient if you have a strong password and lockout policy enabled that prevents brute force attacks on the logon.

    If your HD is not encrypted, getting around a logon password is as easy shutting off your computer and removing the drive and mounting it on a system the attacker has. All the permissions on all the folders are then meaningless, and they have full access.

    If you have a TPM and BitLocker or a USB key (that you remove after booting and keep on your person) and TrueCrypt or whatever else, you don’t have to type a password AND you get the same safety as when the computer shuts down to remove the HD, the attacker loses all access. The attacker then needs to brute force decrypt. Using TPM or a generated key makes this nearly impossible because the key length will be so long, it will take hundreds to millions of years to brute force decrypt it.

    Using a only password on full HD encryption makes brute-forcing easier because you will likely find many passwords with words from the dictionary with maybe a few numbers or symbols splashed around. The way to make your password secure, but still memorable, is to just make it very long (10 to 12 characters, or longer). Of course, the key-based password is still stronger, but a password that is in your head isn’t subject to you forgetting to remove the usb key.

    A TPM with a password (even a short one) is probably the most secure you can get. Windows 7 with BitLocker using TPM and a short PIN is incredibly difficult to crack to the point of it being practically impossible. Even exotic cracking involving reading recently powered down RAM with incredibly expensive equipment that attackers don’t usually have (but security researchers do), can’t be cracked with that method. I’m a big fan of TPMs.

    But if you don’t have one, just make sure you are smart about your key. Don’t leave your usb key in your computer except when booting it. Keep it somewhere fairly difficult for others to obtain — for example on your keychain in your pocket, NOT in your laptop bag! BACKUP your key. With the USB key on your person all the time, it’s going to get beat up and eventually fail. Use a password too, or in lieu of your USB key, but make it strong. Your password is never as clever as you think it is, so always take it one step further. And, never, ever, write down your password. If you can’t remember it, you aren’t being smart about choosing it.

  14. galactusx

    So I guess you dupes don’t lock the front doors on your houses even though you have one…you just lock the closet? All the whining about having type a password at boot..not being able to walk away from your booted up computer etc. sounds like typical morons that don’t bother to read a manual or a website. TrueCrypt is a friggin’ gift to society and you people sound like a bunch of monkeys that don’t know what that shiny thing is that they just threw in your cage. You can and should use both system AND file folder encryption to be totally safe. If you can’t be bothered with reading and putting in a password then you don’t deserve to be protected…might as well sit in your unlocked homes in the closet…duh.

  15. Tom

    Hey,

    Just installed TrueCrypt on an XP SP3 desktop with intend of encrypting the whole system.
    The whole installation process went smooth including getting the ISOimage burned to a cd.

    Upon reboot I am, as expected, promted for my password – However there is NO input from the keyboard (wireless). I have tried to connect a cabled USB-keyboard both prior to start up and after….however with no effect.

    Due to missing input I can not enter set-up or boot manager.

    Now, how do I get back into my system?!? (naturally I do have the password)

  16. Richard Hall

    I recently purchases a DEll laptop Windows 7 pro with a 64 bit.
    I am required ot have full disk encryption.
    Started with PGP Full disk encryption. Initially system locke dup as the version I was given didn’t work with lastest Intel hardware. Needed a recovery disk in order to booot the compter and change the version. Multiple problems caused me to uninstal PGP. Very unhappy indeed.
    Tehn upgraded to Ultimate to use bit locker and foudn I did not have a TPM and so couldn’t use Bitlocker.
    I will now try TrueCrypt. Does it have the ability to create a recovery disk first? Are there any know compatibility issues withteh latest Intel hardware and Windows 7.

Enter Your Email Here to Get Access for Free:

Go check your email!