Monday, February 21, 2011

Quick Tip - Whole Disk Encryption

Today I wanted to give a quick tip about adding encryption to your whole harddrive, not just independent files. This is important for portable devices that hold low level sensitive data, like your search history, saved passwords, or just scattered files that are too many to round up and encrypt.

I'm going to focus on TrueCrypt because it is open-source and works on all the popular operating systems: Linux, Windows (NT based), and Mac OSX. TrueCrypt works by encrypting on-the-fly so that your harddrive stays encrypted even while in use and files are only decrypted as needed then encrypted again. You can encrypt virtual disks on the harddrive, the entire harddrive or thumb drive.



A really interesting feature I like about TrueCrypt is the ability to make a fake partition with a throw away password so that if you are somehow compromised and have to give up the password you can give them the throw away password and unlock a partition with less important data on it.

I personally use it on my thumb drives because I tend to drop them a lot. Instead of repeating the well done walk-through for installing TrueCrypt, I'll let their documentation do the work for me. Take a look at the documentation here.

Once you have say a thumb drive encrypted you will see it show up as a CD on your computer until you run TrueCrypt and mount the disk with your password. Only then does it even show up as being a thumb drive. It is extra steps to get to your files, but after you get used to mounting it it really is easy to use. Especially since it is all done on-the-fly you don't have to wait around for encryption and decryption of the entire disk every time, just file by file on demand.



What is most important though is picking a strong password, because that is the weakest point in your encryption armor. If you need pointers on choosing a strong password see my other post Quick Tip - Passwords. Make sure to make it memorable and if needed write down clues to your password while you are still memorizing it, but never write down the password. Remember, if you forget your password you'll essentially lose everything on the encrypted disk.

Of course, if you think that this is a lot of trouble and not worth your time, you could always purchase one of these thumb drives that come with hardware encrpytion.


10 comments:

  1. Interesting. I should have known it, it would help me with my last gf :D

    ReplyDelete
  2. TrueCrypt is awesome. Keep up the informative posts.

    ReplyDelete
  3. Love truecrypt! Makes it easy to keep your data safe.

    ReplyDelete
  4. Great idea for thumb drives... they get lost SO easily.

    ReplyDelete
  5. i could really use this for uni, i always leave my thumb drive in the computer then people steal them.

    ReplyDelete
  6. What would be the use for a standard user to encrypt their disks?

    ReplyDelete
  7. @Guys I'm Freaking Out!!!!

    The standard user may not need to encrypt all disks, but if you are storing any financial data, like tax information, on a portable disk you may want to encrypt it just in case of theft or lose.

    ReplyDelete
  8. Very secure method. Thank you for the informational post.

    ReplyDelete
  9. Never used that b4. Will have to give a try. Thanx.

    ReplyDelete

Praise me or Flame me, I appreciate the feedback.