TrueCrypt 5.1: Open Source File and Device Encryption Goodness

TrueCrypt is an amazing free Open Source encryption tool that lets you work with encrypted files and folders as if they were simply an attached drive. It is a multiplatform application that has been available for Linux and Microsoft Windows for a while now. It became available for Mac OS X this year with the release of version 5.0. File and folder structures are stored in a single encrypted file. These files can be used on any platform. You could, for example, copy an encrypted file from your Mac's hard drive to a conventional USB Flash Drive formatted as FAT (Windows File Alloation Table) and use it from a computer running Linux or Microsoft Windows. Naturally, these other computers must also be running TrueCrypt too.

I think the easiest way to understand how TrueCrypt works is to briefly describe how to use it. Its website is found at...

http://www.truecrypt.org/

The 5.0 release had different versions for PowerPC and Intel Macs. However, the 5.1 release appears to have a single Universal binary available. There are, however, separate downloads for Tiger and Leopard users. I'm using the Leopard version. The DMG file is a relatively small 4.6MB. So, you could easily carry it along with your encrypted file for use on another computer.

The TrueCrypt Volume Creation Wizard takes you through the painless process of creating an encrypted container file to safely store your files and folders. You only need to make a few decisions to get started. Three important early decisions are what to name the file, what kind of encryption you want to use, and how large the container file should be.

You can name the file anything you want. You could name it something obvious like MySecretStuff.tc (tc is the filename suffix that TrueCrypt automatically recognizes) or something not so obvious like tempfile1. I don't claim any special knowledge in encryption variants. So, you might want to do some research if you are picky about that sort of thing. My assumption is that the TrueCrypt developers are a smart group and basically chose a bunch of good encryption algorithms that you can choose from. In other words, they are all pretty good.

The container file size is, again, totally up to you. In fact, starting with the release of TrueCrypt 5.0, a new feature allows you to encrypt an entire device. This means you could, for example, encrypt an entire USB Flash Drive or external hard drive. I'm a little leary of encrypting an entire boot drive on my Mac, Linux box, or Windows PC.

One of the more amusing and very important steps in creating the encrypted container is illustrated in this second screen cap. You literally need to randomly move your mouse (or finger on a touch pad) around for a while to increase cryptographic strength before actually formatting the container.

As you can see in the third screen cap, you can have more than one encrypted TrueCrypt container mounted at the same time.

These mounted containers show up on your desktop as ordinary looking drives. You can work with these mounted devices just like you would with any physical storage device such as a USB Flash Drive or USB/Firewire external hard drive. You can copy files between your hard drive and the TrueCrypt drive, delete files on the TrueCrypt drive, rename files, edit files, etc.

Once you dismount the drive or turn off TrueCrypt, the files in the container are safely encrypted and essentially invisible to anyone else.

TrueCrypt provides the amazing combination of strong crytographic strength, plausible deniablity (arbitrary file naming), and simplicity of use. The simplicity of use is what really makes it valuable. It is so easy to use (while being very secure) that nearly anyone can easily use it on a daily basis without feeling like it is a chore or burden. Its price - FREE - and its ability to work on Linux, Mac OS X, and Windows only adds to its potential value. I've been recommending it to everyone I know since learning about it back in 2006. So, give it a try. You might find it useful too.

One of my favorite podcasts, Security Now, dedicated two full episodes to TrueCrypt. I highly recommend listening to these two episodes or reading the text transcripts to get more detailed information about TrueCrypt.

Security Now 41: Truecrypt - May 26, 2006

Security Now 133: TrueCrypt 5 Feb. 28, 2008