Encrypt Data Across Multiple Operating Systems Using TrueCrypt
Data encryption and security is a serious concern for business and personal computer use. TrueCrypt is free data encryption software that can encrypt volumes on either an individual partition or an entire storage device. It is supported on Windows 7, Vista, XP, Mac OS X and Linux.
In TrueCrypt, there are three different options for Volume Creation.The first option is to create an encrypted file which can be mounted and used as a drive. The file created by using this method can be copied and emailed or moved to a different space and still retain its encryption. The second option is to encrypt a non-system partition or drive like a flash drive or other external storage device. The last option is the same as the second option except it requires the user to enter a password before the OS boots to fully protect the encrypted files. This option can only encrypt Windows XP, 2003, 2008, Vista and Windows 7 operating systems.
Once a user chooses which TrueCrypt Volume to use, there are two more options: standard or hidden. Standard is very basic and only requires one password. Hidden TrueCrypt volume requires two passwords, one for the hidden partition and another for the non-hidden partition. The only downside to using a hidden partition is if the user fills all of the space on the non-hidden partition, the space on the hidden partition will be overwritten to make space for the non-hidden partition. However, this can be prevented by using the mount option “Protect hidden volume against damage caused by writing to outer volume.”
TrueCrypt uses three different encryption algorithms with five different combinations available. The three algorithms used are AES, Serpent and Twofish. Each encryption can be benchmarked and tested to see which is the right option for your needs. Any option with AES is a good choice because AES is the standard encryption used by the US Federal government, the NSA and the National Institute of Standards and Technology (NIST) among a number of other corporations. Version 7.0 introduced hardware-accelerated AES which takes advantage of Intel’s Westmere-based processors new set of instructions that provide over three times the encryption and decryption rate of AES.
TrueCrypt currently uses the XTS mode which is more secure than Cipher-block chaining (CBC) mode. XTS is based on Xor-Encrypt-Xor (XEX) with a Tweaked CodeBook (TCB) and CipherText Stealing (CTS). The NIST recommended XTS-AES mode for confidentiality on storage devices in a special report from January of 2010. In that report the organization says
“The XTS-AES mode provides confidentiality for the protected data. Authentication is not provided, because the P1619 Task Group designed XTS-AES to provide encryption without data expansion, so alternative cryptographic methods that incorporate an authentication tag are precluded. In the absence of authentication or access control, XTS-AES provides more protection than the other approved confidentiality-only modes against unauthorized manipulation of the encrypted data.”
The crypto hash functions used by TrueCrypt are RIPEMD-160, SHA-512 and Whirlpool. RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a 160-bit message digest algorithm developed in Leuven, Belgium. SHA-512 was designed by the National Security Agency (NSA) and published in 2001 by the NIST as part of SHA-2 set of cryptographic hash functions. Whirlpool was designed by Vincent Rijmen (co-creator of AES) and Paulo S. L. M. Barreto. Out of the three, SHA-512 seems to be the most popular hash function.
TrueCrypt can also protect your files without requiring the use of a password by using keyfiles. A user can chose to use keyfiles in combination with a password or just one or the other. The keyfile could be security tokens, smart cards, a generated file or a random file off the computer such as an mp3 file. You can select more than one file to be used as your keyfile. If you have multiple keyfiles, the order doesn’t matter. Using keyfiles is beneficial in defending against brute-force attacks on a password.
Another great feature of TrueCrypt is the creation of a rescue disk. Once a user encrypts a system partition or drive, TrueCrypt requires that you create a TrueCrypt Rescue Disk. This assists the user in repairing the boot loader if it gets damaged or data is corrupted. It’s a good idea to always make a rescue disk because you never know what can happen once your data is encrypted and this system allows you to retrieve some data so all is not lost if a hard drive goes bad or is infected with malware.
The process to un-encrypt your files, partition or drive is a simple one. First you need to locate the encrypted volume. Next select the drive you want it mounted as. Then type your password and/or use your keyfiles and click “Mount.” When you’re finished, the file that is written to the drive will be encrypted on-the-file. If you have an OS encrypted partition or drive you can only un-encrypt at boot up or from a rescue disk.
TrueCrypt is a great piece of free software that works across multiple OS. The feature that I found to stand out the most was the encrypted file container. TrueCrypt just might give Bitlocker and other disk encryption software a run for their money.