TrueCrypt - One Of the Best File System Encryption Tools For Windows Vista

TrueCrypt - One Of the Best File System Encryption Tools For Windows Vista
Page content

Introduction to TrueCrypt

TrueCrypt is a free, open-source disk encryption software application. Encryption (as well as decryption) falls in the domain of cryptographic technology. According to Wikipedia, encryption is the process of transforming information using an algorithm to an unreadable form accessible only to those who possess the security keys. The consequence of the procedure is encrypted information and its reverse process is known as decryption, i.e. converting the encrypted information back into a readable state.

There are two kinds of data on which encryption processes can be applied.

  1. Data at rest, such as files on a hard disk or USB flash drives, operating system data, etc..

There have been numerous incidents where confidential data such as personal records on disks have been exposed through loss or theft of laptops and backup drives. Encryption is definitely required in such scenarios if physical security measures fail.

2. Data in transit i.e. data being transferred via networks such as internet, mobile phones, ATM’s, Bluetooth devices etc.

Data in transit can also be intercepted since it is extremely difficult to physically secure access to all networks, so its encryption is also mandatory.

TrueCrypt is software that encrypts data at rest (be it the data on hard disk or removable storage devices). It is compatible with all OS including Windows Vista/ XP, Mac OS X and Linux.

Why is TrueCrypt Most Suitable for Windows Vista?

Windows Vista (business as well as ultimate edition) has two built-in disk- encryption features.

  1. NTFS on- disk, file- level encryption

NTFS encryption is also supported by all versions of Windows XP/2000 but its limited capability to encrypt only at the file- level is a great drawback. This kind of encryption fails at places where the entire contents of the disk need to be encrypted.

  1. BitLocker encryption

It’s an on- the- fly encryption system that encrypts the system disk (including all user files) as well as OS executables and boot files. It saves only the data on the system’s hard disk but it doesn’t protect the data on auxiliary/ removable drives.

To overcome these limitations of the built- in encryption techniques effectively and to save all type of ‘data at rest’, a third- party solution is required. This solution is provided by TrueCrypt which is free i.e. it’s available free of cost and open- source i.e. its C++ implementation is also available to everyone and liable to change.

Salient Features Of TrueCrypt

Truecrypt is meant for establishing and keeping an on- the- fly encrypted data storage device. On- the- fly encryption means that data is automatically encrypted/ decrypted before it is loaded or saved in the memory without the need of any user intervention. This does not mean that the whole file that is to be encrypted/ decrypted must be stored in RAM before it can be converted. No extra memory is required for TrueCrypt.

Let’s suppose that there is an .avi video file stored on a TrueCrypt volume. The user provides the correct password (and/or keyfile) and opens the TrueCrypt volume. When the user opens the video file, the OS launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it in RAM. The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading next small portion of the video file from the TrueCrypt-encrypted volume to RAM and the process repeats. This process of ciphering/ deciphering in chunks is called on-the-fly encryption/decryption and it works for all file types.

Continue reading on Page 2

Continued From Page 1

TrueCrypt does not allow any data on the encrypted volume to be accessed decrypted without providing the correct password or keyfile(s) or combination of both. The entire file system i.e. files and folder names and the contents of each file, Meta data as well as the free space become encrypted. TrueCrypt works by creating encrypted volumes either from an entire physical drive or a partition or by converting a single user file into an encrypted virtual disk.

It uses encryption algorithms such as 256- bit AES, Serpent, Twofish or cascaded combination of the these and hash algorithms such as Whirlpool, RIPEMD- 160, SHA-1. In case the correct password is not provided, data on the encrypted volume is not distinguishable from the random data. There is nothing to differentiate an encrypted TrueCrypt volume from regular data. The encrypted volume has no specific header or identifying parameters and a virtual TrueCrypt volume file does not have a particular extension.

Windows views and treats the encrypted volume in the same manner as it views the regular file system. All operations that are performed on the regular one can be performed on the encrypted one. Files are copied to and from the mounted TrueCrypt volume the same way we copy to/from a regular disk.

High Level Security Features Supported By TrueCrypt

TrueCrypt supports a number of other high-security features that are optional but useful, such as:

Key files

A keyfile is any file, a piece of text, an image, an .MP3 file, etc, that TrueCrypt combines with the password supplied to decrypt a particular volume. Without the correct keyfile and the password, the volume cannot be decrypted. Key files can be combined with other security techniques e.g. if you have a keyfile that’s stored on a BitLocker-encrypted boot volume (or even in another TrueCrypt volume), then the TrueCrypt volume can only be accessed if someone also has access to the BitLocker volume. This is applicable even if the TrueCrypt volume is stored on another removable drive or another partition.

Hidden volumes

Hidden volumes let you to mount two different partitions within a defined TrueCrypt volume, that is, a regular one, revealed by default when a password is provided, and a 2nd one that is not detectable and also is hid with a different password. This feature is designed to strengthen the security for the end user; a certain amount of less- significant information can be placed in the outer volume preventing the sensitive information on the inner volume even if the administrator is asked to reveal the main password.

Vista- specific features in Version.4.3

The latest revision of TrueCrypt open source disk encryption fully supports Windows Vista, including User Account Control (UAC), so TrueCrypt will run as a regular user without balking. Only an administrator is allowed to install TrueCrypt on a given Vista system.

Traveler Mode

This allows the user to put a runtime copy of TrueCrypt on a detachable drive and run it on Windows systems on which TrueCrypt is not installed. TrueCrypt comes with a wizard that helps in automating this process, moreover, by it, this becomes possible for the volume to mount itself (using the correct password) when the volume in question is inserted. Traveler mode can’t be used in Vista unless an account is being managed with administrative privileges.

Support for encrypting entire physical devices

If chosen, an entire unpartitioned physical device i.e. a hard drive or a flash drive can be taken as a TrueCrypt volume for maximum security. This may consume a lot of time, depending on the size of the volume. Mounting a partition or device as an encrypted volume (instead of a file) also makes it more difficult for an attacker to reverse-engineer information that might be stored on the volume if NTFS was being used.

Drawbacks in TrueCrypt

One major way in which the protected data can be leaked out is through the paging/hibernation files. If unencrypted data is written from memory to either the paging or hibernation files, it could be analyzed by a third party if the volume they are writing to is not encrypted. However, if TrueCrypt is used in conjunction with a BitLocker boot volume, this should reduce the total attack surface since any decrypted data that might be written “in the clear” would typically just be written to the BitLocker volume.

TrueCrypt Reviewed

To find out more about TrueCrypt, be sure to read our detailed review: TrueCrypt: A Free, Effective Way To Protect Mobile Data.