Data at Rest Remains Secure With TrueCrypt - Page 2

Protecting data in motion is only part of the security puzzle. What about data that's sitting on a hard drive or thumb drive? TrueCrypt brings strong encryption to data at rest.

 By Paul Rubens
Page 2 of 2   |  Back to Page 1
Print Article

Using the Encrypted Container

Once you’ve created your container, it simply appears as a file in Windows Explorer. To use it as a virtual drive, you’ll first need to mount it. To do this, go back to the main TrueCrypt window, click on the Select File… button, and choose the file which is your encrypted container. You can also select a drive letter to mount it to, or let TrueCrypt choose an unused drive letter for you.

You’ll then be asked to supply your password (and keyfile if used), and after a second or two your encrypted volume will appear in Windows Explorer as a Local Disk (in this case P:) which you can use to store anything you like. Any files saved to this disk or dragged onto it will be encrypted automatically.

When you have finished with the virtual drive you can click the Dismount button in the TrueCrypt window, or the drive will dismount automatically when you shut down the computer.

Traveller Mode

Encrypted containers can be moved from one computer to another, and the virtual disks they contain can then be mounted as long as the computer has TrueCrypt installed. To make it more convenient to move USB drives or optical disks containing encrypted containers between Windows machines which may not have TrueCrypt installed, the Windows version of TrueCrypt enables the creation of a Traveller Disk.

Accessed from the Tools menu on the main TrueCrypt window, the Traveller Disk Setup option allows you to install the files needed to run TrueCrypt directly from the removable media, without needing to install anything on a Windows computer it is attached to. You can also specify that the virtual disk should automatically mount when the media is inserted into a computer (as long as the correct password and keyfile - if applicable - are supplied.)

TrueCrypt includes many other features - such as the ability to have a hidden volume within an encrypted volume - which are beyond the scope of this article.

The biggest difference between TrueCrypt and BitLocker - and commercial disk encryption products such as CheckPoint, PGP, Safeboot or Utimaco - is that TrueCrypt doesn’t include any key management system. That means that if you forget your password or lose access to your keyfile, you won’t be able to access the encrypted data ever again. By contrast BitLocker keys, for example, can be stored in an Active Directory database by default when they are created so that users who forget their keys can retrieve them. But if the lack of key management is not important to you then as a simple way to secure your data using strong encryption, on multiple platforms, TrueCrypt is very hard to beat.

This article was originally published on Jan 21, 2009
Get the Latest Scoop with Networking Update Newsletter