Encrypting an USB Drive with True Crypt

Martin Brinkmann
Mar 1, 2008
Updated • Nov 28, 2012
Encryption, Software
|
19

My last True Crypt guide dates way back and the purchase of my new shiny 500 Megabyte Maxtor USB drive made me think about writing a new guide that takes the changes of the software into account. My old Teac USB drive started to behave weirdly every now and then which I saw as a first sign of reaching the end of its life cycle and since I did not want to take any chances I decided to buy a new drive, encrypt it with True Crypt and transfer all the files from the old device to it.

I don't want to point out all of the valid reasons for encrypting a drive or partition with True Crypt other than pointing out some key elements such as privacy and theft protection.

You obviously need True Crypt for this guide, the latest available version for Windows is 5.0a. Download and install the software as usual and start it afterwards. The main True Crypt window will load and look like the following:

You obviously need to make some decisions before you continue. True Crypt can encrypt a partition or create an encrypted container on a hard drive. The choice is yours, I prefer to encrypt the whole partition. The benefits of using a container  are that some data of that drive is accessible without True Crypt. This guide will encrypt the full USB drive.

Click on the Create Volume button in the lower left corner. A window will appear asking about the type of volume that you want to create. The choices are to create an encrypted container, encrypt a partition / drive or encrypt the system partition (the one running Windows).

We are going to create a volume within a non-system device and check the second option in that screen. The next window gives us the choice to create a standard or hidden True Crypt volume. Hidden volumes are created in standard volumes. The reason is to give up only the standard password and not the password for the hidden volume when someone forces you. We are creating a standard volume therefor.

Now we are selecting the device that we want to encrypt, in my case the new USB drive. Next in the line are the encryption options. Which encryption and hash algorithm are you going to use. My selection was AES and SHA-512. You can run benchmarks in that window and get additional information about each algorithm. All algorithms are secure (unless someone proves otherwise, which has not happened yet)

The  Volume Password is probably the most important part.You access your files with it and if you happen to forget it your files are lost.Make sure you use a large string, something that is not a dictionary word and not a combination of them. You should also forget about using personal information like birthdays, names or places.

A password should be at least made of 20 characters and be made of upper and lower case chars, numbers and special chars. The maximum amount of chars is 64.

A keyfile can be created as well which then works in combination with the password. You get access to the encrypted hard drive only if you supply the keyfile and the password. The keyfile is simply a file on your computer which you select or generate during setup.

The drive will be formated in the end. You need to move your mouse randomly around the screen for some time to improve the quality of the encryption keys. The file system should and cluster size can remain as is unless you need them to be different. I'm using Quick Format since there have not been any files on the USB drive previously. The process is finished after this step. You need to mount the drive now to be able to use it.

Select a drive letter currently not assigned and  click on Select Device afterwards in the main menu. Now select the partition or drive that you have encrypted and click on ok.

Now click on Mount which opens up a password box where you have to enter the password that you have selected during setup. Click ok afterwards and work with the hard drive normally from there on if the password was correct. I was not able to experience any major slowdowns due to the encryption, everything runs smooth and solid and even large file transfers and many connections work as usual.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Gerard Roos said on October 27, 2012 at 8:43 am
    Reply

    TrueCrypt is very good for people that are used to using computers but very confusing to non-techies. EncryptStick of ENC Securities in Canada is another product which also uses a different approach but which is very easy to use for non technical people.

    After a drive is formatted, with TrueCrypt, TrueCrypt is not clear at all what to do next. Instead of directly going to the box for opening the drive it leaves you to press next to format the next drive. This is very confusing.

  2. James Carver said on October 6, 2010 at 9:10 pm
    Reply

    Excellent article! Truecrypt is definitely the best encryption software, and its free. couldn’t as for more. But I have a question, is there any way of improving performance? it seems that when you mount the drive it takes a while for it to display its contents. Also, for those of you that want to be prompted automatically every time you insert the flash drive, there is also another great article that I just found:

    http://geekyprojects.com/usb-encryption/how-to-encrypt-usb-flash-drives-using-truecrypt/

  3. A-lin said on April 22, 2010 at 5:46 pm
    Reply

    Turecrypt is difficult for me to understand, so i try wondershare usb drive encryption to encrypt my usb drive. i think it is easier than turecrypt.
    http://www.disk-utilities.com/usb-encryption/index.html

    1. TheGooch said on November 11, 2010 at 10:21 am
      Reply

      If this is complicated, then you need to stay away from computers. Far away.

  4. Arbby44 said on April 20, 2010 at 4:59 pm
    Reply

    Take a look at SafeHarbor Explorer … portability without requiring local Admin permissions …

  5. MP3 said on March 17, 2010 at 11:20 pm
    Reply

    Truecrypt is the best encryption tool I ever used. Unfortunately it can encrypt only system partition, not others.

  6. Max said on December 10, 2009 at 3:38 pm
    Reply

    The BIG problem with Truecrypt is that it just doesn’t work unless you have administrator rights on the PC you want to use it on – which isn’t likely to be the case when carrying data around on a USB stick and using it on different computers.

    FreeOTFE is a *lot* better for securing data – it does the same job (but has a better user interface), and can be used without administrator rights with FreeOTFE Explorer.

  7. Gopher Baroque said on October 3, 2009 at 4:16 pm
    Reply

    I tried out TrueCrypt 6.22 for securing USB drive. This version has a portable mode that allows drive access away from the mother computer. Winter: It installs a local copy of TrueCrypt on the open part ot the drive as part of iniitialization. I think this addresses most of the comments above, which are presumably based on an earlier version of the software. The portable mode works fine but TrueCrypt perhaps has too much capable for my basic mission of not allowing it to be too easy to read data from a lost (and found!) drive. I am trying out the Rohos Mini Disk now, which has streamlined UI.

    Both of these programs warrant trial by yourself to figure out operation before passing judgement. I took me a few trials to get the routine for mounting / opening the USB drive so that applications run.

  8. Winter said on May 8, 2009 at 4:07 pm
    Reply

    ok code-name for privacy purpose -.- i like the name Winter anyway >.<”

    ok serious matters. so after all, would it be ok if i create another volume on my external hard drive and install TrueCrypt to it so i’ll be able to mount my main volume on any computer? and how do i create another volume?

  9. Andrew said on November 10, 2008 at 5:31 am
    Reply

    Like Klaus said, to install software that accesses drives at the level required by TrueCrypt, you have to install with Administrator permissions on XP SP2 and Vista.

    This is fine if you own the PC or it’s been setup that way in your office, but not so good with USB drives.

    Best stick with one that comes with encryption functionality built in, like the Kingston DTE already mentioned.

  10. Ronin Vladiamhe said on May 16, 2008 at 12:55 am
    Reply

    It’s my understanding that when using TrueCrypt on USB sticks (which I do), one should create a container of a size that will allow the TruCrypt software to be installed on the non-encrypted portion of the stick. (Example: with a 4GB sticks, create a container of 3.5GB)

  11. Klaus said on April 16, 2008 at 5:39 am
    Reply

    After encrypting my USB stick and wanting to use the data in an internet coffee, I realized that Truecrypt can not be started when no admin rights available on the machine. As a result I could not access my data.

  12. Martin said on March 3, 2008 at 10:32 am
    Reply

    Then you could create the hidden container in the True Crypt partition so that you only reveal the “bogus” one and not the real one.

    Or you could drop all portable apps on the device.

  13. SnowLeopard said on March 3, 2008 at 7:10 am
    Reply

    Seems that creating a TrueCrypt volume in a file on an unencrypted drive makes little sense when taking into consideration that TrueCrypt is designed to provide plausible deniability. Eg: “Oh, the drive doesn’t mount? Maybe it was broken when I dropped it” … But if it mounts, and there is a copy of TrueCrypt and a great big White-Noise file … Then you’re screwed.

  14. Jawwad said on March 2, 2008 at 4:50 pm
    Reply

    Nice guide for the new people to this fantastic security software.

  15. Martin said on March 2, 2008 at 11:42 am
    Reply

    Mutant well you could create a container on your usb drive instead and put the True Crypt software in the part of the drive that is not encrypted.

    I paid €89 for it.

  16. Mutant said on March 2, 2008 at 6:19 am
    Reply

    I bought Kingston 4GB USB drive for about 24$ last month.
    How much this Maxtor 500 mb cost you.

  17. Mutant said on March 2, 2008 at 6:17 am
    Reply

    You mean that i also have to install True Crypt on the other PC where i connect my USB Drive.
    And you have to download it from the internet as the setup of truecrypt(present in your drive) cannot be run as you are unable to give the password.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.