My last True Crypt guide dates way back and the purchase of my new shiny 500 Megabyte Maxtor USB drive made me think about writing a new guide that takes the changes of the software into account. My old Teac USB drive started to behave weirdly every now and then which I saw as a first sign of reaching the end of its life cycle and since I did not want to take any chances I decided to buy a new drive, encrypt it with True Crypt and transfer all the files from the old device to it.
I don't want to point out all of the valid reasons for encrypting a drive or partition with True Crypt other than pointing out some key elements such as privacy and theft protection.
You obviously need True Crypt for this guide, the latest available version for Windows is 5.0a. Download and install the software as usual and start it afterwards. The main True Crypt window will load and look like the following:
You obviously need to make some decisions before you continue. True Crypt can encrypt a partition or create an encrypted container on a hard drive. The choice is yours, I prefer to encrypt the whole partition. The benefits of using a container are that some data of that drive is accessible without True Crypt. This guide will encrypt the full USB drive.
Click on the Create Volume button in the lower left corner. A window will appear asking about the type of volume that you want to create. The choices are to create an encrypted container, encrypt a partition / drive or encrypt the system partition (the one running Windows).
We are going to create a volume within a non-system device and check the second option in that screen. The next window gives us the choice to create a standard or hidden True Crypt volume. Hidden volumes are created in standard volumes. The reason is to give up only the standard password and not the password for the hidden volume when someone forces you. We are creating a standard volume therefor.
Now we are selecting the device that we want to encrypt, in my case the new USB drive. Next in the line are the encryption options. Which encryption and hash algorithm are you going to use. My selection was AES and SHA-512. You can run benchmarks in that window and get additional information about each algorithm. All algorithms are secure (unless someone proves otherwise, which has not happened yet)
The Volume Password is probably the most important part.You access your files with it and if you happen to forget it your files are lost.Make sure you use a large string, something that is not a dictionary word and not a combination of them. You should also forget about using personal information like birthdays, names or places.
A password should be at least made of 20 characters and be made of upper and lower case chars, numbers and special chars. The maximum amount of chars is 64.
A keyfile can be created as well which then works in combination with the password. You get access to the encrypted hard drive only if you supply the keyfile and the password. The keyfile is simply a file on your computer which you select or generate during setup.
The drive will be formated in the end. You need to move your mouse randomly around the screen for some time to improve the quality of the encryption keys. The file system should and cluster size can remain as is unless you need them to be different. I'm using Quick Format since there have not been any files on the USB drive previously. The process is finished after this step. You need to mount the drive now to be able to use it.
Select a drive letter currently not assigned and click on Select Device afterwards in the main menu. Now select the partition or drive that you have encrypted and click on ok.
Now click on Mount which opens up a password box where you have to enter the password that you have selected during setup. Click ok afterwards and work with the hard drive normally from there on if the password was correct. I was not able to experience any major slowdowns due to the encryption, everything runs smooth and solid and even large file transfers and many connections work as usual.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.