Encrypting an USB Drive with True Crypt
My last True Crypt guide dates way back and the purchase of my new shiny 500 Megabyte Maxtor USB drive made me think about writing a new guide that takes the changes of the software into account. My old Teac USB drive started to behave weirdly every now and then which I saw as a first sign of reaching the end of its life cycle and since I did not want to take any chances I decided to buy a new drive, encrypt it with True Crypt and transfer all the files from the old device to it.
I don't want to point out all of the valid reasons for encrypting a drive or partition with True Crypt other than pointing out some key elements such as privacy and theft protection.
You obviously need True Crypt for this guide, the latest available version for Windows is 5.0a. Download and install the software as usual and start it afterwards. The main True Crypt window will load and look like the following:
You obviously need to make some decisions before you continue. True Crypt can encrypt a partition or create an encrypted container on a hard drive. The choice is yours, I prefer to encrypt the whole partition. The benefits of using a containerÂ are that some data of that drive is accessible without True Crypt. This guide will encrypt the full USB drive.
Click on the Create Volume button in the lower left corner. A window will appear asking about the type of volume that you want to create. The choices are to create an encrypted container, encrypt a partition / drive or encrypt the system partition (the one running Windows).
We are going to create a volume within a non-system device and check the second option in that screen. The next window gives us the choice to create a standard or hidden True Crypt volume. Hidden volumes are created in standard volumes. The reason is to give up only the standard password and not the password for the hidden volume when someone forces you. We are creating a standard volume therefor.
Now we are selecting the device that we want to encrypt, in my case the new USB drive. Next in the line are the encryption options. Which encryption and hash algorithm are you going to use. My selection was AES and SHA-512. You can run benchmarks in that window and get additional information about each algorithm. All algorithms are secure (unless someone proves otherwise, which has not happened yet)
TheÂ Volume Password is probably the most important part.You access your files with it and if you happen to forget it your files are lost.Make sure you use a large string, something that is not a dictionary word and not a combination of them. You should also forget about using personal information like birthdays, names or places.
A password should be at least made of 20 characters and be made of upper and lower case chars, numbers and special chars. The maximum amount of chars is 64.
A keyfile can be created as well which then works in combination with the password. You get access to the encrypted hard drive only if you supply the keyfile and the password. The keyfile is simply a file on your computer which you select or generate during setup.
The drive will be formated in the end. You need to move your mouse randomly around the screen for some time to improve the quality of the encryption keys. The file system should and cluster size can remain as is unless you need them to be different. I'm using Quick Format since there have not been any files on the USB drive previously. The process is finished after this step. You need to mount the drive now to be able to use it.
Select a drive letter currently not assigned andÂ click on Select Device afterwards in the main menu. Now select the partition or drive that you have encrypted and click on ok.
Now click on Mount which opens up a password box where you have to enter the password that you have selected during setup. Click ok afterwards and work with the hard drive normally from there on if the password was correct. I was not able to experience any major slowdowns due to the encryption, everything runs smooth and solid and even large file transfers and many connections work as usual.Advertisement
You mean that i also have to install True Crypt on the other PC where i connect my USB Drive.
And you have to download it from the internet as the setup of truecrypt(present in your drive) cannot be run as you are unable to give the password.
I bought Kingston 4GB USB drive for about 24$ last month.
How much this Maxtor 500 mb cost you.
Mutant well you could create a container on your usb drive instead and put the True Crypt software in the part of the drive that is not encrypted.
I paid â‚¬89 for it.
Nice guide for the new people to this fantastic security software.
Seems that creating a TrueCrypt volume in a file on an unencrypted drive makes little sense when taking into consideration that TrueCrypt is designed to provide plausible deniability. Eg: “Oh, the drive doesn’t mount? Maybe it was broken when I dropped it” … But if it mounts, and there is a copy of TrueCrypt and a great big White-Noise file … Then you’re screwed.
Then you could create the hidden container in the True Crypt partition so that you only reveal the “bogus” one and not the real one.
Or you could drop all portable apps on the device.
After encrypting my USB stick and wanting to use the data in an internet coffee, I realized that Truecrypt can not be started when no admin rights available on the machine. As a result I could not access my data.
It’s my understanding that when using TrueCrypt on USB sticks (which I do), one should create a container of a size that will allow the TruCrypt software to be installed on the non-encrypted portion of the stick. (Example: with a 4GB sticks, create a container of 3.5GB)
Like Klaus said, to install software that accesses drives at the level required by TrueCrypt, you have to install with Administrator permissions on XP SP2 and Vista.
This is fine if you own the PC or it’s been setup that way in your office, but not so good with USB drives.
Best stick with one that comes with encryption functionality built in, like the Kingston DTE already mentioned.
ok code-name for privacy purpose -.- i like the name Winter anyway >.<”
ok serious matters. so after all, would it be ok if i create another volume on my external hard drive and install TrueCrypt to it so i’ll be able to mount my main volume on any computer? and how do i create another volume?
I tried out TrueCrypt 6.22 for securing USB drive. This version has a portable mode that allows drive access away from the mother computer. Winter: It installs a local copy of TrueCrypt on the open part ot the drive as part of iniitialization. I think this addresses most of the comments above, which are presumably based on an earlier version of the software. The portable mode works fine but TrueCrypt perhaps has too much capable for my basic mission of not allowing it to be too easy to read data from a lost (and found!) drive. I am trying out the Rohos Mini Disk now, which has streamlined UI.
Both of these programs warrant trial by yourself to figure out operation before passing judgement. I took me a few trials to get the routine for mounting / opening the USB drive so that applications run.
The BIG problem with Truecrypt is that it just doesn’t work unless you have administrator rights on the PC you want to use it on – which isn’t likely to be the case when carrying data around on a USB stick and using it on different computers.
FreeOTFE is a *lot* better for securing data – it does the same job (but has a better user interface), and can be used without administrator rights with FreeOTFE Explorer.
Truecrypt is the best encryption tool I ever used. Unfortunately it can encrypt only system partition, not others.
Take a look at SafeHarbor Explorer … portability without requiring local Admin permissions …
Turecrypt is difficult for me to understand, so i try wondershare usb drive encryption to encrypt my usb drive. i think it is easier than turecrypt.
If this is complicated, then you need to stay away from computers. Far away.
Excellent article! Truecrypt is definitely the best encryption software, and its free. couldn’t as for more. But I have a question, is there any way of improving performance? it seems that when you mount the drive it takes a while for it to display its contents. Also, for those of you that want to be prompted automatically every time you insert the flash drive, there is also another great article that I just found:
TrueCrypt is very good for people that are used to using computers but very confusing to non-techies. EncryptStick of ENC Securities in Canada is another product which also uses a different approach but which is very easy to use for non technical people.
After a drive is formatted, with TrueCrypt, TrueCrypt is not clear at all what to do next. Instead of directly going to the box for opening the drive it leaves you to press next to format the next drive. This is very confusing.