Five Tips for the disk encryption software DiskCryptor
It is not clear if TrueCrypt development will continue after the audit finishes, and while it is likely that the devs have posted the message that the software is insecure on the official project website, it has not been confirmed until now.
I have been using DiskCryptor on my system drive for a while and it worked really well for that purpose. While I had to purchase a new hard drive to migrate my second hard drive encrypted with TrueCrypt to the new software -- something which I wanted to do anyway because it is an old drive -- I decided that it was worth the trouble.
TrueCrypt as you may know does not offer options to decrypt none system drives which meant that I had to connect both drives at the same time to the computer to transfer all files from the old to the new drive.
Once done, I started the encryption process which tool several days to complete. I'm not sure why it took this long -- I only got transfer speeds up to 20 Mbit/s during the process regardless of whether the PC was busy or idle.
The following list is a selection of tips that you may find useful if you have never worked with DiskCryptor before and are considering using it.
1. Before you encrypt, benchmark
DiskCryptor supports several encryption algorithms. While you may be inclined to pick the first one, AES usually, and stick with it, you may want to benchmark the drive using different algorithms to find one that is best working for you.
To do so, select Tools > Benchmark from the menu.Â The program will test all encryption algorithms and display the speed of each in its interface.
While you should not expect the advertised transfer rates, it may be in your best interest to select a fast algorithm as opposed to one that finishes in the bottom half.
2. Disable Auto-Mounting
Auto-Mounting may be a comfortable feature as it mounts the disk in question automatically when you start your system. This may work well under certain circumstances, say, you have encrypted your system partition as well so that it is still necessary to enter a password before it becomes available on boot.
If that is not the case, or if you prefer to mount the disks of the system manually instead, then it is advised to disable the feature.
You do so with a click on Tools > Settings > General > Enable Automounting on Boot Time.
3. Backup headers after the encryption process
The headers of the disk are important to determine whether a disk is encrypted or not. If headers get corrupt or modified in any way, you may no longer be able to decrypt the disk which in turn means that you won't be able to access your data on the drive anymore.
To avoid this, it is highly recommended to backup the disk header of each drive that you have encrypted and store it in a safe location.
Make sure you do not store it on one of the encrypted drives. Good options are to store it on a Flash drive or even your smartphone. Header files have a size of about 2 Kilobyte.
Select Tools > Backup Header to do so. The header of the selected disk drive will be backed up. Repeat the process for each drive.
4. Create a Windows Live CD and integrate DiskCryptor
A Live CD may be the only option to recover a system that won't boot anymore. This is especially the case if it is your only PC. While you can try to use recovery options built-in to the Windows operating system, you won't be able to restore the disk header which may be necessary.
That's why it is recommended to create a Live CD and integrate DiskCryptor on it so that you can run it and recover the encrypted hard drive.
This works only if you have backed up headers before so make sure that is the case before you continue.
Check out the wiki that details how you can create Live CDs (BartPE or WinBuilder) and add DiskCryptor to it.
5. Using the same password will auto-mount all drives
If you have encrypted a system partition and secondary hard drive with the same password, you only need to enter it once during start of the PC.
The secondary drive will be automatically mounted using the password as well so that you do not have to do so manually.