Ottawa PC Users' Group, Inc.
 Product Review 


File Encryption Revisited – TrueCrypt
by Alan German

I recently obtained a new laptop computer which, of course, runs Windows Vista. Now, no doubt you have heard that this is a locked-down operating system, and permission is demanded by the User Account Control system to do just about anything. Well, that might be a little overstated, but it certainly wasn't long before I hit a Vista roadblock in trying to install my old utility programs on the new machine.

In particular, one program that I use quite regularly, Cryptext, my tried-and-true file encryption utility (
http://opcug.ca/public/Reviews/cryptxt.htm), couldn't install itself under Vista. The installation routine was trying to unpack DLL files into the Windows' system area and Vista wasn't having any of that. No request for authorization; it just simply refused to allow the files to be copied to disk. And, that was probably only going to be the first little snag. Cryptext also hooks itself into Windows Explorer so that both the encrypt and decrypt options are available at the click of the right-mouse button for the file system being displayed. Without a doubt, Vista wouldn't have thought much of that process either – a foreign program linking itself to a system utility – I don't think so! So, it was evidently time to seek out a new encryption program, one that is compatible with Vista.

A little surfing revealed reviews of a number of candidate products at PC World's web site (
http://www.pcworld.com/browse/1445/topic.html?page=1). One of these – Truecrypt – was both free and open-source. Now, that's often my kind of utility program. And, the description made it seem like the ideal package for my purpose, an “encryption program that lets you place files and folders in 'safes' of any size.”

Basically, the program lets you create a secure “volume”, actually an encrypted file, that can be almost any size (minimum of 19 KB for FAT, 2.5 MB for NTFS). TrueCrypt volumes can apparently be up to 8,589,934,592 GB but, personally, I can't count that high! Once created, the volume is “mounted” as a logical disk, with any previously unused drive letter. Files, or even whole directories, can then be dragged onto the new drive, or retrieved from the drive, with TrueCrypt encrypting or decrypting the information on-the-fly.

TrueCrypt offers (to me) a bewildering array of encryption options, including the Advanced Encryption Standard (AES) using 14 rounds and a 256-bit key, and Blowfish with 16 rounds and a 448-bit key. There is also a choice of the Whirlpool (512 bits), SHA-1 (160 bits), or RIPEMD-160 (160 bits) hash algorithms that are evidently part of creating master and secondary encryption keys. I have no idea what all of these are, but all those big numbers sound really good! Anyway, all I want is a password- protected data vault to hold a few files on my backup USB memory stick – just in case I lose it – so just about any degree of security is fine.

And, those capabilities are precisely what Truecrypt provides. A wizard guides you through the process of creating a new volume: selecting a file and location, choosing the encryption and hash algorithms, specifying the volume size, assigning a password (with dire warnings if, like me, you choose a “short” password), and formatting the volume based on a sequence of random numbers. Then, it's simply a process of selecting an unused drive letter from a list and clicking on the Mount button. The logical drive just created shows up in Windows Explorer, and files can be dragged and dropped to and from the secure volume.

Once the volume is dismounted, the result is a single encrypted file occupying the maximum disk space size assigned. A little consideration should be given, therefore, when determining the size of volume to be created. The good news is that this file can be readily copied or moved between disks so it does make a very useful container for backup of a group of “sensitive” files. Truecrypt must be running in order to re-mount the volume, and the program will prompt you for the assigned password before opening a new logical drive. So, don't forget your password, or your sensitive files will remain really secure!

The basic program operation outlined here, together with a number of additional program options, is more fully described in a comprehensive, 105-page (PDF) User's Guide. The text includes information on the encryption and hash algorithms and, if you are really paranoid about security, indicates a means of completely hiding an encrypted volume inside a second encrypted volume. More information is available on the program's web site, including an extensive list of frequently asked questions (FAQ), and several discussion forums.

So, if you need a file encryption utility, Truecrypt will run under Windows Vista, XP and 2000. There's even a version for Linux. Set up your encrypted volume, store your sensitive files – but, don't forget your password!


Bottom Line:

TrueCrypt Version 4.3a (Open-source)
TrueCrypt Foundation
http://www.truecrypt.org/


Click here to view the full OPCUG website with frames.

Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON  K2G 1S6

The opinions expressed in these reviews do not necessarily
represent the views of the OPCUG or its members.

Send comments or suggestions to the .