Whole Disk Encryption With TrueCrypt 5

TrueCrypt 5 was released yesterday, the long awaited (by some, anyway) version of the excellent TrueCrypt software. TrueCrypt allows you to encrypt sensitive data on your hard disk, like financial information, passwords, etc..., and the best part is that it's free and open source.

In addition to the already great ability to encrypt regular files, TC5 now supports full disk encryption, which allows your entire disk, including the operating system, to be encrypted. This is especially relevant for laptops which can easily be stolen. We've all heard the news about some government laptop with 1,000s of social security numbers on it getting stolen, and this feature of TC5 will go a long way in helping to prevent this type of data loss/theft.

You don't need to reinstall your system to get it working either. TC5 can take an existing installation and convert it to an encrypted volume on the fly, running in the background while you continue doing other stuff (though it's probably a bad idea to run a virus scan or disk defrag). Before running the conversion, make sure to back up all of your data! Anything that does this much to your disk has potential to go wrong, so make sure you protect yourself.

Before embarking on a change this big, I like to see how it all works beforehand. So here's a walkthrough of how to encrypt your system drive:

  1. After downloading and installing TrueCrypt 5, run it and you will see the main window
  2. Go to the System menu and select "Encrypt System Partition/Drive..."
  3. Then select the area of the drive you want to encrypt. You have the option to encrypt only the partition that Windows is installed upon, or you can encrypt the entire disk. Here I'm going to do the entire disk, because that is the default.
  4. Next TrueCrypt will detect hidden sectors on the disk.
  5. Then you need to tell TrueCrypt if you are dual booting with another operating system. I am not, so I'm choosing Single-Boot here.
  6. Next tell TC what encryption and hashing algorithm to use. The defaults are reasonable, and if you want to change them you'll have to make your own determination about which algorithms you think are best to use.
  7. Now you will be asked for the password to use when encrypting. It is extremely important to pick a good password. It would be even better if you were to use a "pass-phrase", which is more like a whole sentence. It's easier to remember and provides much better security than the name of your dog or your birthday. An example of a passphrase would be: "To be, or not to be, that is the question". See? Easy to remember and provides much better security than if you used a password like "password123". Also, replacing i's with 1's and o's with 0's does not make a password any more secure. You should make the pass-phrase at least 20 characters long, and remember which letters you made upper-case, because that matters.
  8. Next TC will generate the random data that it needs to properly encrypt the data. Move your mouse around and you'll see the numbers change. Do that for a few seconds, then press Next.
  9. Once the keys are generated, a confirmation is displayed
  10. TC will now force you to create a "Rescue Disc" in case something bad happens. TC stores a lot of important information in the first sector of the hard disk, and if that gets corrupted, all of your data will be un-recoverable. The rescue disc keeps a copy of this data, and is also bootable, so if a problem ever were to occur, you can recover from it. It's this sort of thing that really make truecrypt shine as a great tool -- you can see how much effort and thought has been put into it.

    The Rescue Disc will be created as an ISO file, which you will have to burn to a CD or DVD using some burning software. ISO Recorder is a great free tool that will let you do this.

  11. Creating the ISO is now complete. Now go and burn the ISO to a CD. When you're done, put the CD in the drive and press "Next" so TrueCrypt can verify it was successful.
  12. Success!
  13. If you really want to make sure all of your data is safe, you should wipe the disk in addition to encrypting it. This will ensure that there is no unencrypted data laying around on the disk. This may take a long time!
  14. Next TC will perform a pretest before it actually encrypts anything. This makes sure that your system can boot using the TrueCrypt boot loader, and just makes sure that everything will work correctly. If something goes wrong here, your data has not been encrypted, so you will be able to recover it.
  15. A warning is displayed before you can proceed
  16. You will then be asked to restart the computer. Upon reboot, you will be presented with the TrueCrypt boot loader and password screen. Enter your pass-phrase and then the system will continue to boot normally.
  17. Once the system has booted, you will (hopefully) get a "Pretest Completed" message.
  18. The next step is to start the encryption (or you can press "Defer" and come back to do it later). First another warning is displayed:
  19. Then the encryption will start. While the encryption is running, you can pause or stop it, and come back at a later time.

  20. Once it's done, you can reboot and enter your password. Then your system should start up as usual.

One thing to note is that if you encrypt your system drive, hibernation will be disabled. There are various reason for this, and hopefully the issues be overcome in future versions of truecrypt. For now, if you use hibernation, you may want to wait until that is resolved. As of version 5.1, this issue has been resolved and you can now hibernate when using full disk encryption.

can i post questions here.How soon can i expect an answer if i do.

Questions would be better directed to the truecrypt web site: http://www.truecrypt.org/ There's a lot of documentation, and they have forums where you will be able to post questions and get answers from many smart people.

Great article, another good tool is freeotfe, freeware and open source, "on-the-fly" transparent disk encryption program for PCs and PDAs, have fun.

Any more updates on this version yet?

Security Company Manchester

I think you're looking for http://truecrypt.org This is a guide discussing their software.

great its very interesting subject thank you and we wait for more

Very interesting. I got a lot of quality information I can use on the podcasts that I have planned. Thanks

I'd love to listen once you have made it. Please let me know!

great its very interesting subject we wait for more i open yoor plges every day so I got a lot of quality information

I like TrueCrypt! Now, I can go anywhere, do anything and eat anything, sleep anytime I want without having all the worries of data theft! Thanks for posting this!

I have tried other encrypting progs before, and actually they sort of wore me out. It seemed there was always some glitch causing numrerous migraines.

I must admit that this suggestion - and all the directions on how to go about a successful installation is tempting. Maybe I'll give it a try - thanks for the insight.

This is an amazing guide, I've been using an old version of Truecrypt (I think version 3), I couldn't have possibly imagined it now supported full disk encryption!

Great its very interesting subject! It seemed there was always some glitch causing numrerous migraines.
I must admit that this suggestion - and all the directions on how to go about a successful installation is tempting.

Very neat encryption. Where can i find updates on this? Nice program.

great tool, and free, this is what i need

Compatible with W7 64 bit?

Please check the Truecrypt web site for compatibility information: http://truecrypt.org