TrueCrypt: Free, On-the-Fly Disk Encryption - Features, How it Works
(Page 2 of 4 )
First of all, let's clarify that we won't get into how to use TrueCrypt. There are lots of tutorials and the official user guide does a great job explaining the process. As a matter of fact, this project has one of the most exhaustive sets of documentation. Chances are we'll run a sequel to this article that will discuss some of the best practices in the future. But right now, this article's purpose is to present TrueCrypt the way it is.
This application has a few really strong points that make it an excellent choice. Encryption happens on-the-fly and in such a way that it feels transparent to the user. The user interface of the software is easy and anyone can follow the steps. Then comes its varied features that offer the creation of hidden partitions, but also simple folders or entire drives or partitions. No one can "figure out" the size of some encrypted data.
TrueCrypt implements industry standard, widely recognized, and some of the most secure encryption algorithms currently available: AES, Serpent, and Twofish. These are supported in the so-called "cascaded" fashion, which means that the complexity of the encryption is increased exponentially by adding another layer of encryption algorithm on top of the already-encrypted data.
Just as you would expect from any encryption software, they work based on some keys and passwords. In the case of TrueCrypt you have several options, such as opting for a password, or a key, or both. Each of the options has its pros and cons. You can lose your key file but also forget your password. But opting for both enhances your safety, since the likelihood of forgetting your password and also losing your key file ought to be lower. The key file can be basically any file, even directories full of them.
It is generally advised to use key generator tools, such as the one included in TrueCrypt or some other solution, to randomly generate your key. A key file like this should be safer than using any binary or text file from your hard drive.
"How does encryption and decryption happen?" you ask. Each time the user wants to access a file that is encrypted, it gets fragmented into smaller segments, gets loaded into the RAM, and then decrypted transparently to the user. Then the data is handed over directly from the RAM, without saving anything in unencrypted form at all. The same applies the other way around. The user should not see or feel this process.
One of the main features of TrueCrypt is also due to its ability to create an entire virtual encrypted disk within a file (similar to the ones created by virtualization apps, but the drive is encrypted); this is then mounted as a normal local disk drive. In the case of Windows operating systems, this goes even further by adding a so-called pre-boot authentication function that asks for the password prior to every Windows boot up.
Now that we have mentioned most of its features, let's learn more about how it performs, whether it affects overall performance, and some further security concerns.
Next: Performance, Security >>
More Storage Devices Articles
More By Barzan "Tony" Antal
