This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."
Download it now to read this article plus other related content.
INSIDE THE CRYPT
Alternatively, you can use operating system options like Vista/Server 2008's BitLocker or Mac OS X's FileVault to create encrypted volumes, partitions and disks, but TrueCrypt offers the benefit of being platform agnostic--you can mount a TrueCrypt volume on any supported OS.
TrueCrypt allows you to create two types of volumes: file-hosted (container) or partition/device-hosted. A file-hosted volume is simply a normal file that contains an entirely independent virtual disk device and can be maintained on any storage device. More simply, imagine it as a secure area on your hard drive or portable storage device for your sensitive data. Alternatively, you can utilize TrueCrypt to encrypt an entire partition or entire hard disk, or any other type of storage media.
Further, you can create TrueCrypt volumes as Standard or Hidden. A Standard volume is a normal, visible volume; a Hidden volume is nestled within another TrueCrypt volume. Even if you are obliged (or forced) to reveal your password, it's
| invisible to a third party. The trick here is that free space on any TrueCrypt volume is always filled with random data when the volume is created. No part of the (dismounted) hidden volume can be distinguished from random data.
Paranoia? Perhaps, but consider a scenario in which you are traveling overseas and your laptop has been identified as "of interest" and confiscated for review. As a cooperative soul, you give up your password to the first TrueCrypt volume. Finding some innocuous decoy data, the reviewing party is satisfied. But unbeknownst to them, you've utilized the Hidden volume option with a different password, and it remains safely hidden.
This was first published in November 2008