Feature

TrueCrypt an open source laptop encryption choice for SMBs

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."

Download it now to read this article plus other related content.

DIGGING IN
The TrueCrypt interface is simple and intuitive, allowing you to easily implement the encryption method of your choice.

Before beginning, choose a location in your file system where you'd like to store your TrueCrypt volume(s) and create a new empty file.

To create a file-hosted volume, just click the Create Volume button to launch the Volume Wizard in a separate window, select the Create a File Container radio button, and then decide between Standard and Hidden volume.

Next, choose the empty file you created and answer "yes" when asked if you'd like to replace it with your new TrueCrypt volume. You'll then be presented with encryption options. The default options are AES for the encryption algorithm and RIPEMD-160 for the hash algorithm. Since we are paranoid, we prefer three ciphers in cascade, but there are performance impacts as you add complexity. Using the TrueCrypt benchmark feature, you can determine an appropriate compromise between encryption and performance. For example, the performance indicators on our test system ranged from a 64.7 MB/s encrypt/decrypt mean for AES alone, to a 14.5 MB/s mean for AES-Twofish-Serpent, so AES-Twofish gives reasonable balance.

You then choose a hash algorithm; we like SHA-512, which is slightly faster than Whirlpool and more secure than RIPEMD-160.

    Requires Free Membership to View

Next comes volume size. Besides the space you think you'll need, one consideration might be portability. For example, you might choose 1,800 MB for a 2 GB USB drive.

Now, choose a strong password. TrueCrypt will grade you on the password, so step up here (think passphrase). If you choose a password of fewer than 20 characters, you will be scolded for your wimpiness and reminded that it might be easily brute-forced.

We recommend using keyfiles as well. In addition to allowing shared access, as discussed earlier, keyfiles provide protection against keystroke loggers and brute force attacks that might crack your password.

(Note: There is no password recovery mechanism or facility if you lose your password or keyfile.)


This was first published in November 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: