This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."
Download it now to read this article plus other related content.
Before beginning, choose a location in your file system where you'd like to store your TrueCrypt volume(s) and create a new empty file.
To create a file-hosted volume, just click the Create Volume button to launch the Volume Wizard in a separate window, select the Create a File Container radio button, and then decide between Standard and Hidden volume.
Next, choose the empty file you created and answer "yes" when asked if you'd like to replace it with your new TrueCrypt volume. You'll then be presented with encryption options. The default options are AES for the encryption algorithm and RIPEMD-160 for the hash algorithm. Since we are paranoid, we prefer three ciphers in cascade, but there are performance impacts as you add complexity. Using the TrueCrypt benchmark feature, you can determine an appropriate compromise between encryption and performance. For example, the performance indicators on our test system ranged from a 64.7 MB/s encrypt/decrypt mean for AES alone, to a 14.5 MB/s mean for AES-Twofish-Serpent, so AES-Twofish gives reasonable balance.
You then choose a hash algorithm; we like SHA-512, which is slightly faster than Whirlpool and more secure than RIPEMD-160.
Next comes volume size. Besides the space you think you'll need, one consideration might be portability. For example, you might choose 1,800 MB for a 2 GB USB drive.
Now, choose a strong password. TrueCrypt will grade you on the password, so step up here (think passphrase). If you choose a password of fewer than 20 characters, you will be scolded for your wimpiness and reminded that it might be easily brute-forced.
We recommend using keyfiles as well. In addition to allowing shared access, as discussed earlier, keyfiles provide protection against keystroke loggers and brute force attacks that might crack your password.
(Note: There is no password recovery mechanism or facility if you lose your password or keyfile.)
This was first published in November 2008