Protect Your Hard Drive

While on co-op I was tasked to encrypt the hard drives of the company laptops. The newer laptops with Windows 7 already had BitLocker but we wanted something flexible and preferably open-source to use for all operating systems. TrueCrypt matched the requirements very well. It has several encryption algorithms to choose from: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES, and Twofish-Serpent. It uses 256-bit key sizes and 128-bit block sizes. TrueCrypt uses RIPEMD-160 by default, but you can also use the SHA-512 and Whirlpool hash algorithms to create the HMAC. If you are wondering how secure it is take a moment to read about Operation Satyagraha.

In 2008, a Brazilian banker (who had his hard drives encrypted with TrueCrypt) suspected of fraud was arrested. His hard drives were examined by the Brazilian National Institute of Criminology (INC) for months until they asked the US Government for help in cracking the drives. The FBI used dictionary attacks for an entire year before throwing in the towel and giving them back to the Brazilian government. So to the ultra paranoid: If the FBI couldn’t crack TrueCrypt, you know it’s good. There is no back door for TrueCrypt and the creators are anonymous. Even if the government subpoenaed TrueCrypt’s creators to crack the password on a hard drive for a high profile case, there would be nothing they could do.

Using it is easy. Just download and install it from http://www.truecrypt.org. Then follow the instructions on their website. When you encrypt your hard drive, you should create a “rescue disc” in the event that you forget your password. You will need to remember your password because if you forget it and you don’t have that rescue disc, good luck trying to access your data. Every time you boot your machine, you will need to enter your password.

TrueCrypt will do its job at encrypting your data and keeping it safe from prying eyes when you’re not around. But like the cartoon on Professor F’s lecture slide shows, if someone really wants your password, they will bludgeon you with a pipe until you spill your guts (figuratively or literally).

TrueCrypt: http://www.truecrypt.org/

Operation Satyagraha: http://en.wikipedia.org/wiki/TrueCrypt#Operation_Satyagraha

BitLocker vs TrueCrypt: http://www.tomshardware.com/reviews/bitlocker-truecrypt-encryption,2587.html

There are pros and cons to both BitLocker and TrueCrypt but while at my job I decided TrueCrypt was the way to go. I just thought I’d bring this software to everyone’s attention if they haven’t heard of it already.

Advertisements

9 thoughts on “Protect Your Hard Drive

  1. Truecrypt really is an amazing program. I love it because of the plausible deniability its hidden and encrypted partitions offer. I never really looked at BitLocker, so I’ll do that today.

    • The plausible deniability aspect of TC is nice for when you get arrested and can say that your hard drive isn’t encrypted but rather it has been wiped. TC can be configured to not show the credentials screen upon booting so there’s no way to prove your drive is encrypted with it. (For the others – for more on TC’s plausible deniability – http://www.truecrypt.org/docs)

  2. TrueCrypt is a great program. I have used it myself many times on flash drives – where I think it is the most useful. People always leave their flash drives laying around with important data on them, which can easily be stolen by others. I used TruCrypt in high school to protect the documents
    on my private network drive. Sometimes there were permission security problems on the Windows Server that slipped through the cracks so TruCrypt helped me avoid those issues.

    • Putting TC on a flash drive is a very good idea. Even if you forget your flash drive in the lab at school or something and some jerk takes it, he won’t be looking at your data, you can count on it.

  3. I use truecrypt for all my laptops and everyone I know who use this software swear by its ease of use and effectiveness.

  4. The fact that two governments from two separate countries could not crack this software is absolutely amazing. I’m excited to test it out and do a little research on other stories about it.

    • A word to the wise: If you’re going to try it out on your hard drive, make sure to run chkdsk first (even if it’s brand new). Defragging would also be a good idea. You want to make sure your drive is in good health before you encrypt it because bad things can happen if you don’t (speaking from experience here).

  5. I remember reading about this a year or 2 ago. I wonder if the FBI would have better chances with it now or with something like Amazon’s EC2 cloud compute system going at it.

    • It’s possible, but EC2 costs money. Then again, it’s the government, so they probably aren’t concerned about cost.

      If the government doesn’t have the resources, it might be a smart move. Otherwise they should just use their own equipment.

Comments are closed.