May 16, 2008

Encrypt your entire hard drive now, before it’s too late – TrueCrypt 5

Posted in Beginner at 6:37 pm by gloriouscomputing

I don’t know how I missed this until now, but I’m assuming I’m not the only one who’s joining the party slightly late.

Let me ask you, with respect to data alone:
How would you feel about an extortionist breaking into your home and walking off with your computer?
If you answered anything but “calm”, you should keep reading.
Also, with doing just about anything being reason for the government to seize your computer these days, having encryption might help you when you get sued for “browsing the web” or something equally ludicrous. After all, your Firefox history will be located on your system hard drive, which is just a few simple steps from being entirely encrypted, if it isn’t already.

TrueCrypt, the same great program you’ve been using to create secure file containers, can now be used to encrypt everything: your entire system hard drive, including your operating system. It’s very easy (especially if you only have one operating system installed). It was a snap to do in Windows XP and Vista, the two operating systems I tested.

  1. Run a Wizard, tell it your desired password.
  2. Burn a Rescue CD/DVD (Only used for issues like the pre-OS Truecrypt loader corrupting. Can NOT be used to bypass your password)
  3. Reboot to test the pre-OS Truecrypt loader
  4. Encrypt (This is the only step that takes more than a minute. This part will last you a few hours. It took me 3 hours for my ~120GB hard drives).

The way it works in that all your data on your hard drive is encrypted, minus the TrueCrypt loader, which shows up when you turn on your PC. You have to give it the right password, and it will decrypt your hard drive with this, on the fly.

I was amazed at how fast my computer still worked, despite it’s system hard drive being fully encrypted. In fact, I could not notice a difference on either my laptop (with XP) nor my desktop PC (with Vista). I even played Trackmania and Quake Wars (both 3D games), which both ran without any noticeable slowdown.

I also testing decrypting the hard drive for good. My recommendation: You can do this in Windows, just like with Encrypting. Do this! Encrypting both hard drives, while I was still using the PC with Windows to browse the web, took 3 hours. Decrypting the laptop was easy, and only took 6 hours (double the time it took to encrypt). Remember, that’s only to get rid of the encryption, not if you just want to use your PC. That takes maybe another 30 seconds to boot your PC (I’m not sure, it seems fast), but that’s it.

You could also decrypt your hard drive right from the TrueCrypt loader (before Windows). Avoid this if at all possible! There was no ETA, and after 8 hours, it wasn’t even a third of the way done. It might have taken over a week to do it that way. So just boot into windows, and decrypt your drive from there, should you want to do this.

In Conclusion: Now is the time to encrypt your whole hard drive!
TrueCrypt 5.1a does a great job, and they’ve recently made it crazy fast. Once again, I am using my encrypted system hard drive Windows install right now, and there is no noticeable downgrade in performance. I can play 3D games just fine!

This is the sort of protection you can’t beat. It’s also open-source, so you know there are no back doors. Truecrypt is a free program. The only downsides are:

  • You have to remember a password, or you are as locked out of your data as everyone else is
  • If you mess up your Windows install, fun tools like MiniPE (Live Windows CD, which you can use to boot a PC, and take data off it) won’t really help you in the same easy to intrude on your own data way as before.

That said, this I’d want to still find out:

  • So, if my Windows install breaks, what is a good tool to use. — I’m assuming anything that includes TrueCrypt, to be able to actually look at my main system drive, to then repair it (This calls for a new MiniPE! ;))
  • What about my other hard drives, which also hold data. There are a couple of options in TrueCrypt to deal with them, but is there an as-easy way to protect them with the same password, and have them auto-mount on Windows start up? If not, I’m sure I could code it with AutoIt.

Even with these issues: stop whatever you are doing, and encrypt your system hard drive now! After 3 hours of running something non-intruding in the background, you will have awesome security without any noticeable slowdown!