The Thinker

TrueCrypt puts the personal in PC

Your computer is somewhat like a post card. Although you may be able to restrict who gets onto your machine, in general the data stored on your computer is stored as plain text and is thus easily compromised.

If you are like me, one of the reasons you own a PC is because you want not just a computer, but a personal computer. “Personal” means more than the freedom to change your screensavers. A personal computer should make your sensitive data available only to you.

Unless you take the time to password protect your documents, your computer is a treasure trove of information about you that you may not want shared. Many applications allow your data to be password protected, but that does not necessarily mean that the data itself is encrypted. Even if it is, that does not mean the vendor’s encryption algorithm is good. Ideally, you would like your private data to be only accessible by you as well as stored and encrypted in a transparent manner. You might even want the NSA to throw up their hands if they were ordered to decrypt your files.

If you feel this way, you want the terrorists to win. No wait, I am parroting our president. Actually, if you feel this way: congratulations. Your personal computer should not be amenable to electronic snooping. The problem is not with your need for privacy, which is entirely natural, but with those elements in society that figure anything is fair game, including your hard disk.

I have been experimenting with a free open source software solution that is fighting back. It is called TrueCrypt. For those of you in the Microsoft Windows world, it can ensure that data on your hard disk or other devices (like your flash drive) is stored in an encrypted format. Once you create your virtual disk (which is some portion of your actual hard disk), it behaves just like any other drive. You can move files in and out of it using tools like Windows Explorer. However, everything stored on this virtual drive is encrypted.

There is not a whole lot of data I want to keep truly private, but there is some. My Quicken data files are an obvious example. While Quicken allows you to save your data in an encrypted format there is the annoying password I have to provide each time I start it and the latency from starting and using the program. Moreover, I suspect their encryption scheme is rudimentary. Of course if you have an encrypted virtual drive you can store anything you want inside of it that you consider private, from letters from old boyfriends, to your electronic diary to your favorite porn.

If you decide to buy Windows Vista Ultimate, you can pay money for this level of protection. Of course, most of us will not want to spend extra money. In addition, most of us Windows users are still in the Windows XP world where the Windows “experience” does not include this kind of transparent file encryption. Moreover, call me paranoid, but I have a hard time trusting my hard disk to Microsoft in the first place. I would much rather trust my privacy to an open source product like TrueCrypt than to Microsoft.

After installing Truecrypt, to store private files you must first create a virtual disk. It can be as small or big as you want. From the perspective of Microsoft Windows, it is just another file on your machine. (TrueCrypt can also format entire disk partitions or devices.) If you want to make a very big virtual disk, it may take some minutes to format it. Here is Truecrypt’s downside: you must start Truecrypt, enter your password, point it to the location of your encrypted volume and then assign it to a drive letter. This is called mounting and it can take 15-30 seconds. Once the volume is mounted, it is then accessible. So if you do not dismount it before walking away from your computer, data on it could be accessible to someone else. Since it is just another drive from the Windows perspective, if you are a sloppy person who cannot be bothered to install a firewall, virus protection software and anti-spyware software, it is still possible for others to get at your private data. If you use Google Desktop Search, you will want to make sure it does not search your encrypted drives.

While not a perfect solution, Truecrypt is the good enough 90% solution at a price that is impossible to beat. While you cannot hide the space it consumes on your hard disk, you can give each virtual drive a boring looking file name. One you have your virtual disk, you can even hide a volume inside it. This way even if you were forced to divulge your password, the person would not necessarily see your stored files, since the hidden volume would not be shown.

My next computer will likely be an iMac. I assume Apple is smart enough to include features like this by default. While I wait for a financial justification to replace my PC, solutions like Truecrypt help me believe that for the first time I really do have a personal computer.

 

One Response to “TrueCrypt puts the personal in PC”

  1. 3:25 pm on August 9 2007, Rob Ricci said:

    Right-on, Mark! I’ve been using TC for over a year on my XP machine with great success! It does everything you say and more. Regarding the downside you mentioned, that is easily remedied by creating a shortcut and specifying something like this in the Target field: “C:\Program Files\TrueCrypt\TrueCrypt.exe” /e /l s /v d:\TCData\mystuff /quit (see the ‘Command Line Usage’ section in the Truecrypt User’s Guide). Once implemented, a single click displays a window where you enter the password and your TC volume is mounted and ready for access. Enjoy!

Leave a Reply

Switch to our mobile site