Protect Data with TrueCrypt
February 29th, 2008 (1:00pm) Mike Gunderloy 8 Comments
A lot of web workers carry a ton of data around in their laptops: everything from financial records to passwords to client code. If you’re one of them, have you given any thought to protecting that data if you lose the laptop? Hardware replacement costs can be tough, but losing sensitive data is devastating. If you’re in this situation, you might want to take a look at the just-released version 5.0 of TrueCrypt, which offers open-source on-the-fly data encryption.
With TrueCrypt, you can set aside an area on your drive to act as a virtual encrypted file system, encrypt an entire partition, or even (on Windows) encrypt the boot volume and require pre-boot authentication. In any case, your data can only be accessed by entering your password (or better, passphrase). Best new features of version 5.0: higher-security encryption algorithms and a Mac OS X version.
8 Comments Post your own comment
Logical Extremes says: February 29th, 2008 3:02pm
I’m a big fan of TrueCrypt, but keep in mind the very recent findings on cold boot attacks on encryption keys:
http://citp.princeton.edu/memory/
Encryption is a great idea, but go the extra mile and completely shut down your computer and wait a few minutes before leaving it alone.
JT says: February 29th, 2008 3:07pm
SecurityNow did an episode on the new version of TrueCrypt, definitely worth checking out. http://twit.tv/sn133
Brian Carnell says: February 29th, 2008 3:18pm
“I’m a big fan of TrueCrypt, but keep in mind the very recent findings on cold boot attacks on encryption keys:
http://citp.princeton.edu/memory/
Encryption is a great idea, but go the extra mile and completely shut down your computer and wait a few minutes before leaving it alone.”
I don’t think is that much of a concern *unless* you are worrying about police/TSA/Customs looking at your laptop data. Clearly those folks are likely to get some sort of forensic tool in the near future utilizing the SDRAM vulnerability.
Personally, my big concern is someone stealing my bag and not only having my laptop but also having my data. For that, disk level encryption is ideal. In fact, I frequently use it on disks that I move back and forth between computers that are never shut off, so if the feds break in they’re going to be able to obtain access to the key, but if someone steals the drive in transit, the only thing they’re getting out of it is a free disk.
Uli says: February 29th, 2008 4:19pm
Also don’t use suspend on your laptop. If someone steals your laptop bag they can read your data with the technique described above.
Mark says: March 2nd, 2008 9:57pm
You can also create scripts to mount/unmount your volumes. Just hide the scripts in good places.
HOWTO: Securely Open TrueCrypt Volumes in One Click
Zia says: March 3rd, 2008 8:59am
Only restriction with Truecrypt is that you need administrator rights to encrypt/decrypt files…A luxury that not all web workers have when they visit client sites!
rossgoodman says: March 3rd, 2008 2:49pm
I must admit this is the one piece of software that I can’t do without.
On my work laptop, all customer files go in one container, personal files in another.
The only downside is continually having to back up multi-GB files (the container) when you change one text file.
Tim Haughton says: March 6th, 2008 5:40am
The System Encryption is ideal for laptops and any system with sensitive data. Another great piece of functionality is the traveller disk. No web worker leaves home without his trusty USB thumb drive, with Truecrypt, you can not only create an encrypted volume on the USB drive, but also an autorun.inf file and the binaries needed to mount the drive, so the system you’re using it on doesn’t need to have Truecrypt installed.