This is for my cousin Anetta who likes to store sensitive information in her head. While it’s sometimes good to commit crucial passwords to memory, good documentation is important. My memory is not that great – and I must admit that I’m a frequent user of the “I forgot my password” feature on online services. Documenting passwords and procedures for crucial systems is just a good practice, and a safety line. In case you forget, you can always fall back on your notes.
But how do we prevent other people from snooping at your security sensitive notes? One way is to encrypt them. One of the best known, and highly recommended free encryption tools is TrueCrypt. Below I will walk you through installing it, and creating an encrypted volume that you can use to store sensitive data.
Installation is very simple – in fact, it is a one click deal that Jeff Artwood would love:
Granted, there is a lot of text to read there, and quite a few buttons, but in the end all you have to do is to hit Install and then Exit.
We have TrueCrypt installed so lets create our encrypted volume that we will use to store our sensitive data. Open up the tool and hit Create Volume.
On the next screen choose Create Standard TrueCrypt Volume:
Now let’s choose where do we want to locate our file. Choose Select File:
You can choose any file you want to be your TrueCrypt volume. I chose not to overwrite any existing files, but to create brand new one. If your goal is hiding data, you want to pick a mundane sounding name that no one would be interested in. I chose “Quaterly TPS Report Summary.xls”. I mean who wants to read about TPS reports [PDF Link]? Most people will stay clear of that file.
Once you choose the file name, click Next. I’ll skip that screenshot and more right along to our next screen. Here you choose your encryption and hashing algorithms:
AES is currently the national government standard, so it should be good enough for our purposes. Just leave the default settings on this page and hit next.
One slightly annoying limitation of TrueCrypt is that you need to specify the size of the file ahead of time. This is because all the free space on your volume will be filled out with random noise, and included in the ciphertext. From cryptographic point of view, this is a good thing. From the user’s standpoint, not so much – but that’s just how it works. Note that it is a good idea to choose a reasonable size for the type of the file you are employing if you intend to hide data. I arbitrarily chose 100 MB – but this size may be a dead giveaway for someone snooping around in my file system. How many 100MB excel files have you seen lately? Keep that in mind!
Next you will be prompted to enter the password – or passphrase. I probably do not have to remind you that this is by and far the most crucial step of the process. If your password is weak, and easily guessed, then all the encryption in the world won’t help you. TrueCrypt recommends a 20+ character pass phrase – a short sentence for example. But watch for dictionary words and names.
The FAT filesy stem is good enough for our purposes. If you plan storing big files (over 2GB) switch it to NTFS. Otherwise leave as default and hit Format. You might need to move your mouse around a bit to generate some randomized data that will be used as seed for the encryption algorithm.
That’s it – you are done. Just hit OK and then Exit and you are free to use your file. Let’s check it out up close – it looks like a regular excel file:
Of course if someone tries to open it, the file will appear to be corrupted – a completely irrecoverable ASCII goblygook. They won’t be able to retrieve the data by using normal analysis tools, or making hexadecimal dump because of the encryption. So the worst that can happen to your file, is that someone will delete it thinking it got corrupted.
Let’s mount our file now. Go back to the main TrueCrypt screen and hit the Select File button:
Navigate to our TPS report file, and open it. Next we want to select a mount point – ie. a drive letter which will be associated with our volume. Pick a free one from your the list in the main program window:
I choose O, but you can pick any available drive. When ready, hit Mount and type in your password at the prompt:
If you peek in My Computer you should see a brand new drive sitting there.
The encryption is completely transparent for the end user. You can interact with this drive as you would with any other hard drive. You can copy files to and from it, edit them in place and etc. When you are done editing your secret files, simply Dismount the drive:
Best part is that you can move your TPS Report workseet within the file system. You can even dump it onto a flash memory and take it with you. Whenever you need it back, just open up TrueCrypt again, and mount it from the new location.
In Part 2 I will show you how to encrypt your data using Stegonography – hiding information, within other information. In other words, with the Stego approach the nosy intruder rummaging through your files will be able to open our TPS Report worksheet and inspect it without ever noticing that it is actually an encrypted volume.
[tags]encryption, true crypt, aes, cryptography, security, mount, tps report[/tags]
Wow! This is an awesome post. I’ll be sure to try this out sometime in the future…
BTW, since the whole thing depends on the passphrase, how do you pick a good passphrase?
Here are some pointers that are good practice for any system:
No dictionary words.
No names.
No information that could be directly associated with you (date of birth, phone number, licensee plate).
Use non-alphanumeric characters such as !@#$%^&*()<>’~`.
Use mixed case (upper and lower case letters).
Use spaces if allowed.
You can use a random password generator. I like APG because it generates nice pronounceable passwords like:
AbayRag2 (Ab-ay-Rag-TWO)
ceOtEgew6 (ce-Ot-Eg-ew-SIX)
Daltogtyd1 (Dalt-og-tyd-ONE)
ViFlynd2 (Vi-Flynd-TWO)
JejTods8 (Jej-Tods-EIGHT)
vevFilkok9 (vev-Filk-ok-NINE)
Pick two or three words from the APG list, then separate them by spaces, and you have a relatively strong, and not so hard to remember passphrase. For example from the list above I’d pick:
AbayRag2 vevFilkok9
It’s an 18 character password and Ab-ay-Rag-TWO vev-Filkok-NINE is not that hard to remember. :P
Pretty cool luke, I’ve known about TrueCrypt for a while. A great program and it is worth noting it also runs on linux.
I usually recommend Cryptainer LE to people not computer savvy as it is easier to use. Seems to work ok too.
I have no need to hide files tho, my computer is mostly single user …ME and in the off chance someone else is using it I have a seperate sign in account for them and its locked down with permissions and stuff. But no data on my machine matters really nothing illegal either, haha.