Introduction to Encryption

There are a number of ways to secure your system from prying eyes. One of the best involves using encryption. This article will introduce you to the reasons for using encryption, and to using TrueCrypt, an open source encryption system that offers excellent functionality, from encrypting files and folders to an entire hard drive and more.

One of the main reasons we protect our computers with anti-virus, anti-malware, and firewall software is to protect our data from being accessed by other computers and other people, regardless of their intent. We tend to store very sensitive data–such as banking or tax information–on our computers instead of the "cloud" simply  because we want this information to remain private.

One way to keep this information private is to use built-in Windows user permissions, which can prevent other users from accessing your personal data. But, if our user account does not have a password, or we have written it on a Post-it note underneath the keyboard, the security provided by our account becomes meaningless.

Another way we can keep our data away from prying eyes is to store it on removable media like USB flash drives or external hard drives. The only problem with this method is we forfeit any security or privacy once the hard drive is no longer in our possession.

However, there exists an alternative method to keep our data safe and secure on a shared computer, an external hard drive, or even the "cloud." This method is called encryption, and it can protect anything from individual files to global communication systems. At its most basic level, encryption rearranges all the bytes that comprise data, and the only way to put the data back together again (known as decrypting) is to know how the data was originally encrypted to begin with. Many encryption schemes are protected with a password, and this password helps define the encryption scheme used to encrypt the data. The more complex the password, the stronger encryption will be.

You have probably used encryption many times without ever knowing it. Encryption is commonly used to protect wireless networks (WEPWPA/WPA2), website communication (SSL/TLS), and mobile phone communication (CMEA). Encryption software can encrypt data several different ways; but, if you are unfamiliar with encryption, I will show you a simple example.

This method is called shifting. Let’s pick a word: p o p c o r n. With shifting, the letters are incremented by one, so a becomes b, b becomes c, c becomes d, and so on. So, if we encrypt the word "popcorn" using the shift method, the result will be: q p q d p s o. This is as simple as encryption gets.

From this point on, the different encryption methods become more and more complex, making it harder for people to access the data protected by the encryption. There are hundreds of encryption programs available, many of them free of charge and some costing hundreds of thousands of dollars.

The encryption software we will be using is called TrueCrypt, which is free and open-source. What makes TrueCrypt so great is not only does it have the ability to encrypt individual files and folders; but, it can encrypt an entire hard drive! However, its complete functionality does not stop there. TrueCrypt also has the ability to encrypt an entire Windows operating system, including the potential to even create a hidden operating system.

We will talk more about this advanced functionality later. In this tutorial, we will focus on TrueCrypt’s most basic feature: encrypting individual files and folders.

{mospagebreak title=Installing TrueCrypt}

 In order to use TrueCrypt, you must first install it. TrueCrypt is available for free at its website:   http://www.truecrypt.org/  . The TrueCrypt installation is very simple. Follow these steps and you will have it installed and running in no time.

  1. Download TrueCrypt; double-click "TrueCrypt Setup 6.3a.exe."

  2. If you are warned by Windows’ User Access Control, click the "Yes" button.

  3. Accept the license agreement.

  4. Choose the "Install" option (I will discuss the "Extract" option in a later article).

  5. Keep the default installation directory and make sure all the check boxes are checked. Click the "Install" button.

  6. Wait for the installer to finish. Click the "OK" button when the installation completes.

  7. When prompted to read TrueCrypt’s Beginner’s Guide, you can select either "Yes" or "No" depending whether or not you would like to read the guide now or bookmark it for future reading. This tutorial should, however, serve as a decent starter’s guide. 

  8. Click the "Finish" button.

Once the installation is complete, run TrueCrypt by clicking the icon the installer created on your desktop, or by clicking the icon created in the Start menu.

As you can tell, TrueCrypt has a very clean, organized interface. Most of the features can be accessed simply by using the buttons on the bottom half of the interface. The drive letter list on the top half of the interface is used for mounting and dismounting your TrueCrypt volumes. I will discuss some of the main menu items on an as-needed basis.

{mospagebreak title=Creating a Volume}

To get acquainted with TrueCrypt, you are going to make a basic volume which stores all your files and folders inside a single, encrypted file. While it may seem insecure to store everything inside a visible file which could simply be stored on your desktop, it also serves the purpose of being portable, meaning you can move this file to other computers or other mediums, allowing you to access your encrypted files from practically anywhere.

To begin, click the "Create Volume" button on the bottom half of the interface. Next, select the option to "Create an encrypted file container," followed by the "Next" button.

In the next section, you will select the volume type. This is where TrueCrypt shows its true power. You can create two different types of volumes. The first type is a Standard TrueCrypt Volume. A standard volume contains only one volume protected by one password. The advantage of this type of volume is you only need to remember one password.

The second type of volume is a Hidden TrueCrypt Volume. A hidden volume contains two separate volumes protected by two different passwords. Essentially, this is a standard volume with a second volume hidden inside it. The advantage to this type of volume is if you are ever forced to reveal your password, you can provide them the password to the standard (or decoy) volume, yet still protect the data in the hidden volume.

In fact, TrueCrypt does not even know the hidden volume exists unless you explicitly tell it it exists; but, I will discuss this later. Hidden volumes can be used with standalone volumes and even entire hard drives. In this tutorial, you are going to keep things simple by creating a standard volume. Click the "Next" button once you have made your selection.

 

In this section, you are going to select the location of the volume. You can store this volume anywhere on your computer–from the root of your C: drive to buried deep inside the Windows folder. Make sure you keep the "Never save history" option checked because you do not want to reveal the name and location of your encrypted volumes. Click the "Select File…" button to select the location and name of your volume.

In this example, I am saving the volume to my Desktop. You have the option of providing a file extension, but this is not required. I am naming my volume "data.txt." Now, even though this would appear as a standard text document, if you did attempt to open it in Notepad, you will only see lots of random characters. Click the "Save" button once you have named your volume, followed by the "Next" button.

In the next section, you will select the encryption algorithm which will be applied your volume. You can select from a number of encryption algorithms, including AES, Serpent, Twofish, and even a combination of these. Which encryption method is the best? AES, or Advanced Encryption Standard, is one of the best methods. It serves as the encryption standard for the United States Federal Government, and it is a common security benchmark among security professionals. This method is also very efficient at encrypting and decrypting data on-the-fly.

So what does all this mean? AES not only offers robust and standardized security, but it also requires minimal processing power, making it very fast on powerful machines and very suitable for slower machines–even newer netbooks. Keep in mind the encryption algorithm cannot be changed after the volume is created.

You also need to select a hash algorithm. The hash algorithm is used by TrueCrypt’s random number generator, which generates master and secondary keys used to identify the encrypted volume (all of these keys and other identifying encryption information are stored in the volume header, which is located at the very beginning of the encrypted volume). In other words, it simply defines the pattern in which random numbers are generated. You can just keep the default "RIPEMD-160" selected, as it is one of the more popular methods for random number generation. Once you have made your selections, click the "Next" button to continue.

In this section, you are going to set the size of your volume. You can make the volume as large as you want as long you have the available space on your hard drive. When the volume is initially created, TrueCrypt allocates all the bytes to the volume and encrypts them, which can take a very long time depending on the size of your volume.

TrueCrypt also gives you the ability to create dynamic volumes, or a volume whose size grows as data is added to the volume, up until it reaches the maximum size of the volume. While creating a dynamic volume may seem like a good idea, I strongly recommend against using them, as do the TrueCrypt developers. From the official TrueCrypt documentation:WARNING: Performance of dynamic (sparse-file-hosted) TrueCrypt volumes is significantly worse than performance of regular volumes. Dynamic (sparse-file-hosted) TrueCrypt volumes are also less secure, because it is possible to tell which volume sectors are unused. Furthermore, if data is written to a dynamic volume when there is not enough free space in its host file system, the encrypted file system may get corrupted.

Once you have entered the size of your volume, click the "Next" button.

In the next section, you will select the password used to access the encrypted volume. It is highly recommended you select a good, strong password–a password containing multiple upper/lower case letters, numbers, and special characters. I recommend using a sentence as the password as this method contains a large number of characters and should be easy to remember.

The longer the password, the better. Never use a short, dictionary password like "fish" as this can be cracked very quickly. The most common method used to crack passwords is through brute-force attacks with the aid of a dictionary. The dictionary is essentially the same as an off-the-shelf Webster’s dictionary–it simply contains a huge list of common words used to guess common passwords.

If you have created a long, strong password, the only way your password could be cracked is through a standard, systematic brute-force attack. This form of attack will test every combination of characters until it eventually cracks the password. However, as long as you have a long, strong password, a brute-force attack could take decades to eventually crack. Keep in mind TrueCrypt will support a maximum of 64 characters for a password; but, there is a way to "extend" the password.

Poor: doggy

Better: #1Doggy!

Strong: 33# My dog’s name is *Freddy* and he was born 1/12/2004!

You also have the option of using a keyfile in addition to a password. Keyfiles allow you to select a specific file on your system and use its unique series of bytes as an additional password. You can select any type of file including images, documents, and audio files; however, files that are compressed–like MP3s–work the best.

The inclusion of a keyfile in addition to your password increases the complexity of your volume’s full password. The down side to using a keyfile is this file will be required every time you want to mount the encrypted volume. If you lose this file, or the file becomes corrupted, you will never be able to recover the contents of the volume.

If you do decide to use a keyfile, make sure you have several verified, true copies of the file available in several locations. If you do not want to select your own file as the keyfile, TrueCrypt can generate a keyfile for you by going to Keyfiles > Generate Random Keyfile from the main menu. Once you have created your password, click the "Next" button.

In the next section, you will decide if you will store files larger than 4 GB. This part is important, because it will determine which file system your volume will use. If you plan to store files larger than 4 GB, you will be required to use NTFS; otherwise, you can choose between FAT or NTFS. Once you have made your selection, click the "Next" button.

In the next section, you will select which file system you wish to use. You also have the option of making this a dynamic volume–keep in mind the dangers of using dynamic volumes. Also, if you recall, in a previous section I discussed TrueCrypt’s random number generator. This step creates the random number based on your mouse movements across the window. The more you move the mouse, the more random the number that will be generated. You should notice the "Random Pool" change as you move your mouse. After you have selected which file system you wish to use, click the "Format" button to create and format your volume.

 

When TrueCrypt finishes creating and formatting the volume, you will be prompted that the process completed successfully. Click the "OK" button.

If you want to create another volume, you can click the "Next" button to start the process all over again. Go ahead and click the "Exit" button so you can mount your newly created volume.

You should now see your newly created volume. In this example, mine is stored on my desktop.

{mospagebreak title=Mounting a Volume}

Now you will mount your newly created volume so you can start storing data in it. The main TrueCrypt window should still be open. In the window you will see a listing of drive letters. These are the drive letters TrueCrypt will use to mount your volume within Windows. Select a drive letter you want to associate with your volume, then click the "Select File…" button to to find your volume file.

Select your file, then click the "Open" button.

Now click the "Mount" button.

Now you need to enter the password to your volume. As you will notice, you have the option to specify a keyfile, an advanced password feature of TrueCrypt discussed earlier. You should also notice another option: "Cache passwords and keyfiles in memory." What this feature does is store your keyfiles and passwords in memory for the last four mounted volumes. So, if you want to remount a volume you dismounted a few minutes ago, you will not have to enter a password or reselect your keyfile–simply select the volume’s location and the volume will be mounted automatically.

This feature is disabled by default for obvious reasons; but, it can be enabled in Settings > System Encryption on the main menu. You also have some additional options when mounting your volume. Click the "Mount Options…" button so you can explore these.

As you can see, TrueCrypt offers several mounting options.

  • Mount the volume as read-only: This option is straightforward: it makes the volume read-only and, therefore, you cannot create, modify, or delete data in the volume while it is mounted.

  • Mount volume as removable medium: This option will mount the volume the same way flash drives are mounted: as removable media. The advantage to this is Windows will not create the "Recycled" and "System Volume" folders used by the operating system, providing you with an extra level of security.

  • Use backup header embedded in volume if available: Every volume contains a backup header located at the very end of the volume. If the main header becomes corrupted or damaged, you can still mount the volume using the backup header with this option.

  • Mount partition using system encryption without pre-boot authentication: This option is used when mounting encrypted system partitions from within another operating system. This can be used to repair damaged Windows installations stored on encrypted system partitions.

  • Protect hidden volume against damage caused by writing to outer volume: Earlier in this article I mentioned TrueCrypt can create a hidden volume inside standalone or partition volumes. When writing to the outer (or non-hidden) volume, TrueCrypt has no way of knowing a hidden partition even exists. With this option, TrueCrypt virtually mounts the volume so it can identify the physical location of the hidden volume, and therefore protect the data contained in the hidden volume. I highly recommend that you use this option when working with hidden volumes.

Click "Cancel" to get back to the password box.

Once you are back at the Password screen, enter your password, then click the "OK" button.

If you have entered the correct password, you will see your volume listed in the drive letter list. You can now click the "Exit" button to close TrueCrypt. Even though you have closed it, TrueCrypt continues to run in the background.

Now, if you open Computer (or Windows Explorer), you will see your volume mounted under the drive letter you selected earlier. You can now use this drive just like any other hard drive that is connected to your computer. Go ahead and copy some files to the volume so you can see that it functions just like a normal hard drive.

When you are finished using the volume, open TrueCrypt, select the volume in the volume list, and click the "Dismount" button.

{mospagebreak title=Verifying the Encryption}

As of now, you have successfully created an encrypted volume and stored some data in it; how can you verify this data is encrypted? There is an easy tool you can use to verify this:   WinHex  . WinHex is a hex editor, and you can download a trial version from the WinHex website. This type of editor is called a hex editor because it presents data in hexadecimal format. You may already be familiar with binary format because it consists of only two characters: 0 and 1. Hexadecimal format, on the other hand, consists of the numbers 0-9, and the letters A-F, for a total of sixteen different characters.

(Note: I will not go into detail on how to perform this verification–it is beyond the scope of the article. I present this simply as proof to you that the volume was encrypted).

So, what exactly is a hex editor? A hex editor allows you to edit data and binary files at the byte level, thus showing you the physical contents of a file. How does this differ from another type of editor–say, a word processor? A word processor shows you the logical contents of a file, or rather, its interpretation of the file. If you were to open a text document in both a word processor and a hex editor, you would see two completely different representations of data. Here is how sample text appears in a word processor:

When you open the same file in WinHex, the layout may look a little strange to you. You will see three columns of information: one labeled "Offset," another labeled with the hexadecimal numbers 0-F, and the data column, which is outlined in red. The data column tells you exactly what data is present in the physical file, regardless of whether the file is a plain-text document or an audio file. As you can see, there is much more data present in that sample document than the single sentence. This is what I am referring to when I talk about the physical and logical contents of a file.

As you can see, a hex editor shows you the physical contents of a file at the byte level. Only at this level can you verify your volumes are truly encrypted. I have gone ahead and stored some sample files in my encrypted volume. As you can see, I have two text documents and some images.

Here is how the volume appears in the hex editor.

As you might have expected, the physical contents of the volume are comprised of a series of random numbers, letters, and symbols. There is absolutely no pattern whatsoever to the data stored in this volume. This is how you can tell your data is encrypted and safe. Even after an exhaustive search for the word "sample," WinHex was unable to find any matches.

When your files are encrypted, not only is the data encrypted; so are the file names, folder names, and any other pieces of data representing your files. Even your volume’s password is encrypted. This is why I encourage you to use long, strong passwords. It makes the physical contents of your encrypted volumes even more random, requiring a password cracker to spend more time and resources trying to break the encryption.

Summary

In this tutorial, we installed TrueCrypt, created a standalone volume, applied AES encryption to the volume, created a strong password, mounted our volume to Windows, and dismounted the volume for later use. We have explored several different encryption options allowing us to simply create a standalone volume or encrypt an entire operating system. We can even create hidden volumes inside our encrypted volumes if it ever becomes necessary for you to divulge your password.

Always remember to use strong passwords because simple, common-word passwords can be cracked very quickly with brute-force dictionary attacks. In addition to passwords, we can use keyfiles to increase our password’s strength ten-fold. In my next article, you will learn how to encrypt USB flash drives so you can protect your data should you ever lose or misplace the drive.

[gp-comments width="770" linklove="off" ]