Home > Articles > Home & Office Computing > Microsoft Windows Vista & Home Server

Installing and Configuring TrueCrypt for Full Disk Encryption

  • Print
  • + Share This
The latest battle cry in the security community is for full-disk encryption (FDE). This has been largely due to concerns over lost and stolen information that could lead to identity theft. Disk encryption for mobile devices has become mandatory for the federal government, but it’s a good idea for anyone who wants to protect personal information either at work or at home. With that in mind, security expert Randy Nash describes how he deployed a FDE solution on his personal laptop using the free, cross-platform, and open-source solution from TrueCrypt.
Like this article? We recommend

TrueCrypt is an excellent open-source, cross-platform solution for file and disk encryption. It is under constant development, with regular updates being posted to its site. Another attractive feature for me is the availability of AES encryption. The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm (Rijndael, designed by Joan Daemen and Vincent Rijmen, published in 1998) that may be used by U.S. federal departments and agencies to cryptographically protect sensitive information. If it’s good enough for the federal government, it’s good enough for me. TrueCrypt can currently encrypt the following operating systems:

  • Windows Vista
  • Windows Vista x64 (64-bit) Edition
  • Windows XP
  • Windows XP x64 (64-bit) Edition
  • Windows Server 2008
  • Windows Server 2008 x64 (64-bit)
  • Windows Server 2003
  • Windows Server 2003 x64 (64-bit)
  • Mac OS X 10.4 Tiger
  • Mac OS X 10.5 Leopard
  • Linux (kernel 2.4, 2.6, or compatible)

Encrypting the System Volume: Step By Step

The TrueCrypt application interface is quite simple (see Figure 1).

Figure 1

Figure 1 TrueCrypt application interface.

All features are available from a single interface. To encrypt the system volume, click on the System menu item and select Encrypt System Partition/Drive:

Figure 2

Figure 2 Encrypt the system/partition drive.

Two methods of system encryption are available: Normal and Hidden. We’re looking at the simplest case here, so we’ll perform the Normal encryption process (see Figure 3).

Figure 3

Figure 3 Normal encryption process.

The next step may be critical, depending on your computer. You have the choice to encrypt the Windows system partition, or encrypt the whole drive. Encrypting the Windows system partition will only encrypt the partition where Windows installed. This may leave portions of your drive unencrypted and potentially vulnerable. However, choosing to encrypt the whole drive may cause problems if you have multiple partitions with more than one operating system installed or a multi-boot environment. Because my laptop has only a single partition and operating system, I choose Encrypt the Whole Drive (see Figure 4).

Figure 4

Figure 4 Encrypting the whole drive.

Next we need to know if our computer has a Host Protected Area, and if so can we encrypt it. The Host Protected Area exists on some computers to store recovery tools, specialized drivers and so on. If you’re not sure about your computer, please make sure to contact your vendor before proceeding!

My laptop is a clean install with no Host Protected Area, so I select No.

I have a single-boot, single OS laptop, so I choose Single-boot. Select as appropriate for your computer (see Figure 5).

Figure 5

Figure 5 Single-boot operating system.

As I mentioned earlier, I’m a fan of AES Encryption. TrueCrypt supports the following encryption algorithms:

  • AES
  • Serpent
  • Twofish
  • AES-Twofish
  • AES-Twofish-Serpent
  • Serpent-AES
  • Serpent-Twofish-AES
  • Twofish-Serpent

And these hash algorithms:

  • RIPEMD-160
  • SHA-512
  • Whirlpool

I choose AES (the default) and RIPEMD-160 (also the default), as shown in Figure 6.

Figure 6

Figure 6 Choosing an encryption option.

Now you’re prompted to enter your password. I prefer a passphrase. Whatever you choose, make it reasonably long and complex. Use upper- and lowercase letters, numbers, spaces, and special characters. I enter my passphrase and continue.

Figure 7

Figure 7 Selecting a passphrase.

Now TrueCrypt asks you to move your mouse around the screen. Why? That’s an excellent question. Moving the mouse randomly around the screen generates random data used as a salt when generating your cryptographic keys for the encryption process. So, wiggle that mouse around as randomly as possible for as long as you want (longer is better). When you’re ready, click Next and continue.

Figure 8

Figure 8 Generating random data used as salt.

Now the keys are generated; Congratulations!

Figure 9

Figure 9 The keys are generated.

  • + Share This
  • 🔖 Save To Your Account