Hands-On With TrueCrypt 5: Open Source System-Wide Encryption - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
Commentary
2/13/2008
12:43 PM
Serdar Yegulalp
Serdar Yegulalp
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Hands-On With TrueCrypt 5: Open Source System-Wide Encryption

Scarcely a week goes by these days without word of the theft of a computer with sensitive personal information on it.  It's gotten that much easier to protect such data with whole-drive encryption, but those kinds of solutions have typically been proprietary, like Windows Vista's BitLocker (which isn't available in all versions of Vista, either).  Now comes version 5 of the fre

Scarcely a week goes by these days without word of the theft of a computer with sensitive personal information on it.  It's gotten that much easier to protect such data with whole-drive encryption, but those kinds of solutions have typically been proprietary, like Windows Vista's BitLocker (which isn't available in all versions of Vista, either).  Now comes version 5 of the free and open source encryption system TrueCrypt, which features -- you guessed it -- whole-drive encryption.   My associate George Hulme touched on TrueCrypt before, but I decided to try encrypting my Windows notebook with it and see how it held up.

TrueCrypt itself has been around for some time now, and runs on all major OSes (Win/Lin/Mac).  Instead of encrypting individual files, it lets you create a virtual volume -- either stored in a file or directly on a disk partition -- which is encrypted on the fly as you read from and write to it.  The biggest new feature in TrueCrypt 5 is the ability to encrypt a system's boot volume -- exactly the same feature as Windows Vista's BitLocker, but without the premium cost involved.  And in this case, it doesn't even require Vista.  Windows XP, Windows 2003 Server, and Vista are all supported.

The encryption process for a drive can be done in the background while you work, and even suspended and resumed across multiple user sessions.  This is the slow and boring part; you'll probably want to set this up to run overnight.  You can do work with the system while it's being encrypted, but at a performance penalty.

Another thing I like about TrueCrypt is that there's been some thought lent to disaster recovery.  Any time you encrypt a whole boot volume, you'll also be required (not "allowed," required) to build a rescue disc that can be used to boot or repair the system safely in the event the volume header gets damaged.

When encryption concludes and you reboot the system, you're presented with TrueCrypt's boot loader program, which requires that you supply a volume password before the OS itself can be booted.  (Side note: I confess that I haven't done any direct investigation into how secure this part of the program is, since it seems like one of the first and most likely vectors for attack.)  The boot loader can be multi-OS aware, so if you boot Windows plus something else on the same system you won't be left out in the cold.

If it weren't for the icon in the system tray, I'd scarcely be able to tell a TrueCrypt-encrypted system from an unencrypted one based on performance.  Barring a somewhat slower boot-up, most everything runs with no perceptible performance loss, although I'd hazard a guess you'd see different results depending on the hardware and the encryption standard used.  (I chose AES with a 256-bit key, the fastest-benchmarked algorithm available through TrueCrypt.)

One major drawback for notebook users: Hibernation is not yet supported.  If you attempt to put the system into hibernation mode, it will force a shutdown instead.  Best to disable hibernation entirely on encrypted notebooks until they get this particular feature ironed out.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Commentary
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
News
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll