When someone asks you what you want for lunch it’s okay to be indifferent but when someone asks you if your data is secure you need a better answer than “I think so“.
We often profess that our computers are secure but then our actions belie our words especially when we become victims of theft and our data gets compromised.
If your data is sacrosanct password protection is necessary but isn’t sufficient because criminals are using increasingly sophisticated tools to extrapolate passwords.
Let’s say you’re driving on the interstate to see family but you get the munchies. You reason that a quick pit-stop will replenish your vigor and give you the boost you need to finish the last half of the trip.
So you throw your laptop on the passenger seat, dart into a local gas station but when you return the passenger window is shattered and your laptop is gone. Now you’re face palming, cursing and worrying about all the financial data on that computer.
Is it safe?
Or maybe you’re on a business trip and your flight has a connection at the bustling Atlanta airport. You empty your laptop and luggage and then follow the herd of people through the giant x-ray machine. After getting frisked (and feeling violated) you grab your bags and dash to the gate.
On the plane, after the melee of angry travelers abates, you pop-in your headphones and suddenly realize you forgot your laptop.
Wide-eyed your freak.
Amid the cacophony of people passing through the x-ray machine you must have left your laptop on the belt. Now it’s gone.
Is your data safe?
Or perhaps you’re meeting your wife and her sorority friends at Starbucks for evening coffee. She’s always late and you’re impetuous so you decide to kill time by buying a croissant and playing Minecraft using the free public Wi-Fi.
Suddenly the fire alarm sounds (and you smell smoke) and everyone is forced to evacuate the store. In the middle of the tumult you grab your bag and coat but forget your computer. It’s a veritable stampede of people rushing to leave and everyone is confused.
Eventually the maelstrom abates and then it hits you. You feel that sick, heavy – almost nauseous feeling in your gut.
Oh shit, I forgot my laptop
yup and when you return… it’s gone.
Was your data safe?
According to a 2011 theft report by Absolute Software, most laptop crimes happen in public schools or homes. This problem is exacerbated if you share your computer with your son or daughter because… if someone steals that laptop they get a two for one: your kids data and yours as a bonus.
My proposition to you…
If you have a relatively new computer (younger than 4 years old) encrypt your computer with whole-disk encryption.
Newer computers perform better and if you have a Solid State Drive inside it’ll run even faster. Data encryption software has progressed to the point that it encrypts and decrypts your stuff on-the-fly…
…and that’s when TrueCrypt enters the stage, bows and says with a smirk on his face:
Hey guys, someone called?
TrueCrypt is the preeminent open-source data encryption program in existence today. By “encrypts-on-the-fly” I mean it intervenes and automatically encrypts all your data right before you save it. It also seemlessly decrypts all your stuff right before you load it and all this happens silently in the background. It’s unobtrusive and requires no action on your part.
Once you set it up it just works and the best part is that the data is virtually impregnable to unauthorized disclosure. The thief would either need the correct encryption key or an interminable amount of time to brute-force it.
You get protection and he gets… well he just gets old.
For example, according to Ivan Lucas at Lockdown, choosing a 9 character password from a 52 character mixed alphabet set (upper and lowercase letters) would take approximately 2.7 quadrillion years to crack.
Getting started with TrueCrypt
I’m going to show you how to encrypt your entire hard drive. Your data is about to become virtually impervious to being cracked.
Now, is the time to do this.
As one reddit.com user learned, having whole disk encryption may have the serendipitous effect of keeping you out of jail. You can read his interesting story on Reddit.
Anyway, let’s get started.
Go to truecrypt.org and download and execute the latest stable version of the software.
When the installer appears, accept the license terms and click Next through the defaults.
The installation swiftly completes and the TrueCrypt logo decorates your desktop.
The first thing we need to do is create a volume.
This has absolutely nothing to do with sound or size. Just think of it as a container for Truecrypt. We’re going to set the boundaries of the TrueCrypt encryption domain.
Picking Create an encrypted file container creates a simple local container; however, I’m going to show you how to encrypt your entire drive which comprises the section of your hard disk devoted to Windows (the Partition).
Choose Encrypt the system partition or entire system drive and click Next.
Now there are two types of encryption:
Normal is sufficient but Hidden is there for die-hard security freaks. It’s intended to give you, the owner plausible deniability so that you can repudiate any claims to the knowledge of the actual encrypted partition. It’s pretty convoluted but the bottom line is that TrueCrypt creates a volume within a volume (the Hidden Volume) and uses one partition as a decoy.
Today we’ll keep it simple with Normal encryption.
When asked about the area to encrypt we’re going to choose Encrypt the whole drive. This is the most comprehensive and secure solution.
If your computer has a special recovery partition (most newer laptops do) TrueCrypt politely warns you that it’s about to encrypt EVERYTHING including that recovery partition.
Unless you really know what you’re doing click Yes to tell TrueCrypt to just encrypt the System Partition.
By the way, you could have by-passed this step by just clicking Encrypt the Windows System Partition in the previous image but I wanted to show you what happens if you “make a mistake”.
TrueCrypt is really good at catching common configuration mistakes and this Non-standard partition window is a good example of it helping you pick the right options.
Pick either Single-boot or Multi-boot accordingly
On the next screen you’ll find a bevy of options for the encryption and hash algorithms.
Everyone of these settings is robust so it doesn’t matter which one you pick. Just keep the defaults and move on.
Now we need to set a strong password.
This is essential. The best encryption in the world is futile with a simple password.
Now wiggle your mouse around to fortify the strength of your encryption keys… and don’t just move it side to side.
Get creative and start drawing invisible pictures of celebrities.
Feel no compunction about drawing anvils over Justin Bieber’s head.
Okay, when you’re done with the fun click Next.
We need to create a Rescue Disk before going forward.
This CD will be invaluable if something bad happens to your computer. For example, if Windows gets damaged you can use the Rescue Disk to get back into the operating system.
Place a blank CD in the tray and click Next to start burning.
When it finishes (which took about a minute for me) the disc might automagically eject.
Push the CD tray back in so the disc can get verified. Then you should see this verification screen:
Now we need to pick the Wipe Mode.
If you see any notes make sure you print them out before going forward.
And now you’re ready to start the pre-test.
Click Test then reboot.
Immediately after the manufacturers logo appears you’ll see a login screen. Sign in with your TrueCrypt password.
After logging back into Windows you’ll notice that the Pretest is complete.
Now just click Encrypt and sit back and relax.
Depending on your Wipe Mode it could take all day. As you can see, even with the wipe mode set to none (which is the fastest setting) it still takes 2 hours to encrypt my 256GB hard drive.
TrueCrypt displays a successfully encryped Windows when it finishes.
Now your Windows partition is encrypted! That’s it. Every time your reboot you’ll be prompted to enter the TrueCrypt password before the operating system loads.
All your stuff is protected.
Isn’t peace of mind wonderful?
My closing thoughts
I think I can here that small voice in your head:
Vonnie, now that I’ve encrypted my drive I’m wondering if my machine is absolutely impervious to being cracked?
The answer of course is no.
Even if you unplugged your computer from the internet, locked it in a fire-proof vault and buried it 100 feet deep in an unmarked location your computer technically still isn’t 100% hackproof.
Nothing is 100% secure with computers but you can make it a herculean task to crack.
And although by implementing TrueCrypt you’ve statistically increased the odds of protection and rendered it virtually impregnable to being breached, it’s still not completely safe.
For example, someone by the name of Lone Ranger allegedly cracked his own TrueCrypt container because he knew part of the password and tthers claim they’ve decrypted TrueCrypt drives using Forensic Disk Decryptor from Elcomsoft.
But you shouldn’t feel any trepidation about this. With TrueCrypt your computer is now a bastion of safety and most people won’t go through great lengths to crack your computer because it’s simply too burdensome, apparently even for the FBI.