People have told me that they installed TrueCrypt, but had no idea what to do next. Here's what to do.
I and other people here have mentioned TrueCrypt before. I thought (and perhaps you did too) that it was very simple and obvious to use but I've had several people write to me complaining that they downloaded and installed it, but have no idea what to do next.
OK, maybe the interface isn't all that user friendly. It really is simple, but after looking at it from an "ordinary person" perspective, I can agree that it could leave you staring at the screen saying "Huh?" So let's run through using this in plain English.
What you don't want to do
The most common fear I heard from people was that they were afraid TrueCrypt was going to encrypt their hard drive and that something would go wrong or they'd forget the password.
Yes, TrueCrypt can encrypt entire hard drives, and yes, things could go horribly wrong or you could forget your password. So, yes, you have reason to be concerned. I definitely would NOT advise using TrueCrypt for that purpose unless you completely understand what you are doing, what the risks are, and (perhaps most importantly) WHY you are doing it.
Most of us need to protect individual files. Maybe you have a text file with all your passwords in it. Maybe you handle sensitive documents for your clients. Whatever it is, you usually don't need to encrypt a whole drive. You just need to lock up those particular files.
Protect a file or files
This is the simplest and safest TrueCrypt operation. Start up TrueCrypt. You've never used it before, so what you want to do is click on Create Volume. You want to create an "Encrypted File Container" (that's the default). Click Next, and then select "Standard True Crypt Volume" (again that's the default). What happens next seems to confuse people: a file dialog comes up, which perhaps makes you think that you need to select some file.
No, it's looking for you to give the name and location of a NEW file. This file will be the "container" for the files you actually want to hide. It's going to eventually end up as another disk drive on your system, which is perhaps another reason this can confuse folks: it's a "volume", it's a "container", it's a disk drive. No wonder people are hesitant to proceed!
So click on "Select File", navigate to where you want to keep this, and give it a name. Remember, this is the "container". It's the box your secret files will hide in. You might call it "Secrets", "My Secret Stuff" or "Fred" - choose something that makes sense to you. IF YOU CHOOSE AN EXISTING FILE, IT WILL BE DELETED.
So, after choosing a name, click Next and the following screen asks what kind of encryption you want to use. For most of us, the default AES is fine. The TrueCrypt help file suggests reasons why you might choose one of the others:
If you store the backup volume in any location where an adversary can make a copy of the volume, consider encrypting the volume with a cascade of ciphers (for example, with AES-Twofish- Serpent). Otherwise, if the volume is encrypted only with a single encryption algorithm and the algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able to decrypt his copies of the volume. The probability that three distinct encryption algorithms will be broken is significantly lower than the probability that only one of them will be broken.
You can take the default choice for the hash algorithm and click Next.
Now you need to choose the size of your container. Obviously it needs to be large enough to store the files you want to hide, but you may want to think about making more than one smaller container. For example, if you are going to store backups of this container (a good idea!), you might want to do that on a CD or DVD - obviously the container size has to be small enough to fit on the storage media. Or perhaps you plan on using one of the many free Internet storage sites - your choice of size may be limited by what they will give you for free.
There's also a minimum size - not because TrueCrypt really cares, but because your operating system can't create a disk drive (which is what this container ultimately becomes) smaller than a minimum size. Once you've decided how big or small this wiill be, you click Next and it's time to choose a password.
Think of a sentence
TrueCrypt isn't looking for "joe123" or even :"P^%WErt45email@example.com" . It's looking for a long sequence - they recommend at least 20 characters and you can use up to 64.
You could make up a long string of nonsense, but how are you going to remember "Ht^%f2HH(hpo&mnE$%d";q\n*^$sdf"? I suggest using a phrase - a sentence - that you can remember. It might be words from a song: "Memories are all I have to cling to - cling to!"
or a string of names: "Thomas, Jonathan, Sarah and THEN William!". If you always keep the books on your shelf in the same order, maybe you could use their titles: "Programming Perl, Perl Cookbook, Linux Firewalls and Linux Cookbook". It is best if you can include some random punctuation, but if this password is never going to be written down and will live only in your head, it's better to be a little more weak than risk forgetting it - once you've locked your files up with this, they are not coming back without that password!
A weaker password can be augmented with a "key" file or files. These are simply files that TrueCrypt takes 1024 bytes from and mixes into your encryption. You can use any file (or multiple files) on your disk as long as the first 1024 bytes of it will never change. You could use a file stored on a USB stick - if someone stole your computer but didn't get that USB drive, they can't open your TrueCrypt files even if they have the password. Of course, you can't either - you have to have the key file(s) available to get at your stuff.
Once you have decided on your password and any key files, it's time to actually create the container. You'll be asked to move your mouse randomly for a bit and then click Format. The purpose of the random mouse stuff is to generate better encryption, so just do it even though it sounds like someone might be pulling your leg. After you click Format and TrueCrypt says it is all done, you can exit back to the main screen.
You have now created a container. You haven't put anything in it yet and to do that, you need to mount it as a disk drive. You'd think you cold just click "Mount" and TrueCrypt would ask you what you want to mount, but no, you need to first click "Select File", find your container, point at your key file(s) if you used any), and then click "Mount". You can select what drive letter or (Mac) volume identifier to use and once it is mounted you can exit TrueCrypt - you can unmount the container using ordinary operating system methods if you wish.
While it is mounted, you can put files in it. I suggest keeping safe copies of your files until you feel completely comfortable with TrueCrypt - remember, if you can't recall the password or lose any required key files, you will have no access to your data.
That's it. After you have loaded the drive up with files, you unmount it and that's it - the encrypted container is protected by your password and any key files you specified. It was pretty simple, wasn't it?