You may be in the position where you need to store sensitive information and protect it even when an attacker has physical access. If so, creating a TrueCrypt file container might be the perfect solution for your needs.
TrueCrypt is an open source project for encrypting files. When you encrypt a file you make it unreadable to anyone who doesn’t know the password. I won’t go into the details of how encryption works but at its most basic level you would take A and turn it into B, or if your password is “C” then you would take A and add “C (C=3)” and you’d get D. There’s more to it because you start getting into block sizes and different ciphers but the point is that you need that “C” to get from A to D.
Step 1: Download TrueCrypt (I’m doing this on Ubuntu 12.04 64bit)
Step 2: Install it
On Ubuntu you unzip and run the file. That’s it. I assume it’s just as easy on any other OS.
Step 3: Open It Up
Hit Create Volume
The default setting is what we want. Creating an encrypted file container.
This means that we’ll be creating a file within your operating system that contains other files and content.
Again, default is what we want. Hidden partitions serve another purpose.
Now we select a file. I suggest something ambiguous. The file will be deleted so you may want to create an empty file first.
Now we get into the actual encryption algorithms. AES is the ‘Advanced Encryption Standard’ and it’s the standard. You can choose other algorithms or combinations of algorithms. Whatever you choose I suggest either AES or some combination that includes AES.
The Hash algorithm is what is used for your password. Instead of your password being “password123” you enter “password123” and it undergoes what’s called One Way Encryption and that is the actual key to unlocking the system.
I personally use SHA-512 for my hash but RIPEMD-160 is good too.
Straightforward – tell it how large you want the file to be. I personally have very little free space on this drive.
Now we get to password generation. If you’re using TrueCrypt we can assume the information is critical. A 12 character password with a full character set is what you want.
A quick rundown on how to make a password would be:
1) Use every type of character (a,B,3,$)
2) Use non personal information (not your birthday, dogs name, mother’s name, your name, etc)
3) Avoid having a single long word be the majority of your password (password, qwertyu, etc)
A good password might be:
That should be really easy to remember. That’s three random words, Brian Wilson’s birthday, and easy to remember padding. It’s actually harder for me to come up with short passwords because it’s so simple to pad it with “<“‘s or some other form of padding.
Just take three completely random words that you can remember, some old friends birthday or a date most people wouldn’t attribute to you(062042), two random symbols(!!), and some random padding (<<<>>>).
That password is incredibly strong, way more than what we even need actually. 2x longer than necessary but I honestly can’t even come up with a weak password that would be easier to remember.
You can also set a keyfile, which would be any file that you can keep on a USB. No one can unlock your truecrypt partition with that USB then. The danger being if you lose the USB you lose the keyfile. This is a great way to ensure that even if an attacker gains access to your encrypted data you’re still safe.
Now you choose the filesystem. For me it’s EXT4 but it depends on your OS. If you create it on a Flash Drive you might want FAT etc.
This is where we create random data. This data – entropy- serves to create a much more secure encryption key, which leads to a much more difficult to analyze container.
Move the mouse around however you like. Even just moving it in a circle would introduce significant randomness because no two people will do it the same way. Do this for at least 10 seconds, more if you feel like it. Longer is better.
After that you format the file (again, the file will be deleted) and you can now mount it via the homepage. Just navigate to the file, enter the password, and you’re in. You can now store files in this container and no one will be able to access it.
Keep in mind that there’s a point where it becomes far cheaper to just hack you and keylog. At this point a keyfile is probably going to help, but be wary that bruteforcing is not the only method attackers have to get information. A gun costs a lot less than a massive cracking array, and getting you to talk is cheap.