Truecrypt and USB drives

Human beings lose things. Laptops, smartphones and USB memory drives are things. We also lose them (see e.g. this piece of news). The data that any IT related hardware item can carry is often more valuable than the hardware itself. Truecrypt is a valid option to encrypt "losable" devices. This way, a third party would have a more difficult time to reach data stored e.g. in a USB memory drive. 




Truecrypt exists for Linux, Mac OS and MS Windows (where there is also a portable version - however requiring local admin rights). Once it is installed, its GUI looks like this:


It can use both a file or an entire partition as encrypted container. Both options can be mounted in the system and all data stored there will be encrypted at rest. The symmetric encryption algorithms that Truecrypt can use are the following. According to speed and crypto strength needs, the use of AES is the recommendable option:


However, remember that the security of your container relies, not only on the strength of the encryption algorithm used, but also on the strength of the password used as authenticating credential. The tool also allows for the use, together with a strong password, of a keyfile, so that both elements are required to decrypt and use the container (it there is the need to base authenticating credentials, not only on something you know, but also on something you have).

Little note: If you need to encrypt a set of already existing files, then you first need to create an empty container, and afterwards, move the files there.



Final catch: The drawback of using Truecrypt to encrypt your USB memory drive is that you need Truecrypt executed whenever you use your files. The advantage, if your USB memory drive is lost, your data will be safer. Up to your risk management decision ;-).

Happy secure data transport!