Beyond the Buzz: A Look at TrueCrypt

It sounds easy. It sounds cool. For example, it comes with a "plausible deniability" feature that essentially hides files on a drive so that, even if you have a gun to your head, you can protect your data.

We took a look at it in the Test Center to see what was what.

TrueCrypt 5.0 runs on Windows Vista/XP, Mac OS X, and Linux. It has multiple algorithms and can encrypt entire partitions or storage devices. You can even run it in travel mode directly off a USB flash drive without installing it. Additionally, it provides two levels of plausible deniability (in case an adversary forces you to reveal your password).

When launched, the TrueCrypt executable offers the option of installing the application, or extracting all the files without installation. From the main window, you must first create a volume. At this point, the program opens a very helpful wizard that explains options, and issues warnings before allowing the user to do anything potentially harmful or irreversible.

The easiest (and recommended) option is to create a file container. The container is simply a file the program creates (and you name) that acts as a container for your encrypted data. You can treat this file like any other (copy, move, etc) and the encrypted TrueCrypt files will come along for the ride.

You then choose to create either a standard or hidden TrueCrypt volume. The standard will serve most needs; the hidden option is primarily for hostage situations and the like.

After naming and saving the container file, the program prompts for the type of encryption to apply. It gives a summary of each choice, and can even test and benchmark your volume for the average speed of encryption and decryption. Next, you choose the size of the volume, a password, and an optional keyfile. Finally, TrueCrypt formats the volume and you're ready to go. Using the application, you select the file container and mount the volume.

The encrypted container (and all the files within it) now appears as a new drive letter.

When you are finished, just dismount the volume.

Since the TrueCrypt volumes are OS independent, they can be opened on virtually any computer. Although, there is no master back door to open the volume if the password is forgotten, the FAQ gives instructions for an administrator to create a file with a header password that will allow them to reset the password if a non-admin user forgets it.

This has potential to be extremely useful in corporate settings.

TrueCrypt is a powerful, easy to use encryption application that has the added bonus of not costing a cent. Although donations are accepted, the organization states that it will never create a commercial product and it will always be free. Solution providers can offer it as an extra layer of endpoint security they can help a customer deploy.

Mostly, though, proprietary security products and simple best security practices explained to customers could obviate the need for such an on-the-fly encryption solution.