TrueCrypt v7.1a

A Tutorial and Full Review of TrueCrypt, a Free Disk Encryption Program

Screenshot of TrueCrypt v7.1a in Windows 7
TrueCrypt v7.1a.

TrueCrypt is the best free full disk encryption program you can download. A password combined with one or more keyfiles can secure every file and folder on an internal or external hard drive.

TrueCrypt also supports encrypting the system partition.

The big "selling" point for TrueCrypt is its ability to hide an encrypted volume inside another, both secured with a unique password, and both accessible without revealing the other one exists.

Download TrueCrypt v7.1a
[Softpedia.com | Download & Install Tips]

Note: TrueCrypt's official website states that the program is no longer secure and that you should look elsewhere for a disk encryption solution. However, this may not actually be the case for version 7.1a, which was a version of TrueCrypt released just before the final one. You can read a convincing argument about this at the Gibson Research Corporation website.

More About TrueCrypt

TrueCrypt does everything you'd expect a really good whole drive disk encryption program to do:

  • Works with Windows (10/8/7/Vista/XP), Mac, and Linux operating systems
  • Virtual disk drives in the form of single files can be built and encrypted
  • You can use a keyfile with or in place of a password for added security, such as a folder, file, security token, or smart card
  • Supports AES, Serpent, and Twofish encryption algorithms
  • Advanced settings are available so you can specify when to automatically dismount an encrypted drive, like when you log off, once the screensaver launches, and/or after a certain period of inactivity
  • If interrupted, TrueCrypt can resume the encryption process at a later time

TrueCrypt Pros & Cons

File encryption programs like TrueCrypt are extremely useful, but they can also be a bit complex thanks to the level at which they're working with your data:

Pros:

  • Can encrypt internal and external hard drives and partitions
  • On-the-fly encryption (OTFE)
  • Drives are easy to mount and dismount
  • Can mount a volume in read-only mode
  • Option to open encrypted volumes with a keyboard shortcut
  • A portable mode is available, which doesn't require installation

Cons:

  • Software is no longer being updated
  • May be confusing to use for the inexperienced
  • Decrypting a non-system partition requires an external formatting tool
  • Keyfiles can't be used to secure a system partition
  • Original documentation is no longer available

How to Encrypt the System Partition Using TrueCrypt

Follow these instructions to use TrueCrypt to encrypt the portion of a hard drive that's running an operating system:

  1. Click System from the menu and choose Encrypt System Partition/Drive... from the drop-down list.
  2. Decide the type of encryption you want to use, and then choose Next.

    The default selection creates a regular, non-hidden system partition. Learn more about the other option below in the Hidden Volumes in TrueCrypt section and at the Hidden Volume documentation page.
  3. Select what you want to encrypt, and then choose Next.

    The first option found here, called Encrypt the Windows system partition will encrypt the partition with the operating system installed, skipping over any others you might have set up. This is the option we'll choose for this tutorial.

    The other option may be chosen if you have multiple partitions and would like them all to be encrypted, like the Windows partition plus a data partition on the same hard drive.
  1. Select Single-boot, and then click Next.

    If you're running more than one operating system at once, you'll need to choose the other option, called Multi-boot.
  2. Fill out the encryption options, and then click Next.

    The default selections are fine to use, but if you want, you can manually define the encryption algorithm on this screen. Read more about these options here and here.
  3. Enter and confirm a password on the next screen, and then click Next.

    Important: TrueCrypt recommends using a password that's more than 20 characters in length. Don't forget what you've chosen here because this is the same password you'll need to use to boot back into the OS!
  1. On the Collecting Random Data screen, move your mouse around within the window to generate the master encryption key before clicking Next.

    Moving your mouse around the program window in a random manner is said to make the encryption key more complex. It's certainly an interesting way to generate random data.
  2. Click Next on the Keys Generated screen.
  3. Save the Rescue Disk ISO image someone on your computer, and then click Next.

    If critical TrueCrypt or Windows files ever get damaged, the Rescue Disk is the only way restore access to your encrypted files.
  4. Burn the Rescue Disk ISO image to a disc.

    If you're using Windows 7Windows 8, or Windows 10, you'll be prompted to use the Microsoft Windows Disc Image Burner to burn the file. If that doesn't work, or you'd rather not use integrated burning, see How To Burn an ISO Image File to a DVD, CD, or BD for help.
     
  5. Click Next.

    This screen just verifies the Rescue Disk was properly burned to the disc.
  6. Click Next.
  7. Click Next again.

    This screen is for choosing to wipe the free space off the soon-to-be-encrypted drive. You can either skip this by choosing the default option or use the built-in data wiper to completely erase the free space on the drive. This is the same procedure that the free space wiping options in file shredder software programs use.

    Note: Wiping free space does not erase the files you're using on the drive. It only makes it less likely for data recovery software to retrieve your deleted files.
  8. Click Test.
     
  9. Click OK.
     
  10. Click Yes.

    The computer will restart at this point.
     
  11. Select Encrypt.

    TrueCrypt will automatically open once the computer has started back up.
  12. Click OK.

Note: While TrueCrypt is encrypting the system drive, you can still work normally by opening, removing, saving, and moving files. TrueCrypt actually pauses its encryption process automatically when there is any indication that you're using the drive.

Hidden Volumes in TrueCrypt

A hidden volume in TrueCrypt is just one volume built into another. This means you can have two different data sections, accessible by two different passwords, but contained in the same file/drive.

Two types of hidden volumes are permitted with TrueCrypt. The first is a hidden volume contained on a non-system drive or virtual disk file, while the other is a hidden operating system.

According to TrueCrypt, a hidden partition or virtual disk should be built if you have heavily sensitive data. This data should be placed in the hidden volume and encrypted with a particular password. Other, non-important files should be placed in the regular volume secured with a unique password.

In the event you’re forced to reveal what’s in your encrypted volume, you can use the password that opens the "regular," non-valuable files while leaving the other volume untouched and still encrypted.

To the extortionist, it would appear that you have just unlocked your hidden volume to reveal all the data, while in reality, the important content is buried deeper inside and accessible with a unique password.

A similar methodology is applied to a hidden operating system. TrueCrypt can build a regular OS with a hidden one inside. This means you would have two different passwords – one for the normal system and the other for the hidden one.

A hidden operating system also has a third password, which is used if a hidden OS is suspected to be in place. Revealing this password would appear as though you’re revealing a hidden OS, but the files in this volume are still unimportant, "fake" files that don’t actually need to remain a secret.

My Thoughts on TrueCrypt

Of the few full disk encryption programs I've used, TrueCrypt is definitely my favorite.

As I mentioned above, the best thing anyone will mention about TrueCrypt is the hidden volume feature. While I agree with this, I also have to praise the smaller features like setting favorite volumes, using keyboard shortcuts, automatic dismounting, and read-only mode.

Something I find a little bothersome about TrueCrypt is that some things in the program don't work even though they would appear to. For example, the section for adding keyfiles is available while setting up encryption on the system drive but it's not actually a supported feature. The same can be said for hash algorithms during a system partition encryption - only one can actually be chosen even though three are listed.

Decrypting the system partition is easy because you can do it right from within TrueCrypt. When decrypting a non-system partition, however, you must move all your files to a different drive and then format the partition with an external program like Windows or any other 3rd party formatting tool, which seems like an unnecessary, extra step.

TrueCrypt doesn't actually look like it's easy to use because the interface is bland and outdated, but it's really not bad at all, especially if you read through its documentation. The official TrueCrypt documentation is no longer available but most of it can be found at Andryou.com.

Note: The portable version of TrueCrypt can be downloaded from Softpedia or you can select "Extract" during setup using the regular installer from the download link below to get the same result. The Mac and Linux downloads are available from the Gibson Research Corporation website.

Download TrueCrypt v7.1a