Let's Talk TrueCrypt - Part 3

This session, we're going to wrap things up with TrueCrypt.  If you've not read the first two posts, you should go back and do so now, just so you're caught-up with the rest of us. USB, or key drives, are cheap and prices are always dropping.  One of the things I've noticed is that they're often given away for free as promotional gifts.  Currently, I have a 256Mb USB drive inserted into my hub.  Now 256Mb isn't large enough to entice someone to buy one at the local store, but if it's free, I can put it to use as a TrueCrypt container.

We'll format the entire drive as a single TrueCrypt device and when we mount it to the local file system, we'll need to supply our password before the operating system can see and access the files stored on the device.

For this example, we're going to create a volume within a partition or drive.  Select that option from the first dialog box using the TrueCrypt Volume Creation Wizard and click the [Next] button.

We're going to make a Standard TrueCrypt volume - so select this option and click the [Next] button.

Next, select the USB device as the Volume Location.  What you see when you click [Select Device] can be a little intimidating. Since you're USB device (should already be) is plugged-in, and it was the last device to be mounted, scroll down to the bottom of the list.  On my machine, I saw something that looked like this:

/dev/rdisk5:     243 MB /dev/rdisk5s1   242 MB  /Volumes/MY DATA

When I look in My Computer (Windows) or on my desktop (Mac), I see the USB drive mounted as the volume named "MY DATA" -- I clicked on /dev/rdisk5s1 to use the entire partition as my new TrueCrypt volume and then clicked the [Next] button.  (I left the checkbox marked "Next Save History" checked.)

Please make sure that you have the correct device checked.  Note the warning that TrueCrypt displays:

WARNING: Note that the partition/device will be formatted and all data currently stored on it will be lost.

(Aside:  that should really be in red lettering or something...)  If you have data on the device you want to save, alt-tab to a finder window and copy the data off to another location.  When you're ready, click the [Next] button.

(Aside:  TrueCrypt won't let you encrypt the entire partition of a USB stick unless you nuke the device first.  So, we're going to use the existing partition to create a TrueCrypt filesystem within it.

Another warning pops telling you that you're about to nuke the device.  Gleefully, mind you, click yes.

Now we get to the familiar dialog where we select the encryption and hashing options.  I'm not going to delve deeply into this topic because it was covered in the second part of this series.  However, one thing you should consider is that there is overhead involved with encryption.

First, this encryption is software based.  That means that stuff that's written to, and read from, your device has to pass through the TrueCrypt processors to be (de)encrypted.  This takes CPU cycles.  The more CPU cycles required, the slower your read/writes to your device are going to be.  The more levels of encryption you have, and you can have up to three, the more CPU power you're using.  Keep this in mind when you're using a USB 1.0 device as opposed to a Solid-State Hard Drive.

Here's another way to look at it.

Remember when you were a kid and you played with ciphers?  Everyone did.  The simplest ciphers were substitution ciphers where you'd substitute A=1, B=2, C=3 and so on.  As your ciphers gained in complexity, you realized you could substitute one letter for another.  Some newspapers carried these on the crossword page.  Really complex ciphers, like the ones used in TrueCrypt involve lots of complex mathematical calculations.  (Go back to one of the previous articles and click on the link to the wikipedia page that explains the working (math) of the cipher.)

Now, the random-number used to start the cipher is generated by the hashing algorithm that we also select in this dialog box.  Just to make things really super-random.  Because. if you think about, the one thing a computer isn't, is random.  Randomness simply doesn't happen in a computer.  So us computer scientists have to simulate randomness and one of the ways to get that started is with the hash.

Ok, so, remember that we're going to substitute one letter for another (keeping it simple here...don't nerd rage) .. the hash tells us positionally where to start.  The hash generates the first cipher start point and whatever we're writing gets encrypted using the algorithm we've selected and then the data-bits are passed back to the operating system (Windows,  Linux, Mac, etc.) to be passed off to the device driver to be written to your device.  Reading something, the opposite happens.

If you use three levels of encryption, this process has to repeat itself three times.  (The part that happens in the TrueCrypt software, not the part about the read-writes and stuff.)  Depending on how much money you've poured into your machine, and what device you're writing too will determine how long this will take.

For most of us, it will be instantaneous and you shouldn't worry about it.  But I thought a nice explanation would help you understand why if suddenly you saw the SPOD (Mac: Spinning Pinwheel of Death) or the Hourglass (Windows) and things became generally unresponsive for a bit.

Anyway, pick your hashing and encryption algorithms and click [Next].

Password time.  Pick something you'll remember and click [Next].  Oh, and using a sharpie to write the password down on the device is not recommended.

Pick your filesystem type.  If you choose (FAT) then you're device will be readable across all common operating systems.  If you're only going to use it on a Mac, then choose the Mac filesystem option.  Don't click quick format.  Let the TrueCrypt format the entire volume.  Click [Next] to continue...

In the next screen, randomize your hash seed my jiggling the mouse about in the window.  Click [Format] when you're tired of watching impossibly large numbers dance about.

One last OMG! warning message - click [Yes] to format...

My archaic 256Mb USB stick formatted itself at about 5.3 MB/s -- which meant it took me about 55 seconds.  I got the success message, and clicked [OK].

Now, before I mount the stick, I unplugged it, and re-inserted.  I get this pop-up from my OS:

The Disk you inserted was not readable by this computer.

With the options to [Initialize] [Ignore] or [Eject].  I click on Ignore.

What's going on here?

Well, the entire disk has been encrypted so I need TrueCrypt to mount it as a filesystem so that I can copy files to and from the device.

I go back to the TrueCrypt window and click on [Select Device] and scroll down to where I see my device listed.  It now has no name where before it was called MY DATA by my operating system.  I click [OK] to select the device and return back to the main TrueCrypt window where I next click on the [Mount] button to mount the device so that it's readable by my computer.

I'm challenged to provide a password -- which I do...and the device is mounted on my desktop as "NO NAME".  I can now open the device and read and write files to it, knowing those files will be stored safely in an encrypted format.

In closing this series, let's talk about your files stored.  We created two types of volumes -- one was a container within a container that required two passwords.  The not-so-secret password offered access to the first level of encrypted files while the second password offered access to the container-within-a-container password.

The second type of device we used was a USB stick were we encrypted the entire file system requiring a password for it to be mounted (visible) to your desktop.  Without the password, or without TrueCrypt for that matter, the disk is unreadable by the operating system even though we formatted it using the FAT filesystem - the most common filesystem and one readable by all operating systems.

When you get down to the platter level (see the first article), data is written is long sequences of 1's and 0's.  The number of 1's and 0's read in at one time define the size of the operating system's capacity to process a "word's" worth of data.  My computer is a 64-bit operating system so when it read's a "word" from the hard drive, it read's in 64 1's and 0's.  (Actually, it reads in a heckuva lot more than that, but that's for another day.)

If someone found your USB stick and was able to somehow mount it to their filesystem and access it, then the only thing that they would see would be random data.  That is, 1's and 0's stored in a pattern that does not conform to a compliant access method used by today's systems.

Your take-away is this -- at the physical layer, there is absolutely no way to discriminate between random data and encrypted data.  Well, there is, but it's going to require really, really big computers normally only found in government agencies somewhere on the east coast to figure out what stored on your little USB stick.

This concludes this tutorial.  For more reading, the folks at TrueCrypt have provided excellent documentation on their product.  The software is free for a variety of operating systems, but they will accept your donations to the project.