Jul 09 2007
How to secure a USB drive with TrueCrypt
A quick step-by-step tutorial on how I secure my 4GB USB drive:
Create the file…
- Download TrueCrypt from here: http://www.truecrypt.org/downloads.php
- Unzip the download, but don’t install it.
- Browse to the “Setup Files” directory.
- Run “TrueCrypt.exe” and click the “Create Volume” button to start the wizard.
- Choose the “Create a standard TrueCrypt volume” option.
- Click the “Select file” button, browse to your USB drive and enter a name for the file – this can be anything and doesn’t need a file extension. I called mine “docs”.
- On the next step, choose your encryption algorithm. They are all secure – some more than others – click the run the “Benchmark” tool to help you decide between security and performance. (I just used AES)
- Choose the hash algorithm – if you know what you’re doing, or else just stick with the default. (They are all secure.)
- Choose the size of the file in the next step. I created a 2GB file so that I’ve still got space on the drive for other, unimportant stuff.
- On the next step, choose your password. This is probably the most important step in the procedure, as a short, insecure password negates the strongest of encryption. Force yourself to pick a long, cryptic password! Update: How to choose a secure password.
- Format the volume on the next step. If you’re a Windows user, NTFS is probably best, otherwise FAT is fine. Note: you aren’t formatting your entire USB drive – just the secure volume that you’re creating. Now you’ve finished the hard part.
Make it portable…
You don’t want to have to install software on each machine that you want to access your secure files on, so follow these steps to make it portable.
- Copy “TrueCrypt.exe” and “TrueCrypt.sys” to the same location on your USB drive as the file that you created in the previous steps.
- Drag and drop the secure file you created earlier on to the “TrueCrypt.exe” file.
- Select a drive letter to mount your secure file, and click the “Mount” button.
- You’ll be prompted for your password and then you can access the new drive.
Time to move on…
When you need to unplug your USB drive, just right click the TrueCrypt icon in the task tray and choose the “Unmount drive” option. TrueCrypt will also close once the drive is unmounted.
Notes…
You can install the TrueCrypt program if you want, but it seems to work just as well if you only use just the two files (“TrueCrypt.exe” and “TrueCrypt.sys”)
These steps can also be used to create a secure file on your hard drive too.
This was tested on Windows XP – I’m not sure how well this works on earlier or later versions of Windows.
If you have any comments or suggestions on how to make this better, let me know in the comments.