TrueCrypt is not limited to encrypting folders or individual files (unlike archiving programs, such as WinZip), but it can also encrypt entire partitions, hard disks, or USB thumb drives. This can be done in real-time too, allowing users to run a Windows configuration that is fully encrypted. TrueCrypt is only noticeable just before loading the operating system, when it asks for authentication. The real-time encryption still allows for smooth and unrestricted interaction with other non-encrypted drives, ensuring efficient operation of the system. Hidden or unidentified drives are supported as well.
TrueCrypt uses several modern encryption algorithms, but its first and foremost is Advanced Encryption Standard (AES) with a key length of 256 bits (AES-256). The three other encryption algorithms, Serpent, Twofish, and Cascades, employ the same key length. When set to maximum safety, the software can even encrypt the data twice in a nested mode, pairing any of the encryption algorithms mentioned above.
TrueCrypt version 7.0a can be downloaded for Windows, Mac OS, and several Linux distributions. Compared to version 6.1 of the program that we tested before, the new version contains a number of bug fixes and improvements. For example, the Favorite Volumes Organizer lets you choose partitions to mount while booting Windows. Since Microsoft released an API for Windows Vista and Windows 7, the software can now encrypt hibernation and crash dump files as well. However, there is no API to allow this for Windows XP and Windows Server 2003, leaving some files still unprotected. The quick and easy solution, of course, is to upgrade.
Hardware-Accelerated AES Encryption
TrueCrypt version 7.0a now supports hardware acceleration when using AES encryption, finally catching it up to BitLocker, which offers this capability straight from the factory. TrueCrypt uses AES New Insctructions (AES-NI), supported by current Intel processors starting with the 32 nm CPUs based on the Clarkdale design, then the 32 nm six-core Gulftown die, and most recently Intel's Sandy Bridge architecture. The aim is to accelerate encryption/decryption performance by a factor of four, eight, and even more in some cases. Note that the 45 nm quad-core Bloomfield design doesn't support AES-NI; neither does Lynnfield.
During installation, the software automatically detects if the computer is equipped with an AES-NI-compatible CPU and then activates the hardware acceleration by default.
We took the opportunity to evaluate TrueCrypt’s AES hardware acceleration performance, putting special emphasis on whether the AES encryption using the CPU instruction set actually is that much faster than the proven standard method.
We already determined that TrueCrypt encryption affects system performance during our review of version 6.1. But if you only use a single algorithm, you should not notice it much in everyday use. In theory, you should be able to run a system using double TrueCrypt encryption and not notice any performance drops, given the performance leap promised by hardware acceleration. How good is the speed-up in practice, then?