Sign in with
Sign up | Sign in

Encryption Algorithm, Performance, Rescue Disc

Protect Your Data With Encryption
By

Now things get a little more technical: the fifth window provides you with the option to pick your desired algorithm, to check its performance on your system and drive, and also to select the hash algorithm you want TrueCrypt to use. We tried two different options for our testing: on the first run we chose AES, while the second test used AES-Twofish-Serpent, which offers double encryption at the cost of reduced performance.

The TrueCrypt encryption wizard includes a benchmarking tool, which you can access when selecting the encryption algorithm (see above). The benchmark shows varying performance and highly depends on the processor, followed by the drive you are about to encrypt: AES and Twofish provide highest throughput on our Core 2 Duo notebook Dell Latitude D610. Once you start combining multiple encryption algorithms, e.g. Twofish and Serpent, performance drops considerably. While this isn’t noticeable while working with Windows and popular applications, increasing system load—such as may occur during heavy multi-tasking or when taking on intensive workloads such as video transcoding—will reduce system performance considerably.

Next, you have to select a master password, which the system will use to grant access to the encrypted system.

TrueCrypt prompts you to create random data for the encryption keys by moving your mouse in a random fashion. The more creative you are, the more security you will get.

Done! The header key for the encrypted drive and the master key have been created.

Finally, you need to create a rescue disc. This is mandatory for a TrueCrypt installation, because it is the only way to access your encrypted data should the boot loader be damaged or removed from the encrypted drive. This is not something you would do deliberately, but could occur by accident or due to hard drive failure. Make sure you store the rescue disc in a safe location.

TrueCrypt creates an ISO image, so you can store it on hard drives or create a CD or DVD right away.

Display all 46 comments.
This thread is closed for comments
  • 3 Hide
    Executioner_bg , January 19, 2009 7:52 AM
    Hardcore security is hardcore. Very good article. Thanks for the info.
  • 1 Hide
    ecka , January 19, 2009 8:08 AM
    Nice software. Been using it for close to 3 years. No glitches. The only complain/annoyance was when upgrading from 5.x to 6.x for security reasons i needed to re encrypt encrypted external usb drives.
  • -1 Hide
    neiroatopelcc , January 19, 2009 10:38 AM
    Despite working with it every day, and being in charge of a fair amount of systems, I've never truely appreaciated security measures. Sure I use passwords and the like, but I just don't really trust the security features. Probably so because I don't understand them.
    No matter how many of these here articles I read, I'll always be afraid to lock myself out of my data, or somehow lose the keys or whatever is needed. More security means higher risk of accidental loss. And I don't know enough about encryption to feel secure in a secured enviroment.
    So I prefer my outlook pst file being a plain text file on a network drive secured with just ntfs restrictions. I know the file would be readable if someone'd steal the nas system or get my windows password, but that's just too unlikely to bother me.

    In short - probably a good piece of tech, but if more people are like me, they'd be too scared to even try it.
  • 0 Hide
    neiroatopelcc , January 19, 2009 10:39 AM
    Edit: Ofcourse a man in the middle attack, and other similar stuff, would also increase the risk of someone getting my sensitive data, but since they'll have to know a fair bit about the data to truely gain from it, that doesn't much bother me either.
  • 2 Hide
    Anonymous , January 19, 2009 11:15 AM
    Thanks for the review, I've been very interested in switching to an encrypted system drive.

    I'm still curious if you could go into more detail about where the bottlenecks are; eg: how fast does the CPU have to be to bottleneck the HardDrive.

    I find having truecrypt AES enabled limits throughput to 80MB/s on my E6600, 4x750GB RAID5 on 3ware vs 160MB/s unencrypted.

    I'd like to see more tests across different hardware configs to see what the crossover points are. When does CPU speed limit HD speed? Would upgrading to WD-RE3 drives and an i7-920 improve performance (well, obviously yes, but how much?)
    And when would the RE3's be bottlenecked by the CPU?

    The same applies to the mobile platform, does a faster CPU help? or is it still IO limited?
  • 4 Hide
    theblackbird , January 19, 2009 11:27 AM
    I've been using Truecrypt for about 2 years now: system encryption as described in this article (pasword at bootup), and my whole data drive encrypted with a password and keyfile.

    I chose to work with such (hardcore) security measures because our privacy gets more and more threatened in these modern technology days. I like the privacy protection it offers a lot.

    But this is not for everyone. You really have to know what you're doing:
    - Forget your pasword: you're doomed.
    - Find out your rescuedisk doesn't work in case of disk corruption: you're doomed.
    - Loose a keyfile: you're doomed.
    - Don't have a header backup, and header gets corrupted (got that once): you're doomed.

    You need the rescue iso, headers and keyfiles securily backupped TWICE to prevent data loss, at all cost. It's something you have to take very seriously, or face the possible consequences of loosing all your data forever.
  • 0 Hide
    neiroatopelcc , January 19, 2009 11:32 AM
    Now that last post just scares me! makes me know exactly why I'm not thrilled with the whole security issue.
    I still dreadd the day I forget the master password for the offsite backup (can't be reset)
  • 1 Hide
    ecka , January 19, 2009 11:35 AM
    Yes those issues would stop a normal user from using the software IF the knew about them. From my experience most of the standard users down even read the quick start guides and then mumble that their new toy is crap. So I don't see this being widely used by normal users.
  • 2 Hide
    theblackbird , January 19, 2009 12:04 PM
    neiroatopelccNow that last post just scares me! makes me know exactly why I'm not thrilled with the whole security issue.I still dreadd the day I forget the master password for the offsite backup (can't be reset)


    Don't be too scared. Reading the info at trucrypt.org helps a lot. Invest a little time and you're safe. You just have to know how the system works, what you need to backup, and what to do when a failure occurs.

    I just wanted to warn the average Joe of implementing encryption, without knowing the consequences.
  • 1 Hide
    mike123abc , January 19, 2009 1:14 PM
    I use Vista bitlocker (Business/Ultimate). With a TPM module it is pretty transparent function. Without a TPM you have to have an USB key (or type in a 48 digit code). It mainly works to keep your data private if your laptop is stolen. Of course business/ultimate costs real $$ if you do not have it already and this looks like a nice free solution.
  • 1 Hide
    Shadow703793 , January 19, 2009 1:21 PM
    theblackbirdI've been using Truecrypt for about 2 years now: system encryption as described in this article (pasword at bootup), and my whole data drive encrypted with a password and keyfile.I chose to work with such (hardcore) security measures because our privacy gets more and more threatened in these modern technology days. I like the privacy protection it offers a lot. But this is not for everyone. You really have to know what you're doing:- Forget your pasword: you're doomed.- Find out your rescuedisk doesn't work in case of disk corruption: you're doomed.- Loose a keyfile: you're doomed.- Don't have a header backup, and header gets corrupted (got that once): you're doomed.You need the rescue iso, headers and keyfiles securily backupped TWICE to prevent data loss, at all cost. It's something you have to take very seriously, or face the possible consequences of loosing all your data forever.

    +1. I too have been using TruCrypt for a few years and very impressed with it.
  • 0 Hide
    abhinav_mall , January 19, 2009 1:47 PM
    I have just one question. What if vista (not the boot loader of truecrypt) crashes and nothing works, like system restore, and i am left with doing a complete repair reinstall of vista OS. Will that be possible?? I just have a gut feeling that Vista dvd wont recognize truecrypt layer.
  • 3 Hide
    byebye , January 19, 2009 1:55 PM
    I found 1 flaw in your article(may not be the only flaw).

    "Password Limitations
    ...there is only one master password for the entire system...(wrong)... This means that it is not possible to create multiple, differently-encrypted system installations that are based on different Passwords...."

    You can have as many passwords to as many OS's as you want.
    it's at the beginning pages of the setup.
    it is actually recommended for the extreme paranoid.(plausible deniability)where if you are captured and asked for the password give them an OS that you use often but not the one the has the sensitive info on.


    to abhinav_mall
    the answer is yes.
  • 1 Hide
    naylom , January 19, 2009 4:45 PM
    I note at installation the article says you have to pick single or multi-boot, what happens if you want to add a new o/s later and become multi-boot from single boot?

    Would also be nice to see a comparison of this versus bitlocker for windows users.
  • 0 Hide
    elerick , January 19, 2009 5:01 PM
    lets say you lose your password or something along those lines. Can you reformat the drive?

    Im curious because I have a few of external drives as an IT professoinal, what options do I have to regain access to them?
  • 1 Hide
    theblackbird , January 19, 2009 6:09 PM
    elericklets say you lose your password or something along those lines. Can you reformat the drive? Im curious because I have a few of external drives as an IT professoinal, what options do I have to regain access to them?


    You can always reformat a drive. I don't see the problem there.

    If you don't have the password for an Truecrypt encrypted system or drive, there's no way you can ever access the data on it again.

    One exception: in some cases it might be possible to retrieve the cached password from RAM. This method has shown to work in an ideal lab situation. I don't see this happen in real life tho, because data in RAM is lost in about 30 seconds average, after shutdown.
  • 1 Hide
    theblackbird , January 19, 2009 6:23 PM
    abhinav_mallI have just one question. What if vista (not the boot loader of truecrypt) crashes and nothing works, like system restore, and i am left with doing a complete repair reinstall of vista OS. Will that be possible?? I just have a gut feeling that Vista dvd wont recognize truecrypt layer.


    1. You can boot from the Truecrypt rescuedisk, decrypt your system, do some Vista repair magic, then encrypt again (yup, lengthy)
    2. You can reïnstall Vista from scratch (of course, it won't recognize any data on the drive, because it's all encrypted)
    3. You can mount the encrypted system drive from another OS, let's say Ubuntu, and access data on it if you need it prior to reïnstalling Vista.
  • 1 Hide
    theblackbird , January 19, 2009 6:43 PM
    naylomI note at installation the article says you have to pick single or multi-boot, what happens if you want to add a new o/s later and become multi-boot from single boot?Would also be nice to see a comparison of this versus bitlocker for windows users.


    Decrypt, install second OS, encrypt. I do suggest you read about dualbooting with Truecrypt on the Truecrypt forum. There are several options (and not always easy to understand).
  • 2 Hide
    theblackbird , January 19, 2009 7:12 PM
    A tip for people wanting to experiment with Truecrypt: do it within a Virtual Machine with software like VMWare. Very good for learning, and you can screw up without consequences. Especially useful when experimenting with dualboot configs.
  • 0 Hide
    bobbyd , January 19, 2009 8:58 PM
    Does this program work with 64 bit versions of vista?
Display more comments