This is the fourth post in my “Encrypt All The Things!” series.
The prior article was on encrypting a single file.
In an effort to increase my privacy and my family’s safety, I’m going through and encrypting everything that’s possible and writing a series of articles on end-to-end encrypting for everything from phone calls to hard drives.
- Click here to follow me on Google+.
- Click here to follow me on Minds.com
What you’ll need
- Encryption software (described below, with links – It’s FREE)
- A Windows, Mac, or Linux PC.
TrueCrypt was one of the most popular disk encrypting programs for a long time, until about a year ago when the author unexpectedly pulled the plug and put some strange text on his website that the program was unsecure and people need to go find something else. The whole tech industry was scratching their heads because it had just gone through a very public security audit and determined to be very secure. What happened was the author(s) just got tired of supporting it and called it quits. Fortunately, it was open source and other groups have taken over, forked the code, and have been improving on it. VeraCrypt is a popular fork of it that I recommend. You can download it here. It’s available for Windows, Mac, & Linux. And it’s fully open source and free and supported by its new authors.
Download and install VeraCrypt.
We’ll be making a virtual disk that’s encrypted. A virtual disk is simply a large file. VeraCrypt can do its magic and make Windows/Mac/Linux think it’s a disk, so you can read and write files in it, just like on any other hard drive. In Windows, the virtual disk will have its own drive letter (but only when you “mount” it… when you’re done with it, you “dismount” it and it stops looking like a disk to the OS).
- Click the “Create Volume” button to begin.
- Make sure “Create an encrypted file container” is selected, then click “Next”.
- Select “Standard VeraCrypt volume” and click next. I’ll let you discover the other features of this product outside the scope of this tutorial.
- For “Volume Location”, click the “Select File…” button and choose a place on one of your accessible hard drives or network drives. You’ll need to provide a file name. I recommend giving it an ambiguous name like “Graphics-System.dll”. This obscures the meaning of the file from intruders.
- Then click “Save”. Also, make sure “Never save history” is checked. This prevents intruders from running this app on your machine and seeing where you created your last encrypted virtual disk.
- Click “Next” and if you named it with a file extension of “.dll”, then you’ll get a warning. It’s OK. We’re doing this on purpose.
- Now, choose your encryption method. All of them are good. Better is using 2 or more of them simultaneously.
- Remember, the tougher the encryption, the slower the encrypting and decrypting. I recommend clicking the “Benchmark” button and choosing the one that gives you the fastest speeds, unless you have state secrets or secrets that can cause significant harm to you or others, then take one of the options that give you all three. Notice that you might notice one of them is significantly faster than the others. If so, then your CPU chip probably has encryption hardware built in. VeraCrypt will use that if you choose it. As you can see, AES is drastically faster than the others on my own machine. That’s because my Intel CPU has AES encryption hardware. I’m going to choose “AES”
- For the hash Alorithm, Sha-512 is better than Sha-256. Whirlpool and Sha-256 are similar, but Sha-256 was created by the NSA and Whirlpool wasn’t. Use that information however you like! I’m choosing Whirlpool.
- Next, choose the size of your encrypted virtual disk. This is up to you. How much space do you need for your encrypted data? Whatever that number is, it HAS to be less than the available space on whatever drive your storing the virtual disk file on.
- Next, choose your password. This is a pass phrase you’ll need to enter every time you mount the encrypted volume. Obviously, use something strong, long, and easy to remember, but difficult for others to figure out. I recommend typing in a full sentence, with punctuation. CASE MATTERS! Don’t use famous quotes. Think of something that is unique to you like, “I hate it when people cut in front of me in line at the movies!@#$” Be creative!
- After entering and re-entering your pass phrase, click next. That takes you to the “Volume Format” window where you need to rapidly move your mouse back and forth, up and down, in circles, and everything else in that window to help your computer create a random number to seed the encryption. The more randomness from you it gets, the better. Computers are terrible and making random numbers by themselves. So spend a full minute or two just moving your mouse every which way across that window. Then click “Format”.
Congratulations! You have now created your first encrypted virtual disk. But, in order to USE it, there’s just a little more to do (and this is what you’ll need to do every time you want to mount your encrypted, virtual disk).
Mounting your virtual disk
Back to the main window of VeraCrypt, pick a drive letter from the list provided (Mac & Linux will be slightly different), then click “Select File” and find your encrypted virtual disk file (You DID pay attention to where your created it, right?)
And click the “Mount” button. Then enter the pass phrase you created at the beginning. Without this passphrase, it will be impossible to access the encrypted data on your virtual disk (even if there’s nothing in it yet, you can’t even mount it without the passphrase).
If you used a system file extension like “.dll” on your encrypted volume, you’ll get another warning when you try to mount it. Just click OK. It’s OK, we meant to do this. We’re trying to fool the bad guys, right?
Your encrypted volume is now mounted and ready to use, like any other disk. “But, can I…” YES! It’s just a volume like any other volume. You can read and write to it exactly like anything else. You an stream video files to and from it just like any hard disk.
Notice I have mine mounted with the “M” drive letter assigned to it. You can exit VeraCrypt and your encrypted virtual volume will stay mounted. When you’re done with this, start VeraCrypt back up, select the volume, and click “Dismount”.
As long as it’s mounted, anyone that has physical access to your machine can access its contents, so be sure to dismount as SOON as you’re done with it. Also, anyone with NETWORK ACCESS to your machine could have access to the contents of your encrypted volume. It’s ONLY protected when it’s NOT MOUNTED! When you’re using it, it’s accessible to other software on your computer!!!
Notice my M: drive in my drives list?
That’s the encrypted volume I just created and mounted. Yes, it’s a really small disk. Don’t tell anyone, OK? I do have bigger ones! No! Really! I do! Wait! Where are you going?
Thank you for sharing this article. See this image?
You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.