Encryption of ones data is becoming increasingly mandatory in my opinion. Not only companies and their employees need to think about data encryption as mandatory but also everyone else. Your harddrive stores information very long, much longer than you actually think and it can be restored using proper software even years after you have pushed the delete button. Professional companies are also capable of restoring data even when the harddisk itself has suffered severe physical damage. Encryption is an easy to use, free of cost and very effective way to combat privacy issues related to involuntary data sharing. This article will explain why and when file encryption should be put into place and how to encrypt your data using Truecrypt.

This articles content consists of three parts:

• Why and when you should use encryption
• What is encryption and why I recommend Truecrypt
• Forethoughts and advice when using encryption

It is meant for casual users and is kept as non technical as possible.

Why and when you should use encryption

Your harddisk works a little different from what you probably imagine when you delete data. The device itself never deletes data in a way you for example destroy a piece of paper or a carton box you take out to trash. Your harddisk consists of many sectors. Think of your harddisk as a piece of land – the sectors are parcels on it, and every time you save data onto your disk it distributes this information onto it’s sectors (not very orderly by the way, which after a while leads to fragmentation). Once the information sits in it’s sector, the harddisk locks the area and makes it unwriteable (parcel sold). Bear in mind that there is no specific order to which sector gets used first or last.

When you delete a file or folder on your harddrive, all it does is removing the write protection, making the place in the shelf available again without removing the old data. Say what now? I delete and nothing gets deleted? Exactly. What actually happens has nothing to do with deletion. Your harddisk just takes note of the fact that you don’t need the data anymore and puts the parcel where the data resides up for rent again. You continue working and saving new data and eventually your disk saves something in same sector that you just cleared by deleting a file. But the old information is still there; not in whole but very much existent. This process gets repeated all the time on your harddisk:

• A file is saved and written to  a sector. Sector becomes unwriteable.
• The file gets deleted. Sector becomes writeable again but with the old information still there.
• A file is saved on the same sector on top of the old information. Sector becomes unwriteable again and so on…

So does information dissipate on your harddrive after a while or is it there for all eternity? Yes and no. Every time old information gets overwritten, it fades out a little bit more. But as I said before: There is no order in which your harddisk uses which sector. So what can happen is that some sectors get neglected: Although sectors becomes writeable again, they are hardly used anymore. This can happen especially when you spring clean your disk. Say you are going through old photos and come to the conclusion that these 20 gigabytes (GB) of old memories are fun but also embarrassing. You delete all of them, and decide to start taking pictures more consciously which leads to you storing less images on your disk. Instead of having 20 GB of photos, you now manage a stash of about 5 GB and never exceed beyond that. After a couple of years, you give the drive away to your neighbor’s son and get a new one. What you are not thinking about is the fact that the other 15 GB still have lots of more or less intact information of your old photos, because their sectors were never used again much. The neighbor son meanwhile, tech savy as he is, uses a file restoration tool on your old drive just out of curiosity and lo and behold finds lots of your old photos. From there they get mailed to friends, posted in social communities and blogs. Suddenly there are many people looking at your old photos that you thought were deleted. If this happens to something confidential like data from your company for example…which could also be on that USB drive that got stolen or that you misplaced…well you get the picture.

There are two solutions that prevent this kind of scenario:

• Either wipe your data every time instead of deleting it. Wiping means that old data gets overwritten multiple times with random data.
• or encrypt it.

What is encryption and why I recommend Truecrypt

When you encrypt your harddrive you basically fill it up with random data. This random data gets calculated via a complex algorithm which involves a lot of mathematics. There are people out there that put a lot of effort into this. Bruce Schneier for example who has contributed to this matter greatly, is a very interesting and thoughtful person when it comes to (digital) security. I recommend familiarizing with his work if you haven’t heard of him yet.

But back to encrypting your data for now. Once your harddrive is encrypted, it is filled with random information, information that can not be read unless you posses the key to it. The key meaning the password or passphrase that you set when the information was encrypted. I started to use encryption software about ten years ago. First out of a whim but I got more serious about it when I realized that the Internet is a dangerous place and that harddisks don’t know how to delete my files. I tried them all from PGP to Steganos to smaller tools that would encrypt single files or folders and there was always something in the way. The performance would disappoint me, there were size restrictions, bulky interfaces and sometimes bad customer support in addition. I put the topic to rest for a while and then I heard about Truecrypt, which to my great joy had none of the weaknesses and flaws of it’s commercial competition. And on top of that: It was free and still is.

I recommend Truecrypt for the following reasons:

• There are no size limitations.
• The encryption speed is fast (much faster then the competition).
• You have many encryption algorithms to choose from. You can choose between algorithms that perform fast but are less secure and vice versa.
• It has the best performance and therefore integrates into your daily workflow smoothly.
• It allows for hidden volumes (I will get to that).
• It is open source and therefore transparent. No hidden agendas.
• It is free.

So if you haven’t done it yet, head over to www.truecrypt.org and get it. And if you are satisfied with it, revisit and donate some bucks to ensure it’s continued existence. I did as well.

Forethoughts and advice when using encryption

Now before I send you off to the Truecrypt site with the beginners instructions, here are some things to consider that should help you prepare and choose the right encryption method for you.

1. There are three modes for encryption: either encryption by file container, encryption of whole non system partition/disk and encryption of a system partition/disk.
   File container encryption takes a part of free space from your disk and encrypts it.
   I usually choose encryption of a whole non system partition/disk.
   I havent tried encrypting a system disk, but I am sure that Truecrypt does a reliable job there as well.
2. Apart from encrypting a system disk, which can be done with the operating system already installed, you can only encrypt free space. For most people that usually means buying an extra harddrive. That must not stop you as this opens up room for frequent data backups. I will cover best practice data backup in a future article.
3. Encrypted partitions or disks will not be properly recognized by Windows explorer. Every time you click on an encrypted drive, Windows will attempt to format it which of course you don’t want. You can turn this nagging off by removing the drive letter from the encrypted disk.
4. The encryption will take some time depending on the size of the volume you create. In my experience the average encryption speed is 30 Megabyte per second.
5. It doesn’t matter which encryption algorithm you choose. They are all decent; otherwise they would not be there. I use the AES-Twofish.

I hope you enjoy using Truecrypt as much as I do. I have been using it for years now and it has never let me down.