I’ve been looking around for a decent way to work out of an encrypted file system. I’ve come to learn that such systems are called On-The-Fly Encryption (OTFE) systems. The one that appealed to me the most was an open-source project called TrueCrypt.

TrueCrypt allows you to create encrypted “volumes” and map them to Windows drives. The tool will prompt you for your encryption password when you try to mount a volume. A volume can be a hard-disk partition, USB stick, floppy disk, or a file. The file-based volume (a.k.a. container volume) is great because you don’t have to format a device in order to have an encrypted volume. The file can exist in an otherwise unencrypted file system and TrueCrypt will map the volume data contained within the file to a Windows drive.

There is no way to identify a TrueCrypt volume as it has has no file signature or required extention. For file-based volumes, you can call the file whatever you want and store it where ever you want. If you open up the file, it look like a bunch of random data.

One really cool feature is the ability to create a hidden volume (a volume within a volume). When you go to mount your TrueCrypt volume, if you type in your outer-volume password it mounts your outer-volume, and if you type in your inner-volume password it mounts your inner-volume. They refer to this as plausible deniability. If somebody forces you to provide an encryption password, you provide them with the password for the outer-volume, which has a set of files that look important, but really aren’t (red-herrings so to speak).

Another cool thing is that you can encrypt the volume using multiple encryption schemes. So if somebody does happen to crack the encryption scheme itself, you still have additional layers of security.

Even though I’m tech-savvy, I always have a lingering feeling that somebody may have bypassed all of the security measures I have in place on my network at home and may be rummaging through my personal records and private files. With OTFE I feel much more confident that I can keep my personal documents private.