Strong Encryption for Your USB Flashdrive - Windows

Creating a secure container for sensitive data.

Encryption is an important protective tool, especially in this age of small storage devices that are easy lost or stolen. Whomever posesses your USB memory stick, for example, may get access to your personal documents, internet browser (with bookmarks and passwords), email contacts, and all sorts of things that could be harmful in the wrong hands. This page guides you through installation of strong encryption on your USB flashdrive.

Brute Force is Futile...

I often use a USB flashdrive which is configured for dual usage: as a bootable Linux device with Firefox, OpenOffice, and other applications, plus an encrypted data folder where I keep important documents, pictures, and other files. The procedure below will show how to create the encrypted area and keep those important files safe. The quality of the encryption is excellent - it would take an attacker longer than the life of the earth, with all of the computers in existence, to break this encryption by brute force.

Step One - Download Truecrypt

Go to the TrueCrypt website and download the latest version of their fine encryption software package. When the download is complete, open the installer and select the second option, traveller mode, which will just unpack Truecrypt and not actually install it on your main system. Soon you will install it to your USB drive.

When the files are extracted, move all of them to your USB flashdrive.

Step Two - Turn Truecrypt Into "Traveller Mode"

On your USB flashdrive, double-click the "Truecrypt.exe" file. This starts the installation process. Go to "tools" then "traveler disk setup". That brings up the traveller disk setup screen:

Note the letter of your USB flashdrive, and direct the installer to create traveler disk files there. Check the box to include the Truecrypt Volume Creation Wizard. Select the autorun configuration according to your preference. When ready, click the "create" button. After a few moments, Truecrypt will be installed in traveller mode, and the next step will be creation of an actual encrypted area.

Step Three - Create the Encrypted Area

Go to the Truecrypt folder in your USB flashdrive and double-click "Truecrypt Format.exe". That brings up the encrypted Volume Creation Wizard. There are two useful choices for the flash drive mentioned above:

1. Encryption of a "file container." This creates one large encrypted archive containing items the user intends to protect from unauthorized access. It uses strong encryption and is orders of magnitude better than password protecting zip and rar archives.
2. Creation of a volume within a non-system partition or device. If you have a separate partition on your USB drive for personal data and documents, the whole partition will be protected with this choice. It is used in a similar manner as the file container, but it is a whole partition.

For this article, the choice will be creation of a file container. Follow the given instructions and an encrypted container will be created. The process involves many steps, but there are three that are rather critical:

1. Hidden or standard volumes? A hidden volume can be installed inside a standard container. Under duress, the user gives up the password for the standard container, and plausibly denies the existence of the hidden volume. Without a correct password, this hidden volume can't be found or proven to exist.
2. Use a long password with numbers and both upper and lower case letters. Avoid short words or combinations that can be looked up in a dictionary. Also, avoid simple number combinations such as birth dates, telephone numbers, etc. The closer your password is to random monkeychatter the better.
3. Making the container too large may cause problems; use no more than 75 percent of the available space.

Step Four - Move Programs and Data Into The Encrypted Area

Once the encrypted container has been made, you will then have two pertinent things sitting in your USB flashdrive - the folder with the Truecrypt application and the encrypted container you have just made. Now what you are going to do is move your programs and files INSIDE the encrypted container. Double-click "Truecrypt.exe" and mount the encrypted container you have just created. This opens and decrypts it, and assigns it a drive letter. Simply drag and drop your files into the container, then unmount it. Truecrypt closes and protects it with strong encryption. No-one can get inside now without knowing the password. The data appears quite randomized, and it is resistant to cryptanalysis. You should also delete your original files (now COPIED into the encrypted area), and sanitize the free space outside the container with secure delete and free space wipe utilities, which will repeatedly overwrite the free space with random data and eliminate traces of files previously deleted.

Procedure Completed!

Bear in mind that entire USB flashdrive is NOT encrypted. Truecrypt has been installed and an encrypted container has been created on the USB flashdrive. If the USB flashdrive is lost or stolen, the encrypted data can not be accessed. Sleep soundly, and worry not about who is reading your USB stick.