Windows Vista comes with up to two disk-encryption features, depending on which edition of Vista you buy. All versions of Vista support NTFS on-disk, file-level encryption, as do all versions of Windows XP and Windows 2000. But NTFS encryption has many drawbacks, one being that it only encrypts on the file level. That limits its usefulness in environments where it's important to encrypt the entire contents of the disk.
Vista Business and Ultimate also include BitLocker, an on-the-fly encryption system that encrypts the system disk, including the operating system's own executables and boot files. This is a useful way to prevent, for instance, a notebook computer from being compromised if it falls into the wrong hands. But BitLocker only encrypts the system volume; it doesn't encrypt auxiliary volumes or removable drives. To solve that problem effectively, you need to turn to a third-party solution.
One of the very best that I've found, not only for the scope of its features but also for its licensing and implementation is TrueCrypt, a free open source encryption application, available for both Windows and Linux, and with the C++ source code available to all for inspection. I've been using TrueCrypt for some time now (about a year and a half) as a way to encrypt both whole drives and virtual drives, and I am consistently impressed with the way it's relatively easy to use and intelligently designed from a security standpoint.
TrueCrypt open source encryption works by allowing you to create encrypted volumes either from an entire physical drive or partition, or by turning a regular on-disk file into an encrypted virtual disk. All data that passes to and from the volume is encrypted and decrypted on the fly with your choice of encryption algorithm (256-bit AES, Serpent, Twofish or "cascaded" combinations of the above) or hash algorithms (Whirlpool, RIPEMD-160 and SHA-1). Without the proper volume password, everything on the encrypted volume is indistinguishable from random data.
Moreover, there's nothing to distinguish an encrypted TrueCrypt volume -- the encrypted volume has no specific header or identifying parameters, and a virtual TrueCrypt volume file does not have to have any particular extension to be usable. Windows sees the encrypted volume as just another drive, and any operations that can be conducted with a regular file system can be performed on a TrueCrypt volume.
TrueCrypt sports a number of other high-security features that are optional but useful:
- Keyfiles: A keyfile is any file -- a piece of text, an image, an .MP3 file, etc. -- that TrueCrypt open source disk encryption combines with the password you supply to decrypt a particular volume. Without the keyfile and the password, the volume cannot be decrypted. Keyfiles can be combined with other encryption -- for instance, if you have a keyfile that's stored on a BitLocker-encrypted boot volume (or even in another TrueCrypt volume!), then the TrueCrypt volume can only be accessed if someone also has access to the BitLocker volume. This applies even if the TrueCrypt volume is stored on a removable drive or another partition.
- Hidden volumes: Hidden volumes allow you to mount two partitions within a given TrueCrypt volume: a regular one, revealed by default when you supply a password, and a second one, which is not detectable (and is concealed with a different password). The designers of TrueCrypt created this feature to allow a degree of plausible deniability for the end user; you could place a certain amount of non-crucial information in the outer volume, and if you were forced to reveal the main password for the volume, you could do so without compromising the truly sensitive data on the inner volume.
- Vista-specific features in version 4.3. The latest revision of TrueCrypt open source disk encryption fully supports Windows Vista, including User Account Control (UAC), so TrueCrypt will run as a regular user without balking. TrueCrypt's executables have all been digitally signed with a trusted root certificate to avoid Vista authentication issues. Note that only an administrator can install TrueCrypt on a given Vista system.
- Traveler mode: This allows you to place a runtime copy of TrueCrypt on a removable drive and run it on Windows systems where TrueCrypt is not installed. The TrueCrypt program has a wizard to automate this process and even makes it possible for the volume to mount itself (with the proper password, of course) when the volume in question is inserted. Note that you cannot use traveler mode in Vista unless you are using an account with admin privileges.
- Support for encrypting entire physical devices. If you choose to, you can initialize an entire unpartitioned physical device -- a hard drive, a flash drive -- as a TrueCrypt volume for maximum security. This may take a great deal of time, since the entire device has to be overwritten with random data to be truly secure, but, once done, there is no way to tell that the drive is anything but a randomly-erased volume without the proper password. Mounting a partition or device as an encrypted volume (instead of a file) also makes it more difficult for an attacker to reverse-engineer information that might be stored on the volume if you are using a journaled file system like NTFS.
I should point out that Windows users should observe some precautions when using TrueCrypt that have been documented by the program's authors. One major way protected data can leak out is through the paging/hibernation files. If unencrypted data is written from memory to either of those files, it could be analyzed by a third party if the volume they are written to isn't encrypted. However, if you use TrueCrypt in conjunction with a BitLocker boot volume, this should reduce the total attack surface since any decrypted data that might be written "in the clear" would typically just be written to the BitLocker volume.
Third parties have written add-ons for TrueCrypt, since the TrueCrypt APIs are entirely open and documented. One of the third-party contributions to the TrueCrypt project is an add-on called TCTEMP, which automates the process of encrypting the paging files, temporary files generated by the system, and print spooler files -- all of which might pose security hazards mentioned in the previous paragraph. It does not yet encrypt the hibernation file, however. (Another third part add-on, TCGINA encrypts Windows user profiles by creating a GINA that Windows uses during the logon process.)
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!