Encrypt Your USB Stick With Truecrypt 6.0

Ads by Google

Last year I wrote an article on the benefits of encrypting your PC folders with Truecrypt and I also briefly touched on being able to encrypt your USB stick with Truecrypt. Well, the other day I received a nice new 2GB USB stick as a freebie and so I decided to install John Haller’s Portable Apps on it. But first I headed on over to the Truecrypt website to install the newly updated 6.0 encryption program.

Encryption is absolutely essential, especially if you’re the kind of person that carries their USB stick around as if it’s your car keys or your lipstick. USB sticks are so small that they are easily lost and they are also easily stolen. Just think of all the information that gets stored on one of these things. The British Ministry of Defence has lost 131 of them since 2004! A friend of mine constantly drops his in the street when he walks his dog and his dog keeps walking back to pick it up! So it definately pays to take the time and have encryption.

Also, look at it this way. If someone found your USB stick and it was unencrypted, they would have access to your Firefox browser (with access to your private bookmarks, including online banking), your private files, your portable FTP program (with the settings to your website), passwords, emails, IM contacts and much more. If the person was honest, it might not be so bad, but if the person wasn’t honest….well then it could be catastrophic for you. Identity theft would only be the start of your problems.

Ads by Google

The only problem with using Truecrypt for your encryption though is that you need to have administrator privileges on the computer in which you’re plugging your encrypted USB stick into. So this would be no good for internet cafes for example. This would only be good if you were travelling between multiple trusted personal and work computers and you wanted insurance against theft or loss while travelling around.

OK, let’s get insured.

Step One – Download Truecrypt 6.0

The obvious first step. Head on over and download the encryption program. BUT since you are putting this on your USB stick, you do NOT install this anywhere. When you double-click the “exe” file, you will see this. Choose the second option. This will just unpack the files onto your computer and not install anything.

When the files are unpacked, move the whole lot over to your USB stick. Once they are sitting on your USB stick, again don’t install anything. Just leave them there.

Step Two – Turn Truecrypt Into “Traveller Mode”

In your USB stick folder, double-click the “Truecrypt.exe” file and this opens up the main screen. Go to “tools” then “traveler disk setup”. That brings up this :

Traveller Mode

Change “create traveler disk files at” to whichever PC drive you have your USB stick in at the moment. Have the box underneath ticked. As to the Autorun configuration, well that’s down to personal preference so you decide. When you’ve done everything, press create. You’ll get a message a few moments later telling you that the traveler mode has been successfully created.

Step Three – Move Your Desired Programs Into Your USB stick

Now move your desired programs and files into your USB stick. As I said, I decided to put John Haller’s excellent PortableApps onto my USB stick. So I downloaded and moved all of them onto the USB stick next to the Truecrypt program as well as some documents. Notice we haven’t encrypted anything yet. That comes next.

Step Four – Create An Encrypted Area

OK, now we’re going to do the encryption. Go to the Truecrypt folder in your USB stick and double-click “Truecrypt Format.exe”. That brings up this screen.

Choose “create a file container” and follow these instructions from step 3 to make an encrypted container. I’m not going to go through it all here as it’s a long process. One important point though – do NOT fill up the whole USB stick. I would only make a container that fills up at most 75% of your USB stick. Leave the rest free and unencrypted. It’s always good to have some free space.

Before anybody points out option 2 which encrypts the entire USB stick, everyone I have talked to about this recommends that this shouldn’t be done because undoing it later is tricky and it can potentially mess up your USB drive. Doing it my way is better because a) you have some free space left for unencrypted files and b) if you don’t want Truecrypt anymore, you can just delete the whole lot. Much easier.

Step Five – Move The Programs Into The Encrypted Area

Once the encrypted container has been made, you will then have three things sitting in your USB stick – the folder with your programs / files, the folder with the Truecrypt application and the encrypted container you have just made. Now what you are going to do is move your programs and files INSIDE the encrypted container.

You do this by double-clicking “Truecrypt.exe” and “mounting” (choosing) on another drive, the encrypted container you have just made. This opens it up and unencrypts it. When it opens up, just drag your files and programs inside with your mouse. When you’re done, just dismount the container which closes it back up again and heavily encrypts it. No-one can get inside now without knowing the password. So I hope you chose a very good password!

Don’t forget to delete the programs and files which are sitting outside the encrypted container – the ones you just dragged inside the container are copies. If it reassures you, mount the container again, open it up and peek inside. You’ll see your files and apps inside all safe and sound.

Step Six – In Summary

So let’s recap what we’ve done here. We haven’t encrypted the whole USB stick. All we’ve done is put an encrypted container on the USB stick along with the Truecrypt encryption program to encrypt and unencrypt your files. If anyone was to steal the USB stick or find it (if you dropped it), all they would find on the drive would be an encrypted container which, without the password, is absolutely useless and unbreakable.

You also might want to put (on the unencrypted part of the drive) a text file with your name, email address and phone number so if a Good Samaritan were to come along, they would have a chance to do the right thing and return your property to you. A little incentive could also be mentioned depending on how desperate you are to get your property back.

Do you like to use any other encryption programs other than Truecrypt? What particular USB stick protection and detection methods have worked for you? Let’s hear about them in the comments!

Ads by Google

44 Comments - Write a Comment

Reply

Rarst

Most of my flash drive is occupied with “software” folder that has bunch of portable (or simply needed often) stuff.

Trick is – it is only a mirror of folder I have on my HDD. Every time I launch sync process at my home PC everything on flash drive is brought to mirror local folder. So all stuff like possible logs and such gets wiped and I always have latest set of portables (drivers, setups, AV updates, etc) without much hassle.

So my best advice to prevent losing data via flash drive – only have data that you may lose there.

Reply

Clancolin

I like the idea of this, but this walk-through seems to miss out some steps.

I may be being thick here, by why install portable apps outside the encrypted file and then move it inside? Why not just install into the encrypted file (section) while that file is open and unencrypted?

Also what does this mean “You do this by double-clicking “Truecrypt.exe” and “mounting” (choosing) on another drive the encrypted container you have just made.”? My usb stick is Drive J. When I get to this step, all I have are drive letters K to Z.

I’ll look back later to see if there is any clarification.

Mark O’Neill

“why install portable apps outside the encrypted file and then move it inside? Why not just install into the encrypted file (section) while that file is open and unencrypted?”

That’s true – you could just download directly to the USB stick.

“You do this by double-clicking “Truecrypt.exe” and “mounting” (choosing) on another drive the encrypted container you have just made.”?

When you make an encrypted container, you have to open it to move your files inside. To open it, you have to attach it to another one of your drives on your PC. You’re right, that isn’t very clear. I’ll rephrase the article. Thanks.

Reply

Simon

Nice USB-stick, Mark ^^

Reply

Christian Schmidt

I have to say, first off I absolutely love TrueCrypt. I have gone a little bit more technical with my USB TrueCrypt setup but after the initial setup it works like a charm. I obtained a fixed drive driver and modified it to accept my USB Stick as a Fixed Drive as opposed to a Removeable drive. This then let me re-partition it via Windows. Essentially on my 2GB USB Drive I have a 50mb Partition and a 1.95gb partition. I then used TrueCrypt to encrypt the 1.95gb partition (Actual partition not a container) and in my 50mb partition I copied TrueCrypt and my USB Drivers. That way, if someone came off the street and picked it up they would find a 50mb USB Stick with a TrueCrypt Folder and a USB Driver folder and until they loaded the USB driver and unencrypted the other partition would not find any of my data. I haven’t personally found any issues with this method and would be happy to explain how to do it if needed.

melaos

hi Christian,
your method sounds interesting, can you share it?
thanks.

Reply

BradB

Hi I like your post. I’ll go ahead and copy it on my blog but better.

Reply

Det

Hey Mark,

It’s a very bad idea to first copy your files onto die usb-disc, then create the TC-container and at least copy/move those files into the container!
The File-System on your USB-Drive won’t delete your personal files securely – in fact, they are really easy to recover.

So your way should be:
* Install TC in traveller-mode on the USB-drive
* create the TC-Container
* move your file DIRECTLY from your HDD into the container; no messing around with saving any sensitive data to the thumbdrive!!

Cant’t be too paranoid :)

//DET

Mark O’Neill

Actually you’ve got a point. Move the files directly from the hard drive into the encrypted container. Never thought of that. Good one.

Reply

oelewapperke

I do hope everybody realises this protects against exactly 1 thing : loosing your stick.

Any pc YOU insert the stick into in order to use it can access any and all information. So if you want to keep stuff secret from, say your employer, this advice is worthless, and the security zero.

Just a batch file, a registry entry, and the stick will be copied upon being made accessible through truecrypt. Nothing you can do about it either. Or one could even just save the password and the encrypted file.

And this is horribly bad advice since it will make people think data that is trivially simple to crack is secure.

Mark O’Neill

I’m sorry but you’re wrong. Your information is secure inside the encrypted container and without the password, no-one can access it. I tested it on another computer before posting this article and I got someone else to try it. They were unable to crack the password.

TK

Commenter oelewapperke is right: If you insert the USB stick into an untrusted computer, AND you enter your password to access the TrueCrypt data, THEN at that point that untrusted computer might copy all your private files and/or keylog-capture your TrueCrypt password.

The point he’s making is that the main security your method provides is that if someone finds/steals your stick, you’re safe. But as soon as you use (i.e. including entering your password to actually make use of your encrypted files) the stick in an untrusted computer, you have no protection at all against that computer stealing your data (unbeknownst to you).

So, you should not get too comfortable that you now have “full security.” Mostly you just have security if a random person steals your stick. But since you don’t actually BOOT from the stick, you’re at the mercy of the foreign computer.

Fuller security would involve actually booting from your stick. Then you would be using your own (trusted) environment rather than a foreign (possibly compromised) one. At that point you’re just vulnerable to physical keylogger combined with physical theft of your stick.

Reply

Some More Ron

Instead of a text file saved to your usb stick, try this:
Open wordpad
Type this:
[autorun]
icon = \myicon.ico
label=your name here (Cell123.456.7890)

Save it as ‘autorun’ on your stick.
Where icon= pick an icon and save it to the same location as your autorun file.
Every time your stick gets plugged into a computer, it will be labeled with your name and contact number.

zeiss

this seems more useful if it could popup a dialog or something. merely naming the drive with your name and ph# is subtle if you are not looking for it, and it will get old quick on your own computer to have your drive with your name instead of a more meaningful description. i put this info on the outside of my drive with an adhesive label.

Reply

Gregory A. Blake

* You need administrator privileges in order to able to run TrueCrypt in ‘traveler’ mode.

That’s a big problem if you ask me…I’m often at computers without admin rights…your encrypted data on your usb stick is then useless in that case…keep that in mind!

Mark O’Neill

That’s why I said that this would only be helpful if you were travelling between personal and work computers (which you had admin rights on) and you wanted some insurance in case you lost your USB stick or you had it stolen.

A lot of people are self employed and have more than one computer in various locations.

Reply

800HighTech

Great Article, some really useful advice….well all have sensitive data that we need to carry around sometimes.

Reply

jeffrel

on Step Two – Turn Truecrypt Into “Traveller Mode”
In your USB stick folder, double-click the “Truecrypt.exe” file and this opens up the main screen. Go to “tools” then “traveler disk setup”.

– got an error on this, it says ->>

“The process cannot access the file because it it being used by another process”

i cannot create the file, using the exe on the usb stick, but when i choose to the exefile from the extracted folder — it works!!

Tommy

I had the same problem. It seems to happen if you have placed the various Truecrypt files (including Truecrypt.exe) into a folder on the USB drive, rather than at the top level of the drive itself. Move the files out of the folder and up to the root of the USB drive and you’ll be able to run the Truecrypt.exe on the USB without seeing the “…process cannot access…” error.

Reply

joe

Warning!
I download Truecrypt from link on this page and installed it, required reboot. After reboot my computer OS windows xp home become unstable, broke, several error message displays. When I click to open Webbrowser, no respond, can not open other software, so I tried to do system restore. It won’t allow me to do system restore. Now, I have to use linux live to post this message. Be careful before install software from link in this web page.

Reply

jumanji

Hey, I use truecrypt for a quite a while, I like this software, it’s very reliable, and I haven’t had any issues with that, except I forgot my loooong (64 chars) password…
However, today I decided to make something that you explained but with different approach…

I’d like to make two partitions on my usb, one about 128 mb, second one 3,7 gb.

first (128) will contain traveler disk with truecrypt, second partition would be encrypted.

However, since I am struggling with converting second partition into true crypted, I wonder whether it’s possible at all?

any ideas?

regards,

jumanji

Reply

tom markham

Thank you for a detailed explanation. My dilemma is probably more mundane: I’m trying to decide whether to guard my files (specifically passwords and QuickBooks), and don’t know the most secure version – using something like “Sandboxie” or your encrypted USB drive. I am self-employed with admin. access on all computers.
If I use the encrypted USB method to run QuickBooks, how will I know that files I create are not created or mirrored to my un-encrypted disk?
If these questions seem un-educated, it is only because they are.
Thanks.

Reply

Anonymous

Great tutorial but Truecrypt is a cracker’s best friend, why bother breaking the encryption when you can just launch a brute force password cracker against the truecrypt GUI, crack the password and it decrypts it for you. If you don’t get what I am saying then think of it this way, instead of wasting time and a super computer to break the encryption you can use a home computer and break the password in a few hours with for software like John the Ripper.

Mark O’Neill

That depends on whether the USB stick owner was stupid enough to use a short dictionary word. On the other hand, if the USB stick is encrypted with a 45 character password of lower case, upper case, numbers and other characters, your home computer will spend the several years going through the possible combinations. Good luck with that. Let me know when you’re finished.

AskTheAdmin | Karl Gechlik

Snarky yet true :)

My favorite kind of comments…

Reply

BDS

This is a great discussion about TrueCrypt usage. Just thought I would put in a summary list of the pitfalls of using TrueCrypt on a USB stick:
-Always add sensitive data to the encrypted (mounted) drive. Anything in the unencrypted area may be recoverable even if deleted.
-Use a strong password. At least 10 characters (20+ if possible), Upper case, lower case, numbers, special characters, etc…
-This method only protects your USB stick from being read if lost or stolen. Never open your encrypted files on a computer you don’t trust. Once TrueCrypt opens your encrypted files, they are open to all the standard risks of virus infection, spyware, keyloggers, etc…

Reply

sandy

is it possible for someone who gets hold of ur USB to just delete the container? or is the container hidden?

Mark O’Neill

No, the container isn’t hidden so yes the container can be deleted. But at least they weren’t able to access the container first to read your files. Yes they may delete the container but everything inside it hasn’t been compromised.

If your USB stick is stolen, the worst that can happen is that you lose a USB stick. You don’t have to worry that someone is reading your files, looking at your browser bookmarks, copying your passwords, etc.

Reply

Nunya Bizniz

Is there ANYTHING like TrueCrypt that is just as good on a USB key, but without the admin rights problem? I need a TrueCrypt traveller mode alternative app that is self contained and no admin rights since I don’t have admin rights at work.

Rob

Nunya, check out Rohos for encryption without Admin rights: rohos.com/free-encryption/ It’s free, but has a limit of 1GB in size.

orb9220

The paid version doesn’t have the 1 gig limit.

zeiss

it’s now a 2GB limit for the free version.

Reply

car los

My pc at work won’t even let me open up trucrypt.exe, it tells me I am not an admin. I guess trucrypt has to have admin privs in order to run. that defeats the purpose of having a “travel mode”.

Reply

Bradley

Great article! I have followed the instructions to create a 15 GB container on my 32 GB drive. This way I can store a ton of docs, pictures, music, and software. I also use TrueCrypt on my home PC. I have used Rohos but found the 1 GB size limit to be a real drag. The only con about TrueCrypt travel mode is needing to have the admin rights; not so much for me because I am admin on all machines I work with daily – but if I ever needed to access my data from a PC I didn’t have admin rights on, this would be a real pain.

Reply

ERICP

Just a note, for people with usb’s larger than 4 gig you will need to make it NTFS before you run this procedure.

Thanks
E

Reply

Encryption Software

I put my college marketing presentation on my USB flash drive. As a typical college student, I have lost everything including my college ID and my room keys on several occasions, so I knew there was a good chance I would lose my USB flash drive as well. If it were to fall into the wrong hands, my marketing presentation could be used by someone else to secure my well-deserved A+, so I wanted to make sure that was not the case. TrueCrypt encrypted all 2 GB of my presentation and made me feel much more secure.

Reply

sankt nikolaus

Krass! Hätte ich garnicht gedacht…
Weihnachtsmann Köln

Reply

name

I got a 8 gb usb stick. The problem is I can only create 4 GB files in it. thefore I have to use 2 containers to get it to work. Is there a way I wouldn’t have to split my container?

jimmy

to the last poster, NTFS should fix your problem

name

Yes but the truecrypt guide says that most of the drive goes to waste. I can’t place a video file larger than 4 GB in the usb stick.

Reply

Kirk

@name:
format it the stick NTFS. Windows won’t format anything over 4GB using Fat32 (really an obsolete file system).

+1 for rohos. Great app, simple, no admin hassles. Truecrypt good for home/office machine but it’s not coded with portability in mind. Don’t get me wrong, there are ways to make it “portable”, just not at the level of other crypto software out there.

Nice write-up nonetheless.

Reply

Inquiring Mind wants to know

Using TrueCrypt on 2 1TB External back-up drives & love it.
I setup up 930 GB for backups and 1 GB for utilities (IT Admin) for a client.

I am seeking a way to secure the crypts (if not the entire drive via password) from access or deletion by a clueless user or if the external drive were stolen or “lost & found” while in transit… smile.

-I have a REWARD.txt to encourage finder to return.. however- I fear a “finder” may delete the crypt and use the drive. I am thinking if they cannot delete the crypt to use the drive- then they may seek the “no questions asked reward” and all data returned in good order.

Thanks for a great discussion and all for any helpful suggestions!

Reply

Inquiring Mind wants to know

This may get deleted- but reading this discussion made me do a new search for password protection of external devices and I found this for USB Secure. I am a consultant.. not assoicated with ANY company and have been seeking encryption & password protection solutions for my clients business data.

USB Secure can password protect your USB drives. Protection is PC independent, doesn’t require installation and doesn’t require administrator rights at the other end. USB Secure works with all types of portable media like USB Flash drives, Thumb drives, Memory sticks, External drives and Memory Cards.

4.5 stars on CNET – free trial only 30 USD- I will try it in addition to the TrueCrypts!

Reply

captainjimkirk

It is possible to do without admin rights or having the software installed on the PC. You just need to create a shortcut with elevated rights that points to the encrypted container on the USB. Ref:-

http://geekknowhow.com/page_1264859152229.html

Your comment