You can encrypt your data via
Premium Link
Upgrade
or NTFS, but odds are that your Windows password sucks and can be broken with
Premium Link
Upgrade
or a similar tool. My Windows password is probably better than most, but my Truecrypt password is still 3 times the length of my Windows password.
Some of these instructions may be extraneous, I've been using this program and Premium Link Upgrade for quite awhile and they may have removed some of the quirks. Still, these instructions will work, even if one or two aren't strictly necessary.
1. Download and install Premium Link Upgrade and Premium Link Upgrade . When asked, associate .tc files with Truecrypt.
2. Create the container file, [filename].tc. (F'rinstance, create a new text document, and rename it to [filename].tc) You may need to go to control panel -> folder options, go to the "view" tab, and uncheck "hide extensions for known file types." When you rename "New Text Document.txt" to "[filename].tc" then Windows will ask you to confirm that you want to change the file extension, say "yes." Important: make sure that [filename].tc is not encrypted or compressed via NTFS. Right-click the file, select "properties", click "advanced," and make sure that the "compressed" and "encrypted" properties are unchecked.
3. Open Truecrypt, go to Settings -> Preferences. Check "enable Truecrypt background task" and uncheck "cache passwords."
4. Open Truecrypt, go to Volumes -> Create New Volumes. Select "Create Encrypted File Container" (the top and default option). Next, select "Standard Volume" (the top and default option).
On the next screen check "Never Save History" and then select [filename].tc that you created in step 2 (you'll be asked to confirm that you want to replace the file).
For encryption options, select AES (the top and default option) for encryption and SHA-512 (the second and non-default option) for hashing. Next, select the volume size. Next, enter a password. Make this a long password, the hash function means that the password essentially has no max length. I suggest you enter a memorable phrase, e.g. "Mary had a little lamb." This is case-sensitive. Next, choose NTFS for the file system (if the container is large enough to permit it, otherwise choose FAT). You will have the option of creating a dynamic container: this will create an encrypted container that is the size of the contained data instead of the size of the container's max capacity (e.g., a non-dynamic 2GB container always takes up 2GB of disc space regardless of how much data is in it, whereas a dynamic 2GB container would only take up 1GB of disc space if it only contained 1GB of data), at the cost of reduced performance compared to a non-dynamic container. I always leave "dynamic" unchecked, but it's your call. Finally, hit "format." This will take a long time if you have a large container (unless you made the container "dynamic").
5. Finally, to mount the encrypted container, just double-click it in Explorer. This will open Truecrypt, which will display the available drive letters. Select one, click "mount," enter the password, and there you go.
Extras
6. If you are creating shortcuts from the encrypted partition to the unencrypted partition (e.g. I have a Firefox shortcut in my quick launch bar that points to the Firefox program in the encrypted partition) then you must mount the container on the same letter each time or the shortcuts won't work. To avoid problems, mount the container(s) to the drive(s) you intend to use. Open Truecrypt, go to Volumes -> Save currently mounted volumes as favorites. Now when you open Truecrypt, go to Volumes -> Mount favorite volumes, and the same drive letters will be selected as last time.
7. You have the option of encrypting partitions rather than file containers. Do NOT do this on a non-fixed drive. If the partitions get ****ed up (as they are wont to do on non-fixed drives) then it is a colossal pain in the ass to recover the encrypted partition. It is much easier to recover an encrypted file container in a standard partition.
8. If you have multiple encrypted containers/partitions that use the same password, then you may want to select "cache passwords" - this means that you'll enter your password once, instead of once per container/partition.
9. Don't use this program on an SSD, as it will severely ******* performance. On a standard hard drive the performance hit is negligible.
10. If for some reason you're worried that you may have to disclose your password (e.g. if the RIAA sues you), then create a "hidden container/partition." The way this works is that the container has two passwords: the standard password and the hidden password. Let's say you create a 4GB FAT container with a 3GB NTFS hidden container - enter the standard password and you've got a 4GB FAT virtual partition, enter the hidden password and instead you've got the 3GB NTFS virtual partition. Obviously if you put more than 1GB of data on the standard partition then you may destroy data on the hidden partition - the standard partition is not intended of day-to-day use, but instead is merely there for plausible deniability. If you're only concerned about privacy (e.g. in case your laptop is stolen) then there's no need to monkey around with hidden containers/partitions.
11. You can encrypt your system partition, but I don't recommend this - it may have unintended side-effects with disk imaging programs etc.
Some of these instructions may be extraneous, I've been using this program and Premium Link Upgrade for quite awhile and they may have removed some of the quirks. Still, these instructions will work, even if one or two aren't strictly necessary.
1. Download and install Premium Link Upgrade and Premium Link Upgrade . When asked, associate .tc files with Truecrypt.
2. Create the container file, [filename].tc. (F'rinstance, create a new text document, and rename it to [filename].tc) You may need to go to control panel -> folder options, go to the "view" tab, and uncheck "hide extensions for known file types." When you rename "New Text Document.txt" to "[filename].tc" then Windows will ask you to confirm that you want to change the file extension, say "yes." Important: make sure that [filename].tc is not encrypted or compressed via NTFS. Right-click the file, select "properties", click "advanced," and make sure that the "compressed" and "encrypted" properties are unchecked.
3. Open Truecrypt, go to Settings -> Preferences. Check "enable Truecrypt background task" and uncheck "cache passwords."
4. Open Truecrypt, go to Volumes -> Create New Volumes. Select "Create Encrypted File Container" (the top and default option). Next, select "Standard Volume" (the top and default option).
On the next screen check "Never Save History" and then select [filename].tc that you created in step 2 (you'll be asked to confirm that you want to replace the file).
For encryption options, select AES (the top and default option) for encryption and SHA-512 (the second and non-default option) for hashing. Next, select the volume size. Next, enter a password. Make this a long password, the hash function means that the password essentially has no max length. I suggest you enter a memorable phrase, e.g. "Mary had a little lamb." This is case-sensitive. Next, choose NTFS for the file system (if the container is large enough to permit it, otherwise choose FAT). You will have the option of creating a dynamic container: this will create an encrypted container that is the size of the contained data instead of the size of the container's max capacity (e.g., a non-dynamic 2GB container always takes up 2GB of disc space regardless of how much data is in it, whereas a dynamic 2GB container would only take up 1GB of disc space if it only contained 1GB of data), at the cost of reduced performance compared to a non-dynamic container. I always leave "dynamic" unchecked, but it's your call. Finally, hit "format." This will take a long time if you have a large container (unless you made the container "dynamic").
5. Finally, to mount the encrypted container, just double-click it in Explorer. This will open Truecrypt, which will display the available drive letters. Select one, click "mount," enter the password, and there you go.
Extras
6. If you are creating shortcuts from the encrypted partition to the unencrypted partition (e.g. I have a Firefox shortcut in my quick launch bar that points to the Firefox program in the encrypted partition) then you must mount the container on the same letter each time or the shortcuts won't work. To avoid problems, mount the container(s) to the drive(s) you intend to use. Open Truecrypt, go to Volumes -> Save currently mounted volumes as favorites. Now when you open Truecrypt, go to Volumes -> Mount favorite volumes, and the same drive letters will be selected as last time.
7. You have the option of encrypting partitions rather than file containers. Do NOT do this on a non-fixed drive. If the partitions get ****ed up (as they are wont to do on non-fixed drives) then it is a colossal pain in the ass to recover the encrypted partition. It is much easier to recover an encrypted file container in a standard partition.
8. If you have multiple encrypted containers/partitions that use the same password, then you may want to select "cache passwords" - this means that you'll enter your password once, instead of once per container/partition.
9. Don't use this program on an SSD, as it will severely ******* performance. On a standard hard drive the performance hit is negligible.
10. If for some reason you're worried that you may have to disclose your password (e.g. if the RIAA sues you), then create a "hidden container/partition." The way this works is that the container has two passwords: the standard password and the hidden password. Let's say you create a 4GB FAT container with a 3GB NTFS hidden container - enter the standard password and you've got a 4GB FAT virtual partition, enter the hidden password and instead you've got the 3GB NTFS virtual partition. Obviously if you put more than 1GB of data on the standard partition then you may destroy data on the hidden partition - the standard partition is not intended of day-to-day use, but instead is merely there for plausible deniability. If you're only concerned about privacy (e.g. in case your laptop is stolen) then there's no need to monkey around with hidden containers/partitions.
11. You can encrypt your system partition, but I don't recommend this - it may have unintended side-effects with disk imaging programs etc.
