you’ve already created a standard
volume, you can choose “Direct
mode” instead when prompted, and
follow the prompts to set it up inside
your standard TrueCrypt volume. In
either event, the wizard follows a
similar process to that for standard
volumes, as described below.
One tip if you plan to create a
hidden volume: Be sure to save
selected files to the standard
volume. An empty standard volume
would arouse suspicion among
those you’re trying to hide your
data from.
Set up your standard volume
Click the “Select File...” button,
browse to your USB thumb
drive, then type a new file name
into the “File name” box. Avoid
using a file extension—this can
be problematic—and click “Save.”
Click “Next” to choose your
encryption options for the volume.
Five encryption algorithms are
supported: AES, Serpent, Twofish,
Camellia, and Kuznyechik—select
one at a time for a description.
Beneath these are no fewer than
10 combinations of two or more
BITLOCKER DRIVE
ENCRYPTION
If you’re using a higher-end version of Windows—
Professional, Education, or Enterprise—and you’re
looking to encrypt an entire drive, you might like
to use the built-in BitLocker tool. It can be used to
encrypt fixed and removable drives, as well as your
Windows boot drive, making it possible to protect
the contents of your laptop should it be stolen.
Type “bitlocker” into the Search box and click
“Manage BitLocker.” You’ll see a list of all available
drives in the main window. Expand one and click
“Turn BitLocker on.” If you’re looking to encrypt
the main system drive, you may see an error about
your PC not having a compatible Trusted Protection
Module. Check your motherboard specifications—
you may be lucky and simply need to enable TPM
support in the BIOS (look in the “Security” section).
You’re prompted to create a backup of the
recovery key required, then follow the wizard,
selecting appropriate choices depending on
your drive and PC setup. Run the recommended
BitLocker system check, and you should be able to
use your drive while it’s being encrypted.
Fixed or removable data drives are protected
by password or a compatible smart card—TPM
module not required. When you plug in the drive or
reboot Windows, you need to provide the password
or plug in the smart card to unlock the drive.
BitLocker is relatively straightforward to use,
but relies on your trusting Microsoft, because
unlike the open-source VeraCrypt, its code isn’t
available for audit. You’re also restricted to its 128-
bit or 256-bit AES encryption.algorithms for those who want
multiple layers of encryption. The
truly paranoid can click the “Test”
button next to an option to verify
VeraCrypt’s implementation of the
selected algorithm is compliant
with certain standards.
Click the “Benchmark” button
to open the Algorithms Benchmark
window, then click “Benchmark” to
compare the performance of each
encryption algorithm. The process
of encrypting and decrypting data
will have an impact on disk write/
read speeds, and you can compare
the different algorithms (single and
combined) from here. Straight AES
encryption is recommended for
most people, or AES combined with
Twofish if you want a second layer.
Beneath the encryption
algorithm, you’ll see a section on
hash algorithms, complete with
a handy link explaining how they
work. These are basically used to
generate the encryption keys and
salt (random data used to protect
your password from hackers).
Five hash algorithms are currently
supported, but for most people, the
default SHA-512 is fine—you mightchoose SHA-256 if performance is
more important than security.Password & extra authentication
Once you’ve chosen your options,
click “Next.” You’re now prompted
to set a size for your file container.
Choose a figure based on how much
data you need to encrypt and how
much free space is available. Click
“Next” to enter a password—you’ll
need this to access your files in
future, so make sure it’s memorable
(or stored somewhere secure,
like your self-hosted BitwardenWindows 10
Home users
don’t get
access to native
encryption tools.Encrypt individual files with a personal key using Gpg4win.
maximumpc.com MAR 2020 MAXIMUMPC 37