A few days ago, the TrueCrypt guys released version 5.1 of their stunningly secure and free, data encryption utility. The release of TrueCrypt 5.0 added support for system partition encryption, ie. encrypting every byte on your OS partition, so you have to enter a password before Windows/OSX/Linux boots. 5.1 added hibernation support for this sort of encryption.
Whole disk encryption isn’t a do-or-die for everyone, so here’s my two cents on using TrueCrypt.
USB Sticks: They’re just asking to be lost. If they are, any old sideshow could read through your resume, work documents, love letters and whatever else you keep on it. TrueCrypt has a ‘Traveller Disk’ tool which lets you encrypt some or all of your USB stick. Making a small (mine’s 100MB) encrypted file (an encrypted file which you mount as a drive letter) container will give you enough space to lock up your important files, while leaving your videos and mp3s alone. TrueCrypt throws a portable version of the software on your USB so you always have it on hand.
External Hard Drives: From a security point of view, these are similar to USB Sticks. They’re small, light and easily stolen/lost. However, you’re likely to store a lot more data on them and the data’s likely to be more important. It’s best to encrypt the whole disk. A couple of caveats though. Unlike system partition encryption, you can’t just click “decrypt disk” to get rid of the encryption. You have to copy the data off the disk, reformat, then copy it back on. Another issue is that if you use your disk on other people’s systems, you’ll have to install TrueCrypt first. If either will cause problems, figure out what needs to be secured and create an encrypted file container.
Laptops: There are a lot of news articles about laptop theft. Because they are so tempting to thieves, it’s probably best to encrypt your whole disk. You could just create an encrypted file container or encrypt your data partition (if you have one), but it’s better to do the whole lot, just in case you have some financial papers or embarrassing photos stored somewhere you’ve forgotten about.
Desktops: The risk of these being lost/stolen is significantly less than laptops or USB sticks, but it still happens. Encrypting your whole disk doesn’t hurt. In fact, according to tests by Steve Gibson, it actually makes your drive run faster in some situations. That said, even though TrueCrypt is phenomenally reliable, encrypting your drive could make it more difficult to recover data from if there is a problem. It’s probably better to create an encrypted file container and mount that. If you have a separate HDD or partition for your data (which is recommended, less system files fragmention), you can encrypt the whole thing and have TrueCrypt auto-mount and prompt for a password when you boot up your OS.
Then again, if you don’t store anything private on your computer, don’t bother. But chances are you have at least a few files which are worth the small inconvenience of using TrueCrypt. I highly recommend giving it a try.