HOWTO: Secure File Storage on Windows (TrueCrypt vs EncFS)

Published by Alex Amiryan on

TrueCrypt

You will create encrypted file container which is for example 10 GB file which itself contains encrypted file system. You will be able to mount this filesystem as hard drive (assign some letter in My Computer) providing correct password.
Pros: Most secure method.
Cons: It is not salable, and harder to transfer secure file container due to usually large size.
  1. Go to www.truecrypt.org
  2. Go to Downloads->Download latest version
  3. Install it
  4. Open TrueCrypt
  5. Go to Volumes -> Create New Volume
  6. Choose Create an encrypted file container
  7. Choose Standard TrueCrypt Volume
  8. Choose place where encrypted file container will be placed
  9. Choose AES as encryption algorithm, and SHA-512 as hashing algorithm.
  10. Specify size of file container (e.g. 6 GB)
  11. Choose secure password. (IMPORTANT! choose password not less than 12 characters which will contain letters, uppercase letters, digits and special symbols). If you fail to choose strong password your encrypted file will be vulnerable to offline brute force attack.
  12. Choose FAT as a file system and move your mouse for a while for TrueCrypt to collect more entropy for generating cartographic key.
  13. Press Format, wait until it finishes
  14. Now get back to main TrueCrypt screen
  15. Press Select File button and locate file that you have recently created
  16. Press mount
  17. Provide your password
  18. Now go to My Computer and you will see new drive where you can securely store your sensitive files
  19. IMPORTANT! Don’t forget to get back to TrueCrypt screen and press Dismount All button when you don’t need your secure drive anymore, otherwise other people will be able to access it untill computer is turned on.

Repeat steps 15-19 for every day use.

EncFS

It will create folder where it stores encrypted versions of your files. Unlike TrueCrypt which make whole filesystem encryption EncFS encrypts file per file basis, so it don’t have large size even if it’s still empty and it’s easier to port and more effective for syncing(for example with Dropbox).
Pros: Highly portable. Encrypted container scales as you add more files there.
Cons: Have some information leakage like number of files that is stored in there and it is possible to guess approximate size of original filenames. Not so mature software, it is in beta still, because it is port  linux software.
  1. Go to http://members.ferrara.linux.it/freddy77/encfs.html
  2. Download encfs.zip
  3. Go to http://dokan-dev.net/en/download/
  4. Download latest Dokan library
  5. Install Dokan library
  6. Extract encfs.zip
  7. Execute encfsw.exe. Icon in notification bar will appear(near clock)
  8. Click the icon in notification bar -> Choose Open/Create
  9. Select folder where encrypted fill be located
  10. Choose drive letter, check Set paranoia mode and choose secure password. (IMPORTANT! choose password not less than 12 characters which will contain letters, uppercase letters, digits and special symbols). If you fail to choose strong password your encrypted file will be vulnerable to offline brute force attack.
  11. Click on the notification icon again, choose Mount (path of folder that you have specified):
  12. Now go to my computer and you will find new drive where you can store your files securely.
  13. IMPORTANT! Don’t forget to click icon and choose Unmount when you don’t need your secure vault anymore.

Repeat steps 11-13 for every day use.

Also you can add encfsw.exe to list startup programs for more convenience.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.