TrueCrypt 5: Encrypt your drive in GUI

[ Sunday, 10 February 2008, Bastion ]

A few days ago TrueCrypt 5.0 has been released, a great tool for encrypting your hard drives. It can be used to encrypt existing partitions or create a virtual one located in a single file. In this article we cover the changes in version 5.0 and provide you some useful benchmarks.

Author: Korneliusz Jarzębski

We have covered TrueCrypt before on, in particular the article TrueCrypt Tutorial: Truly Portable Data Encryption explained how to encrypt your Linux partitions with TrueCrypt using the command line. This text will therefore focus on the new GUI tool.

TrueCtypt 5.0

Major changes

Here are the major improvements over version 4.0:

  • Ability to encrypt the root partition or disk with authorization during system bootup,
  • Mac OS X support,
  • Graphical user interface for Linux,
  • XTS mode — faster and more secure than previous LRW mode. Disks/partitions encrypted with LRW are still usable in TrueCrypt 5.
  • Hash algorithm SHA-1 replaced with SHA-512. In order to switch to the new algorithm for existing encrypted partitions you need to choose “Set Header Key Derivation Algorithm” option when re-encrypting your disk
  • Redesigned Linux version, which should make TrueCrypt work way better with Linux kernel (it used to be very sensible to kernel upgrades before),
  • Lots of other fixes together with security hardening

Creating an encrypted area

Encrypting your disk is now extremely easy. The graphical wizard tells does almost everything automatically. Here is how the process looks like, in a nutshell.

1. First we choose the volume type.

2. Then we pick the file that will be used to encrypt our data. We can also choose a disk partition or another device in this step.

3. Now we need to specify the maximum size of the encrypted area

4. Choosing the encryption algorithm

5. Important step: selecting a password to the encrypted area

6. If the password is to easy to break, the wizard tells us about it.

7. We are free to choose the file system to use on encrypted area. FAT is recommended if you are need to access the encrypted data from multiple operating systems. If it’s just Linux, it’s better to choose EXT3.

8. Finally we watch the formatting process

9. Operation complete!

Mounting the encrypted volume

We set up the encrypted volume properly, now it’s time to mount it and save some data on it. This is pretty easy as well.

TrueCrypt 5: main window

Checking the properties of the volume

Mounted secure volume: /media/truecrypt1

So, what’s the cost of encryption?

Obviously encrypting secret data is one of the essentials of computer security. It prevents from accessing the data even when the attacker has physical access to the hard drive (for instance, on a stolen laptop). Normally, when using password protection only, it’s trivial to access any files saves on your hard drive.

Encrypting has its down sides, however. Better security costs performance. As the encryption process is done programically, it’s obvious that it takes more time to access your data and modify it in case the system needs to always perform the encryption/decryption on the go. Let’s check how much more it costs then….


For benchmarking purposes I used two partitions of identical size: 1GB each. This should more or less ensure that the conditions are similar for both partitions. Next, I encrypted one of them with AES algorithm.

Testing platform:

Processor: Core 2 Duo E6400
Disk: Seagate ST3320620AS 320GB sATA II 16MB

  1. Test 1: Unpacking kernel sources for Linux 2.6.24:

    time tar jxvf /home/owner/linux-2.6.24.tar.bz2 -C /mnt/volume/
    real 0m19.250s
    user 0m17.509s
    sys 0m2.716s

    time tar jxvf /home/owner/linux-2.6.24.tar.bz2 -C /media/truecrypt1/
    real 0m27.737s
    user 0m17.449s
    sys 0m2.696s

  2. Deleting the unzipped files:

    time rm -R /mnt/volume/linux-2.6.24
    real 0m1.134s
    user 0m0.048s
    sys 0m1.084s

    time rm -R /media/truecrypt1/linux-2.6.24
    real 0m1.308s
    user 0m0.056s
    sys 0m1.240s

  3. Copying a file of size 367MB:

    time cp pbs03e11.avi /mnt/volume/
    real 0m5.173s
    user 0m0.024s
    sys 0m0.852s

    time cp pbs03e11.avi /media/truecrypt1/
    real 0m23.022s

    user 0m0.012s
    sys 0m0.856s

  4. Reading the file of size 367MB:

    time cat /mnt/volume/pbs03e11.avi > /dev/null
    real 0m5.497s
    user 0m0.068s
    sys 0m0.380s

    time cat /media/truecrypt1/pbs03e11.avi > /dev/null
    real 0m7.088s
    user 0m0.028s
    sys 0m0.308s

As you can see, the most time-consuming operation for the encrypted volume was writing (saving a file). This was almost 5 times slower than exact same operation on unencrypted volume. Reading was way better, only 30% slower than in the insecure mode.

So, is it worth encrypting your data? This question needs to be answered individually by each of you. In most cases a good compromise is to only encrypt sensitive data by saving it on a special encrypted partition or file, while the rest of the OS stays unencrypted for performance reasons. You need to however realize that such solution does not make you 100% secure. Some data may still be saved on /tmp folder or stay in RAM in an unencrypted form. So if you require 100% security, encrypting all volumes, including SWAP space, is necessary.

This article has been originally published on /dev/jarzebski blog. It has been translated and reprinted with author’s permission.

About the Author

Korneliusz Jarzębski

Free software enthusiast, KDE fan. Author of a popular blog: /dev/jarzebski (in Polish). Contributes to since October 2007.

New AdTaily ads!

Are you a film buff?

film buffs community, movie recommendations and reviews

RSS: Comments

You can follow the comments to this article through a special channel RSS 2.0 .

Related articles: HOWTOs

 more »

PolishLinux Top Content

Become our fan on Facebook! on Facebook

Follow PolishLinux on Twitter!

Follow polishlinux on Twitter

Google Ads