Encrypting a flash drive (USB drive) using BitLocker. How to encrypt files on a flash drive

One of the most valuable products modern world information can be read. At the same time, private information is also significant, and it requires certain protection, which can be provided by the operating system or using software solutions.

If you are interested in the answer to the question “how to encrypt a flash drive?” and your operating system is older than Windows XP, then you can take advantage of the capabilities of the OS itself.

Bitlocker encryption

The Bitlocker feature has been available on Windows since Vista versions. Its capabilities are based on encrypting data located on a hard drive or flash drive. To do this, you should:

TrueCrypt: how to encrypt a flash drive

The free TrueCrypt program is more reliable way to encrypt the flash drive. This software solution has quite a wide range of functionality, for example, encryption of a single folder or the operating system itself.

At the same time, the proposed encryption quality is at high level. So, last year it was decided to conduct an independent audit in the wake of the hype around Snowden. For these purposes, they announced a fundraiser in the amount of 60 thousand dollars. The money was collected, and the first stage of verification took place on April 14 this year, which did not lead to the discovery of any critical encryption errors.

TrueCrypt instructions: how to make an encrypted USB flash drive

2. If you are interested in the crack, then download it (1.4 MB). All files are available on the official website.

3. Move the downloaded TrueCrypt.exe file to a folder on your hard drive and unpack the crack there.

4. Installing the program (running a file with the extension .exe) involves choosing from two options: Install and Extract, that is, standard and portable. Choice portable installation increases the level of security, since it will not be possible to determine that a ransomware is present in computer programs. Otherwise, the flash drive can only be opened on the computer where TrueCrypt is installed, which confirms the great practicality of a portable installation.

5. When extracting, specify the flash drive as the final destination.

6. Run the TrueCrypt.exe file and in the window that opens, activate the “Create Volume” button.

7. A wizard will launch, where you should select the first item, which implies that an encrypted container will be installed on the flash drive.

8. In the next “Volume Type” window, do not change anything and click “Next”.

9. You will then be prompted to select a storage location for the container. Specify the path leading to the flash drive and specify some non-existent file on it. It doesn't matter what you write. In our example, such a file is called secret.txt.

10. Go to the window where you should set the encryption algorithm. Choose AES.

11. Specify the required size of the encrypted volume.

12. Set a password. The program recommends using at least 20 characters.

13. If you are going to save files with a volume of 4 GB or more, then select the answer “Yes”, which will allow you to format the volume in NTFC.

14. At this point, the process of creating a secret container can be considered complete, since the question “how to encrypt a flash drive with a password?” exhausts itself. Now all you have to do is figure out how to access the encrypted area of ​​the flash drive.

Encrypted files on a flash drive: how to access TrueCrypt

1. Run the TrueCrypt.exe file.
2. Select any drive label in the column provided.
3. Activate the "File" button.
4. Specify the path to the secret container (secret.txt).
5. Click “Mount” and enter the password.
6. After clicking OK in the Computer section of the Start menu, you will see that, along with hard drive Another hard drive icon appears under the letter you entered in the second step.
7. Open and use a new object in a standard way, that is, using “Explorer”.
8. To hide the secret disk again, you need to use the “Unmount” button.

Every person has secrets. Personal diary, password from bank account in Switzerland, photographs of the fortifications of a potential enemy, drawings of a perpetual motion machine, a list of mistresses, and who knows what else. Conveniently store data on USB flash ke. It is small, cheap, capacious. It is easy to carry in your pocket, simply hide or give to another person. But it’s just as easy to lose a flash drive.

Task: I need a USB flash drive on which all the information is encrypted. When I insert a flash drive into the computer, it should ask for a password without correct password do not decipher. The flash drive should work autonomously, without installing any software on the computer.

We take any flash drive available to us and get started.

Step 1.

Install TrueCrypt on your computer. We only need to install TrueCrypt to create a flash drive. Then TrueCrypt can be removed.

Step 2.

In the window that appears, indicate the drive letter where the flash drive is currently mounted and the path to the [non-existent yet] file with encrypted data: e:\datafile.tc

I recommend setting the remaining options as in the screenshot.

Click Create and TrueCrypt will write all the necessary service files to the flash drive.

Step 3.

In the TrueCrypt menu, select Tools --> Volume Creation Wizard


We indicate the path to the same file that we entered when creating the flash drive:

We choose encryption and hashing algorithms to suit our tastes. It is recommended to leave everything as is.

Select the size of the data file. Since we want the entire space of the flash drive to be encrypted, we enter the maximum possible number.

We come up with and enter a password. Be careful! The password should be long and complex so that it cannot be broken by brute force. But also memorable. Because if you forget, the data will be lost.

Now we select the file system type and move the mouse over the window area so that True Crypt can generate for real random number. Click Format.

In a few minutes, a large encrypted file will be created on the flash drive.

If you insert such a flash drive into any computer running Windows, a window will appear:

And if the password is entered correctly, the system will mount the encrypted file as another disk.

A few caveats

Before removing the flash drive, do not forget to unmount the disk via the icon in the taskbar.

Keep in mind that after editing or viewing, your sensitive data may remain in temporary files or in the operating system's page file.

The very fact of using encryption will not be secret. There may be log or registry entries left on the computer. The contents of the flash drive openly indicate the use of encryption technology. So recto-thermal hacking methods will be the most effective.

To hide the fact of encryption, TrueCrypt offers encrypted disk technologies with a double bottom and a hidden operating system. But that's a completely different story.

Post-scriptum

As an afterword, I want to answer two of the most popular objections.

• Why not use the built-in Windows NTFS Encrypted File System as recommended by Backspace?
• Why do you need a flash drive to be autonomous, since you can install TrueCrypt permanently on your computer? And by connecting a flash drive to someone else’s computer, we risk being saved by keyloggers and other bookmarks.

The most important. EFS only encrypts the contents of files. The list of files, the structure of subfolders, their names, sizes, and editing dates remain open. This information may directly compromise you, or may be the reason for your further development. If in your folder they find the encrypted file BlackNal Movement.xls or The Rape of a Thirteen-Year-Old Virgin.avi, then encrypting the file itself will not make you any easier.

Second. Encrypted files are available as long as you are logged into your computer. No matter what you work with classified information or play minesweeper. Of course, it’s better not to let anyone use your computer using your login. But situations are different. In addition, working under Windows, even on own computer you never know what process is roaming around your file system. TrueCrypt provides simple and intuitive session management for working with an encrypted volume. Mounted, worked, unmounted. Data availability time is reduced by orders of magnitude. And with it comes risk.

And finally, about autonomy and portability to any computer. By inserting a flash drive into someone else's computer, we take a risk and should not do this regularly. But, again, situations are different. The main computer may fail, be thrown into the trash 3 years ago, or remain in another country. A specific scenario - imagine that you went on a business trip and forgot your flash drive at work. And you need to explain to the secretary over the phone how to get to the file you need. Information not only must be reliably protected. It should also be easily accessible. All you need to access files on a flash drive using TrueCrypt is a computer running XP in a standard configuration, a password and 10 seconds of time. With EFS you can also achieve flash drive portability. But the connection procedure will be much more complicated. You need to decrypt and import the key. And at the end of the session, delete it from the system.

Of course, the described recipe has a number of disadvantages and vulnerabilities. But, IMHO, this is the most practical and balanced way to keep secrets at the moment.

These days we constantly deal with information. Thanks to development information technology, now work, creativity, and entertainment have largely become processes for processing or consuming information. And among this huge amount of information, some of the data should not be publicly available. Examples of such information include files and data associated with business activities; private archives.

Some of this data is not intended for the general public simply because “they don’t need to know about it”; and some information is vital.

This article is dedicated to reliable protection exactly vital important information, as well as any files that you want to protect from access by others, even if your computer or storage media (flash drive, hard drive) fell into the hands strangers, including those who are technically advanced and have access to powerful computing resources.

Why you shouldn't trust closed-source encryption software

In programs with closed source code“bookmarks” can be introduced (and don’t hope that they are not there!) and the ability to open encrypted files using a master key. Those. you can use any complex password, but your encrypted file can still be opened easily, without brute-forcing passwords, using a “bookmark” or the owner of the master key. Encryption software company size and country name in this issue do not play a role, since this is part of the public policy of many countries. After all, we are surrounded by terrorists and drug dealers all the time (what can we do?).

Those. You can hope for truly reliable encryption by correctly using the popular software with open source code and a crack-proof encryption algorithm.

Is it worth switching from TrueCrypt to VeraCrypt?

The reference program that has been providing very secure file encryption for many years is TrueCrypt. This program still works great. Unfortunately, development of the program has currently been discontinued.

Its best successor was the VeraCrypt program.

VeraCrypt is a free disk encryption software based on TrueCrypt 7.1a.

VeraCrypt continues the best traditions of TrueCrypt, but adds enhanced security to the algorithms used to encrypt systems and partitions, making your encrypted files immune to new advances in brute-force attacks.

VeraCrypt has also fixed many of the vulnerabilities and security issues found in TrueCrypt. It can work with TrueCrypt volumes and offers the ability to convert TrueCrypt containers and non-system partitions to the VeraCrypt format.

This improved security only adds some latency to opening encrypted partitions, without any performance impact during the encrypted drive phase. For a legitimate user this is an almost imperceptible inconvenience, but for an attacker it becomes almost impossible to gain access to encrypted data, despite the presence of any computing power.

This can be clearly demonstrated by the following benchmarks for cracking (brute force) passwords in Hashcat:

For TrueCrypt:

Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev.#1.: 21957 H/s (96.78ms) Speed.Dev.#2.: 1175 H/s (99.79ms) Speed.Dev.#* .: 23131 H/s Hashtype: TrueCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev.#1.: 9222 H/s (74.13ms) Speed.Dev.#2.: 4556 H/s (95.92ms) Speed.Dev.#*.: 13778 H/s Hashtype: TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev.#1.: 2429 H/s (95.69ms) Speed.Dev.#2.: 891 H /s (98.61ms) Speed.Dev.#*.: 3321 H/s Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev.#1.: 43273 H/s (95.60ms) Speed.Dev.#2.: 2330 H/s (95.97ms) Speed.Dev.#*.: 45603 H/s

For VeraCrypt:

Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev.#1.: 68 H/s (97.63ms) Speed.Dev.#2.: 3 H/s (100.62ms) Speed.Dev.#* .: 71 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev.#1.: 26 H/s (87.81ms) Speed.Dev.#2.: 9 H/s (98.83ms) Speed.Dev.#*.: 35 H/s Hashtype: VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev.#1.: 3 H/s (57.73ms) Speed.Dev.#2.: 2 H /s (94.90ms) Speed.Dev.#*.: 5 H/s Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev.#1.: 154 H/s (93.62ms) Speed.Dev.#2.: 7 H/s (96.56ms) Speed.Dev.#*.: 161 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit Speed.Dev.#1.: 118 H /s (94.25ms) Speed.Dev.#2.: 5 H/s (95.50ms) Speed.Dev.#*.: 123 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit + boot-mode Speed.Dev.#1.: 306 H/s (94.26ms) Speed.Dev.#2.: 13 H/s (96.99ms) Speed.Dev.#*.: 319 H/s

As you can see, cracking encrypted VeraCrypt containers is several orders of magnitude more difficult than TrueCrypt containers (which are also not at all easy).

I published the full benchmark and description of the hardware in the article “”.

Second important question- reliability. Nobody wants especially valuable and important files and the information was lost due to a program error. I knew about VeraCrypt as soon as it appeared. I followed her development and constantly looked closely at her. Over the past year I have completely switched from TrueCrypt to VeraCrypt. Over the course of a year of daily use, VeraCrypt has never let me down.

Thus, in my opinion, it is now worth switching from TrueCrypt to VeraCrypt.

How VeraCrypt works

VeraCrypt creates special file, which is called a container. This container is encrypted and can only be connected if the correct password is entered. After entering the password, the container is displayed as additional disk(like an inserted flash drive). Any files placed on this disk (i.e., in the container) are encrypted. As long as the container is connected, you can freely copy, delete, write new files, and open them. Once a container is disconnected, all files on it become completely inaccessible until it is connected again, i.e. until the password is entered.

Working with files in an encrypted container is no different from working with files on any other drive.

When opening a file or writing it to a container, there is no need to wait for decryption - everything happens very quickly, as if you were really working with a regular disk.

How to Install VeraCrypt on Windows

There was a semi-espionage story with TrueCrypt - sites were created for “download TrueCrypt”, on them binary file(well, of course!) was infected with a virus/Trojan. Those who downloaded TrueCrypt from these unofficial sites infected their computers, allowing attackers to steal personal information and facilitate the spread of malware.

In fact, all programs should be downloaded only from official websites. And this is even more true for programs that address security issues.

Official placements installation files VeraCrypt are:

Installing VeraCrypt on Windows

There is an installation wizard, so the installation process for VeraCrypt is similar to that of other programs. Is it possible to clarify a few points?

The VeraCrypt installer will offer two options:

• Install(Install VeraCrypt on your system)
• Extract(Extract. If you select this option, all files in this package will be extracted, but nothing will be installed on your system. Do not select this if you intend to encrypt system partition or system disk. Selecting this option can be useful, for example, if you want to run VeraCrypt in so-called portable mode. VeraCrypt does not require installation in operating system, in which it will be launched. After extracting all the files, you can run the extracted file "VeraCrypt.exe" directly (VeraCrypt will open in portable mode))

If you select the checked option, i.e. file association .hc, then this will add convenience. Because if you create a container with the .hc extension, then double click By this file VeraCrypt will start. But the downside is that third parties may know that .hc are encrypted VeraCrypt containers.

The program reminds you to donate:

If you are not short of money, of course, be sure to help the author of this program (he is alone) I would not want to lose him, like we lost the author of TrueCrypt...

VeraCrypt Instructions for Beginners

VeraCrypt has many different features and advanced features. But the most popular feature is file encryption. The following shows step by step how to encrypt one or more files.

Let's start by switching to Russian. Russian language is already built into VeraCrypt. You just need to turn it on. To do this in the menu Settings select Language…:

There, select Russian, after which the program language will immediately change.

As already mentioned, files are stored in encrypted containers (also called “volumes”). Those. you need to start by creating such a container; to do this, in the main interface of the program, click on the button “ Create Volume».

The VeraCrypt Volume Creation Wizard appears:

We are interested in the first option (“ Create an encrypted file container"), so we, without changing anything, press Next,

VeraCrypt has very interesting feature- the ability to create hidden volume. The point is that not one, but two containers are created in the file. Everyone knows that there is an encrypted partition, including possible ill-wishers. And if you are forced to give out your password, then it is difficult to say that “there is no encrypted disk.” When creating hidden section, two encrypted containers are created, which are located in the same file, but are opened different passwords. Those. you can place files that look “sensitive” in one of the containers. And in the second container there are really important files. For your needs, you enter a password to open an important section. If you cannot refuse, you reveal the password for a not very important disk. There is no way to prove that there is a second disk.

For many cases (hiding not very critical files from prying eyes) it will be enough to create a regular volume, so I just click Next.

Select file location:

The VeraCrypt volume can be located in a file (VeraCrypt container) on a hard drive, USB flash drive, etc. A VeraCrypt container is no different from any other regular file (for example, it can be moved or deleted like other files). Click the "File" button to specify the name and path to the container file to be created to store the new volume.

NOTE: If you select a file that already exists, VeraCrypt will NOT encrypt it; this file will be deleted and replaced with the newly created VeraCrypt container. You can encrypt existing files (later) by moving them to the VeraCrypt container you are creating now.

You can choose any file extension; this does not affect the operation of the encrypted volume in any way. If you select the extension .hc, and also if you associated VeraCrypt with this extension during installation, then double-clicking on this file will launch VeraCrypt.

History recently open files allows you to quickly access these files. However, entries in your history like “H:\My offshore accounts of stolen dollars worth of dollars.doc” may raise doubts in the minds of outsiders about your integrity. To prevent files opened from an encrypted disk from going into history, check the box next to “ Don't save history».

Selecting encryption and hashing algorithms. If you are not sure what to choose, then leave the default values:

Enter the volume size and select units of measurement (kilobytes, megabytes, gigabytes, terabytes):

A very important step is setting a password for your encrypted disk:

Good password- this is very important. Avoid passwords with one or more words found in the dictionary (or combinations of 2, 3 or 4 such words). The password must not contain names or dates of birth. It should be difficult to guess. A good password is a random combination of upper and lower case letters, numbers and special characters (@ ^ = $ * + etc.).

Now you can again use Russian letters as passwords.

We help the program collect random data:

Note that here you can check the box to create a dynamic disk. Those. it will expand as it is filled with information.

As a result, I have created a test.hc file on my desktop:

If you created a file with the extension .hc, then you can double-click on it, the main program window will open, and the path to the container will already be inserted:

In any case, you can open VeraCrypt and select the path to the file manually (To do this, click the "File" button).

If the password is entered correctly, a new disk will appear in your system:

You can copy/move any files to it. You can also create folders there, copy files from there, delete them, etc.

To close the container from outsiders, press the button Unmount:

To regain access to your secret files, remount the encrypted drive.

Setting up VeraCrypt

VeraCrypt has quite a few settings that you can change for your convenience. I highly recommend checking the " Automatically unmount volumes when inactive for a period»:

And also install hotkey For " Immediately unmount everything, clear the cache and exit»:

This can be very... VERY useful...

Portable version of VeraCrypt on Windows

As of version 1.22 (which is in beta at the time of writing), a portable option was added for Windows. If you read the installation section, you should remember that the program is already portable and allows you to simply extract your files. However, the standalone portable package has its own peculiarities: you need administrator rights to run the installer (even if you just want to unpack the archive), and the portable version can be unpacked without administrator rights - that's the only difference.

Official beta versions are only available. In the VeraCrypt Nightly Builds folder, the portable version file is VeraCrypt Portable 1.22-BETA4.exe.

The container file can be placed on a flash drive. You can copy it to the same flash drive portable version VeraCrypt - this will allow you to open an encrypted partition on any computer, including those without VeraCrypt installed. But be aware of the dangers of keystroke hijacking - an on-screen keyboard could probably help in this situation.

How to Use Encryption Software Properly

Some tips to help you keep your secrets better:

1. Try to prevent unauthorized persons from accessing your computer, including not checking laptops in luggage at airports; If possible, send computers for repairs without a system hard drive etc.
2. Use a complex password. Don't use the same password you use for mail etc.
3. Don't forget your password! Otherwise, the data will be impossible to recover.
4. Download all programs only from official sites.
5. Use free programs or purchased (do not use hacked software). And also do not download or run dubious files, since all such programs, among other malicious elements, may have kilologgers (keystroke interceptors), which will allow an attacker to find out the password from your encrypted container.
6. Sometimes, as a means of preventing keystrokes from being intercepted, it is recommended to use on-screen keyboard- I think this makes sense.

An article about ways to protect data on flash drives, as well as programs for encrypting flash drives and individual files on them.

Just about 10 years ago, in the absence of the Internet, we transferred various data to each other on floppy disks and discs. In this regard, a floppy disk was more convenient, because it was possible to “drop” information onto it directly without overwriting all the contents, as, for example, on RW disks. The only drawback of floppy disks was their small size (just a little more than a megabyte).

However, this problem was solved when USB flash drives began to take their place en masse. Today, portable drives can hold up to a couple of hundred gigabytes of any type of file, and have a write speed significantly higher than that of disks and floppy disks, so they have deservedly become the No. 1 storage medium.

Any flash drive, among other file “trash,” sometimes stores quite important data that is undesirable for anyone to see. Therefore, today I suggest you encrypt your flash drive and personal information on it.

A little theory

Before you consider specific examples encryption of a flash drive, it’s worth understanding a little about the types of encryption itself, as well as its principles. Applicable to flash drives today, there are two types of data protection on them: hardware and software.

Hardware encryption is implemented through integration into the drive design additional devices, which block the ability to connect it to the computer. Moreover, such devices can have different operating principles: from physically blocking access to a flash drive in general, to using modern fingerprint scanners!

Naturally, such flash drives cost a lot, so it only makes sense to buy them if you plan to transfer something very secret to them. For other purposes, it is enough to use special software.

There are three main types of software encryption. The first type involves encrypting the entire media and accessing it using a password. The second is to create an additional encrypted partition on the drive (something like hidden folder) With password protection. The third option is “spot” encryption of individual important files.

Each of the methods has both its advantages and disadvantages, however, I would like to say right away that the ideal, alas, does not exist... Plus, you risk forgetting your password and losing your data forever!

Therefore, before deciding whether you need to encrypt a flash drive, think about whether not so advanced users will be able to see its contents? It is quite possible that it will be enough for them to make an important folder hidden or simply change the extension of a secret file;).

Encryption with BitLocker

Professional users Windows editions(starting from 7) one very useful and handy tool called BitLocker. This is a built-in solution for encrypting local and removable storage media on the fly without the need to change file system to an encrypted one (for example, EFS), and with simple unlocking of access to them using a password.

To set a password on a flash drive using BitLocker, we will only need to connect it to the PC, open the "Computer" window and in the context menu of our removable disk select "Enable BitLocker". After a short initialization, the following window will appear in front of us:

In this window we will be offered two encryption options: using a password and by connecting a smart card. I think there’s no point in messing around with additional cards, so we leave the choice at the first point and enter your password twice in the special fields. The latter must be at least 8 characters long and contain both letters and numbers.

After clicking the "Next" button, we will go to the window for creating a recovery key, which can unlock it if we suddenly forget the password. This key can be saved in your account user online, in a separate text file on local computer or printed on a printer. Most convenient option, I think local saving. Select it and save text file with the desired name and in the desired folder.

After saving the file with the key, you will be asked to select the type of encryption for the flash drive. The first option offers faster encryption only occupied space on a flash drive, the second is longer, but complete. The first option is recommended only for new disks that do not yet have information on them, however, it has been experimentally found that it is quite suitable for non-empty media, so you can safely select it and wait for encryption to complete.

Once the flash drive is encrypted, safely remove it and then plug it back into the port. If everything was done correctly, then in the “Computer” window your flash drive will have an additional icon with a lock, and when you try to open it, the system will ask you to enter a password :)

Surprisingly, you won’t get a more elegant and simpler way to set a password on a flash drive from any third party program. Here Windows developers we tried. However, it is worth remembering that BitLocker only works on systems no older than Seven, and you may need administrator rights to set a password.

Alternative software solution could become the DiskCryptor application. It also allows you to encrypt the entire flash drive, however, it requires installation on all computers to which the encrypted flash drive will be connected. Otherwise, the system will simply offer to format it!!!

Creating an encrypted partition

Given that BitLocker may not work on older systems and Home editions without administrator rights, some may need an alternative solution to encrypt data on a flash drive. It would be ideal to create an encrypted folder next to the regular data, however, due to Windows features and removable drives in general, this method does not exist!

But you can imitate it by creating an encrypted partition on a flash drive, disguised as any file! Previously, the ideal way to do this was to use a program called . However, since the end of last year (2014), the developers stopped supporting it (they say it was due to the NSA...) and declared its algorithms unsafe.

In principle, if you don’t think that your flash drive will fall into the hands of tough hackers who will brute force your password, you can use the latest working version TrueCrypt 7.1a (available on our website via the link in the previous paragraph). If there is no desire to compromise, you can use the popular alternative to TrueCrypt called VeraCrypt.

This program almost completely replicates the TrueCrypt interface and uses the same source codes, but has a different encryption algorithm that no one has yet been able to crack! At the same time, it can work directly from a flash drive, which is what we need. Download VeraCrypt, run the installer and see a window with a choice of installation options (exactly the same as TrueCrypt):

We need to select the second option “Extract” and unpack the program into a folder directly on the flash drive. She will probably swear at us in English, warning us that some functions may not work in the portable version, but we will ignore the swearing and continue to the end.

When the program is already on the flash drive, launch it. If you have worked with TrueCrypt before, you will be greeted by a familiar interface (though in English). To Russify it, just go to the “Settings” menu and call up the “Language” item. In the window that opens, select “Russian” and click “Ok”:

Now we need to create an encrypted partition on our flash drive. As a section, we should have any file under which this section will be disguised. For large storages, a video file format (AVI or MP4) is ideal, since a text file or picture a couple of gigabytes in size will look suspicious :). Drop any video file onto the flash drive (it will be destroyed!) and click the “Create Volume” button:

The Encrypted Partition Creation Wizard will launch. Basically, everything is written there in Russian and special problems there shouldn't be. Moreover, all stages of preparation coincide with the stages of work in TrueCrypt, which are described. Briefly, I will tell you what we will need to do:

1. Select to create an encrypted file container as a regular volume.
2. Specify the file for the container (the video file that we uploaded to the flash drive).
3. Select encryption algorithms (can be left as default).
4. Specify the size of the encrypted storage in kilobytes, megabytes or gigabytes (optional, but not more than the amount of free space).
5. Set a password to access the storage (preferably longer).
6. Start the storage creation process.
7. Close the Wizard window after completing the creation of the encrypted volume :)

The result of successful work will be a “video file” visible on the flash drive, which cannot be played by any player... Now how to open it. We return to the main VeraCrypt interface again, select any free letter in the list of drives (for example, O), click the “File” button and specify the path to the “video file”, then click “Mount” and wait for the process to complete.

When the mounting is complete, in the "Computer" window you will find a new " Local disk(O:) (the letter will be the one you chose), on which you can write down any information you need. After finishing working with the encrypted partition, return to the main program interface and click the “Unmount” button:

The virtual disk will disappear from the system and no one (except you) will know where it came from or how to access it :)

Finally, I will say that of all its analogues, VeraCrypt is practically the only encryption tool that is completely free and at the same time allows you to create hidden sections of unlimited size.

An alternative to partial encryption and creation of hidden partitions is the program and its forks. However, in portable mode new Windows You will face the problem of need manual installation drivers, so this solution is only suitable for Windows XP and younger, where the driver operation policy is somewhat simpler...

File encryption

The final encryption option is to set a password to access only one important file. Indeed, sometimes there is no need to create an entire hidden section if we need to block access to only a couple of files. For this purpose I recommend portable program AxCrypt2Go:

It's in English, but I think it's standard Windows Explorer is familiar to everyone, so there won’t be any special problems understanding the interface. On the left side of the folder tree we need to select our flash drive, and on the right side call context menu file that needs to be encrypted and click the first item "Encrypt":

In the window that appears, enter twice required password and click "Ok". Optionally, you can also check using the key file, but this is not necessary. The result of the manipulations will be the appearance in the folder of a new file of the same name as the encrypted one, but with the AXX extension. We delete the original, and we can decrypt the encrypted file at any time using the “Decrypt” command and entering the specified password.

The AxCrypt2Go program does its job well, but is not very convenient if we need to simultaneously password protect several files in a specific folder. If you want to do just that, then it will help you free utility from a popular flash drive manufacturer Silicon Power SP Widget:

There are two versions of it on the manufacturer’s website: for old systems (XP/Vista) and new ones (7/8). Make sure you download the version that suits you! After downloading and unpacking the archive onto the flash drive, launch the program and Russify it by selecting “Russian” in the “Language Choose” section.

The principle of working with this program is similar to the principle of working with AxCrypt2Go, however, it has a number of advantages. First, files can be encrypted in bulk. And secondly, there is an option “Delete original files”, which allows us to quickly delete unencrypted data, leaving only their password-protected versions!

In general, programs for encrypting individual files, as a class, are represented quite widely. They are found both as modules in complex PC maintenance utilities (for example, Glary Utilities), and as stand-alone (often portable) solutions. An interesting example The last type can be called the bmpCoder program, which allows you to encrypt small text fragments directly into images in BMP format without disrupting the operation of the image!

Conclusions

To summarize, I would like to say that you can only really put a password on a flash drive system tool BitLocker. Block in another way removable media so that he, like in the movies, gives out beautiful inscription "Access Denied"does not exist in nature!

However, as we can see, there are many ways to encrypt data on a flash drive for free. This includes creating hidden sections disguised as regular files, encrypting individual files, and even hiding information in regular images!

In short, over the many years of the existence of PCs and flash drives, many ways to hide your confidential data from strangers have been invented. All we have to do is decide on the one we need and successfully use the experience of our conspiracy theorist predecessors :)

P.S. Permission is granted to freely copy and quote this article, provided that open credit is given. active link to the source and preservation of the authorship of Ruslan Tertyshny.

This article is devoted to the reliable protection of vital information, as well as any files that you want to protect from access by others, even if your computer or storage media (flash drive, hard drive) falls into the hands of unauthorized persons, including those who are technically advanced and have access to powerful computing resources.

Why you shouldn't trust closed-source encryption software

Closed source programs can include “bookmarks” (and don’t hope they aren’t there!) and the ability to open encrypted files using a master key. Those. you can use any, the most complex password, but your encrypted file can still be opened with ease, without brute-forcing passwords, using a “bookmark” or the owner of the master key. The size of the encryption software company and the name of the country do not matter in this matter, since this is part of the government policy of many countries. After all, we are surrounded by terrorists and drug dealers all the time (what can we do?).

Those. Truly strong encryption can be achieved by properly using popular open source software and a crack-proof encryption algorithm.

Is it worth switching from TrueCrypt to VeraCrypt?

The reference program that has been providing very secure file encryption for many years is TrueCrypt. This program still works great. Unfortunately, development of the program has currently been discontinued.

Its best successor was the VeraCrypt program.

VeraCrypt is free disk encryption software based on TrueCrypt 7.1a.

VeraCrypt continues the best traditions of TrueCrypt, but adds enhanced security to the algorithms used to encrypt systems and partitions, making your encrypted files immune to new advances in brute-force attacks.

VeraCrypt has also fixed many of the vulnerabilities and security issues found in TrueCrypt. It can work with TrueCrypt volumes and offers the ability to convert TrueCrypt containers and non-system partitions to the VeraCrypt format.

This improved security only adds some latency to opening encrypted partitions, without any performance impact during the encrypted drive phase. For a legitimate user this is an almost imperceptible inconvenience, but for an attacker it becomes almost impossible to gain access to encrypted data, despite the presence of any computing power.

This can be clearly demonstrated by the following benchmarks for cracking (brute force) passwords in:

For TrueCrypt:

For VeraCrypt:

As you can see, cracking encrypted VeraCrypt containers is several orders of magnitude more difficult than TrueCrypt containers (which are also not at all easy).

The second important issue is reliability. No one wants to lose valuable and important files and information due to a software error. I knew about VeraCrypt as soon as it appeared. I followed her development and constantly looked closely at her. Over the past year I have completely switched from TrueCrypt to VeraCrypt. Over the course of a year of daily use, VeraCrypt has never let me down.

Thus, in my opinion, it is now worth switching from TrueCrypt to VeraCrypt.

How VeraCrypt works

VeraCrypt creates a special file called a container. This container is encrypted and can only be connected if the correct password is entered. After entering the password, the container is displayed as an additional disk (like an inserted flash drive). Any files placed on this disk (i.e., in the container) are encrypted. As long as the container is connected, you can freely copy, delete, write new files, and open them. Once a container is disconnected, all files on it become completely inaccessible until it is connected again, i.e. until the password is entered.

Working with files in an encrypted container is no different from working with files on any other drive.

When opening a file or writing it to a container, there is no need to wait for decryption - everything happens very quickly, as if you were really working with a regular disk.

How to Install VeraCrypt on Windows

There was a semi-spy story with TrueCrypt - sites were created to “download TrueCrypt”, on them the binary file (well, of course!) was infected with a virus/Trojan. Those who downloaded TrueCrypt from these unofficial sites infected their computers, allowing attackers to steal personal information and help spread malware.

The official locations for VeraCrypt installation files are:

Installing VeraCrypt on Windows

There is an installation wizard, so the installation process for VeraCrypt is similar to that of other programs. Is it possible to clarify a few points?

The VeraCrypt installer will offer two options:

• Install(Install VeraCrypt on your system)
• Extract(Extract. If you select this option, all files in this package will be extracted, but nothing will be installed on your system. Do not select this if you intend to encrypt the system partition or system drive. Selecting this option may be useful, for example, if you want to run VeraCrypt in the so-called portable mode. VeraCrypt does not require installation on the operating system in which it will run. After extracting all the files, you can run the extracted file 'VeraCrypt.exe' directly (VeraCrypt will open in portable mode))

If you select the checked option, i.e. file association .hc, then this will add convenience. Because if you create a container with the .hc extension, then double-clicking on this file will launch VeraCrypt. But the downside is that third parties may know that .hc are encrypted VeraCrypt containers.

The program reminds you to donate:

VeraCrypt Instructions for Beginners

VeraCrypt has many different features and advanced features. But the most popular feature is file encryption. The following shows step by step how to encrypt one or more files.

Let's start by switching to Russian. Russian language is already built into VeraCrypt. You just need to turn it on. To do this in the menu Settings select Language…:

There, select Russian, after which the program language will immediately change.

As already mentioned, files are stored in encrypted containers (also called “volumes”). Those. you need to start by creating such a container; to do this, in the main interface of the program, click on the button “ Create Volume».

The VeraCrypt Volume Creation Wizard appears:

We are interested in the first option (“ Create an encrypted file container"), so we, without changing anything, press Next,

VeraCrypt has a very interesting feature - the ability to create a hidden volume. The point is that not one, but two containers are created in the file. Everyone knows that there is an encrypted partition, including possible ill-wishers. And if you are forced to give out your password, then it is difficult to say that “there is no encrypted disk.” When creating a hidden partition, two encrypted containers are created, which are located in the same file, but are opened with different passwords. Those. you can place files that look “sensitive” in one of the containers. And in the second container there are really important files. For your needs, you enter a password to open an important section. If you cannot refuse, you reveal the password for a not very important disk. There is no way to prove that there is a second disk.

For many cases (hiding not very critical files from prying eyes) it will be enough to create a regular volume, so I just click Next.

Select file location:

A VeraCrypt volume can be located in a file (VeraCrypt container) on a hard drive, USB flash drive, etc. A VeraCrypt container is no different from any other regular file (for example, it can be moved or deleted like other files). Click the ‘File’ button to specify the name and path to the container file to be created to store the new volume.

NOTE: If you select a file that already exists, VeraCrypt will NOT encrypt it; this file will be deleted and replaced with the newly created VeraCrypt container. You can encrypt existing files (later) by moving them to the VeraCrypt container you are creating now.

You can choose any file extension; this does not affect the operation of the encrypted volume in any way. If you select the extension .hc, and also if you associated VeraCrypt with this extension during installation, then double-clicking on this file will launch VeraCrypt.

The history of recently opened files allows you to quickly access these files. However, entries in your history like “H:\My offshore accounts of stolen dollars worth of dollars.doc” may raise doubts in the minds of outsiders about your integrity. To prevent files opened from an encrypted disk from going into history, check the box next to “ Don't save history».
Selecting encryption and hashing algorithms. If you are not sure what to choose, then leave the default values:

Enter the volume size and select units of measurement (kilobytes, megabytes, gigabytes, terabytes):

A very important step is setting a password for your encrypted disk:

A good password is very important. Avoid passwords with one or more words found in the dictionary (or combinations of 2, 3 or 4 such words). The password must not contain names or dates of birth. It should be difficult to guess. A good password is a random combination of upper and lower case letters, numbers and special characters (@ ^ = $ * + etc.).

Now you can again use Russian letters as passwords.

We help the program collect random data:

Note that here you can check the box to create a dynamic disk. Those. it will expand as it is filled with information.

As a result, I have created a test.hc file on my desktop:

If you created a file with the extension .hc, then you can double-click on it, the main program window will open, and the path to the container will already be inserted:

In any case, you can open VeraCrypt and select the path to the file manually (To do this, click the "File" button).

If the password is entered correctly, a new disk will appear in your system:

You can copy/move any files to it. You can also create folders there, copy files from there, delete them, etc.

To close the container from outsiders, press the button Unmount:

To regain access to your secret files, remount the encrypted drive.

Setting up VeraCrypt

VeraCrypt has quite a few settings that you can change for your convenience. I highly recommend checking the " Automatically unmount volumes when inactive for a period»:

And also set a hotkey for " Immediately unmount everything, clear the cache and exit»:

Portable version of VeraCrypt on Windows

As of version 1.22 (which is in beta at the time of writing), a portable option was added for Windows. If you read the installation section, you should remember that the program is already portable and allows you to simply extract your files. However, the separate portable package has its own peculiarities: you need administrator rights to run the installer (even if you just want to unpack the archive), and the portable version can be unpacked without administrator rights - the only difference is that.

Official beta versions are only available. In the VeraCrypt Nightly Builds folder, the portable version file is VeraCrypt Portable 1.22-BETA4.exe.

The container file can be placed on a flash drive. You can copy a portable version of VeraCrypt onto the same flash drive - this will allow you to open the encrypted partition on any computer, including those without VeraCrypt installed. But be aware of the dangers of keystroke hijacking—an on-screen keyboard can probably help in this situation.

How to Use Encryption Software Properly

Some tips to help you keep your secrets better:

1. Try to prevent unauthorized persons from accessing your computer, including not checking laptops in luggage at airports; if possible, send computers for repair without a system hard drive, etc.
2. Use a complex password. Don't use the same password you use for mail etc.
3. Don't forget your password! Otherwise, the data will be impossible to recover.
4. Download all programs only from official sites.
5. Use free programs or purchased ones (do not use hacked software). And also do not download or run dubious files, since all such programs, among other malicious elements, may have kilologgers (keystroke interceptors), which will allow an attacker to find out the password from your encrypted container.
6. Sometimes it is recommended to use an on-screen keyboard as a remedy against interception of keystrokes - I think this makes sense.