DURING my most recent “aggravated evaluation” of folder encrypting/protecting utilities, I stumbled – really – upon an opensource tool called TrueCrypt.
Here’s their website: http://www.truecrypt.org
Here’s a few screenshots of the UI:
I know I know, it’s NOT what you expected. Me neither. But think about it for a moment: You simply use this tool to mount an encrypted, password-protected data file as a logical drive. Then you use that new drive just like you normally would – adding, changing, deleting content. Once you’re done, you return to this tool to UN-mount your drive(s), and the data files go back to being dumb, encrypted, password-protected data files. That’s actually quite clever…
After my initial cringe at the thought of using “opensource” for something as critical as protecting client content, my viewpoint began to change. In many ways, the tool actually made more sense than its license-required ilk:
1. It was as divorced from resident OS as could be, by creating a data file which – with a small helper utility, could be mounted as a logical drive. When not mounted – a process which requires a password – the data file contains massively-encrypted gibberish. So far so good.
2. The data file can be transported not only between computers with the same type of OS, but also between computers with DIFFERENT OSes. For example, I could create a TrueCrypt file on my WinXP laptop (using the WinXP version of the TrueCrypt Utility), then copy the data file to say a USB drive, then copy it to a desktop computer running some flavor of Linux. On that computer I run the Linux version of TrueCrypt to “mount” the data file, and *voila* – all my protected data are now available on a LINUX platform. How cool is that?
3. I can create DIFFERENT data files for different clients – each with its own unique password and even encryption algorithm – and then mount each file as its own drive letter on my various computers. Client R maps to R: drive, Client S maps to S: drive, and so on. Now I’m starting to understand just how much genuine enterprise-level thought went into this opensource product, compared to the almost-juvenile thought processes which went into other products I’ve tried…
4. The encryption algorithms are dynamically seeded, and good enough for government use. Enough said.
So, in the end TrueCrypt is my current protection of choice. As I continue kicking the tires of this tool using already-duplicated-elsewhere content, I’ll report my findings in this blog. But so far… TrueCrypt appears to be the tool with everything I never knew I always wanted.