I recently rebuilt my laptop, and as I was doing this I got to thinking about how to better secure the data I carry on it. My concern is not so much people hacking into it at a public hotspot (although this is a risk), but rather what data may be comprimsed if the it was stolen. Once someone has the physical disk, it's not hard to extract the files. The implications range from trade secrets being released, to your identity being stolen.

The obvious solution is to keep sensitive data encrypted, but doing this on a file-by-file basis is just not realistic. How am I going to manage that for a large collection of source-code, proposals, internal documents, resumes, contract terms, and emails?

After some Googling, I found TrueCrypt - an open-source encryption package creates a vitrual encrypted disk within a file and then mounts it like a real disk. This lets you work with your files as usual, except that they are stored inside an encrypted file on virtual hard drive. Additionally, you can use a variety of encryption algorithms - AES-256, Blowfish (448-bit key), CASTS, Serpent, Triple DES and TwoFish. These are some world class algorithms - the sort of thing that the NSA has problems with.

How it works
Once you intstall TrueCrypt, you can create a volume - which is basically a big empty file where you will store your sensitive data. As this file is being created, it is being filled with random data. Once you copy your data into the volume, it's automatically encrypted.


Performance
Because the algorithm you choose effects performance, TrueCrypt has a built in benchmarking system. This allows you to choose an algorithm which will perform adequately on your system.


Accessing the volume
When you log into windows, before you can access your files, you need to mount your encrypted virtual drive. This is very simple, and only requires that you enter your passphrase.


Once the volume is mounted, you can use it like any other disk. It shows up in Windows Explorer...

And you can double-click files to open them. No plugins etc needed.


The nice thing is that without that passphrase, the files are totally inaccessible (at least for the many years it will take to crack the file) - so even if someone hacks your notebook while at Starbucks, they still can't get into your files. And - should the notebook be stolen, again - the files are safe from prying eyes. Best part - it's free!