The motivation for hosting data on a USB key or disk are numerous. The simplest is to cease carrying a portable computer that is either too big and heavy or too small for comfort, if by chance one has on one site a bigger and more powerful machine. A portable Firefox (Thunderbird) version will keep your preferences, extensions, passwords etc. which will then be readily available on all your machines. Of course in any case, the key must be encrypted in case it is stolen.
We will describe the complete list of (very simple) operations to perform to encrypt and protect a standard USB key or disk using the TrueCrypt software on Mac OSX. TrueCrypt is available on PCs, and the process should be very close on these machines.
An empty 16 Gigas usb key is on board
Choose 'Create Volume'
The volume may be created within a file. This approach is risk free (considering formatting) and allows for using the key normally. This will not be our choice here.
We create the volume on the entire disk
Standard or Hidden?
An 'hidden' volume is stored invisibly using stéganography within a standard volume. This kind of volume offers the added protection of plausible deniability: the (non) existence of the hidden volume cannot be proven. Considering a key formatted a s whole as is our present choice, this offers seldom interest because after formatting, the key will not be recognised by computers and treated as defective. We choose 'standard'.
Next: choose the device
Here is our key
It is now selected
The key is empty, no risk, even for a grand beginner
Yes, sure, no data means no data loss
AES is the best known encryption algorithm. SHA 512 is best among hash algorithms.
TrueCrypt offers these computations to test your hardware efficiency. All these throughputs are far higher than read/write speeds of our key, on a machine having no hardware acceleration for encryption (TrueCrypt may be set to use such an acceleration)
Algorithm auto test
Testing that everything works well (note: you should have controlled the checksum of the archive you downloaded)
Choosing Key files
Keyfiles offer added protection, by restricting the possibility to mount the volume solely on machines that own the file(s). Key files may also be stored using mobility archives like DropBox or Wuala(the safest).
Generate a random key file
TrueCrypt also provides support for the generation of randm 1024K key files.
Choosing a password
Using a keyfile may compensate a weak password.
Opting for more than 4Gigas files will forbid choosing the FAT file system at the next stage. This is useless for a standard configuration, even using thunderbird which may generate rather big mail archives (take care however for compact regularly...).
One must NOT use fast formatting. Doing so only makes sense if the disk was previously encrypted and only contains digital noise.
Generating a random seed
Expect half an hour for 16 gigas. The key is entirely coverd with digital noise, and equipeed with an encrypted header. If ever you change the algorithms or password in the future, the header will be overwrittent randomly 35 times before writing the final data.
We may now mount the volume
This requires to choose a 'slot'
Then choose the device. At that stage, Mac OSX ass for an administrator password.