The motivation for hosting data on a USB key or disk are numerous. The simplest is to cease carrying a portable computer that is either too big and heavy or too small for comfort, if by chance one has on one site a bigger and more powerful machine. A portable Firefox (Thunderbird) version will keep your preferences, extensions, passwords etc. which will then be readily available on all your machines. Of course in any case, the key must be encrypted in case it is stolen.

We will describe the complete list of (very simple) operations to perform to encrypt and protect a standard USB key or disk using the TrueCrypt software on Mac OSX. TrueCrypt is available on PCs, and the process should be very close on these machines.

Launch TrueCrypt


An empty 16 Gigas usb key is on board


Choose 'Create Volume'

The volume may be created within a file. This approach is risk free (considering formatting) and allows for using the key normally. This will not be our choice here.


We create the volume on the entire disk


Standard or Hidden?

An 'hidden' volume is stored invisibly using stéganography within a standard volume. This kind of volume offers the added protection of plausible deniability: the (non) existence of the hidden volume cannot be proven. Considering a key formatted a s whole as is our present choice, this offers seldom interest because after formatting, the key will not be recognised by computers and treated as defective. We choose 'standard'.


Next: choose the device


Here is our key


It is now selected


The key is empty, no risk, even for a grand beginner


Yes, sure, no data means no data loss


Choosing algorithms

AES is the best known encryption algorithm. SHA 512 is best among hash algorithms.


Benchmark results

TrueCrypt offers these computations to test your hardware efficiency. All these throughputs are far higher than read/write speeds of our key, on a machine having no hardware acceleration for encryption (TrueCrypt may be set to use such an acceleration)


Algorithm auto test

Testing that everything works well (note: you should have controlled the checksum of the archive you downloaded)

Screen_shot_2010-12-04_at_12.53.28.png Screen_shot_2010-12-04_at_12.53.41.png

Choosing Key files

Keyfiles offer added protection, by restricting the possibility to mount the volume solely on machines that own the file(s). Key files may also be stored using mobility archives like DropBox or Wuala(the safest).

Screen_shot_2010-12-04_at_13.25.25.png Screen_shot_2010-12-04_at_13.26.01.png

Generate a random key file

TrueCrypt also provides support for the generation of randm 1024K key files.


Choosing a password

Using a keyfile may compensate a weak password.


Filesystem features

Opting for more than 4Gigas files will forbid choosing the FAT file system at the next stage. This is useless for a standard configuration, even using thunderbird which may generate rather big mail archives (take care however for compact regularly...).

Screen_shot_2010-12-04_at_13.31.33.png Screen_shot_2010-12-04_at_13.32.56.png

Filesystem selection

One must NOT use fast formatting. Doing so only makes sense if the disk was previously encrypted and only contains digital noise.


Generating a random seed


Latest warning



Expect half an hour for 16 gigas. The key is entirely coverd with digital noise, and equipeed with an encrypted header. If ever you change the algorithms or password in the future, the header will be overwrittent randomly 35 times before writing the final data.





We may now mount the volume

This requires to choose a 'slot'


Then choose the device. At that stage, Mac OSX ass for an administrator password.




Yeah, we're set!!!