Setting up TrueCrypt Full Disk Encryption on a Windows 8
system is very straight forward and does not require anything new from previous
versions of Windows. By following the below steps you can setup full disk
encryption on your new Windows 8 system, or previous versions of Windows.
- Download and install the latest version of TrueCrypt. (7.1a at the time of this post) http://www.truecrypt.org/.
- Launch TrueCrypt and click on “System”, then “Encrypt System Partition/Drive...”.
- Choose a “Normal” or a "Hidden” system encryption, for this guide I am choosing “Normal”, click “Next”.
- Choose to “Encrypt the Windows system partition” or “Encrypt the whole drive”, for this guide I am choose whole drive, click “Next” *Choosing whole drive will take a considerable amount of time however all of your data on the drive will be secure, not just the Windows system.
- If prompted, acknowledge the 'User Account Control' by clicking “Yes”.
- Choose your option on whether or not to encrypt the “Host Protected Area”. *The host protected area may have drivers, such as RAID drivers, that need to be accessed ‘pre-boot’.
- Choose whether you have a single OS installed or are booting between multiple OS’s, click “Next”.
- Choose the 'Encryption Algorithm' and the 'Hash Algorithm' you want to use. Read each description and select the one that you feel is best for you. By clicking the “Benchmark” button you can estimate how many megabytes per second your encryption task may take. Click “Next”.
- Create your encryption password, the bigger the better, recommended is 20 characters, click “Next”. *Here is a link to check the strength of your password http://howsecureismypassword.net/.
- On the next screen you will see moving text. Simply move your mouse around your screen for a while to create a random data pool. Do this for as long or as little as you like, but you should give it a few seconds at the very least. Click “Next”.
- The next screen will show you the generated keys. You do not need to do anything here, just click “Next”.
- On the 'Rescue Disk' screen you need to specify a path for an ISO file to be created. You will need this ISO file in the event you need to boot your system from a disk. So “Browse” to a location and save your rescue disk. Click “Next”.
- Acknowledge the action and insert a blank CD into your CD burner. Choose your CD burner from the drop down box and click “Burn”.
- Now, before you continue, navigate to the location of the ISO file that you created in the last step. Copy that ISO file to an external location such as a thumb drive. If your disk is lost or broken you can use this ISO file to create a new one.
- Click “Close”, then click “Next” to verify that your cd is good, click “Next” again.
- Remove the burned disk, label it, and store it in a safe location.
- On the next screen you are asked if you want to wipe unused space on your disk. This can be important if you need to securely erase any data that can possibly be recovered. Choose your wipe mode (3 pass is sufficient) or choose “None” if this is not a concern to you. Click “Next”.
- Next you are asked to perform a 'Pretest'. Be sure that all of your applications are closed and your work is saved. Next click “Next”, agree to the terms, then click “Yes” to reboot your computer and begin the pretest.
- Assuming there are no issues, your computer will reboot normally and after the POST screen you are asked for your TrueCrypt password. Type the password that you created earlier and press “Enter” on your keyboard.
- Assuming there are no issues, your computer will start into Windows as it always does. Logon if needed and click on the “Desktop” button from your new start screen. Once on the desktop Trucrypt should be waiting for you. Simply press the “Encrypt” button to begin the whole disk encryption process. You may need to agree to the terms again and User Account Control may prompt you for permission again.
- At this point just sit back and wait.
Depending on the size
of your disk and the level of encryption you chose you may be waiting a very
long time. You can use your system normally during the encryption process. Just
don’t do any intense gaming. Stick to Facebook and email until it is done.
When it is all done simply reboot your computer and you are
done! You can now sleep better tonight.
Posted by
Mike Wright
February 21, 2013 at 6:07 AM
This only works if the hard drive has a partition table with an MBR. I bought a laptop with Windows 8 pre-installed. It has a GUID partition table. TrueCrypt does not support that and therefore I cannot encrypt the system drive.
April 4, 2013 at 6:51 PM
I don't understand the blogger's advice here... How is that process any different from Win 7 ? .... The Trucrypt site says it's not Win 8 compatible, but the author doesn't discuss this, and makes no discernable differences in approach.
The commenter before me at least gives a clue as to why it's not always Win 8 compatible.
May 10, 2013 at 9:21 AM
Truecrypt is compatiable with windows 8 as long as it does not have a UEFI BIOS. The newer computers these days that come pre-installed with windows 8 have the UEFI Bios. Non-UEFI Bios computers with windows 8 will work.