Encryption of pc disks and flash drives. BitLocker Encryption - Protecting USB Stick

Information can be considered one of the most valuable products of the modern world. At the same time, private information also has significance, and it requires some protection, which can be provided by means of the operating system or using software solutions.

If you are interested in the answer to the question "how to encrypt a USB flash drive?" and your operating system is older than Windows XP, then you can take advantage of the capabilities of the OS itself.

Bitlocker encryption

The Bitlocker feature has been available in Windows since Vista. Its capabilities are based on encrypting data located on a hard drive or flash drive. In order to follow:

TrueCrypt: How to encrypt a USB flash drive

Free TrueCrypt is a more secure way to encrypt a USB flash drive. This software solution has a fairly wide functionality, for example, encryption of a single folder or directly the operating system itself.

At the same time, the offered encryption quality is at a high level. So, last year it was decided to conduct an independent audit in the wake of the hype around Snowden. For these purposes, they announced a fundraising in the amount of 60 thousand dollars. The money was collected, and on April 14 of this year, the first round of verification took place, which did not lead to the discovery of any critical encryption errors.

TrueCrypt tutorial: how to make an encrypted USB stick

2. If you are interested in the crack, then download it (1.4 MB). All files are available on the official website.

3. Move the downloaded TrueCrypt.exe file to a folder on your hard disk and unpack the crack there.

4. Installing the program (launching a file with the .exe extension) assumes a choice of two options: Install and Extract, that is, standard and portability. The choice of a portable installation increases the level of security, since it will not be possible to determine that an encryptor is present in the computer programs. Otherwise, the USB flash drive can only be opened on the computer where TrueCrypt is installed, which confirms the great practicality of a portable installation.

5. When extracting, specify the USB flash drive as the destination.


6. Run the TrueCrypt.exe file and activate the "Create volume" button in the window that opens.

7. The wizard will start, where you should select the first item, which implies that an encrypted container will be installed on the USB flash drive.

8. In the next window "Volume type" do not change anything and click "Next".

9. You will then be prompted to specify the storage location for the container. Specify the path leading to the USB flash drive, and specify any non-existent file on it. It doesn't matter what you write. In our example, this file is called secret.txt.

10. Go to the window where you should set the encryption algorithm. Stop your choice on AES.

11. Specify the required size of the encrypted volume.

12. Set a password. The program advises to use at least 20 characters.

13. If you are going to save files with a volume of 4 GB or more, then select the answer "Yes", which will format the volume in NTFC.

14. At this point, the process of creating a secret container can be considered complete, since the question "how to encrypt a USB flash drive with a password?" exhausts itself. Now all you have to do is figure out how to access the encrypted area of ​​the flash drive.

Encrypted files on a flash drive: how to access TrueCrypt

  1. Run TrueCrypt.exe.
  2. Select any disk label in the given column.
  3. Activate the "File" button.
  4. Specify the path to the secret container (secret.txt).
  5. Click "Mount" and enter the password.
  6. After clicking OK in the "Computer" section related to the "Start" menu, you will see that along with the hard drive, another hard drive icon has appeared under the letter that you registered in the second step.
  7. You open and use the new object in the standard way, that is, using the "Explorer".
  8. To hide the secret disk again, you need to use the "Unmount" button.

These days we are constantly dealing with information. Thanks to the development of information technology, now work, creativity, entertainment have largely turned into processes for processing or consuming information. And among this huge array of information, some of the data should not be publicly available. Examples of such information include files and data related to business activities; private archives.

Some of this data is not intended for the general public, simply for the reason that "they don't need to know about it"; and some information is vital.

This article is devoted to the reliable protection of vital information, as well as any files that you want to protect from the access of others, even if your computer or media (flash drive, hard disk) fell into the hands of unauthorized persons, including technically advanced and having access to powerful computing resources.

Why you shouldn't trust closed source encryption software

Closed source programs can include "bookmarks" (and hopefully they are not there!) And the ability to open encrypted files using a master key. Those. you can use any, the most complex password, but your encrypted file can still be opened easily, without brute-forcing passwords, using a “bookmark” or by the owner of the master key. The size of the encryption software company and the name of the country do not play a role in this matter, as it is part of the government policy of many countries. After all, we are all the time surrounded by terrorists and drug dealers (and what to do?).

Those. really strong encryption can be hoped for correctly using popular open source software and a hard-to-break encryption algorithm.

Should you upgrade from TrueCrypt to VeraCrypt

A reference program that has been providing very reliable file encryption for many years is TrueCrypt. This program still works great. Unfortunately, the development of the program has been discontinued at this time.

Its best successor is the VeraCrypt program.

VeraCrypt is a free disk encryption software based on TrueCrypt 7.1a.

VeraCrypt continues the best TrueCrypt tradition while adding increased security to the algorithms used to encrypt systems and partitions, making your encrypted files immune to new advances in brute-force attacks.

VeraCrypt has also fixed many of the vulnerabilities and security issues found in TrueCrypt. It can work with TrueCrypt volumes and offers the ability to convert TrueCrypt containers and non-system partitions to VeraCrypt format.

This improved security adds some latency only to the opening of encrypted partitions without any performance impact during the usage phase of the encrypted disk. For a legitimate user, this is an almost imperceptible inconvenience, but for an attacker it becomes almost impossible to gain access to encrypted data, despite the presence of any computing power.

This can be clearly demonstrated by the following benchmarks for cracking (brute-force) passwords in Hashcat:

For TrueCrypt:

Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev. # 1 .: 21957 H / s (96.78ms) Speed.Dev. # 2 .: 1175 H / s (99.79ms) Speed.Dev. # * .: 23131 H / s Hashtype: TrueCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev. # 1 .: 9222 H / s (74.13ms) Speed.Dev. # 2 .: 4556 H / s (95.92ms) Speed.Dev. # * .: 13778 H / s Hashtype: TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev. # 1 .: 2429 H / s (95.69ms) Speed.Dev. # 2 .: 891 H / s (98.61ms) Speed.Dev. # * .: 3321 H / s Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev. # 1 .: 43273 H / s (95.60ms) Speed.Dev. # 2 .: 2330 H / s (95.97ms) Speed.Dev. # * .: 45603 H / s

For VeraCrypt:

Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev. # 1 .: 68 H / s (97.63ms) Speed.Dev. # 2 .: 3 H / s (100.62ms) Speed.Dev. # * .: 71 H / s Hashtype: VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev. # 1 .: 26 H / s (87.81ms) Speed.Dev. # 2 .: 9 H / s (98.83ms) Speed.Dev. # * .: 35 H / s Hashtype: VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev. # 1 .: 3 H / s (57.73ms) Speed.Dev. # 2 .: 2 H / s (94.90ms) Speed.Dev. # * .: 5 H / s Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev. # 1 .: 154 H / s (93.62ms) Speed.Dev. # 2 .: 7 H / s (96.56ms) Speed.Dev. # * .: 161 H / s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit Speed.Dev. # 1 .: 118 H / s (94.25ms) Speed.Dev. # 2 .: 5 H / s (95.50ms) Speed.Dev. # * .: 123 H / s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit + boot-mode Speed.Dev. # 1 .: 306 H / s (94.26ms) Speed.Dev. # 2 .: 13 H / s (96.99ms) Speed.Dev. # * .: 319 H / s

As you can see, it is orders of magnitude more difficult to crack VeraCrypt encrypted containers than TrueCrypt containers (which are also not easy at all).

I published the full benchmark and description of the hardware in the article "".

The second important issue is reliability. No one wants especially valuable and important files and information to be lost due to an error in the program. I know about VeraCrypt right after its release. I followed her development and kept an eye on her. Over the past year, I have completely switched from TrueCrypt to VeraCrypt. For a year of daily work VeraCrypt has never let me down.

Thus, in my opinion, it is now worth switching from TrueCrypt to VeraCrypt.

How VeraCrypt works

VeraCrypt creates a special file called a container. This container is encrypted and can only be connected if the correct password is entered. After entering the password, the container is displayed as an additional disk (like an inserted USB flash drive). Any files placed on this disk (i.e. in the container) are encrypted. While the container is connected, you can freely copy, delete, write new files, open them. As soon as the container is disconnected, all files on it become completely inaccessible until it is connected again, i.e. until a password is entered.

Working with files in an encrypted container is no different from working with files on any other disk.

When you open a file or write it to a container, you do not need to wait for decryption - everything happens very quickly, as if you were really working with a regular disk.

How to install VeraCrypt on Windows

There was a half-spy story with TrueCrypt - sites for "downloading TrueCrypt" were created, on which a binary file (of course!) Was infected with a virus / trojan. Those who downloaded TrueCrypt from these unofficial sites infected their computers, allowing attackers to steal personal information and spread malware.

Actually, all programs need to be downloaded only from the official sites. And even more so this applies to programs that involve security issues.

The official locations of the VeraCrypt installation files are:

Installing VeraCrypt on Windows

There is an installation wizard, so the VeraCrypt installation process is similar to that of other programs. Only a few points can be clarified.

The VeraCrypt installer will offer two options:

  • Install(Install VeraCrypt on your system)
  • Extract(Extract. If you select this option, all files from this package will be extracted, but nothing will be installed on your system. Do not select it if you intend to encrypt the system partition or system drive. Selecting this option can be useful, for example, if you want to run VeraCrypt in the so-called portable mode. VeraCrypt does not need to be installed on the operating system it will run on. After extracting all the files, you can run the extracted file "VeraCrypt.exe" directly (this will open VeraCrypt in portable mode))

If you select the checked option, i.e. file association .hc then it will add convenience. Because if you create a container with the .hc extension, then double-clicking on this file will launch VeraCrypt. But the downside is that outsiders might know that .hc are VeraCrypt encrypted containers.

The program reminds of donation:

If you are not constrained in funds, of course, be sure to help the author of this program (he is the only one) I would not want to lose him, as we lost the author of TrueCrypt ...

VeraCrypt tutorial for beginners

VeraCrypt has many different features and advanced features. But the most requested feature is file encryption. The following steps show you how to encrypt one or more files.

Let's start by switching to Russian. The Russian language is already built into VeraCrypt. It only needs to be turned on. For this in the menu Settings select Language ...:

There select the Russian language, after that the language of the program will immediately change.

As already mentioned, files are stored in encrypted containers (also called "volumes"). Those. you need to start by creating such a container, for this, in the main interface of the program, click on the button " Create volume».

The VeraCrypt Volume Creation Wizard will appear:

We are interested in the first option (" Create encrypted file container"), So we, without changing anything, press Further,

VeraCrypt has a very interesting feature - the ability to create a hidden volume. The bottom line is that not one, but two containers are created in the file. Everyone knows that there is an encrypted section, including possible unwilling ones. And if you are forced to give out the password, it is difficult to say that "there is no encrypted disk." When creating a hidden partition, two encrypted containers are created, which are located in the same file, but open with different passwords. Those. you can place files that look "sensitive" in one of the containers. And the second container contains the really important files. For your needs, you enter a password to open an important section. If it is impossible to refuse, you disclose the password for a not very important disk. There is no way to prove that there is a second disc.

For many cases (hiding not very critical files from prying eyes) it will be enough to create a regular volume, so I just press Further.

Select the location of the file:

A VeraCrypt volume can be in a file (in a VeraCrypt container) on a hard disk, USB flash drive, etc. The VeraCrypt container is no different from any other regular file (for example, it can be moved or deleted like other files). Click the "File" button to specify the name and path to the created container file for storing the new volume.

WARNING: If you select an existing file, VeraCrypt will NOT encrypt it; this file will be deleted and replaced by the newly created VeraCrypt container. You will be able to encrypt existing files (later) by moving them into the VeraCrypt container you are currently creating.

You can choose any file extension; this does not affect the operation of the encrypted volume in any way. If you choose the extension .hc, and also if during installation you set the association of VeraCrypt with this extension, then when you double-click on this file, VeraCrypt will be launched.

The history of recently opened files allows you to quickly access these files. Nevertheless, records in history like “H: \ My offshore accounts of stolen dollars.doc” may raise doubts about your decency among outsiders. To prevent files opened from an encrypted disk from entering history, check the box next to “ Don't save history».

Choice of encryption and hashing algorithms. If you are not sure which to choose, then leave the default values:

Enter the size of the volume and select the units of measurement (kilobytes, megabytes, gigabytes, terabytes):

A very important step, setting a password for your encrypted disk:

A good password is very important. Avoid passwords of one or more words that can be found in the dictionary (or combinations of 2, 3, or 4 such words). The password must not contain names or dates of birth. It should be hard to guess. A good password is a random combination of uppercase and lowercase letters, numbers, and special characters (@ ^ = $ * + etc.).

Now again, Russian letters can be used as passwords.

We help the program collect random data:

Note that here you can check the box to create a dynamic disk. Those. it will expand as you fill it with information.

As a result, I have a test.hc file created on my desktop:

If you have created a file with the .hc extension, then you can double-click on it, the main program window will open, and the path to the container will already be inserted:

In any case, you can open VeraCrypt and select the path to the file manually (To do this, click the "File" button).

If the password is entered correctly, then a new disk will appear in your system:

You can copy / move any files to it. You can also create folders there, copy files from there, delete, etc.

To close the container from strangers, press the button Unmount:

To get access to your confidential files again, re-mount the encrypted drive.

Configuring VeraCrypt

VeraCrypt has quite a few settings that you can change for your convenience. I highly recommend ticking the “ Automatically unmount volumes when inactive for»:

And also set a hotkey for " Unmount everything at once, clear the cache and exit»:

This can be very ... VERY useful ...

Portable version of VeraCrypt on Windows

Starting with version 1.22 (which is beta at the time of writing) a portable version has been added for Windows. If you've read the installation section, you should remember that the program is already portable and allows you to simply extract its files. However, the separate portable package has its own peculiarities: you need administrator rights to run the installer (even if you just want to unpack the archive), and the portable version can be unpacked without administrator rights - the only difference is this.

Official beta versions are only available. In the VeraCrypt Nightly Builds folder, the portable version file is VeraCrypt Portable 1.22-BETA4.exe.

The file with the container can be placed on a USB flash drive. You can copy the portable version of VeraCrypt to the same USB flash drive - this will allow you to open an encrypted partition on any computer, including without VeraCrypt installed. But be aware of the dangers of intercepting keystrokes - the onscreen keyboard can probably help in this situation.

How to use encryption software correctly

Here are some tips to help you keep your secrets better:

  1. Try to keep unauthorized persons out of your computer, including check-in laptops at airports; if possible, send computers for repair without a system hard drive, etc.
  2. Use a strong password. Don't use the same password that you use for mail, etc.
  3. Do not forget your password! Otherwise, the data cannot be recovered.
  4. Download all programs only from official sites.
  5. Use free programs or purchased ones (do not use hacked software). Also, do not download or run dubious files, since all such programs, among other malicious elements, can have kiloggers (keystroke interceptors), which will allow an attacker to find out the password for your encrypted container.
  6. Sometimes it is recommended to use the on-screen keyboard as a means of intercepting keystrokes - I think this makes sense.

Nowadays, more and more people use portable storage devices such as Flash drives. And if a person's work is associated with constant movement, then, most likely, there is a lot of confidential information on this drive. And in the event of loss or theft, there is a risk that this information can be used by an intruder, for example, logins and passwords for electronic money are indicated in a text file, and so on. Therefore, in this lesson, let's try to fix this problem, and a standard Windows 7 tool called BitLocker will help in this.

BitLocker is a partition encryption tool. There are various software for encrypting individual files and directories, but this tool allows you to completely encrypt a USB drive, and when you connect a flash drive to another computer, you must enter a password to access the data.

Let's take a quick look at what this video tutorial will be about:

Let's decide for which file system this method of protecting FAT32 or NTFS will be used, because in this matter it is very important

Let's encrypt a USB flash drive

Decrypt a USB flash drive

Let's compare the speed of reading from an encrypted and decrypted flash drive

Let's consider the settings of group policy for encryption of removable media

Let's compare all the pros and cons of this system

And also we will summarize, according to the information received

Well, let's get started and the first thing to clarify is what file system is on the USB drive, this is a very important point and here's why. The fact is that for different file systems and different versions of Windows, access to the encrypted drive will differ, this can be seen from this table. In Windows 7 with an encrypted drive, you can perform both read and write operations, regardless of the file system, however, for earlier versions of Windows (XP, 2008 Server, Vista), for NTFS it is not possible to work with this drive at all, and in the case of FAT32 can only be read, this is certainly not convenient, but there is no other choice. Most likely this was done in order for everyone to switch to Windows 7 as quickly as possible, so to speak, a marketing ploy.

And so, we have decided on the file systems, I personally choose FAT32, since often Windows XP is installed on client machines, as for our case, the inconvenience will be that FAT32 does not support files larger than 4 GB, i.e. a file of 5 GB, it will no longer be possible to write to this drive. But, again, there is no point in protecting a flash drive that stores images and so on, in general, large files, as a rule, you need to protect a small flash drive that stores documents!

The flash drive that I'm going to encrypt is currently the NTFS file system, so I'll have to format it in order to convert it to FAT32. If programs that convert without formatting, but this video is not about that.

Before performing encryption, in order to clarify something, let's check the read speed from this flash drive without encryption. According to the idea, the speed of reading with encryption should fall, since the system will have to decrypt the data in addition to the appendix before giving it to the user. Let's check with the HD_Speed ​​program, my speed was 164 mego bits per second

To start encryption, right-click on the removable drive and enable Bitlocker. Again, it is worth considering that this menu item appears only in Windows 7 under the Ultimate and Corporate editions, sort of like in Vista for the same editions, but I personally did not check, and in general I did not use Vista, there were enough rumors to discourage the desire.

You can protect the drive with either a password or a smart card, I did not protect it with a smart card, but I suspect that this is a smart key in the form of a USB device similar to a USB flash drive, currently most office programs are protected by such a key.

We set a password, save or print the recovery key, and the encryption process starts. Encryption takes quite a long time, it took me 2-30 hours to encrypt 32 GB, but again the encryption process can be paused and use the disk. Personally, I had a situation when I started to encrypt a disk, it took a long time to encrypt, and I had to leave work. So, I took the flash drive home, and at home I clicked on continue and at home the encryption was completed, as I understand it, something like a script is written to the flash drive, where it is indicated at what stage the encryption was suspended. And then, on another computer, the system reads this information and continues from the place where this process was stopped, but this will not work on XP.

By the way, let's just experiment, pause, take out the USB flash drive, insert it and we are prompted for a password, enter the password and the encryption program continues to encrypt the drive.

And so the encryption process is over and now, when we try to enter the USB flash drive, we are prompted for a password, and after the drive is unlocked, the Manage BitLocker item appears in its context menu ...

In which there are the following points:

Changing the password to unlock the disk - speaks for itself, we enter a new password

Remove password for this disk - removes the protection password, but does not remove the protection, as it might seem at first glance, but removes the password protection. If the protection is only by password, then it will not work to delete it.

Add a smart card to unlock the disk, this is a key in the form of a USB flash drive to unlock the USB flash drive J

Automatically unlock this computer's disk - if you activate this function, this drive will be automatically unlocked on this computer when connected, but not on others. Those. the binding to the equipment turns out. Let's say this can be used if you trust the computer on which you are sitting, let's say your home computer. Or you can register this checkbox in the office for all office PCs, and if the flash drive goes outside the office, then it will not be possible to read information from it (to ensure the safety and ease of work of users)

Now let's check the read speed again, it seems to have dropped, in fact, as expected.

Now let's check how everything will work out on Windows XP, start the virtual machine and connect the USB flash drive to it.

Now the next question appears, how to decrypt a USB flash drive? After all, the menu does not have a function to remove protection or something like that! And this is not done in such an obvious way as encryption, for this we need to go to BitLocker settings Start \ Control Panel \ BitLocker Drive Encryption \ Click turn off encryption for this drive. Decryption is faster than encryption, it took me about 30 minutes on the same 32 GB

Now let's look at BitLocker settings, and it is configured through Group Policy Start \ Run \ gpedit.msc \ Computer Configuration \ Administrative Templates \ Windows Components \ Bitlocker Drive Encryption \ Removable Data Drives.

Protection against unauthorized access

Reading in old OS, only in FAT32 file system

The possibility of stealing confidential information in Windows of earlier versions - after all, to read a file, you need to copy it to a local computer and even after deleting it, it can be restored by various means of recovering deleted files

Lower read and write speed, since in the appendix the system also has to spend time on decryption

It cannot be used as a multiboot flash drive, since the flash drive is encrypted, it will not be possible to start from it.

1) use only for storing important information

2) a small flash drive, the larger the flash drive, the longer its encryption lasts.

3) the flash drive must be formatted in the FAT32 system

All important data must be stored encrypted. Flash drives are lost more often, so we will consider the simplest and most effective ways to protect information on USB drives, reports Tech Today.

Use a USB flash drive with hardware encryption

This is the simplest and at the same time the most expensive way of protection. Such drives are designed to securely store corporate secrets and will only disclose access to the owner and, possibly, the special services. Devices of this class, for example, the DataTraveler 2000 Metal Security from Kingston, support the most advanced encryption algorithms and have keys for entering a password. Conveniently, cryptographic protection is provided by the flash drive itself and does not depend on the type of operating system on the computer and installed programs.

It is enough to enter the numeric code, and you can work with files on the USB flash drive as usual. After disconnecting from the computer, access to the data will be denied. Disadvantage of secure flash drives: if you forget your password or enter it incorrectly, for example, 10 times in a row, the encryption key and data will be destroyed and the drive will return to factory settings.

BitLocker - built-in Windows 7/8/10 ransomware
If you are using the maximum version of Windows, BitLocker standard cryptographic protection is at your service.

To encrypt a USB flash drive, right-click on the disk icon in the "my computer" window and select "Encryption" from the context menu. The disk encryption procedure starts.

Choose encryption with a password and come up with a strong password. Depending on the size of the flash drive, the encryption procedure lasts from ten minutes to several hours. After the encryption process is complete, the flash drive is ready for use.

When connecting it to a computer, each time you will need to enter a password to access the data. In the settings, it is possible to disable the mandatory password entry for a specific computer.

VeraTrueCrypt - Free Data Encryption
The small utility VeraCrypt is a descendant of another popular TrueCrypt data encryption tool, which was discontinued last year. There are versions of VeraCrypt for Windows, Mac OS X, Linux, and even Raspbian (OS for Raspberry Pi microcomputers).

After installation, it does not require additional settings to get started. To encrypt a flash drive in the "Volumes" menu, select "Create a new volume". Next, we sequentially indicate "Encrypt non-system partition / disk" - "Regular VeraCrypt volume", indicate the path to what corresponds to the flash drive. Next, select "Create encrypted volume and format".

All files on the flash drive will be deleted, so encrypt the drive before you start storing data on it. After the password has been created, the encryption process will begin.

To access an encrypted flash drive, you need to select a free drive letter in the main VeraCrypt window, specify the path to therefore (something like Device \ Harddisk3 \ Partition1) and click the "Mount" button. The process will last from a few seconds to a minute. Then the disk with the selected letter will appear in the system, and you can work with it. The encrypted volume must be unmounted before disconnecting the USB flash drive.

Disadvantages of the method: VeraCrypt must be installed on all computers where it is necessary to have access to encrypted data. In the system, the flash drive is displayed as unformatted.

And finally: if there is a need to restrict access to files, and encryption is not available, use the archiver. The most common archivers allow you to protect archives with a password. If you are not hiding state secrets, then, as practice shows, this is usually enough to restrict access to important files.

Professional and corporate versions of Windows have an encryption program called BitLocker... Due to its tight integration with the operating system, the use of this program is in some aspects more convenient than using other encryption programs. In particular, if you encrypt a flash drive using BitLocker, then when you connect it to the computer, the system will automatically inform you that the information is encrypted and you must enter a password. This article will describe how to make flash drive encryption using BitLocker and how to use such a flash drive in your daily work.

Specifics of using BitLocker

As mentioned, BitLocker is a simple and easy way to protect your information. However, its use is associated with a number of limitations. First of all, it should be borne in mind that this program is not bundled with all versions of Windows. And this means that with a high degree of probability a situation may arise when an encrypted USB flash drive cannot be opened while visiting someone. Not to mention the fact that even on your operating system, BitLocker may not be available.

Another unpleasant feature is that there is no way to somehow hide the fact of encryption of the flash drive - the operating system directly and openly reports that the flash drive is encrypted and asks for a password. In addition, the program itself has closed source codes, which indicates the potential insecurity of the program - after all, developers can access encrypted user volumes through possible bookmarks in the code.

Based on the foregoing, it is worth weighing the pros and cons, and if you do not want to use BitLocker, use free open source counterparts, such as TrueCrypt (this program was produced).

Creating an encrypted flash drive

To start encrypting a flash drive, you need to open Windows Explorer, select the required drive from the list of drives and right-click the "Enable BitLocker" menu item.

After that, you will be prompted to set a password to block hidden information. In addition to the password, the program includes the ability to use smart cards. But this type of device is not widespread in our area, and therefore most likely this option is unlikely to be needed by most users.

The next step is to save the recovery key, which can come in handy in case the password is forgotten. If your computer is in a safe place and you need to encrypt the flash drive to access it outside of this safe room, then you can choose to save the recovery key to disk. Otherwise, you should not save this key, but print it and hide it in another safe place.

If the flash drive is used only for transferring files and the information stored on it does not need special protection and can be deleted at any time, then for security purposes, you can delete the recovery key immediately after saving. And for greater reliability, you should first open it in a text editor and replace the text with something else - so that an attacker who has gained access to a computer could not get this recovery key using programs for recovering deleted files.

When the issue with the key is resolved, it becomes possible to proceed to the next stage - to start directly encrypting the flash drive.

Depending on the size of the flash drive and the speed of work via the USB port, the duration of this procedure can be from a couple of minutes to half an hour or more.

In this case, it is important to wait for the message about the successful completion of the operation. If you interrupt encryption without waiting for the end of the process, the disk may become inoperable.

At the end of the process, you can make sure that the flash drive is displayed in Windows Explorer as encrypted, as evidenced by the image of the lock over the disk.

Using an encrypted flash drive

Access to an encrypted volume on a USB flash drive is carried out by entering a password. It should be noted that if access to files is open, then it will remain so either until the system is rebooted or until the disk is unmounted. In our case, to see how it works, you just need to remove and reinsert the flash drive into the USB slot. After this operation, the disk will be marked as encrypted in Windows Explorer without information about its name and size.

And at the first attempt to access the disk, the system will ask for the password that was set during encryption.

After entering the correct password, the contents of the encrypted section will be available in normal mode. It will also be possible to manage encryption parameters. In particular, you can change the password, save the recovery key, and enable automatic unlocking of the encrypted drive on this computer. To access these functions, you need to open the context menu for the encrypted drive, and select the "Manage BitLocker" item.

As a result, such a window will appear with the choice of the desired option.

Unfortunately, among these options there is no option to disable encryption for the drive. Therefore, in order to return the flash drive to an unencrypted state, you will need to format it. In this case, all data on the disk will be lost. Accordingly, if you need them, you will need to save them first on the hard disk of your computer, so that you can later transfer them back to an already unencrypted disk.

Outcomes

BitLocker, built into some versions of Windows, provides basic disk encryption capabilities. In particular, it can be used to encrypt a flash drive without installing additional software. At the same time, this ease of use also hides a number of disadvantages that are useful to know before deciding between using BitLocker and other data encryption programs.