Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption

TrueCrypt 4.3 Released 285

RedBear writes "A new update to the best open source transparent encryption software has been released. TrueCrypt is (the only?) open source encryption software capable of creating and mounting encrypted virtual disk images that can then be worked with transparently like any other storage drive, with data encrypted and decrypted in real-time. These virtual disks can be created as files, or entire partitions or physical drives can be encrypted and mounted transparently. Sadly there is still no Linux GUI or Mac OS X port in sight. If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption, please consider donating time or money to the cause, and add your voice to the forum." From the site:"Among the new features [are] full compatibility with 32-bit and 64-bit Windows Vista, support for devices and file systems that use a sector size other than 512 bytes (such as new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.), auto-dismount when a host device (e.g., a USB flash drive) is inadvertently removed, and many more." Read on for more features of TrueCrypt and cached versions of all the links above.

Also including features like plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades. TrueCrypt is practically the Holy Grail for advocates of free ubiquitous encryption. Now, if only it were platform independent.

To reduce load on their servers here are some Coralized versions of all the links:

TrueCrypt home page
Future development goals
Forum thread about Mac OS X version
Donations page
General forum
Plausible deniability
Hidden volumes
Traveler mode
Encryption algorithms
Multi-algorithm cascades
Version history
This discussion has been archived. No new comments can be posted.

TrueCrypt 4.3 Released

Comments Filter:
  • The coolest part. (Score:3, Insightful)

    by Lumpy ( 12016 ) on Tuesday March 20, 2007 @07:15PM (#18423299) Homepage
    you dont have to install it. so there is no way that any researcher can discover it was used.

    I can not believe that the other encryption software out there is not even 1/20 as good as truecrypt.

    you can hide your data pretty easy with it.
    • Re:The coolest part. (Score:5, Informative)

      by Eddi3 ( 1046882 ) on Tuesday March 20, 2007 @07:24PM (#18423379) Homepage Journal
      "you dont have to install it. so there is no way that any researcher can discover it was used."

      That's not entirely true. When TrueCrypt opens, it installs a driver (in Windows). This driver remains there unless you remove it. In fact, I just had to manually remove it because the old version of the driver was already installed, and the new version of it couldn't override it.

      Don't get me wrong, I absolutely LOVE TrueCrypt, I use it everyday, however it's not entirely true that it leaves no footprint. At least, not in my experience.

        -Eddie
      • Pet Peeve (Score:3, Interesting)

        by bogie ( 31020 )
        Driver versions being incompatible and not overwritable. For example the thumb drive I carry around uses True Crypt but now next time I plug it into my desktop I'll get the incompatible driver error.
      • Re: (Score:2, Insightful)

        Also, IIRC when you use it on Windows, even in traveler mode, it might make registry entries that might linger around. It is possible that soneone dedicated enough could find out that you've been using it.

        One other downside worth mentioning is that on Windows you have to have administrator rights on the machine to use it.
      • Re: (Score:3, Interesting)

        by xtracto ( 837672 )
        And in Linux it is NOT possible to use it in any computer unless you have ROOT access (to install it). I have a 2GB USB stick and I wanted to use half of it as an encrypted drive. In Windows environments I could use it without problems but there is *no* way to access the drive in Linux unless you have root access to mount the device, or unless the computer you are using has got FUSE *AND* you are allowed to mount this file system (sheesh in FC6 I am not allowed to mount a simple USB device unless I've got r
    • Re: (Score:3, Informative)

      by Anonymous Coward
      there is no way that any researcher can discover it was used.

      wrong, if you read the info on the site about "traveller mode"

      After examining the registry file, it may be possible to tell that TrueCrypt was run (and that a TrueCrypt volume was mounted) on a Windows system even if it is run in traveller mode.

      so it still writes to the registry and so can be discovered by forensics in an instant
      why it writes to the registry really needs to be addressed, i wish apps went back to the old .ini method of storing conf
      • Re:The coolest part. (Score:4, Informative)

        by Eddi3 ( 1046882 ) on Tuesday March 20, 2007 @08:01PM (#18423649) Homepage Journal
        Generally, Windows itself keeps the names of files that have run recently, and that's probably what they're refering to, not TrueCrypt's settings. In that aspect, no executable on Windows can leave absolutely NO footprint. Of course, these registry entries can be removed manually.

        In fact, TrueCrypt's settings are maintained in a file called Configuration.xml in the same directory as TrueCrypt.exe, in order to remain truly portable.
        • Don't forget that to load drivers you have to modify files on the system (unless you use an ugly hack, but then the driver may be swapped out which can be Very Bad (TM) in some situations (especially if the key is swapped out!).
      • Re: (Score:3, Interesting)

        by Lumpy ( 12016 )
        windows writes last ran items to the registry. Simply renaming the executable to notepad.exe will solve that problem. If truecrypt writes anything to the registry then it does have a major flaw, I need to look further into that.
    • Re:The coolest part. (Score:5, Informative)

      by Anonymous Coward on Tuesday March 20, 2007 @07:33PM (#18423453)
      from the truecrypt site:

      Traveller Mode

      TrueCrypt can run in so-called 'traveller' mode, which means that it does not have to be installed on the operating system under which it is run. However, there are two things to keep in mind:

              * You need administrator privileges in order to able to run TrueCrypt in 'traveller' mode.
              * After examining the registry file, it may be possible to tell that TrueCrypt was run (and that a TrueCrypt volume was mounted) on a Windows system even if it is run in traveller mode.

      If you need to solve these problems, we recommend using BartPE for this purpose. For further information on BartPE, see the question "Is it possible to use TrueCrypt without leaving any 'traces' on Windows?" in the section Frequently Asked Questions.

  • No OS X Port? (Score:3, Insightful)

    by CheeseburgerBrown ( 553703 ) on Tuesday March 20, 2007 @07:17PM (#18423315) Homepage Journal
    What are the advantages of this software over using an encrypted disk image created with Tiger's build-in Disk Utility?

    • Re:No OS X Port? (Score:5, Informative)

      by Mr2001 ( 90979 ) on Tuesday March 20, 2007 @07:27PM (#18423407) Homepage Journal
      Hidden volumes, for one. A single image can have two volumes in it, with different passwords, encryption methods, etc., and you can't even tell the hidden one is there unless you know the key.

      You can also use any file as the key, instead of (or in combination with) a password.

      And you can encrypt an entire partition, instead of putting the image inside another filesystem and letting it get copied around by the defragmenter (which may have security implications for the ultra-paranoid).
      • And therein lies its true power.
        As an example:
        I have a volume with porn in it. The hidden volume contains other things. All I can divulge is that first password and they get a volume of porn. Hey, I was hiding my secrete homo-autoerotic transvestite fetish from my S.O. Nevermind the 15 megs of "unused" space at the end of the volume.
        -nB
    • Re:No OS X Port? (Score:5, Insightful)

      by Simon Garlick ( 104721 ) on Tuesday March 20, 2007 @08:15PM (#18423777)
      Why don't you download the source code for Truecrypt, and the source code for OS X Disk Utility, and compare how they implement their respective algorithms. The advantage will be pretty obvious.
  • by tabo_peru ( 582809 ) on Tuesday March 20, 2007 @07:19PM (#18423329) Homepage
    "from the windows-only-alas dept."

    Not really, you can download ubuntu binaries from their download section [truecrypt.org].
    • by GenKreton ( 884088 ) on Tuesday March 20, 2007 @08:52PM (#18424079) Journal
      Except, the summary implies it is the only opensource method of doing this when, in fact, linux has several others and a few of them are superior (like a few luks implementations using dm-crypt).
      • by ink ( 4325 ) on Tuesday March 20, 2007 @10:30PM (#18424759) Homepage
        Yep, I've been using luks under Linux for ages. It works transparently, and is portable from system to system. I don't think that the article submitter has ever used OSX or Linux; both have nice, mature encrypted block systems.

        Hell, I used PGPdisk back in the '90s, and it was "all that".

    • The Linux version of Truecrypt (mostly) works on PowerPC as well. I currently use it with Gentoo on my iBook. What is broken is creating volumes. Truecrypt on ppc seems to have trouble creating the file system on the encrypted volume properly. However, volumes created on x86 (Windows or Linux) can be opened and modified on ppc. It's plenty cross-platform for me.
  • Raarrgh (Score:2, Funny)

    by psaunders ( 1069392 )

    If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption
    Yes, I am one of the thronging hordes! *stomp stomp stomp*
  • by Danny Rathjens ( 8471 ) <slashdot2@r[ ]jens.org ['ath' in gap]> on Tuesday March 20, 2007 @07:26PM (#18423395)
    Why do you need a linux GUI for something like this? I installed debian etch a while ago and noticed encrypted partition was a an option along with normal filesystems, RAID, and LVM. So I tried it out. It was quite simple to setup. I made an encrypted / and an encrypted swap partition. Then when I booted into freshly installed system I had to enter my passphrase for each partition and after that it was just like a normal system. I didn't even notice any I/O performance loss. (Although I still went back to a RAID system after the experiment since I am not paranoid enough to sacrifice any performance or space yet :)
    • The same option is available in the Mandriva install. Although you have to select the advanced option for it to show up. Encrypt your swap partition, along with your home partition, and you probably don't have to worry much about leaking your personal data. There's other stuff in the /tmp and /var folders that you may want to worry about, but not too much that I would worry about.
    • by Rich0 ( 548339 )
      While I agree that transparent encryption is a built-in kernel feature in linux (and has been for some time), one thing truecrypt does offer is plausible deniability with hidden partitions. This allows you to store data in a volume whose existence is impossible to infer (unless you somehow record its existence elsewhere - like in a shell history). You can enter one password and get one set of data, and another password to get a different set of data. If you're threatened and asked to divulge the decrypti
    • by Kjella ( 173770 )
      Although I still went back to a RAID system after the experiment since I am not paranoid enough to sacrifice any performance or space yet :)

      Not entirely sure what you're hinting at here with the space bit, the encryption is 1:1 and doesn't consume any space (except maybe a few kb headers), and you can use whatever combination of crypto/RAID/LVM you want, looped into each other. Also if you want an encrypted container you can create that on a current system, the only reason you need the installer is if you'r
  • by Kpt Kill ( 649374 ) on Tuesday March 20, 2007 @07:28PM (#18423411) Homepage
    Only pirates, terrorists, and criminals need encryption. :)
    • Or those of us who would like to store personal documents on our work PCs (allowed by AUP), but would rather not have a snoopy admin remote in and see them, or when the notebook is in for service have the service people snoop around. All they see is a single large file called video.corrupt.save.

      While ideally they wouldn't snoop for snooping's sake, we all know there are wanna-be Simons out there :-(

      -nB
    • by wile_e_wonka ( 934864 ) on Tuesday March 20, 2007 @08:05PM (#18423697)
      I keep the family meatloaf recipe on a TruCrypt partition. No one has discovered it yet!

      Anyway--I think there are legitimate reasons to want to encrypt data. How about a doctor wanting to ensure patient records are private? Or a corporation that has done some research that it doesn't want to get out? Or what about your personal diary (some people, believe it or not, don't think MySpace is the best place for a private diary)? Or what if you work for the CIA and have been stealing data from a small quiet--a little too quiet--Scandinavian company for a couple years...and they find you out and take your computer after breaking your legs? (ok, that last one's a stretch).

      I'm sure commenters will add many more legitimate items to this list.
    • Re: (Score:3, Insightful)

      by dtzWill ( 936623 )

      Only pirates, terrorists, and criminals need encryption. :)
      ...which according to the media industry and the US government is just about everyone. :-D
  • (Along with anarchy and freedom. But I think the subject is more likely just now.)

    I had the recent misfortune to forget the password to an encrypted file. It has stuff that isn't that important or/and can be replaced, but the point is, it takes time to replace this sort of stuff (if it can be replaced). The reason is simply, running on a laptop, if it falls into someone elses hands (and they manage to get past the various passwords (reset the BIOS, insert KNOPPIX away you go)) I don't really want them to
    • Or, just remember your password. It really isn't that hard to do!

      You could always use something like jack the ripper to try and brute force your password. You'd still have to produce your own dictionary file though.
    • by vhold ( 175219 )
      Hmm, it's an interesting story. If you are encrypting things that are vitally important to you, but you don't really care about the privacy enough that you are willing to keep unencrypted backups or write passwords down, perhaps you should just use weak encryption that can be reasonably broken, or simply weak passwords.
      • by Sancho ( 17056 ) *
        The best solution is an unencrypted version with strong physical security (i.e. a safe, or the equivalent). You use the encrypted version most of the time because, simply, it is easier to work with. If you lose the password, open the safe to recover it.
  • by Anonymous Coward
    I am, actually, a mathematician (though not a cryptographer), but I could've sworn that doing "cascades" like this is actually a bad idea, mathematically? I seem to remember times where it can actually *weaken* the overall level of protection if you just do it carelessly without regard to the mathematics.

    Other than that, it is a very nice little program.
    • by Copid ( 137416 ) on Tuesday March 20, 2007 @08:12PM (#18423749)

      I am, actually, a mathematician (though not a cryptographer), but I could've sworn that doing "cascades" like this is actually a bad idea, mathematically? I seem to remember times where it can actually *weaken* the overall level of protection if you just do it carelessly without regard to the mathematics.
      My understanding is that in the general case, there's no truly compelling reason to believe that cascades are either stronger or weaker. I believe that there are special cases with certain algorithms, but the people who maintain TrueCrypt are aware of them. I don't recall the exact details, but it's discussed fairly frequently on sci.crypt.
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      If multi-algorithm cascades weakened the protection, that's what the codebreakers would do: encrypt the data again and crack the "weakened" data.
      • Re: (Score:3, Informative)

        by Copid ( 137416 )

        If multi-algorithm cascades weakened the protection, that's what the codebreakers would do: encrypt the data again and crack the "weakened" data.

        There's a special case you're not considering: Multi-algorithm cascade with the same key. Arbitrary (and dumb) example: A single cipher in CTR mode. Encrypt once with key k and you're in good shape. Run the algorithm again with key k and your data is plaintext again. It's an extreme case, but one can come up with other more reasonable thought experiments.

  • FreeOTFE? (Score:5, Informative)

    by Lawrence_Bird ( 67278 ) on Tuesday March 20, 2007 @08:04PM (#18423681) Homepage
    I have been using this and have no association other than as a happy user. From the description I don't
    think TrueCrypt is "the only" one.

    Clipped (and truncated) from the website: [freeotfe.org]

    FreeOTFE: A free "on-the-fly" transparent disk encryption program for MS Windows 2000/XP/Vista PCs and Windows Mobile 2003/2005 PDAs Using this software, you can create one or more "virtual disks" on your computer - anything written to these disks is automatically, and securely, encrypted before being stored on your computers hard drive.

    Features

            * Source code freely available
            * "Portable mode" included; FreeOTFE doesn't need to be installed before it can be used - making it ideal for carrying your data securely on USB drives!
            * Operates under both PC (MS Windows 2000/XP) and PDA (Windows Mobile 2003/2005) platforms
            * Linux compatibility (Cryptoloop "losetup", dm-crypt and LUKS supported)
            * "Hidden" volumes may be concealed within other FreeOTFE volumes, providing "plausible deniability"
            * FreeOTFE volumes have no "signature" to allow them to be identified as such
            * Encrypted volumes can be either file or partition based.

    • Does that one work without Admin privs? That's what kills TC's use for me.
  • by schweini ( 607711 ) on Tuesday March 20, 2007 @08:12PM (#18423741)
    I just wanted to point out that TrueCrypt differs from most other disk-encryption-tools mentioned by my fellow posters in that it also supports 'hidden volumes', which allows a user (for example if forced to give out a password, since the existence of an encrypted volume seems suspicious) to give out a password, which simply shows a 'bogus' partition - but there is no way to prove that the password that was provided is not the 'important' one, or for that matter it's impossible to prove that such a hidden volume even exists.
    • Your interrogators will just keep pushing you, and you can give them as many passwords as you want, even as many as you can remember or as exist, and they will keep on torturing you until you die.
      • Re: (Score:3, Insightful)

        by cptgrudge ( 177113 )

        If you're going to be indefinitely held while being tortured, until you die or are killed, all the software features in the world aren't going to help you. It's more useful in places where "plausible deniability" can be used to get you out of trouble, not in countries or organizations where the concept is irrelevant.

  • Truecrypt is a great solution for people who work on laptops and need to cart around sensitive data. On Windows, you can actually encrypt your entire "My Documents" folder. Unfortunately it's quite a bit harder to encrypt the entire user data directory (C:\Documents and Settings\username\), at least I haven't found an easy way to do it yet. Maybe some other Slashdotter has figured this out?

    Hopefully hardware-based encryption will become standard soon. I want to boot up, type in my passphrase, and have A
  • Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.

    Just be sure to read about the --checksum option. I personally keep all of my most sensitive files in
    • Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.

      It should be noted that this is not necessarily a good idea if you have a hidden volume and like to writ

  • EncFS (Score:2, Interesting)

    by jumperboy ( 1054800 )
    I use EncFS http://arg0.net/encfs [arg0.net] on Linux every day and love it. Even root can't snoop a mounted directory (but could delete the encrypted source directory). How is TrueCrypt better?
    • Might I remind you that root CAN read /proc/kcore .

      Do you have a system in that which memory is encrypted to prevent superuser attacks (TPM)?

  • ...and just like the previous versions of Truecrypt, all indications are its once again gonna be a little bitch trying to get it to build on FC6.
  • by ancientt ( 569920 ) <ancientt@yahoo.com> on Tuesday March 20, 2007 @09:13PM (#18424219) Homepage Journal
    I use truecrypt because I need to be able to hand over my laptop to a gun wielding thug if it ever comes up. This got me to thinking, if its a virtual filesystem, and seen as such by Linux, what would happen if I put my entire virtual machine on an encrypted partition. Would it then be possible for me to use Linux with TS + Xen (or VMWare if you prefer) to provide an entirely encrypted OS, including its filesystem? I'd assume that I'd need to have no swap (or file based swap, also on an encrypted partition) but that seems pretty doable to me. If my machine gets stolen, then is everything on the encrypted partition as safe as my password?
    • So long as the VM's disk is on an encrypted volume, that'll work. As you noted, swap is a potential problem. If your VM can mark it's memory as non pageable, that'd probably do the trick.
  • eCryptfs (Score:4, Informative)

    by omnirealm ( 244599 ) on Tuesday March 20, 2007 @09:20PM (#18424273) Homepage
    If you don't necessarily need plausible deniability, and if you're looking for per-file encryption with just as much transparency and a lot more flexibility, check out eCryptfs. It can be used directly on top of your existing mounted filesystem in Linux. eCryptfs has been in the mainline Linux kernel since 2.6.19. Here is a section in the eCryptfs FAQ that compares and contrasts block device encryption with stacked filesystem encryption:

    http://ecryptfs.sourceforge.net/ecryptfs-faq.html# compare [sourceforge.net]
  • Now this is nice! Even since PGP took away PGPDisk from the freeware version and Scramdisk went commercial, we've been screwed for open options. I've been using Filedisk: http://www.acc.umu.se/~bosse/ [acc.umu.se] It's Windows and Linux, reliable (used for years with no data losses) and the source is there. But it's very bare bones and a CLI only.

    TrueCrypt looks good. It's got a nice GUI, explains everything, has promised not to go commercial and best-yet they give you the option to use MULTIPLE CIPHERS! YAY! As in why
  • The biggest drawback, and a showstopper for me, is the lack of Whole Disk Encryption. Sure, you can boot Windows XP in a 5GB partition and encryption all of your other partitions using TrueCrypt, however the Windows paging file, Documents & Settings (and all of the hidden files in there), etc. are left unencrypted. I use PGP Whole Disk Encryption for Windows XP and it works wonderfully on my laptop.

    I would use TrueCrypt in conjuction with PGP WDE, however, on a secondary harddrive containing, um, "a
  • OpenBSD runs Linux binaries under emulation, does OS X? Could it be made available through fink?
  • I've written a TrueCrypt-based simple HOWTO for laptop data-security.

    Its called "Steal my laptop (I don't care) - Securing laptop-data"

    Here's the link to it:
    http://ergo.rydlr.net/?p=39 [rydlr.net]
  • Can you do full disk encryption on the primary partition - i.e. does it have it's own bootloader yet? This would make it a nice replacement for DriveCrypt Plus Pack...

"Remember, extremism in the nondefense of moderation is not a virtue." -- Peter Neumann, about usenet

Working...