Forgot your password?
typodupeerror
Encryption Security

TrueCrypt 6.0 Released 448

Posted by kdawson
from the plausible-deniability dept.
ruphus13 writes "While most of the US was celebrating Independence Day, the true fellow geeks over at TrueCrypt released version 6.0 of TrueCrypt over the long weekend. The new version touts two major upgrades. 'First, TrueCrypt now performs parallel encryption and decryption operations on multi-core systems, giving you a phenomenal speedup if you have more than one processor available. Second, it now has the ability to hide an entire operating system, so even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable.' The software has been released under the 'TrueCrypt License,' which is not OSI approved."
This discussion has been archived. No new comments can be posted.

TrueCrypt 6.0 Released

Comments Filter:
  • first (Score:5, Funny)

    by Anonymous Coward on Tuesday July 08, 2008 @04:39AM (#24097265)

    svefg cbfg

  • More filesystems (Score:5, Insightful)

    by toQDuj (806112) on Tuesday July 08, 2008 @04:39AM (#24097269) Homepage Journal

    Well, I hope that it now supports more filesystems, because mucking about with FAT on MacOS X didn't appeal to me last time.

  • by millwall (622730) * on Tuesday July 08, 2008 @04:39AM (#24097271)
    I work as a consultant and often use Truecrypt on my USB key in traveller mode on sites where I work. The top thing on my wishlist is to be able to run/install Truecrypt on a Windows machine without admin rights.

    The issue is described in full here [truecrypt.org]:

    [..] In Windows, a user who does not have administrator privileges can use TrueCrypt, but only after a system administrator installs TrueCrypt on the system. [...]

    Full release notes can be found here [truecrypt.org].

    • by TheLink (130905) on Tuesday July 08, 2008 @04:44AM (#24097321) Journal
      You don't mind exposing your secrets to a machine you don't have control over (and thus should not trust)? I don't recommend it.

      You should copy the files that you don't mind exposing, to the unencrypted partition of the USB key or a different no crypto USB drive.
      • by Jah-Wren Ryel (80510) on Tuesday July 08, 2008 @05:19AM (#24097551)

        You don't mind exposing your secrets to a machine you don't have control over (and thus should not trust)? I don't recommend it.

        You should copy the files that you don't mind exposing, to the unencrypted partition of the USB key or a different no crypto USB drive.

        Obviously his specific use for truecrypt is to protect data in transit, should he lose the USB drive.
        I think that's a very common scenario.
        Your 'solution' completely negates the value of that use of truecrypt.

        • Low powered PC (Score:4, Interesting)

          by DrYak (748999) on Tuesday July 08, 2008 @05:31AM (#24097619) Homepage

          A not very powerfull small factor PC (some subnotebook barely good enough to run Linux - no need for the latest über-UMPC able to withstand Vista), with which to decrypt the content on arrival seems to be the only current solution.

          At least, as an over-powerful laptop isn't needed, at least this isn't very expensive.

          Also, has TrueCrypt been ported to PDAs ?
          A PDA running TrueCrypt and dual SD+USB hybrids cards (Sandisk and OCZ produce such beasts) seems another even cheaper solution.
          If the data can't be decrypted on the target machine when plugged with the card's USB connector, then plug it into the SD port of the PDA and decrypt data from there.

      • by EvanED (569694) <evaned@@@gmail...com> on Tuesday July 08, 2008 @05:22AM (#24097573)

        You don't mind exposing your secrets to a machine you don't have control over (and thus should not trust)? I don't recommend it.

        I'm not the OP, but this is being sillily unreasonable.

        For instance, I don't have admin rights on the computer in my office. So maybe I don't want to trust this computer entirely. But if I'm walking back and forth with my USB key most days, the major threat is me leaving the key sitting on the bus seat or something like that, not information being stolen while I'm on the work computer.

        It's not like just because you don't control a computer you don't trust it at all, or that just because something is in a TrueCrypt volume it's extremely sensitive.

        • by Atti K. (1169503) on Tuesday July 08, 2008 @05:52AM (#24097739)

          For instance, I don't have admin rights on the computer in my office. So maybe I don't want to trust this computer entirely.

          I do have admin rights to my computer at the office, but I don't trust it 100%. Why? Because any network admin in the company also has admin rights on it. And of course it was not installed by me, and runs some of their custom stuff...

          • Re: (Score:3, Funny)

            by 74nova (737399)
            Check my eBay store, I have a fantastic line of new lead-lined foil hats for you

            I had to say that, but in reality I suppose I work at too small a company to really comment.
        • by subreality (157447) on Tuesday July 08, 2008 @06:26AM (#24097933)

          I'm not the OP, but this is being sillily unreasonable.

          Not necessarily. Do you consider your data safe in the hands of everyone who has admin rights to the machine? Do they keep the machine patched and secured to a level appropriate for your secrets?

          The answers to these questions depend on your threat model.

    • I work as a consultant and often use Truecrypt on my USB key in traveller mode on sites where I work. The top thing on my wishlist is to be able to run/install Truecrypt on a Windows machine without admin rights.

      I'm surprised no one has come up with a stand-alone gui 'archive utility' for truecrypt volumes that works like winzip and the like - just treat the encrypted volume as one big archive file. It would probably have to be limited to FAT filesystems, but I suppose that would be OK for most USB applications.

    • by Anonymous Coward on Tuesday July 08, 2008 @05:19AM (#24097555)

      I work as a consultant and often use Truecrypt on my USB key in traveller mode on sites where I work. The top thing on my wishlist is to be able to run/install Truecrypt on a Windows machine without admin rights.

      The issue is described in full here [truecrypt.org]:

      [..] In Windows, a user who does not have administrator privileges can use TrueCrypt, but only after a system administrator installs TrueCrypt on the system. [...]

      Full release notes can be found here [truecrypt.org].

      You dont need Admin rights with TCexplorer
      Ideal for USB key
      http://www.codeproject.com/KB/files/TCExplorer.aspx

      • by millwall (622730) *

        You dont need Admin rights with TCexplorer Ideal for USB key

        I think you hit the nail on the head with your link to TCexplorer. Just what I was looking for indeed:

        "A portable software to import, export, delete, rename, view, edit and execute files in TrueCrypt containers without requiring administrative privileges."

        Would be even better if a similar tool was integrated into Truecrypt natively, but until that happens I will try this tool.

  • by TheLink (130905) on Tuesday July 08, 2008 @04:40AM (#24097283) Journal
    All this crypto stuff only works well if it's part of the default install and config.

    Otherwise users get exposed to "rubberhose cryptography".

    Basically if all users even Joe Sixpack get an encrypted partition by default, then people using crypto will be safe - they have plausible deniability.
    • by apathy maybe (922212) on Tuesday July 08, 2008 @04:47AM (#24097339) Homepage Journal

      Yeah, but Truecrypt has a defence against that. It is called "hidden volumes". Basically, you create a container, use it for porn or financial records (something that you have a legitimate reason to want to hide, from the wife or identities thieves for example), something that you access often. Then you create a hidden volume that is put at the end of that volume, which to access requires a second password.

      There is no way of knowing if that second hidden volume exists unless you have both passwords.

      If you access the first volume without both passwords, then you can just wipe over whatever information you have stored in the hidden volume.

      Oh yeah, I love TrueCrypt. It's groovy.

      • by eiapoce (1049910) on Tuesday July 08, 2008 @04:51AM (#24097369)

        ;) That is to say that you carelessly watch and upload too much porn without both password and you loose all those important TPS reports....

      • by TheLink (130905) on Tuesday July 08, 2008 @05:03AM (#24097451) Journal

        Get a clue.

        Does Joe Sixpack's computer come with Truecrypt? Does it come with a truecrypt container preinstalled?

        The answer is NO.

        So if the wrong people find Truecrypt on your computer guess what happens to you. If you say "Nothing" well: "Wrong answer!". They may give up after a few days of giving you the treatment, but it still means you get the treatment.

        Whereas if everybody had truecrypt AND an encrypted partition, they could a) try to waterboard everyone, b) wait till they have more evidence.

        And that is why I reported this bug/feature request: https://bugs.launchpad.net/ubuntu/+bug/148440 [launchpad.net]

        Encryption must appear to be in _use_ by default by all users, then you get safety in numbers. When even your grandma using Ubuntu has a crypto partition, things are better for the people actually using it.

        • by auric_dude (610172) on Tuesday July 08, 2008 @05:46AM (#24097697)
          I followed this back to the Ubuntu bug report 148440 and see that a comment has been added https://bugs.launchpad.net/ubuntu/+bug/148440/comments/4 [launchpad.net] that I think says it all.
          • by TheLink (130905) on Tuesday July 08, 2008 @06:19AM (#24097901) Journal
            Just change 1) in the original bug report from:

            " Have crypto tools installed by default (if the user does not select the "use of encryption is illegal in my country" checkbox)."

            to

            " Have crypto tools installed by default (if the user does not select the "don't install encryption" checkbox)."

            If the UK courts are going to jail your grandma just because she has an Ubuntu install with a container she has no key too, then I think grandma is living in the wrong country - in the old days the UK courts had the "Reasonable Man" thing, maybe now things have changed.

            I see it more as a bug in the UK law than a bug in my proposal.
        • by Splab (574204) on Tuesday July 08, 2008 @05:47AM (#24097701)

          Think you totally missed the point.

          You put plausible data into the encrypted volume, when they ask for your password you give it up, they access the encrypted volume and see you got porn/financial stuff/what nots you don't want others to see. What they can't see is the fact that there is another volume hidden inside this, which there is no way of knowing unless you got the second password. Waterboarding the person makes no sense since he has already given up the password giving you access to the "entire" volume.

          • by TheLink (130905) on Tuesday July 08, 2008 @06:27AM (#24097941) Journal
            Why wouldn't they interrogate you further? They can read the Truecrypt feature list for themselves.

            Already a Mr Chris Jones has an issue with my proposal because he seems to think that the UK government would waterboard users in the UK if Ubuntu has a default encrypted partition they might not have a key to.

            If Chris Jones is right that the UK Government would do such a thing, then they would be far more likely to waterboard you for voluntarily installing truecrypt, voluntarily creating a encrypted volume (or two) AND not handing over "all" passwords. Even if you don't even have a hidden volume.

            If you have a Government willing to mistreat people for using a distro that does what I propose, they would definitely mistreat people who use Truecrypt.

            So my proposal makes the most sense.
      • Yeah, but Truecrypt has a defence against that. It is called "hidden volumes".

        Last I heard, you could only have one hidden volume. That significantly reduces plausible deniability, if you are interrogated they can rubber-hose you until give it up and then your interrogators will know they got it all.

        Has that changed? Does truecrypt support unlimited hidden volumes now?

        • Re: (Score:3, Interesting)

          by meringuoid (568297)
          Last I heard, you could only have one hidden volume. That significantly reduces plausible deniability, if you are interrogated they can rubber-hose you until give it up and then your interrogators will know they got it all.

          I never heard that. Reading through the documentation, it appears that any TrueCrypt volume can contain one hidden volume. Which means that your hidden volume can itself contain another hidden volume, and that can contain yet another.

          If you think your adversary will torture you a seco

      • Re: (Score:2, Insightful)

        by patro (104336)

        "There is no way of knowing if that second hidden volume exists unless you have both passwords."

        Plausible deniability is not really working here, since it is one of TrueCrypt's main features, so if one has TC installed then it's pretty obvious he wants to hide something.

        If one installs TC by choice then he surely doesn't do it just to have it eat up some unused harddisk space.

      • by DarkOx (621550)

        That is not really a solution for most. I suppose its great if you want to hide some criminal activity like you bookie operation you are running, but most people like me the only thing we do want to protect are old tax records, other financials, a personal journal, you get the idea. Are you saying I should produce an entire set of convincing mock financial information just through ppl off the trail. Who has time for that. What would be much more interesting is a good stenography system. I would love to

  • ...against this? [slashdot.org] Or will it just get you in more trouble? What's the community's take on it?
    • Re: (Score:3, Informative)

      by apathy maybe (922212)

      Yes it is a good defence against that. Border guards aren't going to have enough time to find your encrypted containers while you are there, and if you have to give up your laptop, or if they take a copy of the HD, then they can't access the information because they don't have the password (and they can't force the password out of you, because you have already re-entered the country (assuming you are a yank)).

      And if they do find a container, and force you to give up the password http://it.slashdot.org/comme [slashdot.org]

  • Relevant links (Score:5, Informative)

    by Oscaro (153645) on Tuesday July 08, 2008 @04:41AM (#24097295) Homepage

    Project homepage is here: http://www.truecrypt.org/ [truecrypt.org]
    Release notes here http://www.truecrypt.org/docs/?s=version-history [truecrypt.org]

    (Btw, these links should be in the article, instead of an external (sponsored?) one).

  • OK (Score:2, Interesting)

    by Anonymous Coward

    even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable

    In what case would this be useful? If you have an adversary that can force you to give a password, I'm sure they can force you to boot up the correct operating system as well. And if they are in a position to force you to give up the password, it might not be wise to try to play a switcharoo on them.

    In the cases where this would actually be useful (with your boss or the government inspections), they will probably have the ability to detect that you are not being entirely truthful. You can hide an operati

    • Re: (Score:2, Informative)

      by apathy maybe (922212)

      From the release notes:

      Ability to create and run an encrypted hidden operating system whose existence is impossible to prove (provided that certain guidelines are followed). For more information, see the section Hidden Operating System [truecrypt.org]. (Windows Vista/XP/2008/2003)

      It appears to work just like a hidden volume [truecrypt.org] (also described in this post [slashdot.org]).

      In other words, you worry to much, these guys are really really smart.

    • Re:OK (Score:5, Informative)

      by HungryHobo (1314109) on Tuesday July 08, 2008 @05:08AM (#24097487)
      actually you can. with truecrypt I can create an encrypted volume which is just a file on my hard disk. say it's 1 gigabyte. To access it I have to type in my password "secretpass" I see a 1 gigabyte volume. now I can stop there. it's encrypted strongly enough to protect my files. I throw 200 MB of porn/corporate data/personal emails/photos of my girlfriend on there. it shows as 800MB free. Now I create a hidden volume 800 MB in size. In there I put my plans for how to kill every politician, the details of my drugrunning opperation, the plans for a nuclear weapon. etc etc etc. to access this I have to type in my second password "password2" So I boot up truecrypt, select the 1 gig file which is my virtual drive, type in "secretpass". What I then see is a 1 gig drive with 800mb free space and lots of semi-important files. if I open that same file with "password2" I'll see an 800MB drive almost full with highly important documents. There is no missing hard drive space, no hint at all that there is anything but the first drive unless I enter the second password. (side note, if you add files to the first drive then there's a chance that you'll overwrite files on the hidden drive since unless you enter that password as well then truecrypt can't see that it's there.)
      • Okay but now I know to look out for people running truecrypt and to ask to see their encrypted volume (rubber hose held behind back at that point) so they show me their partly used 800mb encrypted volume, I image it and start a dictionary attack to get the rest of the info.
        • Re: (Score:3, Informative)

          by HungryHobo (1314109)
          you seem to have missed the point in a big way. You see a truecrypt container. You hold back the rubber hose or start with the thumbscrews. after much screaming they give you a password. You see a 1 gig volume with 200mb of confidential and mildly valuable files and 800mb of free space. It's is utterly plausible that this is all there is. there are no more files. you've got all you're gonna get. no hidden volume. Now you might try some more torture but your victim is also aware that there is no proof at al
          • Re:OK (Score:5, Informative)

            by vidarh (309115) <vidar@hokstad.com> on Tuesday July 08, 2008 @06:12AM (#24097859) Homepage Journal
            You miss the point. Anyone who truly has something to hide to the extent of worrying about torture will have an utterly plausible explanation or ten prepared. That won't stop someone who is willing to use torture from continuing until they get more or you have resisted for so long that they believe you are telling the truth when you're saying there is no more.

            So when they get the first password, they continue until they get another or they decide there's no way you could have withstood that much. And when they get your second password, they'll still go on in the hope of a third, unless the data they find would totally fill the disk.

            Each time you give up something, they'll assume there may be more until they've kept torturing you for a long time without getting any more information.

            • If you have to worry about it being torture-proof, you're almost certainly dead anyway.

              All it needs to be, for most people, is audit-proof.

              And for that you need a business case for having it. Porn is probably not a good choice.

            • Re: (Score:3, Interesting)

              by Dunbal (464142)

              Anyone who truly has something to hide to the extent of worrying about torture will have an utterly plausible explanation or ten prepared.

              No, anyone who truly has something to hide will not send someone through customs with compromising information. That's where compartmentalization comes in. Encrypt your file, break it apart, and mail the parts to yourself separately. If you really want to be paranoid - to different recipients at different addresses. On different days. If one package

  • by Chrisq (894406) on Tuesday July 08, 2008 @04:48AM (#24097357)

    It now has the ability to hide an entire operating system, so even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable.

    Great, I can now maintain my geek-cred by hiding the fact that I sometimes have to boot into Windows to run things like a GPS map updater. No more microsoft on the boot menu.

  • Sad (Score:5, Insightful)

    by ebonum (830686) on Tuesday July 08, 2008 @04:54AM (#24097385)

    It's sad. I often travel between the US and China on business ( I live on the China side ). I've always been careful with sensitive data, but now I'm absolutely fascist. Why? I have no fear of the Chinese government. Besides, I work for a Chinese company. I fear my own country illegally accessing files to which they have absolutely no rights whatsoever.

    Honestly. If someone works for the US government, pulls some CEO's laptop at the boarder for "inspection" and gets free access to all the company financials, would they do the right thing? How many semi-intelligent people wouldn't be tempted to start buying stock options or call their best friend with a really good "tip"? Even if they SEC investigated, they would never find the link.

    Over the last several years, I've always been treated very respectfully inside China and going to and from. It is in the US, my own country, where I'm treated as if I'm already guilty.

    Back to the topic at hand. TrueCrypt is a wonderful product. Everyone should be using it.

    • Re:Sad (Score:5, Interesting)

      by slyguy135 (844866) on Tuesday July 08, 2008 @06:14AM (#24097871)

      I have no fear of the Chinese government.

      Wow, what Kool-aid have you been drinking? I've been to China many times too, and love the place, but I'm afraid you're being seriously delusional if you think it's safe to be that blasé around the Chinese authorities. The American search procedures at the US border would indeed be unconstitutional were they conducted in the country, but at least you know up front what the rules are. In China, your rights are vague at best and your recourse to law is minimal. If next time you enter China the border officers did decide they are going to take your laptop away, what could you do about it? Oh, but if they're polite, then that's OK, right?

      Fanboyism of China is not helpful to the country and unattractive, so please stop it; it's embarrassing, and even potentially dangerous.

      • Re: (Score:3, Funny)

        by Dunbal (464142)

        Fanboyism of China is not helpful ... and even potentially dangerous."

              Thanks for the laugh. Oh wait, you were serious? LOOK! There's a "terrorist" behind you! Boo!

              Then again, how could we not have expected the nation that is chronically high on cocaine to become paranoid delusional?

      • Re:Sad (Score:4, Insightful)

        by Gulthek (12570) on Tuesday July 08, 2008 @07:56AM (#24098709) Homepage Journal

        If next time you enter China the border officers did decide they are going to take your laptop away, what could you do about it?

        What could you do if your laptop gets taken at the US border? File a complaint? Woot.

        Chiming in with the GP here, I feel much safer and much better treated going into China than going into the US. There I am treated as though I am an actual person, here I am treated as though I am an annoyance.

        If DHS gets their way, we'll be treated worse than that. DHS wants to require all airline passengers to wear a taser bracelet [washingtontimes.com]

    • Re:Sad (Score:5, Interesting)

      by bhima (46039) * <Bhima.Pandava@gma i l . com> on Tuesday July 08, 2008 @06:14AM (#24097873) Journal

      This absolutely mirrors my own experience. I live in the EU and I travel mostly around the EU and Africa. When I get to the US I'm treated as a convicted criminal and I'm a US citizen. I am routinely hassled and threatened by petty dictators of nano-dictorships. Which I find completely bizarre... Hell the security & customs agents in Zimbabwe are more polite than the ones in Atlanta.

      Another thing I find complete asinine is that little form you fill out saying where you are going stay while you are in the US. I've been staying at 1600 Pennsylvania ave. for going on 6 years and no one has so much a blinked.

  • by Anonymous Coward on Tuesday July 08, 2008 @05:16AM (#24097533)

    True crypt is fabulous. But is it good enough to hide a body?

    Hans

  • If you've got a 30gb volume with a "hidden" volume inside of it, but 10mb of files in it, can't you tell it's got something there by just dumping 30710mb in it(and it'll fail if it does?)? http://www.truecrypt.org/docs/hidden-volume.php [truecrypt.org] makes that seem unlikely, it looks like you'd just totally fuck up your hidden partition if you wrote to the volume... which makes you wonder how long it'll be until a tool is developed for law enforcement specifically designed to fuck up these volumes.
    • by Splab (574204) on Tuesday July 08, 2008 @05:52AM (#24097737)

      You know, if law enforcement "fucked up your volume" as you so nicely put it, they have just destroyed whatever evidence you where trying to hide. So why would anyone using true crypt have a problem with that?

      • For two reasons:

        1) The proper procedure is to make a verified copy, and then work on the copy. Many reasons not the least of which being that if you screw up accidentally you can make another copy. You don't go mucking around on the original drive.

        2) Law enforcement isn't welcome to just destroy property because they feel like it. They can't burn down your house and say "Well we thought there might be drugs in it, even though we never found any." Likewise they can't just screw up your data for shits and gri

    • by mrvan (973822) on Tuesday July 08, 2008 @05:59AM (#24097773)

      AFAIK, yes, if you fill the decoy volume it will kill your hidden volume.

      which makes you wonder how long it'll be until a tool is developed for law enforcement specifically designed to fuck up these volumes.

      They can only do that if they've confiscated your laptop *and* acquired your 'decoy' password. At that point, your only concerns are they not getting your data and you being able to deny the data is there in the first place.

      Somebody deleting all your sensitive files is not a bad thing to happen at that point.

  • Independence day? (Score:5, Insightful)

    by Atti K. (1169503) on Tuesday July 08, 2008 @05:40AM (#24097683)

    While most of the US was celebrating Independence Day, the true fellow geeks over at TrueCrypt released version 6.0 of TrueCrypt over the long weekend.

    That might not be just a coincidence.

  • by Cur8or (1220818) on Tuesday July 08, 2008 @05:47AM (#24097705) Homepage
    Does anyone know if the backdoor has been made a little more user friendly? The current one takes like 3 minutes to decrypt without the password.
  • by mrboyd (1211932) on Tuesday July 08, 2008 @06:13AM (#24097865)
    I have started using TrueCrypt a few months back after my laptop got stolen. I keep two encrypted files on my laptop, one contains my personal stuff like passport scan, bank information etc. and the other the work related important documents such as internal&confidential documents, client information etc. I have buried those files in the system folder and given them name that could pass for system temp files.

    I keep a copy of both on a USB key drive and on an external hard drive which never leave my home. As well as a non-encrypted copy because I'm still wondering what happens to that encrypted file if I happen to have a fucked up cluster on the drive at some point.

    The rational for using encryption is not that I am afraid of the local authorities, there is nothing on my computer that would cause me any long lasting trouble, despite the fact that I live and work in a limited freedom area (Middle East), but simply to avoid opportunity theft.

    For example I can't recall how many time one of my clients or partner handed me a usb key drive containing all his companies financial statement, bank account number, internal price list with profit margin, internal memo, personal info and the wifey's naked picture so that I could copy them a few documents and then forgot about the keydrive because we kept chatting.

    Sometime I too need to get some files from them and I don't want to look like I'm watching them while they dig around my keydrive. I now know that everything a casual observer should not see is encrypted so I don't mind throwing my key drive over the table to someone I don't know.

    I don't understand the paranoid people here who believes in plausible deniability, decoy drive and other such thing. I also wonder if the same people only use their computers in safe room with controlled EM environment and bullet proof shade.
    I didn't know either that so many people carried state secrets around international airports. To those I will say that if the NSA/FSB/Interpol/MI4/Mossad/Mafia or even the local police wants the content of your drive they will get it. period. It doesn't matter what you do. Unless of course you also work for one of the aforementioned in which case you might have been trained to accept that your life is worth less than the content of said drive.

    I have never been subjected to physical or psychological torture (aside from clients and some ex-gf of course) but I am not Jack Bauer and I would "come clean" very quickly. I would give the real password, not the decoy, because I believe consequences would certainly worsen my situation if my interrogators were not convinced.

    I am also pretty sure that the simple sentence: "The accused has so far always refused to give his encrypted drive password." would certainly help convincing a jury beyond "reasonable doubt" (In countries where such thing even exists).
    Some people here should start to seriously look at themselves and wonder if what they are trying to hide is really worth it or if it's just about mommy not finding their downloadable girlfriend picture collection.
  • by Legion303 (97901) on Tuesday July 08, 2008 @07:20AM (#24098389) Homepage
  • Detecting Truecrypt. (Score:4, Interesting)

    by argent (18001) <peter@NOsPam.slashdot.2006.taronga.com> on Tuesday July 08, 2008 @07:50AM (#24098655) Homepage Journal

    Normally, unused blocks on a drive have whatever data pattern the formatting software puts there (typically something like "FFFFFFFFFFFFFFFF..." or "55AAAA5555AAAA55..."), or remnants of other files, or parts of free block lists and empty extents and the like. If you have a big chunk of random noise in the middle that's an indication that you've got an encrypted volume in there somewhere.

    • by BountyX (1227176) on Tuesday July 08, 2008 @08:09AM (#24098845)
      Right, but how can you tell if the encrypted volume contains another encrypted volume (the hidden volume). That's the thing, the hidden volum eis designed to be encapsulated in the encrypted volume. Plausible deniability is only offered in the hidden volume functionality.
    • Re: (Score:3, Informative)

      by trifish (826353)

      Uh, I'd mod you down as Misleading if that was possible. If you at least bothered to read something about it before commenting, you would know that you are wrong.

      From, the TrueCrypt documentation at http://www.truecrypt.org/hiddenvolume.php [truecrypt.org] :

      "Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume

  • Multi-core support (Score:3, Insightful)

    by technienerd (1121385) on Tuesday July 08, 2008 @08:20AM (#24098967)
    No one seems to be commenting about the new features of this release but simply on TrueCrypt in general. Am I the only one excited about the multi-core/processor support? Finally a piece of systems level software that scales with the number of cores! Makes getting a multi-core processor all the more worthwhile.
  • Works in FreeBSD (Score:3, Informative)

    by Fweeky (41046) on Tuesday July 08, 2008 @08:37AM (#24099195) Homepage

    Using the patches in the TrueCrypt 5 port [freebsd.org], TrueCrypt 6 builds and appears to run fine on FreeBSD \o/

  • by jockeys (753885) on Tuesday July 08, 2008 @09:18AM (#24099717) Journal
    Dear paranoid freaks,
    if you are so concerned about getting captured and tortured for normal/hidden/hidden(hidden)/hidden(hidden(hidden)))/ad naseum passphrases, then quit having digital copies of your stuff in the first place.

    99% of the TrueCrypt userbase is just fine using it on jump drives to keep stuff secure from the guy who finds it when you lose it on the train/plane/whatever.

    Quit making up impossible "movie scenarios" (there, I used a Schneierism, you HAVE to respect me now!) about how gov't agents are going to come in black helicopters for your fetish vids and the 200 page backstory you wrote for a character you rolled in middle school. No one cares.

    Yours truly,
    -Reality.
    • Re: (Score:3, Insightful)

      by Hatta (162192)

      You forget that the US is currently waging war on its own citizens in the form of the War on Drug Users. There are many people out there who are doing nothing but growing plants and consuming them in the privacy of their own home, for whom there is a real risk of government agents with black helicopters taking them and their data. That is the reality we live in.

    • Re: (Score:3, Insightful)

      by Shihar (153932)

      I think you miss the point of things like multiple passwords with volumes hidden in volumes, and it doesn't involve being able to resist torture. Resisting an audit, legal threat, or annoying security agent is a more likely scenario.

      I would be willing to bet that a non-trivial number of people who something illegal on their computer from pirated versions of software, "hacking tools", pirated entertainment, pr0n illegal in one country or another, etc. The ability to effectively resist being compelled (with

  • by demi (17616) * on Tuesday July 08, 2008 @06:06PM (#24107883) Homepage Journal

    I'm a semi- geek when it comes to Windows, a non-"Power User". But I had a need for this so I thought I would give TrueCrypt a whirl, and had a real nightmarish day and a half.

    This being slashdot, I'm only inviting flames about the various things I'm doing wrong. But it does seem to me that TrueCrypt is missing a very obvious feature--encrypt other partitions in the same manner as the boot partition (that is, online and allow them to be mounted transparently) that would have saved me a lot of grief.

    See, I have C: and D: partitions, and all the user profile directories are on D:, because that's how our IT department sets things up. Do you see what's coming? Well, I encrypted the system partition without a problem. But now, the D: partition needs to be encrypted, and there's no way to do that without destroying it.

    Okay, fine, "back up" and "restore", right? Except that applications, including TrueCrypt and Windows, are pretty highly dependent on the presence of that profile directory, as I learned to my moaning grief. (Yes! TrueCrypt apparently stores which volumes you want "automatically" mounted in your profile directory!)

    One new TrueCrypt-encrypted NTFS filesystem later, and I realized there was no way to get the thing mounted before anyone logs in. Or rather, there probably is a way, but it's nothing like editing AUTOEXEC.BAT or something simple. There are registry keys that can be edited but "startup" in Windows-land always seems to refer to "user logs in" and not "boot time."

    Additionally, the TrueCrypt command-line did not seem to work as advertised. I'm not a genius but I do carefully read documentation and double-check command-lines before I issue them, and it should not have been possible for TrueCrypt to attempt to remount and repair the system partition as another drive letter, but it did. So I gave up on my dream of having an encrypted C: and D: mounted at boot time, so the user profile directory can be there waiting for the user to log in.

    Did I mention how grumpy Windows and everything else gets when the profile directory goes away? Very grumpy indeed. A forest of "registry may be corrupted" error messages greets any attempt to change anything, and so forth. After struggling with these kinds of issues for some time, I really just wiped D: for good and let the system "rebuild" the profile directories on first login. Now I have a bunch of reconfiguration to do and things still aren't right (for example, start menus aren't correct because lots of programs had shortcuts in D:\Documents and Settings\All Users\Start Menu).

    It really seems to me that this is not that unusual a situation (two partitions need to be mounted to boot the system) that should be accommodated by something like TrueCrypt. I'm disappointed in TrueCrypt, red-bloodedly refreshed in my hatred of Windows and harboring evil thoughts toward my company IT department.

You had mail, but the super-user read it, and deleted it!

Working...