VeraCrypt Is the New TrueCrypt -- and It's Better 220
New submitter poseur writes: If you're looking for an alternative to TrueCrypt, you could do worse than VeraCrypt, which adds iterations and corrects weaknesses in TrueCrypt's API, drivers and parameter checking. According to the article, "In technical terms, when a system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations. For standard containers and other (i.e. non system) partitions, TrueCrypt uses at most 2,000 iterations. What Idrassi did was beef up the transformation process. VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force."
Brute force (Score:5, Funny)
Brute force via software? No, no. You're going about it wrong. You need to apply brute force to the operator.
Oblig xkcd (Score:5, Funny)
Re: (Score:2)
The Real "Brute Force" approach.
Re:Oblig xkcd (Score:5, Insightful)
Beating the password out of someone is more an act of romantic fiction, than standard practice, just about anywhere in the world. While XKCD recognizes that most nerds obviously aren't James Bonds, what they miss is most digital adversaries aren't James Bond Villans either.
1. Most of the time, the person is simply going to either steal, or subversively copy your encrypted disk, so you don't even know they are looking for it. Read: what the NSA or any other wiretap is doing. They count on suprise that you don't know your being monitored. Hence they can't hit you, and expect that you remain unaware they are after your data. If they can't break the cipher, they can't break it. More likely, its not going to be a three letter agency, and just a common theif, who, will not have the resources or ability to try beat you for the password, and certainly does not want to confront you, just get your information without you finding out and changing your passwords.
2. Another situation is where they do confront you, but they simply don't either have the political will to beat you for your password. More common than you'd think, because, well, simply put, beating people doesn't make a regime popular with its constituents. Your going to have to be accused of something fairly bad before it becomes acceptable. If you have a hidden encryption scheme like TC does, and they don't know if its there for sure, they could beat you all day long and they'd never know if you were telling the truth or not. Torture is not effective. This has been known for centuries. Despite what the defeatists will tell you. Torture in war is done more to break the spirit, will and emotions of the enemy than it is for information. Or just for the kicks or emotional benefit of really pissed off angry people.
you can look up US case law on this.
3. If your adversary is in the government, your adversary might not be the entire government or entire system. Encryption that police cannot recover on their own, might help you, if the cops are crooked as shit, but the DA, Judge, or someone else in the system cares. Encryption that can last long enough to make it into the court room, can save your otherwise wild and henious accusations against police misbehavior. Don't give the cops the opperuntity to tamper with the evidence, or force them to hand you a subopena or warrant, or hold out on giving up your keys until talking with a lawyer will give you many more options.
Re:you can look up US case law on this (Score:2)
What's about Somalia law?
Re: (Score:3)
You must fire your ak47 above your head sideways for the greatest accuracy. That is Somalia Law.
Re: (Score:2)
you can look up US case law on this.
This is an international website. I can also look up this [wikipedia.org].
Re:Oblig xkcd (Score:5, Insightful)
Even if thats all bogus, it becomes public record, so the public can have an informed debate over who the police are searching and why.
As opposed to breakable crypto, where the cops can just crack anyone's setup, without the need for justification.
Re: (Score:2)
Would deleting/destroying your keys be considered destroying evidence?
Re: (Score:2)
This is an international website. I can also look up this [wikipedia.org].
Key disclosure laws, huh? Ok, my key is ABC123.
What do you mean it didn't work. Shit. Ok, try QWERTY1234567890.
Still nothing? Dammit. Sorry guys. Ok, I'll need access to a writing pad and a random number generator ....
Re:Oblig xkcd (Score:4, Informative)
Re: (Score:3)
Tell that to H. Beatty Chadwick [wikipedia.org]. He was jailed for 14 years for contempt of court for not handing over something he claimed he didn't have. He was never actually charged with committing a crime. While 14 years isn't holding you forever, I think many would still classify it as rotting away in prison.
Comment removed (Score:5, Insightful)
Re: (Score:3)
It is pretty darn effective at getting people to talk.
Passwords however can be easily verified. As such, you can torture people to get a password, while you can not torture people to find out if they committed the crime.
Re:Oblig xkcd (Score:5, Interesting)
I've posted this before, but I want to get this idea out there:
Here's how to make your password truly secure, if you really have something you want to hide:
1) Get fifty dollar bills. Maybe get some fives and tens mixed in with them. Total cost less than $100.
2) Shuffle them into a random order.
3) Set your Truecrypt (or Veracrypt, or whatever) password to be the hundred-digit number formed by taking the two least significant digits of the bills' serial numbers, in order.
4) Keep the stack of cash next to your computer, and make sure you don't let it get out of order. If you lose - or even just drop - the stack, it's game over. If/when you find yourself starting to remember the password and able to enter it without referring to the stack, shuffle the stack and change your password.
5) If an adversary raids your house, chances are that the stack of cash will simply vanish into a pocket. And if that doesn't happen, odds are pretty good that the stack will be scrambled, especially if there are different denominations mixed in.
6) At this point, your password is well and truly gone. No amount of rubber hose cryptography can bring it back.
7) The best part about this plan is you don't have to actually do it. Your password can be your dog's name, as long as you're willing to stick to your story - and it helps if you actually keep a stack of cash next to your computer - that you did steps 1-4.
Re: (Score:2)
The number of possible passwords using such a scheme is too low. The police could easily employ someone to write a little app that tries them all in a reasonable period of time.
Re: (Score:2)
I guess it depends what you consider reasonable, though.
Re: (Score:2)
1000 guesses per second is way below what modern hardware is capable of. Have a look here: http://golubev.com/gpuest.htm [golubev.com]
Even older GPUs can manage tens of millions of guesses per second.
Re: (Score:2)
Re: (Score:2)
Actually if you "stick to the story" there's only 50 dollar bills to choose from and once chosen it's eliminated from the set so 50*49*48*.... = 3*10^64 combinations. Less if any of the bills have identical last digits, which is likely due to the birthday paradox. And if they were just counted and put in an evidence bag most the bills are in the right order. If they count the ones, either in order or reverse order and the only thing you need to figure out is where a few fivers or tens go that's cryptologica
Re: (Score:2)
Re:Oblig xkcd (Score:5, Informative)
You really missed the point of his process.
You should read his post again without the idea of being a dick about it.
Re: (Score:2)
Police do have access to tools for countering the off switch. Devices that connect via firewire DMA to dump the contents of RAM and thus any keys within, or warm boot attack tools. But such things are specialised and expensive, and will not be deployed to the arrest of a run-of-the-mill criminal. They would have to have reason to suspect you of a serious technology-related crime before going to the trouble of sending a digital forensics specialist and their toolbox to the scene.
Stopping you hitting the 'off
Re: (Score:2)
"Devices that connect via firewire DMA to dump the contents of RAM and thus any keys" -- I live this CSI fantasy crap.
If this is not done within 30 seconds then it's a waste of time as they will get nothing useful at all, it's only useful in a lab on a specific computer and has NEVER been used in law enforcement. I would love to see this work on my Toughbook that does not even have firewire.
Re: (Score:2)
The money would likely not be held in evidence in the correct order.
Re:Brute force (Score:5, Funny)
You need to apply brute force to the operator
That's why my password is "I'll never tell!"
Re: (Score:2, Funny)
Shit. Someone just hacked my /. account. Please give it back?
Wow, that's a lot of iterations (Score:4, Insightful)
Wow, going from 2000 to 327,661 iterations sounds like a big deal. Does that actually add any value, or is that like doing rot-13 a million times?
Re:Wow, that's a lot of iterations (Score:5, Funny)
Wow, going from 2000 to 327,661 iterations sounds like a big deal. Does that actually add any value, or is that like doing rot-13 a million times?
Any idiot knows you have to do it a million and one times.
Re: (Score:2)
Haha, nice, I was thinking the same thing.
Re: (Score:2)
rot-13 would be far more secure if you did it 1000001 times.
Re: (Score:2)
Wow, going from 2000 to 327,661 iterations sounds like a big deal. Does that actually add any value, or is that like doing rot-13 a million times?
No, it actually helps, but you have to understand what they are doing before it makes sense.
Usually they use an encryption technique that takes a fixed sized key, usually multiples of 8 bits or so. This means you can optimize the software (or hardware) to encrypt using say 16 bits. You want 160 bits in your key, so you run 10 times though, using up 16 bits of your key each time. However, with 160 bits, you can now change how you rotate the bits in the key. Say you advance only 2 bits each time, then you
It depends. helps brute force-ish, only (Score:3)
It makes it harder to brute force, but maybe it was already hard enough to brute force.
It doesn't help if someone finds a way around the encryption, a shortcut. That happens fairly often.
What happens most often, probably , is in the middle - someone finds a half-shortcut, a way to crack it 10,000 times faster than brute force, but not instantly . In this case, more rounds may or may not matter- it just depends on how gppd the shortcut is and how many iterations you choose.
Also, if the algorithm can be d
Write much? (Score:2)
...it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force."
What an odd sentence. Did you mean "...it makes the software 10 to 300 times harder to brute force"?
Just goto the codeplex site and verify the commits (Score:5, Funny)
Just goto the codeplex site and verify the commits this time!
commits/date/comment
2cf9790438f8 by Mounir IDRASSI (40 downloads) Oct 6 1:20 PM
Windows vulnerability fix : finally make bootloader decompressor more robust and secure by adding multiple checks and validation code. This solves the issue found by the Open Crypt Audit project. Note that we had to switch to the slow implementation of the function decode in order to keep the size of the decompressor code under 2K.
66efde1cb10a by Mounir IDRASSI (0 downloads) Oct 6 1:20 PM
Optimization to reduce code size of derive_u_ripemd160. Useful for boatloader.
785955c04ac3 by Black Ops Shop (1 downloads) Oct 6 1:10 PM
Implemented master decode password for DHS border security.
Re: (Score:2)
Cool, they have en_RN as a language choice, like in RedHat 5.x? (Not RHEL... RedHat.)
Re: (Score:2)
boatloader beer, of course.
What's the license? (Score:3)
The source still contains the original TrueCrypt license.
Re: (Score:2)
Meh (Score:2)
Re: (Score:2)
Simple: scrypt is still not very good (linear speed-down for less memory), and there is currently a contest running for getting a better function https://password-hashing.net/ [password-hashing.net]
It would be stupid to change things at this time.
Give me a break (Score:2)
Nobody was ever going to brute force the original TrueCrypt.
Re: (Score:2)
With a bad passphrase? Easy! 1000 iterations only add about 10 bits, so passphrases up to something like 40 bits are well in reach for brute-forcing.
You'll give them the password (Score:5, Informative)
Take this from a guy who saw someone go through a trial for doing The Very Bad Thing:
You will give them the password.
This is how it works:
"If you give us the password and let us prove you're innocent we'll let you go. If there's anything in there that would prove you guilty we'll reduce the sentence. If you don't give us the password and we have to crack the encryption ourselves and we find out you're guilty, you're going away for a very long time."
And then of course you give them the password, they find enough evidence to make you guilty and they don't reduce the sentence.
They just inflate the original sentence to a much worse sentence, and then deflate it to the level they were going to hit you with anyways.
Re:You'll give them the password (Score:5, Insightful)
Re: (Score:3)
Plenty of innocent people in jail.
Re: (Score:2)
Darn near 100% of 'em too, depending on how you do your polling....
Re: (Score:2)
The problem is that there is always something they can get you with, something they can spin into a charge. The real question is will what they can spin without the password be easier to defend than what they can spin with a password, since either way you are going to be charged. At least with encryption you have a choice which bogus charges you want to face.
Re: (Score:2)
If you don't give us the password and we have to crack the encryption ourselves
Yep I'll take those odds and plead the 5th.
Re: (Score:2)
The mistake is letting them think there is something "in there".
"Those files are just a random collection of bits generated by Gnu Shred when the drive was formatted." is the correct response.
Re: (Score:2, Insightful)
No.
The only correct response is: "talk to my lawyer" or some variation of that.
Re: (Score:3)
"Additionally, if you don't give us the password, you're going to sit in jail for contempt of court until you change your mind."
Re: (Score:3)
And go looking for more crimes to charge you with.
There is no such thing as an innocent person. Everyone, without exception, has committed crimes. Lots of crimes. The only difference between an innocent person and a criminal is that the criminal has done something serious enough to bother prosecuting.
Re:You'll give them the password (Score:5, Interesting)
Never make a deal with a prosecutor without a judge approved plea bargain.
A coworker was in a car accident with her sister driving. The prosecutor told her sister: "We're charing you with reckless driving. Just plead guilty and you'll get off with a small fine. I'll ask the judge to be lenient."
They charged her with assault on her own sister. Confused, she pled guilty anyway, like she said she would. The prosecutor asked for the maximum penalty which includes jail time, and got it.
Only if they give you immunity. (Score:2)
If they were able to send you away for a very long time then they would have sent you away for a very long time. Prosecutor isn't cooperating with your defense, why would you cooperate by slipping
Re: (Score:2)
There is a point that you have to accept that you are not in control of the situation; when there is nothing you can do,
The poor sister didn't want to believe that there was nothing she could do and so she accepted the lie that there was something she could do to make it better.
And so she spoke when she should have been silent.
Nope not suspicious at all (Score:5, Insightful)
New submitter poseur writes:
hey guyz get this new crypto for your puterz!!
-TOTALLY NOT DHS
Re:Nope not suspicious at all (Score:5, Insightful)
That is EXACTLY the problem. Determining a chain of trust is tricky. Producing a chain of trust that a non-expert can trust is almost impossible. Most users cannot verify the algorithms themselves so they have to rely on the evaluation of other people. But, how to trust those other people?
Government organizations have the resources to flood discussion groups like this with reasonable-sounding statements about how well something has been verified, while discrediting anyone who posts an message disagreeing.
If someone posts that I am wrong, how can I, or any non-expert know if the arguments against this post are valid?
Re: (Score:2, Insightful)
> Producing a chain of trust that a non-expert can trust is almost impossible.
Even a non-expert can see that this project is hosted on a Microsoft site. The same Microsoft that cooperated with every 3 letter agency known to man. As far as security and trustworthiness go this project is a joke right from the start.
Projects located in the US are too much of a risk. The fact that Microsoft has direct access to the project is about as hilariously absurd as Truecrypts "go use Bitlocker" message.
Re: (Score:2)
Someone has already given it a 5-star rating so you can put your suspicions to rest!
Re: (Score:2)
Undoubtedly somebody much smarter than the low-rent cryptologists they hire at the NSA.
Vera (Score:2)
When you can't rip off a name in English, do it in Latin!
But hey; at least it's better than CipherShed. My days of not taking FOSS names seriously are certainly coming to a middle.
stealth joke alert
Re: (Score:2)
Nicely played. :D
don't get it (Score:3)
layman here, but it surprises me that something is considered cryptographically secure when a mere 10x bruteforce cost factor makes a difference. even 300x sounds small. how difficult is it then to bruteforce with 1000 iterations? it should be unfeasible with foreseeable technology. the need to make anything unfeasible 10 times more unfeasible is counterintuitive to me.
Re: (Score:2)
The idea is that the user already has enough entropy in there that and a salted password, hence rainbow-tables are infeasible. Sure, they are still trivial to set-up, but cost and storage size does matter and may even make trivial things infeasible. The thing is though, that with a bad (low Entropy) passphrase, you can still brute-force it. And that effort is driven up.
Re: (Score:3, Interesting)
You're doing it wrong. It's trivial to set up PBKDF2-RIPEMD160 rainbow tables just as with any other encryption or hashing algorithm. You're still going to try decrypting the same root directory block with the IKs until you get back a valid block, at which time you can decrypt the whole volume with the IK and do a reverse lookup to get the original password as a bonus.
Just use a salt, and that problem is solved. It forces you to incur the full cost for every different drive (making the tables useless). A r
Big Caveat: not a drop-in replacement forTrueCrypt (Score:4, Informative)
Note that VeraCrypt can't open existing TrueCrypt container files, nor can it create new container files that are backward compatible with TrueCrypt. Instead it suggests you do a clumsy, "un-enecrypt, copy over, re-enecrypt" lock-in process in order to "upgrade". At least the others (truecrypt.ch [truecrypt.ch], Ciphershed [ciphershed.org], Tcplay [github.com] / Zulucrypt [google.com], et. al.) allow you to keep working with existing TC container files.
Why this isn't in screaming bold text at the top of the VeraCrypt page (which is here [codeplex.com], btw), is beyond me.
Re: (Score:2)
If you use the exiting container, you get its properties and hence its far too low password iteration numbers. It is a valid design decision to not support that.
Truecrypt is random thief proof (Score:2, Informative)
I don't use Truecrypt to protect myself from oppressive governments, I use it so that if my computer should get stolen, the thief can't get my data.
This is something every computer user today needs, not just "enterprise" users.
Windows 8.1 apparently finally has something built in to respond to this need, although it doesn't work for external drives and obviously isn't cross platform like Truecrypt is. And most computers don't have Windows 8.1.
Re: (Score:2)
And most computers don't have Windows 8.1.
Which new major-brand laptop computers that aren't made by Apple come by default with anything other than Windows 8.1?
Re: (Score:3)
Buy business. Just about all PCs/laptops aimed at business buyers come with Windows 7, because the number of businesses using Windows 8 is negligable.
Most business buyers will immediately wipe the system and install from their own site-licensed image anyway though, which does make the lack of blank systems seem a little suspicious. Doubtless Microsoft is offering some very sweet deals to OEMs if they'll refrain from selling OS-less computers.
I did the same! (Score:3, Funny)
Instead of 1000 iterations of ROT13 I applied 655,331 iterations and I already feel much safer!!
Only relevant if you have a bad passphrase (Score:2)
A good passphrase (>100 bits of Entropy) will be unbreakable even completely without iteration. For a bad passphrase, iteration adds effort. TrueCrypt was sadly outdated compared to other disk encryption tools, but is not in line with established wisdom again.
"Slightly slower"? (Score:3)
From the summary: "While this makes VeraCrypt slightly slower at opening encrypted partitions..."
On my 2.4GHz, 4-core, 8-thread i7-3630QM mounting an encrypted partition using VeraCrypt takes ~18 seconds. It takes the VeraCrypt bootloader more than 40 seconds to verify my password and proceed with booting.
Although one need only enter the boot password once at boot time, it's still a bit of a pain. A 1-5 second processing delay is reasonable, but more than 40 seconds? Either way, a few thousand iterations combined with a strong password makes brute-force guessing impractical so why bother with obscenely high iteration counts?
I'd much rather that VeraCrypt (or other similar software) allow one to set the number of iterations so one could set the desired delay time based on their own hardware and threat model, and have the iteration count written to the disk so the software knows how many iterations to use. For me, I use such software to protect against theft by ordinary criminals: they're not going to bother decrypting the drive, so a second or two of iterating is fine. Those defending against more well-funded adversaries would be better served with more iterations.
Re: (Score:2)
The sad part really is that I don't think that going through that many iterations is going to anything but drive people away because of the performance impact. While I know RIPEMD160 is considered strong I don't think it's stronger than Keccak [tugraz.at] which is the SHA-3 winner.
....yes,,.. (Score:2)
yesyesyes, but can it stop the cops reading the sticky notes that ppl use to write down there passwords :P
Re: (Score:3, Insightful)
The NSA did not approve. They love VeraShed however.
Re:CipherShed (Score:5, Informative)
CipherShed should have been mentioned in the summary. It's even mentioned in the article (yada yada I messed up and RTFA etc etc).
Some key points:
* VeraCrypt broke compatibility with the container format. However, it sounds like that may only be the hashing iterations on the password to derive a key that changed, so the actual format is probably exactly the same just with a different key. In any case, it can't open TrueCrypt containers and vice-versa.
* He's working on a migration tool (ie. import TrueCrypt container into VeraCrypt)
* The massive increase in iterations mentioned in the summary refers to what happens to your password to derive a strong encryption key. IE. it's only at startup; if done correctly, then it could improve the quality of the encryption key; it does not (AFAICT) affect the actual encryption of each block of data.
* CipherShed (someone from there) spoke with him in relation to helping each other, but CipherShed wants to retain TrueCrypt compatibility, so he is not interested in merging, but he may send patches and whatnot.
* The potential licensing issues are a bit suspect. My gut says the explanation is simply a lack of understanding of licensing or a disregard for it, but it welcomes some conspiracy theories.
Re: (Score:2)
Re:CipherShed (Score:4, Interesting)
I'm more inclined to trust CipherShed at this point. That code has been audited, we know there are some potential issues but nothing major. In fact we know it is good enough for the NSA to try to shut it down, which only adds credibility.
The changes in VeraCrypt might be improvements, but they might also introduce issues. The further it gets from TrueCrypt the more potential there is for things to go wrong.
Re: (Score:2)
The first line of the article.
"If you're reluctant to continue using TrueCrypt now that the open source encryption project has been abandoned, and you don't want to wait for the CipherShed fork to mature..."
Re:I'm not an encryption expert by any means... (Score:5, Informative)
Nope. Consider doubling your password size from 64 to 128 bits. While it would take twice as long to check all the bits and make sure they're correct, brute forcing now has to guess among 2^128, rather than 2^64, possibilities, which is enormously more difficult.
This is a gross simplification of how any real-life security scheme works, but it illustrates the concept.
Re:I'm not an encryption expert by any means... (Score:5, Informative)
Indeed. Schemes like PBKDF border on security theater. For one thing, the iteration count is almost never increased in new releases, even after many years. The fact that VeraCrypt is now increasing it only serves to highlight this fact.
Second, real security comes from exponential differences in work between attacker and defender, not simple linear increases in the differential.
If your passwords are long and have high entropy, you gain nothing with an iterative scheme like PBKDF. If your passwords are small and weak, you gain nothing by PBKDF---cloud infrastructure (legitimate or botnets) means an attacker can run his brute force cracker on tens of thousands, if not hundreds of thousands, of machines. And that probably only begins to approach the computational power the NSA has at its disposal--iteratively hash your password as many times as you want, but the NSA is still going to crack your simple mnemonic password.
PBKDF is the perfect example of cryptographic bike shedding at a sophisticated level. Even schemes like scrypt (which are quite novel and interesting) are still a waste of time and effort.
Once you move past a) hashing and b) salting, you've almost entirely exhausted the benefits of password hardening. PBKDF et al aren't even in the same league as hashing and salting in terms of the real-world benefit provided.
Re: (Score:2)
And that probably only begins to approach the computational power the NSA has at its disposal
It is sure that the NSA has at its disposable a ridiculous amount of computing power, but it is equally evident that they cannot only use it once at a time. I.e. they may well have a billion CPUs, if it takes one billion hours to crack a disk they can only crack a disk an hour. Also, even the best parallel cracking scheme is going to scale less than perfect on a massive parallel setup, let alone a cheap cloud infras
Re: (Score:3)
Password cracking does scale perfectly. It's the textbook example of a task well-suited to paralllisation.
I imagine the NSA's cracking system is based on ASICs, rather than conventional processors. A couple of racks full of ASICs for each of the commonly encountered hashes or cryptosystems, very densely packed. Look at bitcoin miners to see the reason: Compared to an ASIC brute-forcing truncated SHA256, any conventional processor is simply negligable.
Re: (Score:2)
Re:I'm not an encryption expert by any means... (Score:5, Informative)
If you have a 1024 bit encryption key, and change to a 1025 bit encryption key, it will only take 0.1% longer to encrypt. But it will take twice as long to guess the key by brute force.
Re: (Score:2)
No, it doesn't mean that.
Re: (Score:3)
If you know the password, your (human) perception would be that it takes slightly longer to open. The actual processing time required though would be significantly greater.
If you don't know the password, it takes that extra processing time *for each password you try* i.e. it's multiplicative. So if you're trying 300 passwords, for the part which takes 300x as long per password, it's now 90000x as long (for that part) to go through the full list.
Re:Conflicting info on licence and relation to TC (Score:5, Informative)
We can argue (and many will!) all day long over what exactly is Free and what is Open Source, but rather than go down that bottomless pit into pointlessness, anyone who is really interested can just read the TrueCrypt license [github.com] for themselves. It's written in plain language, even if it is somewhat complicated. So it's not GPL and is not compatible with GPL. So fucking what. You can say the same about CDDL or a lot of others, which all give you a lot of freedom. If the code can't be subsumed into GPL, that is the problem of GPL aficionados, not of TrueCrypt's ghost.
I'll just touch on the basics.
You can modify the code, derive a new work, include all the code or selected parts of it in your own work, and you specifically are allowed to profit if you wish.
You have to sanitize your derived code of the word TrueCrypt, logos, website, etc.
You must display a specified phrase, basically "Based on TrueCrypt" and you must link to their webpage.
You have to make the complete source of your product available, just as the TrueCrypt source is.
You are not allowed to obfuscate the source code.
You have to use the unmodified TrueCrypt license only - this part it seems to me VeraCrypt is in blatant violation of, unless they received a special dispensation, which seems unlikely. On the other hand, AFAIK TrueCrypt never sued anyone yet, and they havn't sued VeraCrypt, so anyone can choose how far to stick their own neck out. Remember, RealCrypt went down this route a long time ago and nobody got sued over that.
Disclaimer - I'm not associated with TrueCrypt nor do I have any relationship with them, nor am I a lawyer, nor have I made a painstaking analysis of the license, but I don't see anyone starting a worthwhile discussion of the TrueCrypt license here, so I'm perfectly willing and naive enough to stick my neck out and start the ball rolling.
That's it in a nutshell. You want to tell me that's not "any free software license", go ahead and welcome to your strange interpretation. I myself am not hung up on terms. The license clearly allows VeraCrypt and/or anyone else to run with a derived project.
Re: (Score:2)
Reading and evaluating the licence would take hours. The GPL is complicated too, but it's a single licence, widely commented on and upheld in courts, used by hundreds of thousands of software packages. I'm not going to give each single-program licence the same time I've given to understand the GPL. (And, according to clause 6 of the TrueCrypt licence, this means I'm not allowed to even use TrueCrypt.) FSF's comments on licences are consistently thorough and faire, and for the TrueCrypt licence they're pr
Re: (Score:3)
Because TrueCrypt is abandoned with nobody really able to prove they own it, other than the people who have the Authenticode and PGP/gpg keys, it just might be that their licenses are not enforcable, and the code might be essentially public domain.
However, all it would take is one person or organization suing people, with some "proof" (no matter how unsubstantiated) to cause a lot of hassle in the court system, and this would not just affect the TC successor, but possibly the users as well.
It would be expe
Re:why use this instead of say dm-crypt? (Score:5, Informative)
The OS's built-in encryption for many people is not dm-crypt, but BitLocker, a closed source implementation by Microsoft. And we know nothing about it. When is the key present in RAM? Is the key derived on boot up? How is it protected between boots? Is there an escrow key obscurely baked into the trillion bytes stored somewhere on the hard drive? And can it contain deniable drive images in the slack space of a parent drive?
Because the open source TrueCrypt code has been subjected to code reviews, and backdoors have not been found, it's somewhat more trustworthy than the closed source implementation that comes with the expensive versions of Microsoft's OS.
Re: (Score:2)
Bitlocker under standard settings uses the TPM for key management. You have only the manufacturer's* word that the TPM is free of backdoors, as it's a hardware component. That's why truecrypt doesn't use it.
*Usually Intel
Re: (Score:2)
Actually, Microsoft has published details that answer some of your questions, which have then been verified by security researchers. Of course the point still stands that it isn't as trustworthy as TrueCrypt, but it certainly appears to be good enough for many people as so far no law enforcement agency has demonstrated the ability to crack it.
Lack of deniability is a problem, but there are advantages too. It has good enterprise tools and with SSDs that support eDrive can potentially be used without performa
Re: (Score:3)
The benefit is cross platform support. It was Truecrypt's killer feature. TC is also just plain easier to set up than dmcrypt.
Re: (Score:3, Informative)
"It appears..." No it does not for anyone who can read.
It's available for Windows, Mac 10.6+, and Linux all stated right there in black and white on the projects description pages complete with links to download those versions.
Re: (Score:2)
Re: (Score:3)
It is a trade-off. The iteration comes very cheap, but against a resourceful attacker that has significant resources to do brute-forcing, it does not help a lot. If you think cost, a factor of 10 to 300 may well deter a limited attacker (think 1 Million instead of 10k for brute-forcing, e.g.) though. One real problem is that these days in order to be secure, you need around 100 bits of entropy non-iterated and around 80 bits iterated 500'000 times to be secure. That is pretty long and exceeds most people's
wait, what? (Score:2)
Increasing security is counterproductive because it enables people who suck at security to have better security? Making it easier to have better security should be a goal, not something to avoid. It's not a big difference in this case, but I see no reason to oppose an improvement simply because its an improvement. It's not like only us crypto nerds deserve security.
The only point of running multiple rounds of the key derivation function is to increase the brute force cost. While you may argue that the e