Slashdot Mirror
TrueCrypt 4.3 Released
RedBear writes "A new update to the best open source transparent encryption software has been released. TrueCrypt is (the only?) open source encryption software capable of creating and mounting encrypted virtual disk images that can then be worked with transparently like any other storage drive, with data encrypted and decrypted in real-time. These virtual disks can be created as files, or entire partitions or physical drives can be encrypted and mounted transparently. Sadly there is still no Linux GUI or Mac OS X port in sight. If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption, please consider donating time or money to the cause, and add your voice to the forum." From the site:"Among the new features [are] full compatibility with 32-bit and 64-bit Windows Vista, support for devices and file systems that use a sector size other than 512 bytes (such as new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.), auto-dismount when a host device (e.g., a USB flash drive) is inadvertently removed, and many more." Read on for more features of TrueCrypt and cached versions of all the links above.
Also including features like plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades. TrueCrypt is practically the Holy Grail for advocates of free ubiquitous encryption. Now, if only it were platform independent.
To reduce load on their servers here are some Coralized versions of all the links:
TrueCrypt home page
Future development goals
Forum thread about Mac OS X version
Donations page
General forum
Plausible deniability
Hidden volumes
Traveler mode
Encryption algorithms
Multi-algorithm cascades
Version history
Also including features like plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades. TrueCrypt is practically the Holy Grail for advocates of free ubiquitous encryption. Now, if only it were platform independent.
To reduce load on their servers here are some Coralized versions of all the links:
TrueCrypt home page
Future development goals
Forum thread about Mac OS X version
Donations page
General forum
Plausible deniability
Hidden volumes
Traveler mode
Encryption algorithms
Multi-algorithm cascades
Version history
"from the windows-only-alas dept."
Not really, you can download ubuntu binaries from their download section.
"you dont have to install it. so there is no way that any researcher can discover it was used."
That's not entirely true. When TrueCrypt opens, it installs a driver (in Windows). This driver remains there unless you remove it. In fact, I just had to manually remove it because the old version of the driver was already installed, and the new version of it couldn't override it.
Don't get me wrong, I absolutely LOVE TrueCrypt, I use it everyday, however it's not entirely true that it leaves no footprint. At least, not in my experience.
-Eddie
Why do you need a linux GUI for something like this? I installed debian etch a while ago and noticed encrypted partition was a an option along with normal filesystems, RAID, and LVM. So I tried it out. It was quite simple to setup. I made an encrypted / and an encrypted swap partition. Then when I booted into freshly installed system I had to enter my passphrase for each partition and after that it was just like a normal system. I didn't even notice any I/O performance loss. (Although I still went back to a RAID system after the experiment since I am not paranoid enough to sacrifice any performance or space yet :)
Hidden volumes, for one. A single image can have two volumes in it, with different passwords, encryption methods, etc., and you can't even tell the hidden one is there unless you know the key.
You can also use any file as the key, instead of (or in combination with) a password.
And you can encrypt an entire partition, instead of putting the image inside another filesystem and letting it get copied around by the defragmenter (which may have security implications for the ultra-paranoid).
Visual IRC: Fast. Powerful. Free.
there is no way that any researcher can discover it was used.
.ini method of storing config data, much more secure and no messing in the registry looking for obscure keys and entries, deleting a single ini file is a lot easier than digging through the registry
wrong, if you read the info on the site about "traveller mode"
After examining the registry file, it may be possible to tell that TrueCrypt was run (and that a TrueCrypt volume was mounted) on a Windows system even if it is run in traveller mode.
so it still writes to the registry and so can be discovered by forensics in an instant
why it writes to the registry really needs to be addressed, i wish apps went back to the old
TrueCrypt provides device-level encryption, so it doesn't need to be aware of HFS+ or any other filesystem you use with an encrypted volume. It also provides a few important features that are not built into OS X.
Visual IRC: Fast. Powerful. Free.
from the truecrypt site:
Traveller Mode
TrueCrypt can run in so-called 'traveller' mode, which means that it does not have to be installed on the operating system under which it is run. However, there are two things to keep in mind:
* You need administrator privileges in order to able to run TrueCrypt in 'traveller' mode.
* After examining the registry file, it may be possible to tell that TrueCrypt was run (and that a TrueCrypt volume was mounted) on a Windows system even if it is run in traveller mode.
If you need to solve these problems, we recommend using BartPE for this purpose. For further information on BartPE, see the question "Is it possible to use TrueCrypt without leaving any 'traces' on Windows?" in the section Frequently Asked Questions.
Exactly as described? Does Disk Utility let you create hidden volumes (indistinguishable from the main encrypted volume unless you know the key), or encrypt an entire partition, or use a file instead of a password as the key?
Visual IRC: Fast. Powerful. Free.
Generally, Windows itself keeps the names of files that have run recently, and that's probably what they're refering to, not TrueCrypt's settings. In that aspect, no executable on Windows can leave absolutely NO footprint. Of course, these registry entries can be removed manually.
In fact, TrueCrypt's settings are maintained in a file called Configuration.xml in the same directory as TrueCrypt.exe, in order to remain truly portable.
think TrueCrypt is "the only" one.
Clipped (and truncated) from the website:
I just wanted to point out that TrueCrypt differs from most other disk-encryption-tools mentioned by my fellow posters in that it also supports 'hidden volumes', which allows a user (for example if forced to give out a password, since the existence of an encrypted volume seems suspicious) to give out a password, which simply shows a 'bogus' partition - but there is no way to prove that the password that was provided is not the 'important' one, or for that matter it's impossible to prove that such a hidden volume even exists.
Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.
Just be sure to read about the --checksum option. I personally keep all of my most sensitive files in a single, 4 GB truecrypt volume that I rsync nightly to my offsite backup at rsync.net. They are NOT affiliated with the actual rsync project, but I can't speak highly enough about them. This, and especially this are what sold me over strongspace and exavault.
If you have a container X big, one can have smaller containers inside that. The key opens the outer container, but exposes the inside (to use their language). Even if these hidden volumes dont have publically readable containers, one can still see them and delete them.
Incorrect, there is no container file inside the first container, and if you don't enter the password for the second container the same time as the first container you *CAN* overwrite the data in the second container, thus corrupting it.
From the website (If only people would RTFM (no, I'm not new here)):
Protection of Hidden Volumes Against Damage
As of TrueCrypt 4.0, it is possible to write data to an outer volume without risking that a hidden volume within it will get damaged (overwritten).
When mounting an outer volume, the user can enter two passwords: One for the outer volume, and the other for a hidden volume within it, which he wants to protect. In this mode, TrueCrypt does not actually mount the hidden volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be rejected (until the outer volume is dismounted).
Note that TrueCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each time they mount the outer volume).
Do you Gentoo!?
But if you have to run it from the command line, you probably need to give it command-line arguments. Do truecrypt's typical arguments look like typical vi arguments?
Everyone is born right-handed; only the greatest overcome it
How I would attack this stego: I would obtain a sector-logger via ICE or somesuch driver first. Then I would mount the container and proceed to do a "DOD 7 times rewrite" via eraser or somesuch tool. I then would watch what sectors arent affected. Those would be the hidden ones. Essentially I would show hidden places by what isnt touched. It is not BS... It allows you to overwrite the hidden partition (and will gladly do so) UNLESS you provide both the keys to the hidden partition and the outer partition to the program when mounting - and even then, it will just prevent clobbering the inner partition because he knows where it is, but if the outer partition algorithm tries to write on them, it can only fail the operation (it will not use other empty places, and I assume that happens since it would allow an attack like you propose - although if you can sniff mem while it is running with both passwords you wouldn't need such an attack). So, hidden volumes aren't perfect, but don't fall for simple attacks.
Yes, that's fine, but as you pointed out, it's for the LINUX kernel. If you need something that is portable across platforms, transportable on a USB thumb drive and usable under Windows and Linux (and maybe some day OSX), then dm-crypt or cryptoloop is not going to help you.
Anyway, for independent keys, I agree with your assessment. If algorithm B weakens algorithm A when used with an independent key, it's a bug in algorithm A, not in the idea of cascading ciphers.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
look at the first few bytes of the file and determine that it's a TrueCrypt volume.
The first few bytes of the file contain the encrypted symmetric key for the block cypher, which looks random, just like the rest of the file.
it will even tell you what volume you've mounted - Standard or Hidden
So? By definition that information has to be available or Truecrypt wouldn't know where to read or write. That it's displayed to you doesn't make a difference if someone gets to inspect the running system. Plausible deniability only exists when the filesystem is not mounted (or when you've mounted only the standard volume without the hidden key.) Besides, don't put too much weight on the plausible deniability feature: The deniability is not as plausible as you might think.
Yes. Seriously. You've been able to do this in FreeBSD for ages.
/dev/md0 /dev/md0 /dev/md0.eli /dev/md0.eli /mnt/secret
dd if=/dev/zero of=image_name bs=1k count=lenth
mdconfig -a -t vnode -f image_name -u 0
geli init -a hmac/sha256
geli attach
dd if=/dev/random of=/dev/md0.eli bs=1m
newfs
mount
okay its a bunch of commands, but I'm basically reading out of the man page. And this setup has tamper detection.
Maybe because the tinfoil hat crowd usually doesn't buy Apple computers.
Errrr right - did you not read the linked thread where all the os x users were asking for a truecrypt port?
While I support a lot of what the F/OSS movement does, I think this is a good example of the overall trend -- it (over)fills very small niches very well, but doesn't do much for the masses.
Right dude, apart from the craploads of FOSS stuff you use on your mac every day? OS X is built on F/OSS - absolutely nothing on the system would run without F/OSS.
Oh, and:
While I support a lot of what the Apple does, I think this is a good example of the overall trend -- it (over)fills very small niches very well, but doesn't do much for the masses.
There are shills on slashdot. Apparently, I'm one of them.
If you don't necessarily need plausible deniability, and if you're looking for per-file encryption with just as much transparency and a lot more flexibility, check out eCryptfs. It can be used directly on top of your existing mounted filesystem in Linux. eCryptfs has been in the mainline Linux kernel since 2.6.19. Here is a section in the eCryptfs FAQ that compares and contrasts block device encryption with stacked filesystem encryption:
# compare
http://ecryptfs.sourceforge.net/ecryptfs-faq.html
An unjust law is no law at all. - St. Augustine
Not as bad as I thought: It only goes online for help during volume creation. Once you start TrueCrypt proper there's a PDF.
Nope.
When you create the (main) volume, it's filled with random data. Formatting overwrites some of that, but the empty space is still full of random bytes. So, let's say you create a main volume on a 100 MB partition, and copy over some "cover" files, leaving 75 MB of free space at the end.
Then you create a 50 MB hidden volume, which is stored at the end of the partition. You put your top secret files in there, dismount it, and remount the main volume. The main volume still says "100 MB total, 75 MB free", and the free space still appears to be full of random bytes (since the hidden volume is encrypted), but they're different random bytes than they were at first.
So no, you can't tell just by looking at the mounted main volume that there's a hidden volume. All you can do is suspect that there might be something hidden in that free space, but you can't prove it - there are no plaintext headers, so both volumes are completely encrypted and appear random without the correct key. TrueCrypt will even let you reformat the main volume, destroying the hidden volume in the process, unless you specifically tell it to protect the hidden volume (using the correct key) when you mount the main one.
OTOH, you might be able to make a snapshot of the entire encrypted partition (without alerting the owner), then come back later and look for changes once you've gotten him to give up the key to the main volume. If the changes are in the main volume's free space, and they can't be explained by creating and deleting files, then you know there's a hidden volume. However, this requires covert monitoring over a period of time while the system is in active use; you can't detect the hidden volume simply by seizing a drive and examining it all at once.
Visual IRC: Fast. Powerful. Free.
I did list them earlier, and they're listed on TrueCrypt's site as well as all over the rest of this thread. The main feature is hidden volumes.
Visual IRC: Fast. Powerful. Free.
Another nice feature...you can use a key file with TrueCrypt in addition to your password. Generate a nice 16-32 byte key file and place it on a USB drive. Then you have poor mans two-factor authentication. Without that key file on your USB drive it is impossible to decrypt the data. So for instance if you had data you absolutely could not have someone recover it would be pretty easy to simply destroy the USB drive. Like say.. you keep it in your pocket and the police are coming to serve a warrant. Simply destroy the USB drive (sufficiently, to where even the most sophisticated data recovery would fail) and you raise the bar for data recovery significantly to say the last.
I've written a TrueCrypt-based simple HOWTO for laptop data-security.
Its called "Steal my laptop (I don't care) - Securing laptop-data"
Here's the link to it:
http://ergo.rydlr.net/?p=39
I was talking about the user's password when I mentioned a "good" key.
/ articles/itproviewpoint091004.mspx
/ articles/itproviewpoint100504.mspx
Here's a page from Microsoft that does some calculations on how hard it is to brute force a good key:
http://www.microsoft.com/technet/security/secnews
and the followup article about using passphrases:
http://www.microsoft.com/technet/security/secnews
Not lifetime-of-the-universe lengths of time, but any security-conscious individual can certainly make their hidden password long enough so that they'll be long dead before anyone short of the NSA can crack it.