Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrueCrypt 4.3 Released

Posted by kdawson on from the windows-only-alas dept.

RedBear writes "A new update to the best open source transparent encryption software has been released. TrueCrypt is (the only?) open source encryption software capable of creating and mounting encrypted virtual disk images that can then be worked with transparently like any other storage drive, with data encrypted and decrypted in real-time. These virtual disks can be created as files, or entire partitions or physical drives can be encrypted and mounted transparently. Sadly there is still no Linux GUI or Mac OS X port in sight. If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption, please consider donating time or money to the cause, and add your voice to the forum." From the site:"Among the new features [are] full compatibility with 32-bit and 64-bit Windows Vista, support for devices and file systems that use a sector size other than 512 bytes (such as new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.), auto-dismount when a host device (e.g., a USB flash drive) is inadvertently removed, and many more." Read on for more features of TrueCrypt and cached versions of all the links above.
Also including features like plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades. TrueCrypt is practically the Holy Grail for advocates of free ubiquitous encryption. Now, if only it were platform independent.

To reduce load on their servers here are some Coralized versions of all the links:

TrueCrypt home page
Future development goals
Forum thread about Mac OS X version
Donations page
General forum
Plausible deniability
Hidden volumes
Traveler mode
Encryption algorithms
Multi-algorithm cascades
Version history

18 of 285 comments (clear)

  1. The coolest part. by Lumpy · · Score: 2, Insightful

    you dont have to install it. so there is no way that any researcher can discover it was used.

    I can not believe that the other encryption software out there is not even 1/20 as good as truecrypt.

    you can hide your data pretty easy with it.

    --
    Do not look at laser with remaining good eye.
    1. Re:The coolest part. by computer_guy57 · · Score: 2, Insightful

      Also, IIRC when you use it on Windows, even in traveler mode, it might make registry entries that might linger around. It is possible that soneone dedicated enough could find out that you've been using it.

      One other downside worth mentioning is that on Windows you have to have administrator rights on the machine to use it.

  2. No OS X Port? by CheeseburgerBrown · · Score: 2, Insightful

    What are the advantages of this software over using an encrypted disk image created with Tiger's build-in Disk Utility?

    --
    These stories are free but worth money.
    1. Re:No OS X Port? by fbjon · · Score: 3, Insightful

      It has some advantages: it's portable, and it has plausible deniability (hidden partitions).

      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
    2. Re:No OS X Port? by Simon+Garlick · · Score: 4, Insightful

      Why don't you download the source code for Truecrypt, and the source code for OS X Disk Utility, and compare how they implement their respective algorithms. The advantage will be pretty obvious.

      --

      -----
      PGP Key ID 0xCB8FF658
    3. Re:No OS X Port? by Sancho · · Score: 3, Insightful

      Ah ha! Therein lies the obvious advantage!

    4. Re:No OS X Port? by Simon+Garlick · · Score: 4, Insightful

      That, believe it or not, is my point. We have no way of knowing how secure OS X Disk Utility is. For all we know every encrypted .dmg can be decrypted with one master passphrase. For all we know the algorithms are deliberately crippled. We'll never know, because we can't audit the source.

      --

      -----
      PGP Key ID 0xCB8FF658
    5. Re:No OS X Port? by bendodge · · Score: 2, Insightful

      They only have to force the user password, not the actual monster key.

      --
      The government can't save you.
    6. Re:No OS X Port? by Anonymous Coward · · Score: 3, Insightful

      I might just be naive (as I have never used TrueCrypt), but I don't understand why you can't just look for the true TrueCrypt driver, run the appropriate TrueCrypt version and brute-force the user password until you get to see everything.


      Brute forcing true crypt takes a LONG TIME. Just using the standard truecrypt executable, it takes about 2.26 seconds per guess on my Athlon 2500+. To put that in perspective, it would take my machine nearly 70 days to brute force a 4 charactor password (Aprox 14 million combos using all the keys normally typeable on the keyboard). Why does it take so long? Because the header contains no hints the app has to try:
        * 11 Encryption methods.
        * 3 hash methods (per encryption method)
        * Try to mount as a normal volume, if that fails, try as a hidden volume (2 choices)

      So each passphrase/keyfile has to be computed and least 33 times and applied 66 times before the app knows it failed.

      If one knew any of the above settings (except the passphase/keyfile) one could gain 10-30 times the speed. Making even my machine able to crack it in a few days.

      Of course a 4 charactor password is weak, and Truecrypt allows passwords of 64 charactors + the use of key files. A proper passphrase/keyfile combo will be un-bruteforceable for the useful life of the protected data.

      Not to say that a more intellegent approach to trying to break the password won't work, but brute force is not that intellegent.
    7. Re:No OS X Port? by Mr2001 · · Score: 3, Insightful

      If your encrypted data doesn't look random, you need to replace your encryption program ASAP. Any patterns in the output are failures in the algorithm.

      --
      Visual IRC: Fast. Powerful. Free.
  3. Re:Nothing to see here by wile_e_wonka · · Score: 3, Insightful

    I keep the family meatloaf recipe on a TruCrypt partition. No one has discovered it yet!

    Anyway--I think there are legitimate reasons to want to encrypt data. How about a doctor wanting to ensure patient records are private? Or a corporation that has done some research that it doesn't want to get out? Or what about your personal diary (some people, believe it or not, don't think MySpace is the best place for a private diary)? Or what if you work for the CIA and have been stealing data from a small quiet--a little too quiet--Scandinavian company for a couple years...and they find you out and take your computer after breaking your legs? (ok, that last one's a stretch).

    I'm sure commenters will add many more legitimate items to this list.

  4. Re:Algorithm Cascades == BAD? by Anonymous Coward · · Score: 2, Insightful

    If multi-algorithm cascades weakened the protection, that's what the codebreakers would do: encrypt the data again and crack the "weakened" data.

  5. Re:Dangerous feature by cptgrudge · · Score: 2, Insightful

    If you're going to be indefinitely held while being tortured, until you die or are killed, all the software features in the world aren't going to help you. It's more useful in places where "plausible deniability" can be used to get you out of trouble, not in countries or organizations where the concept is irrelevant.

    --
    Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
  6. Re:Linux downloads available by ink · · Score: 3, Insightful
    Yep, I've been using luks under Linux for ages. It works transparently, and is portable from system to system. I don't think that the article submitter has ever used OSX or Linux; both have nice, mature encrypted block systems.

    Hell, I used PGPdisk back in the '90s, and it was "all that".

    --
    The wheel is turning, but the hamster is dead.
  7. Re:Nothing to see here by dtzWill · · Score: 3, Insightful

    Only pirates, terrorists, and criminals need encryption. :) ...which according to the media industry and the US government is just about everyone. :-D
  8. Re:Nothing to see here by fatphil · · Score: 2, Insightful

    ... including the media industry and the US government.

    --
    Also FatPhil on SoylentNews, id 863
  9. Re:Linux downloads available by Bishop · · Score: 2, Insightful

    plausible deniability, hidden volumes and all that other good stuff talked about on the TrueCrypt site. That is because real security experts know that plausible deniability and hidden volumes are script kiddie features that don't work in the real work. Both "features" assume unrealistic attackers. In the real world there is little point in pretending that an encrypted volume isn't. The attacker is going to assume that it is regardless of what you claim.
  10. Re:Linux downloads available by drinkypoo · · Score: 2, Insightful

    When a court of law sees random data they are going to assume cryptography. It is going to be tough to convince a court differently. Hidden volumes may give an out, but counting on that is foolish.

    The point is that your actual volume is hidden within a decoy volume. You give them the key to open the decoy volume, and they find a bunch of files that won't get you incarcerated.

    Assuming that an attacker is going to be able to find all the encrypted data and planning for it is a saner course of action.

    There is no plan that will cover you if (for a horrible, horrible example) the law finds your kiddie porn stash.

    Actually, along those lines, you might elect to store any naked baby pictures of your children on such an encrypted volume, since the "think of the children" DAs have actually been going after people for crap like that. I know my mom has pictures of me as a naked baby. I'm pretty sure that it's not pornography, yet people have been hauled into court for that kind of shit. Pathetic.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"