TrueCrypt 4.3 Released

RedBear writes "A new update to the best open source transparent encryption software has been released. TrueCrypt is (the only?) open source encryption software capable of creating and mounting encrypted virtual disk images that can then be worked with transparently like any other storage drive, with data encrypted and decrypted in real-time. These virtual disks can be created as files, or entire partitions or physical drives can be encrypted and mounted transparently. Sadly there is still no Linux GUI or Mac OS X port in sight. If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption, please consider donating time or money to the cause, and add your voice to the forum." From the site:"Among the new features [are] full compatibility with 32-bit and 64-bit Windows Vista, support for devices and file systems that use a sector size other than 512 bytes (such as new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.), auto-dismount when a host device (e.g., a USB flash drive) is inadvertently removed, and many more." Read on for more features of TrueCrypt and cached versions of all the links above.
Also including features like plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades. TrueCrypt is practically the Holy Grail for advocates of free ubiquitous encryption. Now, if only it were platform independent.

To reduce load on their servers here are some Coralized versions of all the links:

TrueCrypt home page
Future development goals
Forum thread about Mac OS X version
Donations page
General forum
Plausible deniability
Hidden volumes
Traveler mode
Encryption algorithms
Multi-algorithm cascades
Version history

Re:No OS X Port?

[fbjon]

It has some advantages: it's portable, and it has plausible deniability (hidden partitions).

Re:Nothing to see here

[wile_e_wonka]

I keep the family meatloaf recipe on a TruCrypt partition. No one has discovered it yet!

Anyway--I think there are legitimate reasons to want to encrypt data. How about a doctor wanting to ensure patient records are private? Or a corporation that has done some research that it doesn't want to get out? Or what about your personal diary (some people, believe it or not, don't think MySpace is the best place for a private diary)? Or what if you work for the CIA and have been stealing data from a small quiet--a little too quiet--Scandinavian company for a couple years...and they find you out and take your computer after breaking your legs? (ok, that last one's a stretch).

I'm sure commenters will add many more legitimate items to this list.

Re:No OS X Port?

[Simon+Garlick]

Why don't you download the source code for Truecrypt, and the source code for OS X Disk Utility, and compare how they implement their respective algorithms. The advantage will be pretty obvious.

Re:No OS X Port?

[Sancho]

Ah ha! Therein lies the obvious advantage!

Re:Linux downloads available

[ink]

Yep, I've been using luks under Linux for ages. It works transparently, and is portable from system to system. I don't think that the article submitter has ever used OSX or Linux; both have nice, mature encrypted block systems.

Hell, I used PGPdisk back in the '90s, and it was "all that".

Re:Nothing to see here

[dtzWill]

Only pirates, terrorists, and criminals need encryption. :) ...which according to the media industry and the US government is just about everyone. :-D

Re:No OS X Port?

[Simon+Garlick]

That, believe it or not, is my point. We have no way of knowing how secure OS X Disk Utility is. For all we know every encrypted .dmg can be decrypted with one master passphrase. For all we know the algorithms are deliberately crippled. We'll never know, because we can't audit the source.

Re:No OS X Port?

I might just be naive (as I have never used TrueCrypt), but I don't understand why you can't just look for the true TrueCrypt driver, run the appropriate TrueCrypt version and brute-force the user password until you get to see everything.

Brute forcing true crypt takes a LONG TIME. Just using the standard truecrypt executable, it takes about 2.26 seconds per guess on my Athlon 2500+. To put that in perspective, it would take my machine nearly 70 days to brute force a 4 charactor password (Aprox 14 million combos using all the keys normally typeable on the keyboard). Why does it take so long? Because the header contains no hints the app has to try:
  * 11 Encryption methods.
  * 3 hash methods (per encryption method)
  * Try to mount as a normal volume, if that fails, try as a hidden volume (2 choices)

So each passphrase/keyfile has to be computed and least 33 times and applied 66 times before the app knows it failed.

If one knew any of the above settings (except the passphase/keyfile) one could gain 10-30 times the speed. Making even my machine able to crack it in a few days.

Of course a 4 charactor password is weak, and Truecrypt allows passwords of 64 charactors + the use of key files. A proper passphrase/keyfile combo will be un-bruteforceable for the useful life of the protected data.

Not to say that a more intellegent approach to trying to break the password won't work, but brute force is not that intellegent.

Re:No OS X Port?

[Mr2001]

If your encrypted data doesn't look random, you need to replace your encryption program ASAP. Any patterns in the output are failures in the algorithm.