Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrueCrypt 4.3 Released

Posted by kdawson on from the windows-only-alas dept.

RedBear writes "A new update to the best open source transparent encryption software has been released. TrueCrypt is (the only?) open source encryption software capable of creating and mounting encrypted virtual disk images that can then be worked with transparently like any other storage drive, with data encrypted and decrypted in real-time. These virtual disks can be created as files, or entire partitions or physical drives can be encrypted and mounted transparently. Sadly there is still no Linux GUI or Mac OS X port in sight. If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption, please consider donating time or money to the cause, and add your voice to the forum." From the site:"Among the new features [are] full compatibility with 32-bit and 64-bit Windows Vista, support for devices and file systems that use a sector size other than 512 bytes (such as new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.), auto-dismount when a host device (e.g., a USB flash drive) is inadvertently removed, and many more." Read on for more features of TrueCrypt and cached versions of all the links above.
Also including features like plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades. TrueCrypt is practically the Holy Grail for advocates of free ubiquitous encryption. Now, if only it were platform independent.

To reduce load on their servers here are some Coralized versions of all the links:

TrueCrypt home page
Future development goals
Forum thread about Mac OS X version
Donations page
General forum
Plausible deniability
Hidden volumes
Traveler mode
Encryption algorithms
Multi-algorithm cascades
Version history

16 of 285 comments (clear)

  1. Re:No OS X Port? by Anonymous Coward · · Score: 1, Interesting

    Why? Binary compatibility of the encrypted files between win32 and Linux systems.
    Entirely self contained EXE and data on a single USB drive.

    To be sure, TrueCrypt isn't as friendly as OSX, but OTOH, TrueCrypt is open source, which means if you don't like it, either stay on the version you like forever or change it to what you like. With Parallels, you can run either win32 or Linux AND have OSX and Linux and win32 data file compatible.

    I would ask this, how can I open an OSX encrypted file on both Linux and win32, assuming cross platform is really that important to you?

  2. Brute force attack built in, is what I want by apathy+maybe · · Score: 2, Interesting

    (Along with anarchy and freedom. But I think the subject is more likely just now.)

    I had the recent misfortune to forget the password to an encrypted file. It has stuff that isn't that important or/and can be replaced, but the point is, it takes time to replace this sort of stuff (if it can be replaced). The reason is simply, running on a laptop, if it falls into someone elses hands (and they manage to get past the various passwords (reset the BIOS, insert KNOPPIX away you go)) I don't really want them to have that stuff.

    I know it is possible to make a back up of the head of the file (or partition), and in the case you do forget the password you can simply replace the head with the back up (with a known password). However, I didn't do that.

    I do, however, know the approximate password (where is x is a number or character or blank), it is something like xxxsomewordxxx. Having a dictionary and brute force attack ability on the password would potentially recover my stuff with little effort (have you ever tried typing in hundreds of different passwords? Changing one byte at a time! It sucks). It would also have the added advantage of telling a user if they have a poor password (though I guess you don't really need this system to do that).

    I know it is Free Software, and as such I really should either program it myself or pay (or whatever) someone else to do it for me. But I'm not a very good programmer, and my languages (Java and PHP) aren't really relevant I don't think. I also don't have the (people) networks to contact people who might know how to do it.

    Shit happens, take greater care next time.

    The moral of the story? Be sure to back your stuff up. And make sure you have a non-encrypted copy somewhere if it is important that someone else know about it if you die (or something else happens). And also write your password down. (That is another thing, a whole bunch of passwords are in that file! For things like Internet banking and so on. Damn it.)

    --
    I wank in the shower.
  3. Algorithm Cascades == BAD? by Anonymous Coward · · Score: 2, Interesting

    I am, actually, a mathematician (though not a cryptographer), but I could've sworn that doing "cascades" like this is actually a bad idea, mathematically? I seem to remember times where it can actually *weaken* the overall level of protection if you just do it carelessly without regard to the mathematics.

    Other than that, it is a very nice little program.

    1. Re:Algorithm Cascades == BAD? by Copid · · Score: 3, Interesting

      I am, actually, a mathematician (though not a cryptographer), but I could've sworn that doing "cascades" like this is actually a bad idea, mathematically? I seem to remember times where it can actually *weaken* the overall level of protection if you just do it carelessly without regard to the mathematics.
      My understanding is that in the general case, there's no truly compelling reason to believe that cascades are either stronger or weaker. I believe that there are special cases with certain algorithms, but the people who maintain TrueCrypt are aware of them. I don't recall the exact details, but it's discussed fairly frequently on sci.crypt.
      --
      An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
  4. Re:The coolest part. by Anonymous Coward · · Score: 2, Interesting

    Rename truecrypt on your thumbdrive to vi. now all it shows is that you ran VI from /mnt/sda1/utilities

    Now if you can get that I ran the trucrypt binary that was renamed to vi on that thumbdrive then you are an incredible researcher and need to be working for the FBI/NSA right now.

    leave the history intact. it shows I ran VI.

  5. Re:The coolest part. by Lumpy · · Score: 2, Interesting

    windows writes last ran items to the registry. Simply renaming the executable to notepad.exe will solve that problem. If truecrypt writes anything to the registry then it does have a major flaw, I need to look further into that.

    --
    Do not look at laser with remaining good eye.
  6. Re:Mac OS X Has Encrypted Disk Images by Reaperducer · · Score: 1, Interesting

    Does disk utility give you plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades?

    I'm afraid this is definitely an area where os x lags.
    Maybe because the tinfoil hat crowd usually doesn't buy Apple computers.

    While I support a lot of what the FOSS movement does, I think this is a good example of the overall trend -- it (over)fills very small niches very well, but doesn't do much for the masses.

    (Not that Apples are owned by the masses; but that's a different discussion.)
    --
    -- I'm old enough to have lived through six different meanings of the word "hacker."
  7. EncFS by jumperboy · · Score: 2, Interesting

    I use EncFS http://arg0.net/encfs on Linux every day and love it. Even root can't snoop a mounted directory (but could delete the encrypted source directory). How is TrueCrypt better?

  8. Re:Spread the word - truecrypt volumes can be rsyn by Copid · · Score: 2, Interesting

    Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.
    It should be noted that this is not necessarily a good idea if you have a hidden volume and like to write to it. In that case, you'd be keeping two different versions of the same volume at two different points in time, which can allow an attacker to negate your plausible deniability. To put it in a concrete example, if somebody takes your two machines at the same time and they're not up to date, the attacker can compare the "free" space on your outer volume and determine that you're using a hidden volume.
    --
    An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
  9. Virtual Machine + TS = Fully encrypted OS? by ancientt · · Score: 2, Interesting

    I use truecrypt because I need to be able to hand over my laptop to a gun wielding thug if it ever comes up. This got me to thinking, if its a virtual filesystem, and seen as such by Linux, what would happen if I put my entire virtual machine on an encrypted partition. Would it then be possible for me to use Linux with TS + Xen (or VMWare if you prefer) to provide an entirely encrypted OS, including its filesystem? I'd assume that I'd need to have no swap (or file based swap, also on an encrypted partition) but that seems pretty doable to me. If my machine gets stolen, then is everything on the encrypted partition as safe as my password?

    --
    B) Eliminate all the stupid users. This is frowned upon by society.
  10. Pet Peeve by bogie · · Score: 2, Interesting

    Driver versions being incompatible and not overwritable. For example the thumb drive I carry around uses True Crypt but now next time I plug it into my desktop I'll get the incompatible driver error.

    --
    If you wanna get rich, you know that payback is a bitch
  11. Re:FreeOTFE? by user24 · · Score: 2, Interesting

    I just use commandline gpg. sure, anyone can tell there are encrypted files on my USB 'disk', but so what? I'm not a secret agent, nor a corporate informant, I don't actually need plausible deniability.

    It doesn't need admin privs, leaves no tracesif set up properly, and is open source. If you want to store multiple files under one encrypted file, slap them in a zip file and encrypt that.
    Don't get me wrong, I'm sure there are legitimate purposes for transparent volume encryption, and plausible deniability, but aside from the cool factor, I just don't need them.

  12. Re:No OS X Port? by mOdQuArK! · · Score: 2, Interesting

    Go look up how long it would take to "brute force" a good key with a good (as in, hasn't been mathematically broken yet) encryption implementation. It's not something you should worry about.

    Of course, if someone can access your computer as freely as you've described, it would probably be a lot easier for them to install a keylogger program (or a hardware hack) & get your secret key when you type it in.

  13. Re:No OS X Port? by Solra+Bizna · · Score: 5, Interesting

    Blew mod points to respond to this.

    Disk Utility, the graphical application, is not open source. diskutil and hdiutil, the command-line programs it is a front-end for, are open source. I don't know whether the DiskImages framework (which hdiutil could be considered a front-end for) is open source, though. (my guess is "yes")

    -:sigma.SB

    --
    WARN
    THERE IS ANOTHER SYSTEM
  14. Re:The coolest part. by xtracto · · Score: 2, Interesting

    And in Linux it is NOT possible to use it in any computer unless you have ROOT access (to install it). I have a 2GB USB stick and I wanted to use half of it as an encrypted drive. In Windows environments I could use it without problems but there is *no* way to access the drive in Linux unless you have root access to mount the device, or unless the computer you are using has got FUSE *AND* you are allowed to mount this file system (sheesh in FC6 I am not allowed to mount a simple USB device unless I've got root access!!).

    I love truecrypt for what it is, I have used it but it does not works for what I need it (protect sensitive information in my thumb drive, making it available whenever/wherever I need it). And I *require* Linux support as my work computer is Linux and my home computer is Windows (and I do not have admin access to my work computer as University Policy does not allow it.

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  15. Re:No OS X Port? by Mr2001 · · Score: 2, Interesting

    No.. in fact, that would just make it more obvious that you've got a hidden partition. Here's how the covert monitoring might work:

    Monday morning, the attacker sneaks in and records a snapshot of your 100 MB partition.

    Friday evening, he comes back with guns blazing and forces you to reveal a key. He uses it to mount both copies of your main volume, the current one and the snapshot, and then compares them byte-for-byte. Some of the changes are in files present on the main volume, but other changes are in free space.

    He then examines the changes made inside the free space, and finds that there aren't any directory entries or recognizable data - it was random before and it's still random now, only different. He concludes that either (1) you wrote new random data into your drive's free space for some reason, or (2) the free space contains an encrypted volume.

    Actually, that suggests a way to defend against such an attack: every so often, write new random data to randomly selected parts of each mounted volume's free space. This is close to what you mentioned, but you'd only do it when there isn't a hidden volume. That way, an attacker will always see these suspicious changes, whether there's a hidden volume or not, and #1 above becomes a believable excuse as long as everyone knows about this feature.

    (Of course, TrueCrypt would have to be aware of the filesystem you're using in order to know which parts are free space. And you'd have to be able to turn this feature off temporarily if you ever needed to mount the main volume without possibly overwriting a hidden volume.)

    --
    Visual IRC: Fast. Powerful. Free.