TrueCrypt 4.3 Released

← Back to Stories (view on slashdot.org)

Posted by kdawson on Tuesday March 20, 2007 @12:12PM from the windows-only-alas dept.

RedBear writes "A new update to the best open source transparent encryption software has been released. TrueCrypt is (the only?) open source encryption software capable of creating and mounting encrypted virtual disk images that can then be worked with transparently like any other storage drive, with data encrypted and decrypted in real-time. These virtual disks can be created as files, or entire partitions or physical drives can be encrypted and mounted transparently. Sadly there is still no Linux GUI or Mac OS X port in sight. If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption, please consider donating time or money to the cause, and add your voice to the forum." From the site:"Among the new features [are] full compatibility with 32-bit and 64-bit Windows Vista, support for devices and file systems that use a sector size other than 512 bytes (such as new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.), auto-dismount when a host device (e.g., a USB flash drive) is inadvertently removed, and many more." Read on for more features of TrueCrypt and cached versions of all the links above.
Also including features like plausible deniability, steganographically hidden volumes, unidentifiable partition headers, traveler mode, and your choice of the strongest available encryption algorithms up to and including multi-algorithm cascades. TrueCrypt is practically the Holy Grail for advocates of free ubiquitous encryption. Now, if only it were platform independent.

To reduce load on their servers here are some Coralized versions of all the links:

TrueCrypt home page
Future development goals
Forum thread about Mac OS X version
Donations page
General forum
Plausible deniability
Hidden volumes
Traveler mode
Encryption algorithms
Multi-algorithm cascades
Version history

66 of 285 comments (clear)

The coolest part. by Lumpy · 2007-03-20 12:15 · Score: 2, Insightful

you dont have to install it. so there is no way that any researcher can discover it was used.

I can not believe that the other encryption software out there is not even 1/20 as good as truecrypt.

you can hide your data pretty easy with it.

--
Do not look at laser with remaining good eye.
1. Re:The coolest part. by Eddi3 · 2007-03-20 12:24 · Score: 5, Informative
  
  "you dont have to install it. so there is no way that any researcher can discover it was used."
  
  That's not entirely true. When TrueCrypt opens, it installs a driver (in Windows). This driver remains there unless you remove it. In fact, I just had to manually remove it because the old version of the driver was already installed, and the new version of it couldn't override it.
  
  Don't get me wrong, I absolutely LOVE TrueCrypt, I use it everyday, however it's not entirely true that it leaves no footprint. At least, not in my experience.
  
  -Eddie
2. Re:The coolest part. by Anonymous Coward · 2007-03-20 12:29 · Score: 3, Informative
  
  there is no way that any researcher can discover it was used.
  
  wrong, if you read the info on the site about "traveller mode"
  
  After examining the registry file, it may be possible to tell that TrueCrypt was run (and that a TrueCrypt volume was mounted) on a Windows system even if it is run in traveller mode.
  
  so it still writes to the registry and so can be discovered by forensics in an instant
  why it writes to the registry really needs to be addressed, i wish apps went back to the old .ini method of storing config data, much more secure and no messing in the registry looking for obscure keys and entries, deleting a single ini file is a lot easier than digging through the registry
3. Re:The coolest part. by Anonymous Coward · 2007-03-20 12:33 · Score: 5, Informative
  
  from the truecrypt site:
  
  Traveller Mode
  
  TrueCrypt can run in so-called 'traveller' mode, which means that it does not have to be installed on the operating system under which it is run. However, there are two things to keep in mind:
  
  * You need administrator privileges in order to able to run TrueCrypt in 'traveller' mode.
  * After examining the registry file, it may be possible to tell that TrueCrypt was run (and that a TrueCrypt volume was mounted) on a Windows system even if it is run in traveller mode.
  
  If you need to solve these problems, we recommend using BartPE for this purpose. For further information on BartPE, see the question "Is it possible to use TrueCrypt without leaving any 'traces' on Windows?" in the section Frequently Asked Questions.
4. Re:The coolest part. by Eddi3 · 2007-03-20 13:01 · Score: 4, Informative
  
  Generally, Windows itself keeps the names of files that have run recently, and that's probably what they're refering to, not TrueCrypt's settings. In that aspect, no executable on Windows can leave absolutely NO footprint. Of course, these registry entries can be removed manually.
  
  In fact, TrueCrypt's settings are maintained in a file called Configuration.xml in the same directory as TrueCrypt.exe, in order to remain truly portable.
5. Re:The coolest part. by Anonymous Coward · 2007-03-20 13:05 · Score: 2, Interesting
  
  Rename truecrypt on your thumbdrive to vi. now all it shows is that you ran VI from /mnt/sda1/utilities
  
  Now if you can get that I ran the trucrypt binary that was renamed to vi on that thumbdrive then you are an incredible researcher and need to be working for the FBI/NSA right now.
  
  leave the history intact. it shows I ran VI.
6. Re:The coolest part. by Lumpy · 2007-03-20 13:15 · Score: 2, Interesting
  
  windows writes last ran items to the registry. Simply renaming the executable to notepad.exe will solve that problem. If truecrypt writes anything to the registry then it does have a major flaw, I need to look further into that.
  
  --
  Do not look at laser with remaining good eye.
7. Re:The coolest part. by stuuf · 2007-03-20 13:34 · Score: 2, Informative
  
  But if you have to run it from the command line, you probably need to give it command-line arguments. Do truecrypt's typical arguments look like typical vi arguments?
  
  $ unset HISTFILE
  
  --
  Everyone is born right-handed; only the greatest overcome it
8. Re:The coolest part. by computer_guy57 · 2007-03-20 16:05 · Score: 2, Insightful
  
  Also, IIRC when you use it on Windows, even in traveler mode, it might make registry entries that might linger around. It is possible that soneone dedicated enough could find out that you've been using it.
  
  One other downside worth mentioning is that on Windows you have to have administrator rights on the machine to use it.
9. Re:The coolest part. by xtracto · 2007-03-20 22:40 · Score: 2, Interesting
  
  And in Linux it is NOT possible to use it in any computer unless you have ROOT access (to install it). I have a 2GB USB stick and I wanted to use half of it as an encrypted drive. In Windows environments I could use it without problems but there is *no* way to access the drive in Linux unless you have root access to mount the device, or unless the computer you are using has got FUSE *AND* you are allowed to mount this file system (sheesh in FC6 I am not allowed to mount a simple USB device unless I've got root access!!).
  
  I love truecrypt for what it is, I have used it but it does not works for what I need it (protect sensitive information in my thumb drive, making it available whenever/wherever I need it). And I *require* Linux support as my work computer is Linux and my home computer is Windows (and I do not have admin access to my work computer as University Policy does not allow it.
  
  --
  Ubuntu is an African word meaning 'I can't configure Debian'
No OS X Port? by CheeseburgerBrown · 2007-03-20 12:17 · Score: 2, Insightful

What are the advantages of this software over using an encrypted disk image created with Tiger's build-in Disk Utility?

--
These stories are free but worth money.
1. Re:No OS X Port? by fbjon · 2007-03-20 12:26 · Score: 3, Insightful
  
  It has some advantages: it's portable, and it has plausible deniability (hidden partitions).
  
  --
  True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
2. Re:No OS X Port? by Mr2001 · 2007-03-20 12:27 · Score: 4, Informative
  
  Hidden volumes, for one. A single image can have two volumes in it, with different passwords, encryption methods, etc., and you can't even tell the hidden one is there unless you know the key.
  
  You can also use any file as the key, instead of (or in combination with) a password.
  
  And you can encrypt an entire partition, instead of putting the image inside another filesystem and letting it get copied around by the defragmenter (which may have security implications for the ultra-paranoid).
  
  --
  Visual IRC: Fast. Powerful. Free.
3. Re:No OS X Port? by Mr2001 · 2007-03-20 12:31 · Score: 2, Informative
  
  TrueCrypt provides device-level encryption, so it doesn't need to be aware of HFS+ or any other filesystem you use with an encrypted volume. It also provides a few important features that are not built into OS X.
  
  --
  Visual IRC: Fast. Powerful. Free.
4. Re:No OS X Port? by Simon+Garlick · 2007-03-20 13:15 · Score: 4, Insightful
  
  Why don't you download the source code for Truecrypt, and the source code for OS X Disk Utility, and compare how they implement their respective algorithms. The advantage will be pretty obvious.
  
  --
  
  -----
  PGP Key ID 0xCB8FF658
5. Re:No OS X Port? by Mr2001 · 2007-03-20 14:48 · Score: 4, Informative
  
  Nope.
  
  When you create the (main) volume, it's filled with random data. Formatting overwrites some of that, but the empty space is still full of random bytes. So, let's say you create a main volume on a 100 MB partition, and copy over some "cover" files, leaving 75 MB of free space at the end.
  
  Then you create a 50 MB hidden volume, which is stored at the end of the partition. You put your top secret files in there, dismount it, and remount the main volume. The main volume still says "100 MB total, 75 MB free", and the free space still appears to be full of random bytes (since the hidden volume is encrypted), but they're different random bytes than they were at first.
  
  So no, you can't tell just by looking at the mounted main volume that there's a hidden volume. All you can do is suspect that there might be something hidden in that free space, but you can't prove it - there are no plaintext headers, so both volumes are completely encrypted and appear random without the correct key. TrueCrypt will even let you reformat the main volume, destroying the hidden volume in the process, unless you specifically tell it to protect the hidden volume (using the correct key) when you mount the main one.
  
  OTOH, you might be able to make a snapshot of the entire encrypted partition (without alerting the owner), then come back later and look for changes once you've gotten him to give up the key to the main volume. If the changes are in the main volume's free space, and they can't be explained by creating and deleting files, then you know there's a hidden volume. However, this requires covert monitoring over a period of time while the system is in active use; you can't detect the hidden volume simply by seizing a drive and examining it all at once.
  
  --
  Visual IRC: Fast. Powerful. Free.
6. Re:No OS X Port? by Mr2001 · 2007-03-20 14:52 · Score: 2, Informative
  
  I did list them earlier, and they're listed on TrueCrypt's site as well as all over the rest of this thread. The main feature is hidden volumes.
  
  --
  Visual IRC: Fast. Powerful. Free.
7. Re:No OS X Port? by Sancho · 2007-03-20 15:25 · Score: 3, Insightful
  
  Ah ha! Therein lies the obvious advantage!
8. Re:No OS X Port? by Simon+Garlick · 2007-03-20 16:57 · Score: 4, Insightful
  
  That, believe it or not, is my point. We have no way of knowing how secure OS X Disk Utility is. For all we know every encrypted .dmg can be decrypted with one master passphrase. For all we know the algorithms are deliberately crippled. We'll never know, because we can't audit the source.
  
  --
  
  -----
  PGP Key ID 0xCB8FF658
9. Re:No OS X Port? by mOdQuArK! · 2007-03-20 17:09 · Score: 2, Interesting
  
  Go look up how long it would take to "brute force" a good key with a good (as in, hasn't been mathematically broken yet) encryption implementation. It's not something you should worry about.
  
  Of course, if someone can access your computer as freely as you've described, it would probably be a lot easier for them to install a keylogger program (or a hardware hack) & get your secret key when you type it in.
10. Re:No OS X Port? by bendodge · 2007-03-20 17:21 · Score: 2, Insightful
  
  They only have to force the user password, not the actual monster key.
  
  --
  The government can't save you.
11. Re:No OS X Port? by Anonymous Coward · 2007-03-20 17:31 · Score: 3, Insightful
  
  I might just be naive (as I have never used TrueCrypt), but I don't understand why you can't just look for the true TrueCrypt driver, run the appropriate TrueCrypt version and brute-force the user password until you get to see everything.
  
  Brute forcing true crypt takes a LONG TIME. Just using the standard truecrypt executable, it takes about 2.26 seconds per guess on my Athlon 2500+. To put that in perspective, it would take my machine nearly 70 days to brute force a 4 charactor password (Aprox 14 million combos using all the keys normally typeable on the keyboard). Why does it take so long? Because the header contains no hints the app has to try:
  * 11 Encryption methods.
  * 3 hash methods (per encryption method)
  * Try to mount as a normal volume, if that fails, try as a hidden volume (2 choices)
  
  So each passphrase/keyfile has to be computed and least 33 times and applied 66 times before the app knows it failed.
  
  If one knew any of the above settings (except the passphase/keyfile) one could gain 10-30 times the speed. Making even my machine able to crack it in a few days.
  
  Of course a 4 charactor password is weak, and Truecrypt allows passwords of 64 charactors + the use of key files. A proper passphrase/keyfile combo will be un-bruteforceable for the useful life of the protected data.
  
  Not to say that a more intellegent approach to trying to break the password won't work, but brute force is not that intellegent.
12. Re:No OS X Port? by toadlife · 2007-03-20 19:14 · Score: 3, Funny
  
  "Nevermind the 15 megs of "unused" space at the end of the volume." If "Secret Homo-Erotic Transvestite Fetish" is the mild stuff, I'm not sure if I'd want to see the porn on the 15meg drive.
  
  --
  I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
13. Re:No OS X Port? by mOdQuArK! · 2007-03-20 19:37 · Score: 2, Informative
  
  I was talking about the user's password when I mentioned a "good" key.
  
  Here's a page from Microsoft that does some calculations on how hard it is to brute force a good key:
  
  http://www.microsoft.com/technet/security/secnews/ articles/itproviewpoint091004.mspx
  
  and the followup article about using passphrases:
  
  http://www.microsoft.com/technet/security/secnews/ articles/itproviewpoint100504.mspx
  
  Not lifetime-of-the-universe lengths of time, but any security-conscious individual can certainly make their hidden password long enough so that they'll be long dead before anyone short of the NSA can crack it.
14. Re:No OS X Port? by Solra+Bizna · 2007-03-20 21:45 · Score: 5, Interesting
  
  Blew mod points to respond to this.
  
  Disk Utility, the graphical application, is not open source. diskutil and hdiutil, the command-line programs it is a front-end for, are open source. I don't know whether the DiskImages framework (which hdiutil could be considered a front-end for) is open source, though. (my guess is "yes")
  
  -:sigma.SB
  
  --
  WARN
  THERE IS ANOTHER SYSTEM
15. Re:No OS X Port? by Mr2001 · 2007-03-21 00:27 · Score: 3, Insightful
  
  If your encrypted data doesn't look random, you need to replace your encryption program ASAP. Any patterns in the output are failures in the algorithm.
  
  --
  Visual IRC: Fast. Powerful. Free.
16. Re:No OS X Port? by Mr2001 · 2007-03-21 01:07 · Score: 2, Interesting
  
  No.. in fact, that would just make it more obvious that you've got a hidden partition. Here's how the covert monitoring might work:
  
  Monday morning, the attacker sneaks in and records a snapshot of your 100 MB partition.
  
  Friday evening, he comes back with guns blazing and forces you to reveal a key. He uses it to mount both copies of your main volume, the current one and the snapshot, and then compares them byte-for-byte. Some of the changes are in files present on the main volume, but other changes are in free space.
  
  He then examines the changes made inside the free space, and finds that there aren't any directory entries or recognizable data - it was random before and it's still random now, only different. He concludes that either (1) you wrote new random data into your drive's free space for some reason, or (2) the free space contains an encrypted volume.
  
  Actually, that suggests a way to defend against such an attack: every so often, write new random data to randomly selected parts of each mounted volume's free space. This is close to what you mentioned, but you'd only do it when there isn't a hidden volume. That way, an attacker will always see these suspicious changes, whether there's a hidden volume or not, and #1 above becomes a believable excuse as long as everyone knows about this feature.
  
  (Of course, TrueCrypt would have to be aware of the filesystem you're using in order to know which parts are free space. And you'd have to be able to turn this feature off temporarily if you ever needed to mount the main volume without possibly overwriting a hidden volume.)
  
  --
  Visual IRC: Fast. Powerful. Free.
Linux downloads available by tabo_peru · 2007-03-20 12:19 · Score: 5, Informative

"from the windows-only-alas dept."

Not really, you can download ubuntu binaries from their download section.
1. Re:Linux downloads available by GenKreton · 2007-03-20 13:52 · Score: 4, Informative
  
  Except, the summary implies it is the only opensource method of doing this when, in fact, linux has several others and a few of them are superior (like a few luks implementations using dm-crypt).
2. Re:Linux downloads available by ink · 2007-03-20 15:30 · Score: 3, Insightful
  
  Yep, I've been using luks under Linux for ages. It works transparently, and is portable from system to system. I don't think that the article submitter has ever used OSX or Linux; both have nice, mature encrypted block systems.
  Hell, I used PGPdisk back in the '90s, and it was "all that".
  
  --
  The wheel is turning, but the hamster is dead.
3. Re:Linux downloads available by Bazer · 2007-03-20 23:43 · Score: 2, Informative
  
  You should really try setting up dm-crypt on fedora.
  
  No GUI but it all boils down to:
  1) Adding an entry to /etc/crypttab pointing to a regular partition (fstab look-a-like)
  2) Modifying /etc/fstab to auto-mount the created dm-crypt device
  
  You can configure regular and swap partitions this way.
4. Re:Linux downloads available by Bishop · 2007-03-21 02:38 · Score: 2, Insightful
  
  plausible deniability, hidden volumes and all that other good stuff talked about on the TrueCrypt site. That is because real security experts know that plausible deniability and hidden volumes are script kiddie features that don't work in the real work. Both "features" assume unrealistic attackers. In the real world there is little point in pretending that an encrypted volume isn't. The attacker is going to assume that it is regardless of what you claim.
5. Re:Linux downloads available by drinkypoo · 2007-03-21 05:38 · Score: 2, Insightful
  
  When a court of law sees random data they are going to assume cryptography. It is going to be tough to convince a court differently. Hidden volumes may give an out, but counting on that is foolish.
  
  The point is that your actual volume is hidden within a decoy volume. You give them the key to open the decoy volume, and they find a bunch of files that won't get you incarcerated.
  
  Assuming that an attacker is going to be able to find all the encrypted data and planning for it is a saner course of action.
  
  There is no plan that will cover you if (for a horrible, horrible example) the law finds your kiddie porn stash.
  
  Actually, along those lines, you might elect to store any naked baby pictures of your children on such an encrypted volume, since the "think of the children" DAs have actually been going after people for crap like that. I know my mom has pictures of me as a naked baby. I'm pretty sure that it's not pornography, yet people have been hauled into court for that kind of shit. Pathetic.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Raarrgh by psaunders · 2007-03-20 12:20 · Score: 2, Funny

If you are one of the thronging hordes who have been patiently awaiting ubiquitous multi-platform encryption
Yes, I am one of the thronging hordes! *stomp stomp stomp*

--
Karma police, arrest this man. He talks in math. He buzzes like a fridge. He's like a detuned radio.
1. Re:Raarrgh by gardyloo · 2007-03-20 12:29 · Score: 3, Funny
  
  Shit. And here I originally read it as "thonging hores" and I was all excited that, finally, here was a post worth reading.
  
  So much for education.
debian has transparent encryption by Danny+Rathjens · 2007-03-20 12:26 · Score: 2, Informative

Why do you need a linux GUI for something like this? I installed debian etch a while ago and noticed encrypted partition was a an option along with normal filesystems, RAID, and LVM. So I tried it out. It was quite simple to setup. I made an encrypted / and an encrypted swap partition. Then when I booted into freshly installed system I had to enter my passphrase for each partition and after that it was just like a normal system. I didn't even notice any I/O performance loss. (Although I still went back to a RAID system after the experiment since I am not paranoid enough to sacrifice any performance or space yet :)
Nothing to see here by Kpt+Kill · 2007-03-20 12:28 · Score: 4, Funny

Only pirates, terrorists, and criminals need encryption. :)
1. Re:Nothing to see here by wile_e_wonka · 2007-03-20 13:05 · Score: 3, Insightful
  
  I keep the family meatloaf recipe on a TruCrypt partition. No one has discovered it yet!
  
  Anyway--I think there are legitimate reasons to want to encrypt data. How about a doctor wanting to ensure patient records are private? Or a corporation that has done some research that it doesn't want to get out? Or what about your personal diary (some people, believe it or not, don't think MySpace is the best place for a private diary)? Or what if you work for the CIA and have been stealing data from a small quiet--a little too quiet--Scandinavian company for a couple years...and they find you out and take your computer after breaking your legs? (ok, that last one's a stretch).
  
  I'm sure commenters will add many more legitimate items to this list.
2. Re:Nothing to see here by dtzWill · 2007-03-20 16:05 · Score: 3, Insightful
  
  Only pirates, terrorists, and criminals need encryption. :) ...which according to the media industry and the US government is just about everyone. :-D
3. Re:Nothing to see here by fatphil · 2007-03-21 00:42 · Score: 2, Insightful
  
  ... including the media industry and the US government.
  
  --
  Also FatPhil on SoylentNews, id 863
Re:Mac OS X Has Encrypted Disk Images by Mr2001 · 2007-03-20 12:34 · Score: 2, Informative

Exactly as described? Does Disk Utility let you create hidden volumes (indistinguishable from the main encrypted volume unless you know the key), or encrypt an entire partition, or use a file instead of a password as the key?

--
Visual IRC: Fast. Powerful. Free.
Re:huh? by Anonymous Coward · 2007-03-20 12:35 · Score: 3, Funny

They're too busy moving their pr0n collections to new TrueCrypt disks.
Brute force attack built in, is what I want by apathy+maybe · 2007-03-20 12:48 · Score: 2, Interesting

(Along with anarchy and freedom. But I think the subject is more likely just now.)

I had the recent misfortune to forget the password to an encrypted file. It has stuff that isn't that important or/and can be replaced, but the point is, it takes time to replace this sort of stuff (if it can be replaced). The reason is simply, running on a laptop, if it falls into someone elses hands (and they manage to get past the various passwords (reset the BIOS, insert KNOPPIX away you go)) I don't really want them to have that stuff.

I know it is possible to make a back up of the head of the file (or partition), and in the case you do forget the password you can simply replace the head with the back up (with a known password). However, I didn't do that.

I do, however, know the approximate password (where is x is a number or character or blank), it is something like xxxsomewordxxx. Having a dictionary and brute force attack ability on the password would potentially recover my stuff with little effort (have you ever tried typing in hundreds of different passwords? Changing one byte at a time! It sucks). It would also have the added advantage of telling a user if they have a poor password (though I guess you don't really need this system to do that).

I know it is Free Software, and as such I really should either program it myself or pay (or whatever) someone else to do it for me. But I'm not a very good programmer, and my languages (Java and PHP) aren't really relevant I don't think. I also don't have the (people) networks to contact people who might know how to do it.

Shit happens, take greater care next time.

The moral of the story? Be sure to back your stuff up. And make sure you have a non-encrypted copy somewhere if it is important that someone else know about it if you die (or something else happens). And also write your password down. (That is another thing, a whole bunch of passwords are in that file! For things like Internet banking and so on. Damn it.)

--
I wank in the shower.
Algorithm Cascades == BAD? by Anonymous Coward · 2007-03-20 12:59 · Score: 2, Interesting

I am, actually, a mathematician (though not a cryptographer), but I could've sworn that doing "cascades" like this is actually a bad idea, mathematically? I seem to remember times where it can actually *weaken* the overall level of protection if you just do it carelessly without regard to the mathematics.

Other than that, it is a very nice little program.
1. Re:Algorithm Cascades == BAD? by Copid · 2007-03-20 13:12 · Score: 3, Interesting
  
  I am, actually, a mathematician (though not a cryptographer), but I could've sworn that doing "cascades" like this is actually a bad idea, mathematically? I seem to remember times where it can actually *weaken* the overall level of protection if you just do it carelessly without regard to the mathematics.
  My understanding is that in the general case, there's no truly compelling reason to believe that cascades are either stronger or weaker. I believe that there are special cases with certain algorithms, but the people who maintain TrueCrypt are aware of them. I don't recall the exact details, but it's discussed fairly frequently on sci.crypt.
  
  --
  An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
2. Re:Algorithm Cascades == BAD? by Anonymous Coward · 2007-03-20 13:21 · Score: 2, Insightful
  
  If multi-algorithm cascades weakened the protection, that's what the codebreakers would do: encrypt the data again and crack the "weakened" data.
3. Re:Algorithm Cascades == BAD? by Copid · 2007-03-20 13:45 · Score: 2, Informative
  
  If multi-algorithm cascades weakened the protection, that's what the codebreakers would do: encrypt the data again and crack the "weakened" data.
  There's a special case you're not considering: Multi-algorithm cascade with the same key. Arbitrary (and dumb) example: A single cipher in CTR mode. Encrypt once with key k and you're in good shape. Run the algorithm again with key k and your data is plaintext again. It's an extreme case, but one can come up with other more reasonable thought experiments. It's quite possible that two algorithms that are secure by themselves can interact in funny ways when you use the same (or a related) key for both of them.
  
  Anyway, for independent keys, I agree with your assessment. If algorithm B weakens algorithm A when used with an independent key, it's a bug in algorithm A, not in the idea of cascading ciphers.
  
  --
  An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
FreeOTFE? by Lawrence_Bird · 2007-03-20 13:04 · Score: 4, Informative

I have been using this and have no association other than as a happy user. From the description I don't
think TrueCrypt is "the only" one.

Clipped (and truncated) from the website:
FreeOTFE: A free "on-the-fly" transparent disk encryption program for MS Windows 2000/XP/Vista PCs and Windows Mobile 2003/2005 PDAs Using this software, you can create one or more "virtual disks" on your computer - anything written to these disks is automatically, and securely, encrypted before being stored on your computers hard drive.
Features * Source code freely available * "Portable mode" included; FreeOTFE doesn't need to be installed before it can be used - making it ideal for carrying your data securely on USB drives! * Operates under both PC (MS Windows 2000/XP) and PDA (Windows Mobile 2003/2005) platforms * Linux compatibility (Cryptoloop "losetup", dm-crypt and LUKS supported) * "Hidden" volumes may be concealed within other FreeOTFE volumes, providing "plausible deniability" * FreeOTFE volumes have no "signature" to allow them to be identified as such * Encrypted volumes can be either file or partition based.
1. Re:FreeOTFE? by user24 · 2007-03-20 14:53 · Score: 2, Interesting
  
  I just use commandline gpg. sure, anyone can tell there are encrypted files on my USB 'disk', but so what? I'm not a secret agent, nor a corporate informant, I don't actually need plausible deniability.
  
  It doesn't need admin privs, leaves no tracesif set up properly, and is open source. If you want to store multiple files under one encrypted file, slap them in a zip file and encrypt that.
  Don't get me wrong, I'm sure there are legitimate purposes for transparent volume encryption, and plausible deniability, but aside from the cool factor, I just don't need them.
TrueCrypt also supports 'plausible deniabilty' by schweini · 2007-03-20 13:12 · Score: 3, Informative

I just wanted to point out that TrueCrypt differs from most other disk-encryption-tools mentioned by my fellow posters in that it also supports 'hidden volumes', which allows a user (for example if forced to give out a password, since the existence of an encrypted volume seems suspicious) to give out a password, which simply shows a 'bogus' partition - but there is no way to prove that the password that was provided is not the 'important' one, or for that matter it's impossible to prove that such a hidden volume even exists.
Spread the word - truecrypt volumes can be rsync'd by enselsharon · 2007-03-20 13:30 · Score: 2, Informative

Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.

Just be sure to read about the --checksum option. I personally keep all of my most sensitive files in a single, 4 GB truecrypt volume that I rsync nightly to my offsite backup at rsync.net. They are NOT affiliated with the actual rsync project, but I can't speak highly enough about them. This, and especially this are what sold me over strongspace and exavault.
Re:What a load of BS... by Binestar · 2007-03-20 13:30 · Score: 4, Informative

If you have a container X big, one can have smaller containers inside that. The key opens the outer container, but exposes the inside (to use their language). Even if these hidden volumes dont have publically readable containers, one can still see them and delete them.

Incorrect, there is no container file inside the first container, and if you don't enter the password for the second container the same time as the first container you *CAN* overwrite the data in the second container, thus corrupting it.

From the website (If only people would RTFM (no, I'm not new here)):

Protection of Hidden Volumes Against Damage
As of TrueCrypt 4.0, it is possible to write data to an outer volume without risking that a hidden volume within it will get damaged (overwritten).

When mounting an outer volume, the user can enter two passwords: One for the outer volume, and the other for a hidden volume within it, which he wants to protect. In this mode, TrueCrypt does not actually mount the hidden volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be rejected (until the outer volume is dismounted).

Note that TrueCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each time they mount the outer volume).

--
Do you Gentoo!?
Re:loop-aes by Anonymous Coward · 2007-03-20 13:38 · Score: 2, Funny

We all do. We thought you knew about it?
EncFS by jumperboy · 2007-03-20 13:43 · Score: 2, Interesting

I use EncFS http://arg0.net/encfs on Linux every day and love it. Even root can't snoop a mounted directory (but could delete the encrypted source directory). How is TrueCrypt better?
Re:What a load of BS... by Copid · 2007-03-20 13:48 · Score: 2, Informative

How I would attack this stego: I would obtain a sector-logger via ICE or somesuch driver first. Then I would mount the container and proceed to do a "DOD 7 times rewrite" via eraser or somesuch tool. I then would watch what sectors arent affected. Those would be the hidden ones. Essentially I would show hidden places by what isnt touched.
More terse version of another response you've seen already: If you do this, TrueCrypt will happily overwrite the hidden sectors and you will get nothing. TrueCrypt will protect hidden sectors ONLY if you say "protect my hidden sectors, and here's the key that will allow you to find them." If you don't do that, TrueCrypt is as clueless as the attacker is as to which "unused" sectors store secret data.

--
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Re:Spread the word - truecrypt volumes can be rsyn by Copid · 2007-03-20 13:53 · Score: 2, Interesting

Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.
It should be noted that this is not necessarily a good idea if you have a hidden volume and like to write to it. In that case, you'd be keeping two different versions of the same volume at two different points in time, which can allow an attacker to negate your plausible deniability. To put it in a concrete example, if somebody takes your two machines at the same time and they're not up to date, the attacker can compare the "free" space on your outer volume and determine that you're using a hidden volume.

--
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Re:Be Careful!! by Anonymous Coward · 2007-03-20 13:58 · Score: 2, Informative

look at the first few bytes of the file and determine that it's a TrueCrypt volume.

The first few bytes of the file contain the encrypted symmetric key for the block cypher, which looks random, just like the rest of the file.

it will even tell you what volume you've mounted - Standard or Hidden

So? By definition that information has to be available or Truecrypt wouldn't know where to read or write. That it's displayed to you doesn't make a difference if someone gets to inspect the running system. Plausible deniability only exists when the filesystem is not mounted (or when you've mounted only the standard volume without the hidden key.) Besides, don't put too much weight on the plausible deniability feature: The deniability is not as plausible as you might think.
Re:This really is not _the only_ program out there by drmerope · 2007-03-20 14:02 · Score: 2, Informative

Yes. Seriously. You've been able to do this in FreeBSD for ages.

dd if=/dev/zero of=image_name bs=1k count=lenth
mdconfig -a -t vnode -f image_name -u 0
geli init -a hmac/sha256 /dev/md0
geli attach /dev/md0
dd if=/dev/random of=/dev/md0.eli bs=1m
newfs /dev/md0.eli
mount /dev/md0.eli /mnt/secret

okay its a bunch of commands, but I'm basically reading out of the man page. And this setup has tamper detection.
Re:Mac OS X Has Encrypted Disk Images by Whiney+Mac+Fanboy · 2007-03-20 14:06 · Score: 2, Informative

Maybe because the tinfoil hat crowd usually doesn't buy Apple computers.

Errrr right - did you not read the linked thread where all the os x users were asking for a truecrypt port?

While I support a lot of what the F/OSS movement does, I think this is a good example of the overall trend -- it (over)fills very small niches very well, but doesn't do much for the masses.

Right dude, apart from the craploads of FOSS stuff you use on your mac every day? OS X is built on F/OSS - absolutely nothing on the system would run without F/OSS.

Oh, and:

While I support a lot of what the Apple does, I think this is a good example of the overall trend -- it (over)fills very small niches very well, but doesn't do much for the masses.

--
There are shills on slashdot. Apparently, I'm one of them.
Virtual Machine + TS = Fully encrypted OS? by ancientt · 2007-03-20 14:13 · Score: 2, Interesting

I use truecrypt because I need to be able to hand over my laptop to a gun wielding thug if it ever comes up. This got me to thinking, if its a virtual filesystem, and seen as such by Linux, what would happen if I put my entire virtual machine on an encrypted partition. Would it then be possible for me to use Linux with TS + Xen (or VMWare if you prefer) to provide an entirely encrypted OS, including its filesystem? I'd assume that I'd need to have no swap (or file based swap, also on an encrypted partition) but that seems pretty doable to me. If my machine gets stolen, then is everything on the encrypted partition as safe as my password?

--
B) Eliminate all the stupid users. This is frowned upon by society.
eCryptfs by omnirealm · 2007-03-20 14:20 · Score: 3, Informative

If you don't necessarily need plausible deniability, and if you're looking for per-file encryption with just as much transparency and a lot more flexibility, check out eCryptfs. It can be used directly on top of your existing mounted filesystem in Linux. eCryptfs has been in the mainline Linux kernel since 2.6.19. Here is a section in the eCryptfs FAQ that compares and contrasts block device encryption with stacked filesystem encryption:

http://ecryptfs.sourceforge.net/ecryptfs-faq.html# compare

--
An unjust law is no law at all. - St. Augustine
Caveated Caveat by BillGatesLoveChild · 2007-03-20 14:36 · Score: 2, Informative

Not as bad as I thought: It only goes online for help during volume creation. Once you start TrueCrypt proper there's a PDF.
Pet Peeve by bogie · 2007-03-20 14:53 · Score: 2, Interesting

Driver versions being incompatible and not overwritable. For example the thumb drive I carry around uses True Crypt but now next time I plug it into my desktop I'll get the incompatible driver error.

--
If you wanna get rich, you know that payback is a bitch
Re:Dangerous feature by cptgrudge · 2007-03-20 15:03 · Score: 2, Insightful

If you're going to be indefinitely held while being tortured, until you die or are killed, all the software features in the world aren't going to help you. It's more useful in places where "plausible deniability" can be used to get you out of trouble, not in countries or organizations where the concept is irrelevant.

--
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
Laptop data-security using TrueCrypt by rao · 2007-03-20 16:30 · Score: 2, Informative

I've written a TrueCrypt-based simple HOWTO for laptop data-security.

Its called "Steal my laptop (I don't care) - Securing laptop-data"

Here's the link to it:
http://ergo.rydlr.net/?p=39
Re:What I'd like to see (and plan to implement soo by DamnStupidElf · 2007-03-20 18:25 · Score: 2, Informative

echo 0 `/sbin/blockdev --getsize /dev/md0` crypt aes-cbc-essiv:sha256 0102030405060708090A0B0C0D0E0F 0 /dev/md0 0 | /usr/sbin/dmsetup create encrypted_raid
This will take /dev/md0, create an encrypted volume from it using the supplied 16 byte password in hex, and create /dev/mapper/encrypted_raid to mount as your root file system. Replace /dev/md0 and /dev/mapper paths with the appropriate locations your devices for your distro. A combination of pivot_root and chroot can be used to move the mounted encrypted raid device to the root of the filesystem. There are howtos out there, and apparently some easier (less manual) ways to get the encrypted root filesystem mounted by some distributions.