Slashdot Mirror
TrueCrypt 5.0 Released, Now Encrypts Entire Drive
A funny little man writes "The popular open source privacy tool, TrueCrypt, has just received a major update. The most exciting new feature provides the ability to encrypt an entire drive, prompting the user for a password during boot up; this makes TrueCrypt the perfect tool for non-technical laptop users (the kind who are likely to lose all of that sensitive customer data). The Linux version receives a GUI and independence from the kernel internals, and a Mac version is at last available too."
The site is sooo slooow. Mirror please! But the update seems great!
:(){
..redditted!
gtkaml.org
There goes any chance of downloading version 5.0 today.
I do not think that is feasible for what is essentially part of a disk-driver. Marketing-lies now on Linux versions as well? Linux must be going mainstream...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That removes the last excuse people have for not encrypting everything..."It is too complicated". Total encryption with a password at bootup...couldn't be simpler.
It's not by Microsoft. Plus they don't have much data left to lose.
Truecrypt.org took a fall.
Mirror anyone?
Step 1: Post on Slashdot
Step 2: ???
Step 3: Profit!
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
Does not Slashdot notify the site owner of the post?
They have to option to convert boot drives to encrypted drives... even while the system is running.
Thats nice.
But how about converting non-boot drives?
Doesnt seem to be possible.
Not everybody starts with a blank sheet, or has double the needed capacity to empty first one HD and then another...
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Too Bad that for some reasons they refuse to upload any files on the sourceforge server. There is only a "the files are only on truecrypt.org.html" available.
http://sourceforge.net/projects/truecrypt/
Press release here.
We are pleased to announce that TrueCrypt 5.0 has been released. Among the new features are the ability to encrypt a system partition or entire system drive (i.e. a drive where Windows is installed) with pre-boot authentication, pipelined operations increasing read/write speed by up to 100%, Mac OS X version, graphical interface for the Linux version, XTS mode, SHA-512, and more.
After four years of development, during which millions of people downloaded a copy of TrueCrypt, it is the only open-source disk encryption software that runs on Windows, Mac OS X, and Linux. The newly implemented ability to encrypt system partitions and system drives provides the highest level of security and privacy, as all files, including any temporary files that Windows and applications create on system drives (typically, without the user's knowledge or consent), swap files, etc., are permanently encrypted. Large amounts of potentially sensitive data that Windows records, such as the names and locations of files opened by the user, applications that the user runs, etc., are always permanently encrypted as well. For more information, please see http://www.truecrypt.org/docs/?s=version-history
I almost never turn off my laptop, I just close the lid. Will it ask me for a password when it wakes up again?
You Fail It.
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
Here it is
Thanks, but the packages are not available to download from SourceForge. "IMPORTANT: Official TrueCrypt distribution packages can be downloaded only from www.truecrypt.org (above, select 'Project' > 'Web Site') Notes"
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Both!
Mod me +5 Captain Obvious. kthx.
The site is down, but the sourceforge page is not.
http://sourceforge.net/projects/truecrypt/
Klingon Software is not released, it escapes, inflicting terrible damage onto the enemy as it does
I've been waiting for this release. I know that real men use the command line for each and everything including brewing their morning coffee, but I was really looking forward to the graphical user interface. :) Of course, thanks to Slashdot now the site (which has been dead slow all day) has now been blasted out of orbit...
Ah well, maybe the storm will be over till I'm home.
How well does this play with with the other *legitimate* operating system you might have on the computer? Would you be locked out of a drive on the other?
If you'd take a moment and actually LOOK at their Sourceforge entry, you'd not have posted this. Here's what it says there:
IMPORTANT: Official TrueCrypt distribution packages can be downloaded only from www.truecrypt.org (above, select 'Project' > 'Web Site')
So - no Truecrypt 5 until http://www.truecrypt.org/ is back up. Sit tight folks.
. . . please quit linking to SourceForge. The download packages ARE NOT AVAILABLE THERE, as would be obvious if the posters had bothered to look before trying to farm points.
Is the long promised OSX version out yet? Or still vapourware???
Red to red, black to black. Switch it on, but stand well back.
And no mirror, try file hippo ( http://www.filehippo.com/download_truecrypt ).
If that somehow fails you, or want to download it even faster. Try the P2P channel, I hear that's a popular one these days. Check your local listings for TrueCrypt v5.
As someone who has never used a full-drive encrypted, how does this impact hard drive access? Will reads/writes be noticeably slower (assuming a relatively new drive)? Will this affect utilities such as a defragmenter or disk checker? How much slower will boot up be? What about memory or CPU usage?
I am all for more security. But, if it slows my laptop down to the point of un-usability....
If at first you don't succeed, call it version 1.0.
I will just wait until you pesky North Americans are in bed and download in the morning UK time, ha ha. Wait, no, everyone forget I said that! Aww, now you all will try then.
Like for USB drives?
Are there any standalone encryption systems that don't require software install on the host environment but can "mount" an encrypted disk file on a USB drive?
http://www.truecrypt.org/downloads/transient/9b6d4c43d4/TrueCrypt%205.0%20Source.zip Forbidden You don't have permission to access /downloads/transient/9b6d4c43d4/TrueCrypt 5.0 Source.zip on this server.
Apache/1.3.34 Server at www.truecrypt.org Port 80
I cannot get the source. The NSA has removed it.
5.0
February 5, 2008
New features:
* Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
* Pipelined operations increasing read/write speed by up to 100% (Windows)
Mac OS X version
* Graphical user interface for the Linux version of TrueCrypt
* XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).
Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.
* SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).
Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select 'Volumes' > 'Set Header Key Derivation Algorithm'.
Improvements, bug fixes, and security enhancements:
* The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).
* Many other minor but dickalicious improvements, bug fixes, and security enhancements. (Windows and Linux)
If you are using an older version of TrueCrypt, it is strongly recommended that you upgrade to this version.
5.0
February 5, 2008
New features:
*
Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
*
Pipelined operations increasing read/write speed by up to 100% (Windows)
*
Mac OS X version
*
Graphical user interface for the Linux version of TrueCrypt
*
XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).
Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.
*
SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).
Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select 'Volumes' > 'Set Header Key Derivation Algorithm'.
Improvements, bug fixes, and security enhancements:
*
The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).
* Many other minor improvements, bug fixes, and security enhancements. (Windows and Linux)
If you are using an older version of TrueCrypt, it is strongly recommended that you upgrade to this version.
4.3a.......
==============
System Encryption
TrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots (a TrueCrypt-encrypted system drive may also contain non-system partitions, which are encrypted as well).
System encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), swap files, etc., are permanently encrypted. Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well.
System encryption involves pre-boot authentication, which means that anyone who wants to gain access and use the encrypted system, read and write files stored on the system drive, etc., will need to enter the correct password each time before Windows boots (starts). Pre-boot authentication is handled by the TrueCrypt Boot Loader, which resides in the first cylinder of the boot drive.
Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running (while the system is being encrypted, you can use your computer as usual with
Any word on 64bit binaries for Linux? I've compiled the Non-gui version without issue before, but with a gui, things get more complicated. GTK/KDE? Which libraries? etc etc etc etc etc
Sig
Appended to the end of comments you post. 120 chars
Are they planning to submit their system for FIPS 140-2? The US OMB decreed that most laptops must be encrypted with full-disk FIPS 140-2-compliant encryption, but the only certified tools for this exist for Windoze. The algorithms used are fine, but this stamp of approval would be very useful for federal Linux and Mac users!
The site is back up & is actually responding pretty quickly.
Hail Eris, full of mischief...
E pluribus sanguinem
What are the chances I could break my system with this? I'm dual-booting Vista and Ubuntu with Grub. Does TrueCrypt add it's own bootloader, and will this play nice with Vista/Ubuntu?
Being in the US, I have become so paranoid now that I encrypt everything with TrueCrypt. Whether it's MP3's, DVDs or pr0n or just simply my web browser cache, it all goes into the encrypted file. Long hard password and keyfiles, and then I also use hidden volumes.
And one big big big reason I use encryption: Usenet. I often use NewsBin to indiscriminately download all the binaries in a given group. I think this is very dangerous. And many times you get some very illegal junk you just don't want lying around -- but I can't get to it for several days to manually filter through it. ISPs get the benefit of being an ISP and not having to filter their caches for content; I do not get that same benefit. If I get caught with something I shouldn't have, it's jail time.
So if it comes up that I had inadvertently downloaded some kiddie pr0n through Usenet newsgroup (which is often mixed in with legitimate stuff), and my machine gets searched, I want some protection. And both: the things I downloaded and the things I have deleted simply CAN NOT be found.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
There was a point where I wanted to build a RAID-5 system and use LUKS / dm-crypt. Seemed like too many layers, too many places for something to go wrong if one phantom bit got flipped. Once ZFS gets encryption I'll build myself a nice new file server.
The final excuse is "encryption slows the computer down too much." Whether this is true or an excuse, depends upon the user's circumstances and need for security.
That's already built in to the Mac OS, as it should be. Just use FileVault.
Best Slashdot Co
Where is the "I lost my hard drive password" link?
CloD
I tried to compile it, but it's missing TravelerDiskWizard.h. I was really looking forward to playing with this thing...
GE/S/P a- e++ y-- r-- s:++ d+ h! X+++ t++ C+ P+ L++ E W++ w M-- V? PS+ P+
Klingon Software is not released, it escapes, inflicting terrible damage onto the enemy as it does
Hi, this might be a non-issue in the era of fast personal computing, but how slow does the system become in comparison to one without disk encryption? I'd love to do this on my laptop, but I don't want to do it if it's at the expense of major performance issues. It's a core 2 duo with 1 gig RAM, and I think a 5400 RPM drive, so with that in mind, how much of a performance hit are we talking?
I'm not sure whether I like the idea of encrypting my entire disk. I don't really like the idea of not being able to boot a live CD to fix something should the need arise. Unless I'm misunderstanding the features, it won't be possible.
I know it doesn't happen often, but there is not anyone here that hasn't at least once screwed up something on his system and needed to boot a livecd to fix a configuration file. With total disk encryption, what do you do? You're boned, as far as I can see and I don't think that I really like the idea.
As I'm writing this, the thought pops into my head that "you can probably just enter your passphrase from the live environment while trying to mount the filesystem". Is this how things actually work? It's a genuine question and I'd appreciate not being modded down for asking it. Of course someone probably will.
i find that statement awfully funny, as the download link then downloads it from to http://truecrypt.sourceforce.net/
upon the advice of my lawyer, i have no sig at this time
The documentation that comes with the system encryption is sparse. I ran through the tests on my RAID-0 laptop and at boot time I get "ERROR: Insufficient memory" (I've got 2GB... and a 64 bit CPU) so it failed. :-/
Additionally the documentation is very sparse when it comes to features like Windows Hibernation; it implies in the docs that it disables hibernation but who knows
Forums are down so can't see the rest of the users screaming (assuming they can boot, of course...)
It would be nice if they added windows 2000 support for encrypting the entire drive. I don't understand why truecrypt supports windows xp but not windows 2000 as they are very similar kernels. Anyone know anything about this?
This is very important because Windows puts data everywhere. In pagefiles, in the registry, in the NFS journaling information, in history lists, in the prefetch profiles of executables..
The list goes on and on.
Most of these files are in the Windows main directories and cannot be moved off to a drive that you mount when the system is done booting.
Whole disk encryption avoids all this trouble and is thus a lot better for all non-expert security users.
Hmm, maybe you should have thought about that before making a public, written confession... ;)
Peter predicted that you would "deliberately forget" creation 2000 years ago...
I've been using TC for years and one of the best uses is for my removeable HD backups.
I have a 500GB external USB drive. I installed TC in traveler mode on it which uses autorun prompting for the passphrase to mount the encrypted drives it contains. I then run a few bat files that basically consist of robocopy scripts to backup various network shares and local files to the mounted volumes. I unmount the encrypted partitions and set the portable drive back on the shelf until the next week
My thinking is now I have backups of my important data and the data is encrypted. If the drive is stolen or if it fails and I have to send it back to Western Digital, I know my data is safe. Using TrueCrypt allows "portability" and flexibility. I can mount this portable drive and its encrypted volumes on any Windows or Linux machine using local versions of truecrypt. For my Truecrypt volumes that are less than 9GB, I can burn the "volume" file to a DVD and have another complete backup of the entire volume that I can mount with any instance of Truecrypt on any computer. TrueCrypt truely is amazingly flexible. I am very interested in trying the new features.
Linux is getting a standard for encrypted partitions called LUKS. I would expect that in the next major release of Ubuntu, SuSE, etc. you can plug in an encrypted USB drive and it just works.
What's the relationship between TrueCrypt and LUKS? LUKS seems to be the new standard for encrypted partitions under Linux.
Also, TrueCrypt is open source and seems quite mature; why isn't it part of Ubuntu? Are there license issues? Technical issues? Political issues?
Yes, as the article clearly says.
More importantly, is it compatible with Time Machine? I'd love to not have my backup drive be a security risk.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
As referenced in another reply, http://technocrat.net/d/2007/3/9/15796this user was obviously not aware that DriveLock can be very easily bypassed if the persons taking your hardware have access to a clean-room facility.
Lastly, your definition of sensitive data might be different than mine. Without full disclosure, how can I be expected to make an informed decision about the strength of protection required?
Eagles may soar, but weasels don't get sucked into jet engines.
I would like to see a performance comparison. Contrary to what you might believe (most products being based on AES, at least by default), there seems to be quite some scope for optimization. Here is one online comparison.
I'd like to see someone benchmark TC FDE versus something like Compusec, which seems to be leading in the aforementioned comparison.
Additionally, I'll comment that this does not take away "the final excuse". There is way too much software jumping all over the bootloader these days. I use a version management product called Rollback RX, for example, that lets you roll your drive (as Windows sees it) back in time to previous snapshots, and I'm pretty sure that installing TC FDE on this drive would kill Rollback.
It's about time that there was some standard for chaining bootloader software so that I didn't have to choose one or the other.
This seems to have been overlooked by the writers of the article and by others, but truecrypt was already supported on OSX: http://www.osxcrypt.org/ My question is which of the two is preferable.
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24
I have some more big objections:
1) Performance. Encryption isn't free, it takes a lot of computation. You can pretty heavily load down a CPU doing a lot of disk access on an encrypted volume, and there's lots of situations where that's not ok. For example I do audio/video editing and that involves lots of large files (like multiple 15gig video files) as well as processor intensive effects. Adding crypto to that would really drag down performance, and potentially make much of the things you can do realtime have to be done offline.
2) Data recovery. What happens in the event of a partial drive failure? We have this happen all too often at work. Something goes nuts on a drive and it isn't readable by normal means. However, we can get it to work with recovery tools and get some or all of the data back. What do you do when it is encrypted? Does Truecrypt provide the tools to mount the encrypted volume from the recovery software?
And please, don't start with the "Well they should have had a backup!" crap. Of course they should have, but they didn't. We live in a real world, not an ideal one, and tech support has to support the real one.
3) Stupid user syndrome. You telling me you've never had a user forget their password? Ever? Well we do here, again all too often. So what happens then? Truecrypt is truly secure symmetric cryptography, meaning that there are no backdoors, there are no hidden override keys, etc. If the user forgets their password that's it, you are done. Unless it is a simple enough password to crack with a dictionary attack or the like (in which case the crypto is kinda useless) you are fucked. There is no recovery.
So it is cool and all, and I certainly can see uses for it (any system that deals with classified data, for example). However this idea that now everyone should encrypt everything is stupid.
I'm not actually using it yet, but two quotes from the "System Encryption" page of the manual:
<blockquote>TrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots (a TrueCrypt-encrypted system drive may also contain non-system partitions, which are encrypted as well).</blockquote>
<blockquote>Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running (while the system is being encrypted, you can use your computer as usual without any restrictions). Likewise, a TrueCrypt-encrypted system partition/drive can be decrypted in-place while the operating system is running. You can interrupt the process of encryption or decryption anytime, leave the partition/drive partially unencrypted, restart or shut down the computer, and then resume the process, which will continue from the point it was stopped.</blockquote>
The thing that I don't see addressed by this is situations where you have separate boot and data drives where information on the data drives is required during system boot but the drive has not been decrypted yet. Not sure if there is (or can be) support for that.
fencepost
just a little off
I find that statement awfully funny, as the download link then downloads it from to http://truecrypt.sourceforce.net/
Yeah but they add &password=opensesame to end of the URL to make it secure.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Whenever you see security people saying things like this do the following thought experiment.
HE MAN goes to helpfulmirror.com to download security software. But unbeknownst to HE MAN, SKELETOR actually runs helpfulmirror.com and hosts backdoored versions of the software.
You may need to adapt it, but always think "Am I talking to a helpful stranger or am I talking to SKELETOR pretending to be a helpful stranger"
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Which was of what use when truecrypt.org was down?
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Mod parent down - fake/squat link.
What is the name of the package? In my 64-bit Ubuntu gutsy install, I don't see anything.
Nothing on:
http://packages.ubuntu.com/gutsy/base/
that looks like TrueCrypt either.
For almost exactly 3 years, I have found TrueCrypt to be 100% reliable. I don't notice any difference in speed between a TrueCrypt encrypted file or partition and a normal NTFS file or partition on Windows XP SP2.
Leaving your computer on? It is easy to dismount a TrueCrypt volume. Just click on the TrueCrypt icon in the system tray, choose which to dismount and click on the dismount button, or choose dismount all. TrueCrypt -d X dismounts volume X from the command line.
The documentation says that it is better to make an encrypted file than make a separate NTFS partition and encrypt the entire partition. The speed seems the same. It is easier to back up the encrypted file on a DVD. Backing up an entire special partition requires the use of backup software like Acronis, which is more steps and requires dealing with the sometimes crazy behavior of Acronis.
Ladies and gentlement, we present to you... the Iran Effect!
/. effect. Harrupmph.
We break our backs cutting six freaking undersea cables, and I swear they're HUGE like this, in as many days, and all you can think is
(Upside: at least nowe we have a bearing on who the authors of TrueCrupt are.)
"Only the small secrets need to be protected. The big ones are kept secret by public incredulity." - Marshall McLuhan
This is why HE MAN should always check the digital signature of the downloaded file to make sure it's from MAN AT ARMS, the security software writer (assuming HE MAN has MAN AT ARMS' public key through other means; he should always assume the pubkey found at helpfulmirror.com is SKELETOR's).
Even if HE MAN downloads the software from manatarms.com, he'll need to verify it somehow; SKELETOR might have intercepted the transmission of data and altered it with his evil magic, implanting an ETERNIAN HORSE into CASTLE GRAYSKULL.
For whatever reason, the author of TrueCrypt wrote his own implementation of AES. This means even if someone put up the cash to apply for a cert, it'd probably take much longer to get anything other than assurance level 1 than most people are willing to wait.
:-(
In any case it costs a lot of money and they only test binaries which makes anything that links into a kernel difficult unless it's only a library core common among implementations which is linked at install time or something.
It's a real pain.
Most people are fine with FIPS-compliant but not listed, and not many government types use anything but windows on laptops, so you're kinda screwed there being one of very few who need it.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Still no option to mount a TrueCrypt volume on an NTFS junction point, alas.
PGPdisk has had this for ages. Means you don't have to expose to all and sundry who can see your machine that another drive has just appeared.
Would very much like to see this in the next version.
pi = 2*|arg(God)|
I have been using TC at work for a while now and think it is a very good piece of software. Thanks guys!
the Problem i found is: ...).
if the partition is NOT longer ENCRYPTED every user which has access to the box is able to read every file of the hard drive, not only the files to which his account might have access to.
if you encrypt your Windows System drive / partition
EVERY User on the system is able to decrypt the System partition without entering the Volume password and as any user on the system (administrator, power user, user,
i personally think this is a big security issue, if you setup an restricted account on your box and leave your unlocked computer alone, everyone is able to permanently decrypt your system drive
I found a vulnerability which allow a malicious running in the context of an unprivileged user to crash the system and even potentially gain SYSTEM / root privileges. I already found it in TrueCrypt 4.3 and reported it, yet it didn't get fixed. I then tried to publish it in the forums, which was already down at this time. I recently (some minutes ago) reported this vulnerability on version 5.0 again, and hopefully they'll adopt my suggested fix. Until then, sadly I can only recommend you to not use TrueCrypt, since there's no workaround for this problem expect for patching the code and recompiling.
I hope you understand that I'm not going to publish the vulnerability here until the guys got the chance to fix the issue, even though I must admit that my claims sound a bit unsupported.
FreeOTFE is not much better, but the most serious vulnerability I found there only allows to permanently block the system with non-terminatable processes. CrossCrypt didn't work for me, but you may try your luck there as well. PGP Desktop Workstation is also OK so far (version 6.5.3 fixed all vulnerabilities I found in there). For Windows users, there's also http://freed0m.org/?index=dcrypt, which claims to be compatbile with TrueCrypt 4.3a. I didn't test its security yet, and the pre-boot stuff didn't work on my test machine, but if you have an old TrueCrypt container it might be a good alternative.
I have a usb stick with Elcomsoft System Recovery Pro that I use to hack Active Directory accounts on windows 2003 domain controlers. Can I use this new version of truecrypt to encrypt the entire drive so no one can figure out what is on it if I get caught? How much overhead does the encryption have? Will it slow down the time it takes to crack NTLMv2?
I don't like anything that requires a password to be entered before the network is configured. If gaining this additional security means that I can't reboot the machine remotely, I don't want it. I shouldn't have to be physically present in order to get networking up and running to enable remote access.
This is the same reason I don't use a BIOS startup password (of course, BIOS passwd is useless anyway), nor Windows XP's syskey setup (Start > Run > syskey).
Does anyone know of anyone selling truecrypt support for enterprises that are too afraid to roll open source without it?
afaik, the truecrypt code has never been audited for security issues by professional cryptographers. does anyone know if i'm mistaken?
if the code has never been audited doesn't it seem a bit irresponsible to recommend truecrypt?
Whenever you see security people saying things like this do the following thought experiment.
HE MAN goes to helpfulmirror.com to download security software. But unbeknownst to HE MAN, SKELETOR actually runs helpfulmirror.com and hosts backdoored versions of the software.
You may need to adapt it, but always think "Am I talking to a helpful stranger or am I talking to SKELETOR pretending to be a helpful stranger"
Holy fuck you're stupid! Do you actually say that He Man shit out-loud around co-workers? Did you even notice that the URL your are complaining about points to SOURCEFORGE?
(Mods: Gimme a double-scoop of "Flamebait" with some "Troll" sprinkled on top)
I spent this evening trying to get it to encrypt a clean install of Windows XP SP2.
First, there is a problem with creating a recovery CD. If you try to burn the image TC gives you with Alcohol 120% or PowerISO, it will not work. Alcohol burns it, but validation fails. PowerISO doesn't even want to burn that image. You have to use InfraRecorder that their website links to. I have no idea what they are doing with that image, but there is no reason why I should have to go out and get some other piece of software to do the same thing as Alcohol or PowerISO.
That's not the major problem though. So far, I could not encrypt my drive. The process goes to about 21% then dies with a "Data error (cyclic redundancy check)." Very descriptive, as you can tell. I just finished running checkdisk to see if this could be caused by bad disk sectors - nope. The hard drive is perfectly fine. I'm not the only one having the same problem. There are a number of people on wilderssecurity forums that have the same issue.
I have that 21% of the disk encrypted, and pre-boot authentication works fine... now if it could only work for the entire disk. The other thing I found out is that apparently encrypting your system drive will disable hibernation. Not a great thing for my laptop (Fujitsu P7010, in case you were interested). I could live without hibernation for a while, assuming that it will come eventually in a later release. The encryption problem is another story.
The following service permits you to unlock a password protected hard drive for $49.95:
http://www.hdd-tools.com/products/rrs/
I doubt 99.9% of laptop thieves are incapable of finding and using this service.
Ok, long story made short: TC on MAC was released more than a month ago by some guys (Italians I think) after two years of waiting for the MAC version.
The project for the fork is named OSXCrypt (www.osxcrypt.org) and aims to create a multi-cypher Framework for MacOs. It was funded by netizens and released a functioning copy via command line as a Kernel Module, instead of the user-space MACFuse one of TreCrypt. Nothing so different, but maybe faster and more steady...
It's sleek and rock solid, despite the statements of being beta, and I'm telling this after a month of INTENSE use in our firm.
After that the TrueCrypt team HAD to do something and released the new MAC version, but Forums have been taken offline and a lot of people is reporting volume corruption and lost data.
Sarcastic as it may seem users are using OSXCrypt site as repository for the problems, since here is NO WAY of contacting Truecrypt Team.
I get the strong feeling that TrueCrypt 5.0 is sort of an unfinished product that has been delivered to "silence" the other one. I may be in error (and probably I am) and I really think the developers of TrueCrypt are a real divinity of the Web, but for the time on my precious data on MAC will use OSXCrypt, waiting for a next release of TrueCrypt or, at least, some sort of Forum reopening and/or support.
Don't take me wrong, I'm really happy of TrueCrypt and of the developers. Really.
The comments of people losing data are here:
http://www.osxcrypt.org/2008/02/06/truecrypt-50-is-out/
and OSXCrypt can be downloaded here:
http://www.osxcrypt.org/download
Hope this may help...
This is the first free alternative to CompuSec as for encrypting your system drive. But one thing is pretty strange to me... if it's possible to encrypt the system drive while the system is working why isn't it possible to encrypt other partitions /discs that way without wipeing them out?
I havent tried truecrypt under linux (the other drive) but my friend told me that i can practicly encrypt whole drive (except of /boot) i wonder if i'll be able to use the first drive under linux too. With compusec i've gone through partialy damadged disk ... half encrypted damadgetd boot loader etc and as long I had password and encryption keys (or in event of partial enctyption rememberd how far has it progressed) i was able to repair or recover my data. i have to read about some procedures of recovery in such cases on truecrypt... wich has way better documentation than compusec ;]