Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrueCrypt 5.0 Released, Now Encrypts Entire Drive

Posted by ryuzaki0 on from the wear-a-condom-people dept.

A funny little man writes "The popular open source privacy tool, TrueCrypt, has just received a major update. The most exciting new feature provides the ability to encrypt an entire drive, prompting the user for a password during boot up; this makes TrueCrypt the perfect tool for non-technical laptop users (the kind who are likely to lose all of that sensitive customer data). The Linux version receives a GUI and independence from the kernel internals, and a Mac version is at last available too."

6 of 330 comments (clear)

  1. Re:Independence from Kernel Internals? by Chris+Mattern · · Score: 5, Informative

    It is also, of course, impossible that it encrypts the *entire* disk. It may encrypt all the partitions your running system uses, but unless your BIOS has encryption support (which it doesn't), you can't have an encrypted boot partition.

  2. Re:Slashdotted - Download Mirror on Filehippo by HP-UX'er · · Score: 5, Informative

    Here it is

  3. Re:Independence from Kernel Internals? by Chris+Mattern · · Score: 5, Informative

    Yes, they can recover key and encryption algorithms from the unencrypted boot sector. But if they can crack you simply by knowing the unencryption program, you're boned anyways. What they *can't* recover, assuming that your encryption vendor hasn't screwed up, is your key. And without that, they can't read your encrypted partitions. If they've done it right, it's secure. Somebody in possession of your laptop but without your passphrase cannot read the disk, no matter what he does, except for the boot partition, and there won't be any useful data there. I don't use Truecrypt and haven't researched them, so I can't guarantee that they did it right (look at WEP, where they managed to botch the encryption for a major standard, resulting in it having to be replaced by WPA). I believe every laptop should be "whole disk" encrypted--it's just too easy for a laptop to disappear. I run debian on my laptop, so I used cryptmount to encrypt my disk. If you're not encrypting your laptop's disk, you definitely should be. A brief glance over some recent news stories should tell you why.

  4. Re:The final excuse. by Lord+Ender · · Score: 5, Informative

    No. Encryption imparts serious performance penalties. Normally, things like DMA allow you to transfer data directly from your disk to your RAM, another disk, or another device. With encryption, every bit must pass through the CPU to do crypto on it. It some cases, that is a very noticeable delay. At our company, that delay was too long for some purposes, so I had them use DriveLock instead, which has no performance penalty.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  5. Re:Independence from Kernel Internals? by filbranden · · Score: 5, Informative

    Oh, I forgot to mention. According to their website, TrueCrypt can encrypt the boot partition even after the OS is installed, even with Windows.

    Basically, you install it, then you ask it to encrypt the whole disk. It will install the boot code to ask the password and decrypt the partition before loading the OS, and then it will start encrypting your partition in the background, you may continue using the OS. You may even reboot the machine, it will boot correctly and continue encrypting from where it stopped. If it really works as they say it does, this version is indeed amazing.

  6. Re:Slashdotted by InvisiBill · · Score: 5, Informative

    FYI, http://www.truecrypt.org/downloads.php links to http://truecrypt.sourceforge.net/downloads/TrueCrypt%20Setup%205.0.exe.