Slashdot Mirror
TrueCrypt 6.0 Released
ruphus13 writes "While most of the US was celebrating Independence Day, the true fellow geeks over at TrueCrypt released version 6.0 of TrueCrypt over the long weekend. The new version touts two major upgrades. 'First, TrueCrypt now performs parallel encryption and decryption operations on multi-core systems, giving you a phenomenal speedup if you have more than one processor available. Second, it now has the ability to hide an entire operating system, so even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable.' The software has been released under the 'TrueCrypt License,' which is not OSI approved."
Project homepage is here: http://www.truecrypt.org/
Release notes here http://www.truecrypt.org/docs/?s=version-history
(Btw, these links should be in the article, instead of an external (sponsored?) one).
Yeah, but Truecrypt has a defence against that. It is called "hidden volumes". Basically, you create a container, use it for porn or financial records (something that you have a legitimate reason to want to hide, from the wife or identities thieves for example), something that you access often. Then you create a hidden volume that is put at the end of that volume, which to access requires a second password.
There is no way of knowing if that second hidden volume exists unless you have both passwords.
If you access the first volume without both passwords, then you can just wipe over whatever information you have stored in the hidden volume.
Oh yeah, I love TrueCrypt. It's groovy.
I wank in the shower.
It still only creates FAT file systems, but you can reformat to whatever you want afterwards. I tried it with both HFS+ and ZFS and it seemed to work fine.
Yes it is a good defence against that. Border guards aren't going to have enough time to find your encrypted containers while you are there, and if you have to give up your laptop, or if they take a copy of the HD, then they can't access the information because they don't have the password (and they can't force the password out of you, because you have already re-entered the country (assuming you are a yank)).
And if they do find a container, and force you to give up the password http://it.slashdot.org/comments.pl?sid=606473&cid=24097339 hidden volumes as described in that post.
I wank in the shower.
Or you can create your own filesystem? I don't know how it works on the mac, but on windows & linux truecrypt just creates an encrypted disk which you can format with any filesystem you like. Just create the container file filesystem type 'none' and format it yourself.
actually you can. with truecrypt I can create an encrypted volume which is just a file on my hard disk. say it's 1 gigabyte. To access it I have to type in my password "secretpass" I see a 1 gigabyte volume. now I can stop there. it's encrypted strongly enough to protect my files. I throw 200 MB of porn/corporate data/personal emails/photos of my girlfriend on there. it shows as 800MB free. Now I create a hidden volume 800 MB in size. In there I put my plans for how to kill every politician, the details of my drugrunning opperation, the plans for a nuclear weapon. etc etc etc. to access this I have to type in my second password "password2" So I boot up truecrypt, select the 1 gig file which is my virtual drive, type in "secretpass". What I then see is a 1 gig drive with 800mb free space and lots of semi-important files. if I open that same file with "password2" I'll see an 800MB drive almost full with highly important documents. There is no missing hard drive space, no hint at all that there is anything but the first drive unless I enter the second password. (side note, if you add files to the first drive then there's a chance that you'll overwrite files on the hidden drive since unless you enter that password as well then truecrypt can't see that it's there.)
I work as a consultant and often use Truecrypt on my USB key in traveller mode on sites where I work. The top thing on my wishlist is to be able to run/install Truecrypt on a Windows machine without admin rights.
The issue is described in full here:
Full release notes can be found here.
You dont need Admin rights with TCexplorer
Ideal for USB key
http://www.codeproject.com/KB/files/TCExplorer.aspx
Thats not off topic, thats kth substitution encryption!
This is discussed in the "plausible deniability" section of the TrueCrypt docs.
The recommended solution is to ensure you have a plausible use for the existing installation of TrueCrypt, for example some porn or customer records in a separate container, allowing you to deny the existence of the real container.
This means you do not have to put yourself in a situation where you are denying using TC and one tiny mistake could indicate that you have used TrueCrypt when no visible TC volume is present.
On the other hand, I'm sure most of the bootable Linux LiveCDs will continue to include TrueCrypt.
If you want to do it with Windows, use BartPE as discussed in the TrueCrypt FAQ.
you seem to have missed the point in a big way. You see a truecrypt container. You hold back the rubber hose or start with the thumbscrews. after much screaming they give you a password. You see a 1 gig volume with 200mb of confidential and mildly valuable files and 800mb of free space. It's is utterly plausible that this is all there is. there are no more files. you've got all you're gonna get. no hidden volume. Now you might try some more torture but your victim is also aware that there is no proof at all that there is any more to find. Perhaps I have a 1 gig volume with 998MB used on the outside with a 2 MB hidden volume where I keep my plans to kill the president. as for a dictionary attack, you haven't ever tried this have you? if there's a decent password then it will take you about a million years(or more) to brute force it using every computer on earth.
Think you totally missed the point.
You put plausible data into the encrypted volume, when they ask for your password you give it up, they access the encrypted volume and see you got porn/financial stuff/what nots you don't want others to see. What they can't see is the fact that there is another volume hidden inside this, which there is no way of knowing unless you got the second password. Waterboarding the person makes no sense since he has already given up the password giving you access to the "entire" volume.
So when they get the first password, they continue until they get another or they decide there's no way you could have withstood that much. And when they get your second password, they'll still go on in the hope of a third, unless the data they find would totally fill the disk.
Each time you give up something, they'll assume there may be more until they've kept torturing you for a long time without getting any more information.
Even the NSA would have to devote a significant part of their resources. 95^12 is over 500 sextillion combinations. So, say you've got a really really fast CPU that can do 1 billion test decrypts a second (which is unfeasibly fast at the current time). It would take that computer over 17 million years to find the password.
So, let's say that the NSA has a million CPUs at their disposal, it would still take over 17 years to decrypt. So, they'd have to be pretty sure that you have some seriously cool porn on your PC before they start devoting 100,000,000 impossibly fast CPUs to the task of cracking your password in a couple of months.
The Storm Botnet would take centuries to hack a random 12 character password (it would cut down on spam though).
Of course, if you choose 'password' as your password it might not take quite as long.
You mean like this: http://sourceforge.net/projects/tcexplorer ?
The disappearing pencil trick. Let me show you it.
By the way one useful feature of truecrypt on windows is "mount volumes as removable drives". Windows by default creates admin shares (C$, D$ and so on) for each fixed drive. So a network admin can just connect to \\myip\D$ to take a look at my D: drive. If I mount my truecrypt volume as, let's say E:, an E$ share is automatically created and is accessible for any user (domain or local) with admin access to my machine. If I mount my TC volume as removable, no admin share is created.
Of course there could by other ways to access a volume on the computer, but let's not make it obvious with a new share that an additional volume is mounted.
.sig: No such file or directory
I think this fits the bill.
http://www.codeproject.com/KB/files/TCExplorer.aspx
http://www.truecrypt.org/news.php
Replacement cipher.
Translation table:
b o
c p
e r
f s
g t
i v
Knowledge is power. Knowledge shared is power lost.
Right, but how can you tell if the encrypted volume contains another encrypted volume (the hidden volume). That's the thing, the hidden volum eis designed to be encapsulated in the encrypted volume. Plausible deniability is only offered in the hidden volume functionality.
Trying to install linux on my microwave, but keep getting a kernel panic...
It appears that, according to the author, the latest version of TCExplorer (1.6) released on 9/29/07, did not work with the previous version of TrueCrypt (5.0). I am assuming then that it will probably not support version 6.0. Also, keep in mind that TCExplorer is just a GUI for OTFExplorer created by Josh Harris. Meaning the OTFExplorer code will have to be modified in order to update compatibility, which neither author is apparently willing to do.
Any other coders have time to update these projects? I know I don't, but it would be a great service to the OSS community if someone could.
I am Jack's complete lack of surprise.
Would this even be necessary? I can install and run Truecrypt off of a USB Thumb drive or an SD card on a Win or Lin based PC.
Yes it's necessary, because currently in Windows there's no way to run TrueCrypt unless you have admin privilege on the target machine.
The original parent wanted to use TrueCrypt to secure data before transporting them (so the loss of the USB key isn't a critical leak) and then being able to retrieve the data from the USB key once arrived at the destination, EVEN if he doesn't have admin access on the machine on which said key is plugged (and thus can't install TrueCrypt from the key).
If you use a Windows PC to install the Win version of Trucrypt, and then plug the SD card into a Win-based PDA, would it not function normally?
No. Won't work. The only thing that "Windows CE" and "Windows XP" have in common is having the word "Windows" appearing in their names. As other have pointed out both don't even run on the same architecture (x86, AMD64 and Itanium for WinXP ; ARM, MIPS and SuperH for WinCE).
So :
- either you run the usual TrueCrypt on a portable device that runs Windows *XP* (or Linux or BSD or Mac) - this was my first suggestion, anything cheap like an Asus EEE PC or an OLPC is OK.
- or you use a PDA running Windows CE (or Palm OS, or Symbian, or RIM) and use a TrueCrypt version that was adapted for the differences and recompiled for the processor.
That was my second suggestion : if there exist a version of TrueCrypt which works on PDA, then the PDA could be used to do the decryption (but stock WinXP software can't run on WinCE).
Linux is an exception : the Linux running on PDAs (Sharp Zaurus, Nokia Maemo, Trolltech GreenPhone, OpenMoko/FIC NeoRunner, etc...) is much closer to the full Linux running on desktop.
Usually the graphic interface is different (often the PDAs don't have X-Windows but use special purpose GUIs) but the system are POSIX compliant and any console software usually run as-is after being simply recompiled from source (because the processors are still different and the binaries are different - but the source is the same for console applications).
So that's the exception to the rule.
Note: That also true for a lot of different Linux enabled appliace (modem/routers, file servers, etc.) - although lots of them have very limited resource which put a hard top at what you can manage to get run.
Also, Apple is touting that their desktops' Mac OS X and the iPhone and iPodTouch's OS X are similarly very related, and some developers (like Epocrates who are making medial PDA software) have mentioned that porting their application to the portable OS X was a matter of couple of days.
On the other hand, I haven't heard the iPhone / iPodTouch having a POSIX-compatible console environment (still hearing that the current SDK imposes limits on what can be done), so I don't know if getting a console application to work on those platforms is a simple matter of recompile.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
It was my understanding that FAT was selected because it's inherent properties allow for plausible deniability which was a stated feature and goal of the TrueCrypt project.