Slashdot Mirror
TrueCrypt 6.0 Released
ruphus13 writes "While most of the US was celebrating Independence Day, the true fellow geeks over at TrueCrypt released version 6.0 of TrueCrypt over the long weekend. The new version touts two major upgrades. 'First, TrueCrypt now performs parallel encryption and decryption operations on multi-core systems, giving you a phenomenal speedup if you have more than one processor available. Second, it now has the ability to hide an entire operating system, so even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable.' The software has been released under the 'TrueCrypt License,' which is not OSI approved."
svefg cbfg
Project homepage is here: http://www.truecrypt.org/
Release notes here http://www.truecrypt.org/docs/?s=version-history
(Btw, these links should be in the article, instead of an external (sponsored?) one).
Yeah, but Truecrypt has a defence against that. It is called "hidden volumes". Basically, you create a container, use it for porn or financial records (something that you have a legitimate reason to want to hide, from the wife or identities thieves for example), something that you access often. Then you create a hidden volume that is put at the end of that volume, which to access requires a second password.
There is no way of knowing if that second hidden volume exists unless you have both passwords.
If you access the first volume without both passwords, then you can just wipe over whatever information you have stored in the hidden volume.
Oh yeah, I love TrueCrypt. It's groovy.
I wank in the shower.
Great, I can now maintain my geek-cred by hiding the fact that I sometimes have to boot into Windows to run things like a GPS map updater. No more microsoft on the boot menu.
It still only creates FAT file systems, but you can reformat to whatever you want afterwards. I tried it with both HFS+ and ZFS and it seemed to work fine.
It's sad. I often travel between the US and China on business ( I live on the China side ). I've always been careful with sensitive data, but now I'm absolutely fascist. Why? I have no fear of the Chinese government. Besides, I work for a Chinese company. I fear my own country illegally accessing files to which they have absolutely no rights whatsoever.
Honestly. If someone works for the US government, pulls some CEO's laptop at the boarder for "inspection" and gets free access to all the company financials, would they do the right thing? How many semi-intelligent people wouldn't be tempted to start buying stock options or call their best friend with a really good "tip"? Even if they SEC investigated, they would never find the link.
Over the last several years, I've always been treated very respectfully inside China and going to and from. It is in the US, my own country, where I'm treated as if I'm already guilty.
Back to the topic at hand. TrueCrypt is a wonderful product. Everyone should be using it.
Get a clue.
Does Joe Sixpack's computer come with Truecrypt? Does it come with a truecrypt container preinstalled?
The answer is NO.
So if the wrong people find Truecrypt on your computer guess what happens to you. If you say "Nothing" well: "Wrong answer!". They may give up after a few days of giving you the treatment, but it still means you get the treatment.
Whereas if everybody had truecrypt AND an encrypted partition, they could a) try to waterboard everyone, b) wait till they have more evidence.
And that is why I reported this bug/feature request: https://bugs.launchpad.net/ubuntu/+bug/148440
Encryption must appear to be in _use_ by default by all users, then you get safety in numbers. When even your grandma using Ubuntu has a crypto partition, things are better for the people actually using it.
actually you can. with truecrypt I can create an encrypted volume which is just a file on my hard disk. say it's 1 gigabyte. To access it I have to type in my password "secretpass" I see a 1 gigabyte volume. now I can stop there. it's encrypted strongly enough to protect my files. I throw 200 MB of porn/corporate data/personal emails/photos of my girlfriend on there. it shows as 800MB free. Now I create a hidden volume 800 MB in size. In there I put my plans for how to kill every politician, the details of my drugrunning opperation, the plans for a nuclear weapon. etc etc etc. to access this I have to type in my second password "password2" So I boot up truecrypt, select the 1 gig file which is my virtual drive, type in "secretpass". What I then see is a 1 gig drive with 800mb free space and lots of semi-important files. if I open that same file with "password2" I'll see an 800MB drive almost full with highly important documents. There is no missing hard drive space, no hint at all that there is anything but the first drive unless I enter the second password. (side note, if you add files to the first drive then there's a chance that you'll overwrite files on the hidden drive since unless you enter that password as well then truecrypt can't see that it's there.)
True crypt is fabulous. But is it good enough to hide a body?
Hans
- depending upon the file system.
For instance, if you used ext3 then mkfs.ext3 is going to put backup super blocks all over your disk. If you then setup a hidden volume later on, some of those backup super blocks are going to get over written. An attacker - to whom you've been forced to reveal your outer volume password - could easily discover that the backup super blocks aren't the same as the real super block and deduce that you're using a hidden volume that you didn't tell them about. You could, when formating, tell mkfs.ext3 not to use any backup super blocks - but that also might look a bit suspicious. Just food for thought.
I work as a consultant and often use Truecrypt on my USB key in traveller mode on sites where I work. The top thing on my wishlist is to be able to run/install Truecrypt on a Windows machine without admin rights.
The issue is described in full here:
Full release notes can be found here.
You dont need Admin rights with TCexplorer
Ideal for USB key
http://www.codeproject.com/KB/files/TCExplorer.aspx
You don't mind exposing your secrets to a machine you don't have control over (and thus should not trust)? I don't recommend it.
I'm not the OP, but this is being sillily unreasonable.
For instance, I don't have admin rights on the computer in my office. So maybe I don't want to trust this computer entirely. But if I'm walking back and forth with my USB key most days, the major threat is me leaving the key sitting on the bus seat or something like that, not information being stolen while I'm on the work computer.
It's not like just because you don't control a computer you don't trust it at all, or that just because something is in a TrueCrypt volume it's extremely sensitive.
While most of the US was celebrating Independence Day, the true fellow geeks over at TrueCrypt released version 6.0 of TrueCrypt over the long weekend.
That might not be just a coincidence.
.sig: No such file or directory
I followed this back to the Ubuntu bug report 148440 and see that a comment has been added https://bugs.launchpad.net/ubuntu/+bug/148440/comments/4 that I think says it all.
You know, if law enforcement "fucked up your volume" as you so nicely put it, they have just destroyed whatever evidence you where trying to hide. So why would anyone using true crypt have a problem with that?
Great!. Now everybody will think I have a hidden partition, because I have she-male porn. Uh I mean, never mind.
Don't fight for your country, if your country does not fight for you.
AFAIK, yes, if you fill the decoy volume it will kill your hidden volume.
which makes you wonder how long it'll be until a tool is developed for law enforcement specifically designed to fuck up these volumes.
They can only do that if they've confiscated your laptop *and* acquired your 'decoy' password. At that point, your only concerns are they not getting your data and you being able to deny the data is there in the first place.
Somebody deleting all your sensitive files is not a bad thing to happen at that point.
No, I'm quite positive that you do have a hidden volume. It's where you're storing all of your terrorist secrets, and unless you reveal the password then this ballpeen hammer has a date with your fingers.
Still don't want to talk? Maybe you just need a little more electricity.
We'll stop when you are able to prove to the nice men who are protecting your country that you _don't_ have a hidden encrypted partition, and then they will let you go.
You mean like this: http://sourceforge.net/projects/tcexplorer ?
The disappearing pencil trick. Let me show you it.
Why wouldn't they interrogate you further? They can read the Truecrypt feature list for themselves.
Already a Mr Chris Jones has an issue with my proposal because he seems to think that the UK government would waterboard users in the UK if Ubuntu has a default encrypted partition they might not have a key to.
If Chris Jones is right that the UK Government would do such a thing, then they would be far more likely to waterboard you for voluntarily installing truecrypt, voluntarily creating a encrypted volume (or two) AND not handing over "all" passwords. Even if you don't even have a hidden volume.
If you have a Government willing to mistreat people for using a distro that does what I propose, they would definitely mistreat people who use Truecrypt.
So my proposal makes the most sense.
Actually, there was a conversation about this last time the subject of TrueCrypt came up. Unfortunately it went mostly unnoticed, because a forensic investigator can tell if a hidden partition is present, masquerading as free space:
I think you, and many other Slashdotters have 'Reiser Ego' (coined!) You see TrueCrypt as an extremely clever and infallible tool you can use to circumvent the stupidity of courts and the dunder-heads who work in computer forensics. For the most part however, these people are not stupid, and geeks are not able to avoid prosecution via their l33t h4xX0r skills.
I fear big egos will lead many geeks to underestimate their adversaries. Feel free to prove me wrong, of course. :)
I'm going to transform myself into a mighty hawk. Either that or I'll just go and work at Dixons, haven't decided yet.
Simple reason why I had seeks to an area that looks empty, it's because I *used* to have files there before I deleted them, then since I'm savvy enough to use Truecrypt, I ran one of those wipe programs that overwrites it with garbage, hence what you see if you look at the drive forensically, garbage.
I came up with that in the time it took to read your post.
And mucking about with Reiser[FS] doesn't seem to appeal to anyone right now.
Yeah, but if you're already in trouble, you could make a deal by showing them where you hid the filesystem.