Slashdot Mirror
VeraCrypt Is the New TrueCrypt -- and It's Better
New submitter poseur writes: If you're looking for an alternative to TrueCrypt, you could do worse than VeraCrypt, which adds iterations and corrects weaknesses in TrueCrypt's API, drivers and parameter checking. According to the article, "In technical terms, when a system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations. For standard containers and other (i.e. non system) partitions, TrueCrypt uses at most 2,000 iterations. What Idrassi did was beef up the transformation process. VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force."
Nope. Consider doubling your password size from 64 to 128 bits. While it would take twice as long to check all the bits and make sure they're correct, brute forcing now has to guess among 2^128, rather than 2^64, possibilities, which is enormously more difficult.
This is a gross simplification of how any real-life security scheme works, but it illustrates the concept.
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
If you have a 1024 bit encryption key, and change to a 1025 bit encryption key, it will only take 0.1% longer to encrypt. But it will take twice as long to guess the key by brute force.
Take this from a guy who saw someone go through a trial for doing The Very Bad Thing:
You will give them the password.
This is how it works:
"If you give us the password and let us prove you're innocent we'll let you go. If there's anything in there that would prove you guilty we'll reduce the sentence. If you don't give us the password and we have to crack the encryption ourselves and we find out you're guilty, you're going away for a very long time."
And then of course you give them the password, they find enough evidence to make you guilty and they don't reduce the sentence.
They just inflate the original sentence to a much worse sentence, and then deflate it to the level they were going to hit you with anyways.
Indeed. Schemes like PBKDF border on security theater. For one thing, the iteration count is almost never increased in new releases, even after many years. The fact that VeraCrypt is now increasing it only serves to highlight this fact.
Second, real security comes from exponential differences in work between attacker and defender, not simple linear increases in the differential.
If your passwords are long and have high entropy, you gain nothing with an iterative scheme like PBKDF. If your passwords are small and weak, you gain nothing by PBKDF---cloud infrastructure (legitimate or botnets) means an attacker can run his brute force cracker on tens of thousands, if not hundreds of thousands, of machines. And that probably only begins to approach the computational power the NSA has at its disposal--iteratively hash your password as many times as you want, but the NSA is still going to crack your simple mnemonic password.
PBKDF is the perfect example of cryptographic bike shedding at a sophisticated level. Even schemes like scrypt (which are quite novel and interesting) are still a waste of time and effort.
Once you move past a) hashing and b) salting, you've almost entirely exhausted the benefits of password hardening. PBKDF et al aren't even in the same league as hashing and salting in terms of the real-world benefit provided.
CipherShed should have been mentioned in the summary. It's even mentioned in the article (yada yada I messed up and RTFA etc etc).
Some key points:
* VeraCrypt broke compatibility with the container format. However, it sounds like that may only be the hashing iterations on the password to derive a key that changed, so the actual format is probably exactly the same just with a different key. In any case, it can't open TrueCrypt containers and vice-versa.
* He's working on a migration tool (ie. import TrueCrypt container into VeraCrypt)
* The massive increase in iterations mentioned in the summary refers to what happens to your password to derive a strong encryption key. IE. it's only at startup; if done correctly, then it could improve the quality of the encryption key; it does not (AFAICT) affect the actual encryption of each block of data.
* CipherShed (someone from there) spoke with him in relation to helping each other, but CipherShed wants to retain TrueCrypt compatibility, so he is not interested in merging, but he may send patches and whatnot.
* The potential licensing issues are a bit suspect. My gut says the explanation is simply a lack of understanding of licensing or a disregard for it, but it welcomes some conspiracy theories.
Note that VeraCrypt can't open existing TrueCrypt container files, nor can it create new container files that are backward compatible with TrueCrypt. Instead it suggests you do a clumsy, "un-enecrypt, copy over, re-enecrypt" lock-in process in order to "upgrade". At least the others (truecrypt.ch, Ciphershed, Tcplay / Zulucrypt, et. al.) allow you to keep working with existing TC container files.
Why this isn't in screaming bold text at the top of the VeraCrypt page (which is here, btw), is beyond me.
I don't use Truecrypt to protect myself from oppressive governments, I use it so that if my computer should get stolen, the thief can't get my data.
This is something every computer user today needs, not just "enterprise" users.
Windows 8.1 apparently finally has something built in to respond to this need, although it doesn't work for external drives and obviously isn't cross platform like Truecrypt is. And most computers don't have Windows 8.1.
We can argue (and many will!) all day long over what exactly is Free and what is Open Source, but rather than go down that bottomless pit into pointlessness, anyone who is really interested can just read the TrueCrypt license for themselves. It's written in plain language, even if it is somewhat complicated. So it's not GPL and is not compatible with GPL. So fucking what. You can say the same about CDDL or a lot of others, which all give you a lot of freedom. If the code can't be subsumed into GPL, that is the problem of GPL aficionados, not of TrueCrypt's ghost.
I'll just touch on the basics.
You can modify the code, derive a new work, include all the code or selected parts of it in your own work, and you specifically are allowed to profit if you wish.
You have to sanitize your derived code of the word TrueCrypt, logos, website, etc.
You must display a specified phrase, basically "Based on TrueCrypt" and you must link to their webpage.
You have to make the complete source of your product available, just as the TrueCrypt source is.
You are not allowed to obfuscate the source code.
You have to use the unmodified TrueCrypt license only - this part it seems to me VeraCrypt is in blatant violation of, unless they received a special dispensation, which seems unlikely. On the other hand, AFAIK TrueCrypt never sued anyone yet, and they havn't sued VeraCrypt, so anyone can choose how far to stick their own neck out. Remember, RealCrypt went down this route a long time ago and nobody got sued over that.
Disclaimer - I'm not associated with TrueCrypt nor do I have any relationship with them, nor am I a lawyer, nor have I made a painstaking analysis of the license, but I don't see anyone starting a worthwhile discussion of the TrueCrypt license here, so I'm perfectly willing and naive enough to stick my neck out and start the ball rolling.
That's it in a nutshell. You want to tell me that's not "any free software license", go ahead and welcome to your strange interpretation. I myself am not hung up on terms. The license clearly allows VeraCrypt and/or anyone else to run with a derived project.
The OS's built-in encryption for many people is not dm-crypt, but BitLocker, a closed source implementation by Microsoft. And we know nothing about it. When is the key present in RAM? Is the key derived on boot up? How is it protected between boots? Is there an escrow key obscurely baked into the trillion bytes stored somewhere on the hard drive? And can it contain deniable drive images in the slack space of a parent drive?
Because the open source TrueCrypt code has been subjected to code reviews, and backdoors have not been found, it's somewhat more trustworthy than the closed source implementation that comes with the expensive versions of Microsoft's OS.
John
"It appears..." No it does not for anyone who can read.
It's available for Windows, Mac 10.6+, and Linux all stated right there in black and white on the projects description pages complete with links to download those versions.
You really missed the point of his process.
You should read his post again without the idea of being a dick about it.
Meanwhile, they let you rot in prison. Thats what key disclosure laws are about.