Author Topic: TrueCrypt alternative (Read 49779 times)

Tuxman · « **Reply #50 on:** July 07, 2014, 09:07 PM »

I've been spending the past few hours encrypting an OpenBSD machine with OpenBSD's own softraid(8) tools. At least full disk encryption works like a charm. Container files might work via vndconfig (which is deprecated). So, basically, OpenBSD seems to be a viable TrueCrypt alternative.

Midnight Rambler · « **Reply #51 on:** November 20, 2014, 10:07 AM »

Maybe Veracrypt could be an alternative for Truecrypt.
-The_Doomer (June 22, 2014, 06:12 AM)

From this article, How to encrypt sensitive data? Put it in an encrypted container, VeraCrypt looks to be a TrueCrypt clone which implies a shorter learning curve. Going to install this to, um - verify.

mwb1100 · « **Reply #52 on:** November 20, 2014, 05:11 PM »

Like CipherShed (formerly truecrypt.ch or TCnext), VeraCrypt is a fork of TrueCrypt. Apparently one difference in VeraCrypt is that the containers are not compatible with TC containers for some reason that I don't fully understand (something to do with the number of rounds of hashing that keys go through).

A blog posting on CipherShed indicates that there's some level of cooperation between CipherShed and VeraCrypt, but it's unclear to what degree:

- https://truecrypt.ch...towards-common-goal/

Midnight Rambler · « **Reply #53 on:** November 20, 2014, 07:27 PM »

Indeed. VeryCrypt wouldn't open one of my TC files. The program just hanged (hung?). Maybe the next version will or one can create a new container with the same files and delete the TC container along with TC itself.

I'm glad at least there is a viable alternative available that's both free and open source. It appears to be the most versatile currently available and I tend to trust Lincoln Spector's advice.

Midnight Rambler · « **Reply #54 on:** November 21, 2014, 12:57 PM »

Emailed Spector regarding the article and his response:

VeraCrypt changed its file format to improve security. It should have offered TrueCrypt file support--at least in read-only--but it didn't.
You can still download TrueCrypt 7.2, which I believe is read-only. Use it to move your files to a new VeraCrypt container.

So one should create a new VeraCrypt container, transfer the TC files into it then delete the TC container along with TC itself. Think though I'll wait to do this until a newer version of VeraCrypt is posted as I have a bias against v. 1.x programs. Rather like never buying the first model year of a new car model, which brings to mind another advantage of TC in that it was a mature program. Sure will miss it despite its funky container setup procedure.

Midnight Rambler · « **Reply #55 on:** April 03, 2015, 07:18 PM »

TrueCrypt audit shows no sign of NSA backdoors, just some minor glitches.

V. 7.1a still good to go apparently.

f0dder · « **Reply #56 on:** April 04, 2015, 04:17 AM »

I'm with TrueCrypt 7.1a for my offline storage until one of the TC forks mature, and dm-crypt on my file server.

The algorithms are industry-standard, there seems to be no planted backdoors, and so far the issues found by the audit have been minor - there's no viable cold-attacks, which is the only thing that really matters. Yeah, being able to tweak the PBKDF2 rounds would be good, but that is really just a password brute-force mitigation, not a super big issue.

As for why the TC authors decided to pull the plug, perhaps we'll never know. My guess, though, is that it's a combination of two simple factors:
1) Fatigue/Real-Life. The authors worked on the project for more than 10 years.
2) Technical issues supporting it on modern OSes.

Issue #2 deserves a more thorough explanation. Basically, the only way to use TrueCrypt entirely securely on Windows is using an encrypted system partition. If you only use it for data partitions, you risk your encryption keys leaking to your page or hibernation files. You can't entirely avoid these issues through code (disabling hibernation and paging should be OK, though, but most people don't/can't run like that).

Supporting encrypted system partition requires some pretty low-level code, and UEFI booting changes everything. Combine fatigue with the massive amount of work it would be supporting UEFI-booting and the fact that both OSX and Windows now have very good built-in encryption, and you have an Occam's Razor of the discontinuation. (I'm sure NSA don't mind that the project was stopped, but I don't really think they flexed their muscle).

As for MS BitLocker and Apple FileVault, I would be very, very, very surprised if they contained backdoors. Those are the encryption systems I'd use for company laptops, and certainly not slow junk like Symantec and others produce. I'm pretty confident there's no cold-attacks against BL or FV.

However, if I were up to mischief, I wouldn't use either of the two... but that's because I'd never do mischievous things on Windows or OSX... there's so many other way for Apple, Microsoft and others to Get Root on those systems if you're become targeted.

Innuendo · « **Reply #57 on:** April 04, 2015, 09:44 AM »

I'm very pleased to hear that TrueCrypt has been audited and deemed secure. I mostly use it to keep out the casually curious than to keep anything 'super important' secure so I can accept the possibility that things might leak into the hibernation and paging files. The casually curious don't have the skills to capitalize on that. However, I'll be watching the forks with interest.

However, for those who do have 'super important' stuff to secure or those who are exceptionally paranoid or security-conscious, something Linux-based or OpenBSD-based is the only way to go. No. Really. It *is* the *only* way to go. Open source, the ability to compile everything yourself, security permissions down to the per-file level are just a few of the tools for the security-minded individual to protect what he feels is worth protecting.

f0dder · « **Reply #58 on:** April 04, 2015, 01:24 PM »

I'm very pleased to hear that TrueCrypt has been audited and deemed secure.
-Innuendo (April 04, 2015, 09:44 AM)

Please note that it has only been partially audited (last time I checked, anyway, several months ago. Haven't heard any news about the audit, but haven't followed up, either. No wonder if all that has been stalled a bit with the project shutdown and forking...) - but the partial work has been reassuring. And yes, an audit is necessary for a project like TrueCrypt, since the "many eyes" argument of open source has failed again and again.

However, for those who do have 'super important' stuff to secure or those who are exceptionally paranoid or security-conscious, something Linux-based or OpenBSD-based is the only way to go. No. Really. It *is* the *only* way to go. Open source, the ability to compile everything yourself, security permissions down to the per-file level are just a few of the tools for the security-minded individual to protect what he feels is worth protecting.
-Innuendo (April 04, 2015, 09:44 AM)

Windows/NTFS has way more fine-grained access control than you find on your typical *u*x, but other than that, yeah. Kinda. Reflections on Trusting Trust and all that - but it certrainly is easier to get a feeling of confidence with an open-source stack...

Innuendo · « **Reply #59 on:** April 04, 2015, 09:24 PM »

Please note that it has only been partially audited (last time I checked, anyway, several months ago. Haven't heard any news about the audit, but haven't followed up, either.
-f0dder (April 04, 2015, 01:24 PM)

I'm going by the linked article that Midnight Rambler posted above on April 3rd. The article, written by Jared Newman, states that the audit has come to a close. TrueCrypt has been deemed to be totally secure with the exception of some minor glitches. He covers those glitches in detail and outlines what the forks are doing to correct them.

Windows/NTFS has way more fine-grained access control than you find on your typical *u*x, but other than that, yeah. Kinda.

I decided not to go there with Windows/NTFS because those who want s00per-sekrit file encryption are the same people who do not trust Microsoft. So to echo your sentiment....yeah. Kinda.

TaoPhoenix · « **Reply #60 on:** April 04, 2015, 11:35 PM »

...And yes, an audit is necessary for a project like TrueCrypt, since the "many eyes" argument of open source has failed again and again.
-f0dder (April 04, 2015, 01:24 PM)

I think this is a different nuance of minor note along the way.

To me the "many eyes" of "regular" open source software is at the first level to hopefully catch nasty errors that just do "low to medium" level damage. Anything from irritants to data loss, to even at the mid level making sure there's no security hole.

But the software itself "is tame" - maybe server code, maybe some application, whatever. It "just does stuff that isn't quite exciting when it's behaving".

But software *designed to encrypt material against knowing target enemies using best-of-breed and even (govt/super-corps) "better than best of breed" attempts to break it - go beyond just needing "eyes" - you need "attestation services" which is what an audit is.

Ignoring for ex server code just for a moment, so long as an application doesn't destroy my data, I "grudgingly don't care what it does after grumping about it" - varying levels of annoying from irritating to Enhanced Experiences, but in the end it's "just bad software". But if someone either cracks open TrueCrypt&cousins or someone put backdoors in it, "data traveling" can ruin ... lives!

4wd · « **Reply #61 on:** April 14, 2015, 05:40 PM »

FWIW, VeraCrypt has been able to mount/convert TrueCrypt partitions (non-system) and containers since v1.0f (30-12-2014).

And can mount, but not convert, a TC system partition since v1.0f-2 (05-04-2014).

The above is WRT to Windows OS.

Midnight Rambler · « **Reply #62 on:** June 04, 2015, 12:18 PM »

Kryptel Standard Edition 7.1 is free via this link. What's nice is there's a USB version.

Lolipop Jones · « **Reply #63 on:** June 04, 2015, 02:58 PM »

Personally I am still using TC 7.1a.

If the NSA or someone with similar skills and resources decides they want to see what's on my computer, I already have much bigger problems than a few torrented movies and stream recordings off of Spotify that may be sitting there.

My biggest concern would be anyone getting my logins and financial info. This is protected within a KeePass file which has both a strong password and a keyfile (the latter hidden inside the windows\system folder) all of which is inside a TrueCrypt file which also has a strong password and a keyfile (the latter is stored on a USB stick I keep in my wallet, and a backup in my safe deposit box).

So far I haven't seen any signs of a TrueCrypt vulnerability that would enable J. Malicious Hacker to get to the valuable stuff, given the way I have it set up.

IainB · « **Reply #64 on:** June 04, 2015, 09:58 PM »

@Lolipop Jones: Reading this reminds me that I should consider using TC 7.1a as the "alternative" to TrueCrypt.
Sounds like your data backup is certainly secure - exactly the way, for example, that Tresorit isn't.

IainB · « **Reply #65 on:** June 04, 2015, 10:18 PM »

Coincidentally, I just read this in my feed-reader: Governments of the World Agree: Encryption Must Die!.
I think the writer makes a point - or two - but probably nothing that we collectively might not have already independently observed.
However, the article got me to thinking: Wouldn't it be a piece of bad luck if, for some merely technical reason, TC and other perfectly good encryption systems discussed in this thread were not supported by new operating systems or file systems ... for example, (say) in Win10 or later?

TaoPhoenix · « **Reply #66 on:** June 05, 2015, 01:28 AM »

Coincidentally, I just read this in my feed-reader: Governments of the World Agree: Encryption Must Die!.
I think the writer makes a point - or two - but probably nothing that we collectively might not have already independently observed.
However, the article got me to thinking: Wouldn't it be a piece of bad luck if, for some merely technical reason, TC and other perfectly good encryption systems discussed in this thread were not supported by new operating systems or file systems ... for example, (say) in Win10 or later?
-IainB (June 04, 2015, 10:18 PM)

"Never assume malice before assuming incompetence". Except here they begin to twist together...

I'll bring up the harmless case ... Media Center. Of all the stuff that's falling off the page with the Win 10 upgrade, why is THAT suddenly getting nuked?

Linking about three things together, (from NeoWin's copy) "If you have Windows 7 Home Premium, Windows 7 Professional, Windows 7 Ultimate, Windows 8 Pro with Media Center, or Windows 8.1 Pro with Media Center and you install Windows 10, Windows Media Center will be removed." I haven't dug, but I didn't see any splashy reasons why - this from the company that prided itself on supporting stuff back to like Dos 3.x or something. So Media Center was important enough to be part of two full iterations of the OS, and now it is going to "be removed"?! What is THAT?!

The other ones are fiddling with versions of stuff, but this is a major application that is mysteriously "getting removed". It's not about the media ... it's about "____ getting removed when you upgrade". Now mash that up with their announced "rolling upgrades" and how we're all nervous at the lack of hardcoded iso's or whatever for milestones. It's that whole "we are changing what you think your OS will do. Pray we don't change it further when we decide TrueCrypt will be removed when you upgrade."

ewemoa · « **Reply #67 on:** September 30, 2015, 07:24 AM »

Fix two TrueCrypt vulnerabilities reported by James Forshaw (Google Project Zero)
CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by abusing drive letter handling.
CVE-2015-7359: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.

via https://veracrypt.co...itle=Release%20Notes

panzer · « **Reply #68 on:** November 20, 2015, 12:51 PM »

http://arstechnica.c...-analysis-concludes/

Midnight Rambler · « **Reply #69 on:** October 18, 2016, 05:22 PM »

Critical flaws found in open-source encryption software VeraCrypt.