Jump to content

TrueCrypt

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 68.196.104.31 (talk) at 01:53, 23 January 2009 (These items all have an air of controversy, hence the proper section title). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

TrueCrypt
Developer(s)TrueCrypt Foundation
Stable release
6.1a / December 1, 2008 (2008-12-01)
Written inC, C++, Assembly
Operating systemCross-platform
Available in30 languages
(although many are incomplete translations)
TypeDisk encryption software
LicenseTrueCrypt Collective License
Websitewww.truecrypt.org

TrueCrypt is a software application used for real-time on-the-fly encryption. It can create a virtual encrypted disk within a file, or a device-hosted encrypted volume on either an individual partition or an entire storage device. It supports Microsoft Windows, Mac OS X and Linux, and encrypted volumes can be made portable. The version for Windows Vista or XP can encrypt the boot partition or entire boot drive, and has the ability to create and run a hidden encrypted operating system whose existence is deniable. TrueCrypt is distributed under the TrueCrypt Collective License.

Controversy reigns over TrueCrypt's unknown authors, its self proclaimed OpenSource status and basic security.

Encryption algorithms

The individual algorithms supported by TrueCrypt are AES, Serpent and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. The cryptographic hash functions used by TrueCrypt are RIPEMD-160, SHA-512, and Whirlpool.

Modes of operation

TrueCrypt currently uses the XTS mode of operation. Prior to this TrueCrypt used LRW which is less secure, though more secure than CBC mode (when used with predictable initialization vectors) used by versions 4.0 and earlier.[1]

Although new volumes can only be created in XTS mode, older LRW and CBC legacy TrueCrypt volumes can still be mounted.[2]

Performance

TrueCrypt supports both pipelined and parallelized read and write operations, and utilizes an assembly implementation of AES which almost doubles performance compared to the previous implementation of this algorithm, which was coded exclusively in C.[3]

Using TrueCrypt on a drive may decrease performance due to the encryption overhead, but there have been reports[4] that in some scenarios, encrypting a drive with TrueCrypt 5.0 or later may increase drive performance slightly due to pipelining affecting the way read and write operations are performed.

Controversy

Security concerns

New versions of TrueCrypt are released periodically and vulnerabilities that developers are aware of are progressively fixed.

TrueCrypt's hidden volume deniability features may be unintentionally compromised by third party software which may leak information through temporary files, thumbnails, etc, to unencrypted disks. In a recent study, Windows Vista, Microsoft Word and Google Desktop were evaluated and found to have this weakness. In response to this, the study recommends using the hidden operating system feature now available in TrueCrypt versions 6.0 and later. However, the security of this feature was not evaluated because it had not yet been released at the time.[5]

Developers identity

The TrueCrypt developers use the aliases "ennead" and "syncon"[6], whose real identities are unknown.

The domain name "truecrypt.org" was originally registered to a false address ("NAVAS Station, ANTARCTICA")[7][8], and was later concealed behind a Network Solutions private registration.[9]

The TrueCrypt trademark was registered in the Czech Republic under name of "David Tesarik".[10]

Licensing

The TrueCrypt Collective License is considered "non-free" (based on the Debian Free Software Guidelines) because its license has an "advertise-me" clause (similar to the type that caused the XFree86/X.Org split) that requires TrueCrypt to be named in any derivative work.[11]

Planned features

According to the TrueCrypt website[12] the following features are planned for future releases:

  • Command line options for volume creation (already implemented in Linux and Mac OS X versions)
  • 'Raw' CD/DVD volumes

History

TrueCrypt is based on Encryption for the Masses (E4M), a popular open source on-the-fly encryption (OTFE) program first released in 1997. However, E4M was discontinued in 2000 as the author, Paul Le Roux, began working on commercial OTFE software.

Version Release Date Significant Changes
1.0 February 2, 2004 Initial release. Featured support for Windows 98, ME, 2000 and XP. Added plausible deniability for containers (although due to its simplistic nature, the practical value of the "plausible deniability" offered in this version is debatable[13]), and various bugfixes and improvements over E4M.
1.0a February 3, 2004 Removed support for Windows 98 and ME because the author of the Windows 9x driver for E4M (the ScramDisk driver) gave no permission that would allow his code to be used in projects derived from E4M.[14]
2.0 June 7, 2004 Added AES algorithm. Release made under the GNU General Public License, and signed as the TrueCrypt Foundation – previous versions were signed by TrueCrypt Team.
2.1 June 21, 2004 New release due to licencing issues relating to the GNU General Public License. This release was made under original E4M license.[15]
2.1a October 1, 2004 Removed IDEA encryption algorithm. Version released on SourceForge.net, which became the official TrueCrypt domain. The official TrueCrypt domain moved back to truecrypt.org again at the beginning of May 2005, and the SourceForge website redirects to there.
3.0 December 10, 2004 Added hidden volume support for containers. Added the Serpent and Twofish algorithms, along with cascaded cipher support.
3.1 January 22, 2005 Added portable "Traveller mode", along with new volume mounting options such as being able to mount as "read only".
4.0 November 1, 2005 Added support for Linux, x86-64, Big Endian machines, Keyfiles (two-factor authentication), the Whirlpool hash algorithm and language packs.
4.1 November 25, 2005 Added LRW mode, which is more secure than CBC mode for on-the-fly storage encryption.[1] LRW mode also neutralized an exploit that could (under certain circumstances) be used to compromise the plausible deniability of a TrueCrypt volume by allowing it to be distinguished from random data.[2]
4.2 April 17, 2006 Added various features to the Linux version, such as the ability to create volumes, change passwords and keyfiles, generate keyfiles and backup/restore volume headers. In the Windows version, it introduced support for dynamic (sparse file) volumes.
4.3 March 19, 2007 Added support for Windows Vista, support for file systems using sector sizes other than 512 bytes. This release phased out support of 64-bit block ciphers, disallowing creation of new containers using the Blowfish, CAST-128 or Triple DES algorithms.
5.0 February 5, 2008 Introduced XTS mode of operation. Added Mac OS X support, Linux graphical interface and Windows system disk encryption with pre-boot authentication, ability of creation of hidden volumes within NTFS volumes, but removed the ability to create hidden volumes on Linux, use the tool on a non-gui console and the ability to create encrypted partitions from the text mode. Encrypting the system volume for Windows 2000 is no longer supported.[16] Encrypting containers and non-system volumes is still supported, however.[17]
5.1 March 10, 2008 Added support for hibernation on Windows computers where the system partition is encrypted, the ability to mount a partition in Windows that is within the key scope of system encryption without pre-boot authentication, and added command line options for creating new volumes in Linux and Mac OS X. This version also reduced the minimum memory requirements for the TrueCrypt Boot Loader (AES) from 42 KB to 27 KB in Windows and included significant improvements in AES encryption/decryption performance.
6.0 July 4, 2008 Parallelized encryption/decryption on multi-core processors (or multi-processor systems). Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors. Ability to create and run an encrypted hidden operating system whose existence is impossible to prove. Ability to create hidden volumes under Mac OS X and Linux.
6.1 October 31, 2008 Ability to encrypt a non-system partition without losing existing data on the partition (in place encryption) on Windows Vista and Windows 2008. Added support for security tokens and smart cards. TrueCrypt bootloader now customizable. Pre-boot passwords can now mount non-system volumes. Linux and Mac OS X versions can now mount an encrypted Windows encrypted system drive.
6.1a December 1, 2008 Minor improvements, bug fixes, and security enhancements.

See also

References and notes

  1. ^ a b Fruhwirth, Clemens (2005-07-18). "New Methods in Hard Disk Encryption" (PDF). Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology. Retrieved 2007-03-10.
  2. ^ a b "Version History". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2007-03-10.
  3. ^ "Version History Part 1". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2008-06-04.
  4. ^ "Security Now! Transcript of Episode #133". Security Now! / TrueCrypt 5.0. Gibson Research Corporation. Retrieved 2008-07-12.
  5. ^ Alexei Czeskis, David J. St. Hilaire, Karl Koscher, Steven D. Gribble, Tadayoshi Kohno, Bruce Schneier (2008-07-18). "Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications" (PDF). 3rd USENIX Workshop on Hot Topics in Security. {{cite conference}}: Check date values in: |date= (help); Unknown parameter |booktitle= ignored (|book-title= suggested) (help)CS1 maint: multiple names: authors list (link)
  6. ^ Developer email address
  7. ^ webreportr.com domain information for TrueCrypt
  8. ^ http://www.who.is/website-information/truecrypt.org/ who.is WHOIS
  9. ^ Network Solutions WHOIS
  10. ^ Intellectual Property Digital Library; search trademarks directory for IRN/925625
  11. ^ Debian Bug report logs - #364034. URL: http://www.mail-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034. Accessed on: January 12, 2009.
  12. ^ Features to be implemented in future versions
  13. ^ Plausible Deniability
  14. ^ The authors of Scramdisk and E4M exchanged some code – the author of Scramdisk provided a driver for Windows 9x, and the author of E4M provided a driver for Windows NT, enabling cross-platform versions of both programs.
  15. ^ "TrueCrypt User's Guide" (PDF). TrueCrypt Version 3.1a. TrueCrypt Foundation. 2005-02-07. p. p.44. Retrieved 2007-05-01. {{cite web}}: |page= has extra text (help)
  16. ^ TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Systems Supported for System Encryption
  17. ^ TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Supported Operating Systems
Retrieved from "https://en.wikipedia.org/w/index.php?title=TrueCrypt&oldid=265833546"