Jump to content

TrueCrypt

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Daniel15 (talk | contribs) at 07:51, 30 May 2014 (Grammar fix: it's to its). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

TrueCrypt
Developer(s)TrueCrypt Foundation
Written inC, C++, Assembly
Operating system
Available inMultilingual (30)[4]
(although most are incomplete translations)
TypeDisk encryption software
LicenseTrueCrypt License v 3.0
Websitetruecrypt.org

TrueCrypt was an source-available[1] freeware application used for on-the-fly encryption (OTFE). It could create a virtual encrypted disk within a file or encrypt a partition or (under Microsoft Windows except Windows 8 with GPT) the entire storage device (pre-boot authentication).

On May 28th, 2014 TrueCrypt announced its end-of-life on its website with an abrupt warning and instructions on how to transfer TrueCrypt-encrypted files to BitLocker, the Microsoft-owned service built into Microsoft Vista Ultimate and Enterprise, Windows 7 Ultimate and Enterprise, and Windows 8 Pro and Enterprise versions. The warning suggested that TrueCrypt was intended to be used on Windows XP, Microsoft's earlier operating system, which lacks a built-in encryption option. [5]

"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP," the warning read. "Windows 8/7/Vista and later offered integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms." [6]

History

See also: TrueCrypt release history

TrueCrypt was initially released as version 1.0 in February 2004, based on E4M (Encryption for the Masses). Several versions and many additional minor releases have been made since then, with the most current version being 7.1a, released 7 February 2012.[7]

E4M and SecurStar dispute

Original release of TrueCrypt was made by anonymous developers deemed "the TrueCrypt Team".[8] Shortly after version 1.0 was released in 2004, the TrueCrypt Team reported receiving emails from Wilfried Hafner, manager of SecurStar, a computer security company.[9] According to the TrueCrypt Team, Hafner claimed in the emails that the acknowledged author of E4M, developer Paul Le Roux, had stolen the source code from SecurStar as an employee. It was further stated that Le Roux illegally distributed E4M, and authored an illegal license permitting anyone to base derivative work on the code and distribute it freely. Hefner alleges all versions of E4M always belonged only to SecurStar, and Le Roux did not have any right to release it under such a license.

This led the TrueCrypt Team to immediately stop developing and distributing TrueCrypt, which they announced online through usenet.[9] TrueCrypt Team member David Tesařík stated that Le Roux informed the team that there was a legal dispute between himself and SecurStar, and that he received legal advisement not to comment on any issues of the case. Tesařík concluded that should the TrueCrypt Team continue distributing TrueCrypt, Le Roux may ultimately be held liable and be forced to pay consequent damages to SecurStar. To continue in good faith, he said, the team would need to verify the validity of the E4M license. However, because of Le Roux's need to remain silent on the matter, he was unable to confirm or deny its legitimacy, keeping TrueCrypt development in limbo.[9][10]

Thereafter, would-be visitors reported trouble accessing the TrueCrypt website, and 3rd party mirrors appeared online making the source code and installer continually available, outside of official sanction by the TrueCrypt Team.[11][12]

In the FAQ section of its website, SecurStar maintains its claims of ownership over both E4M and Scramdisk, another free encryption program. The company states that with those products, SecurStar "had a long tradition of open source software", but that "competitors had nothing better to do but to steal our source code", causing the company to make its products closed-source, offering the ability to review the code for security only to selected customers, after they placed a substantial order and signed a non-disclosure agreement.[13]

Version 2.0

Months later on 7 June 2004, TrueCrypt 2.0 was released.[7] The new version contained a different digital signature than that of the original TrueCrypt Team, with the developers now being referred to as "the TrueCrypt Foundation." The software license was also changed to the open source GNU General Public License (GPL). However, given the wide range of components with differing licenses making up the software, and the contested nature of the legality of the program's release, a few weeks later on 21 June, version 2.1 was released under the original E4M license to avoid potential problems relating to the GPL license.[14][7]

Version 2.1a of the software was released on 1 October 2004 on SourceForge at a "truecrypt" subdomain.[7] By May 2005, the original TrueCrypt website returned as truecrypt.org, which remains the official site to this day. The SourceForge URL continues to redirect to this site.

End of life announcement

On 28 May 2014, the TrueCrypt official website began redirecting to the SourceForge domain with a HTTP 301 "Moved Permanently" status, displaying a page featuring a warning that the software may contain unfixed security issues, and that development of TrueCrypt was ended "in 5/2014 after Microsoft terminated support of Windows XP." The message noted that more recent versions of Windows have built-in support for disk encryption using Bitlocker, and that Linux and Mac had similar built-in solutions, which the message states renders TrueCrypt unnecessary. The page recommends any data encrypted by TrueCrypt be migrated to other encryption setups and offered instructions on moving to BitLocker. The page also announced a new software version, 7.2, which only allows decryption. As of May 29, 2014, the authenticity of the announcement and new software has not been confirmed.[15][16][17] Multiple theories attempting to explain the reason behind the announcement arose throughout the tech community.[18][19]

Operating systems

TrueCrypt supports Microsoft Windows, OS X and GNU/Linux operating systems.[20] Both 32-bit and 64-bit versions of these operating systems are supported, except for Windows IA-64 (not supported) and Mac OS X 10.6 Snow Leopard (runs as a 32-bit process).[20] The version for Windows 7, Windows Vista, and Windows XP can encrypt the boot partition or entire boot drive.[21] There is an independent, compatible[1][22] implementation, tcplay, for DragonFly BSD [1] and Linux.[22][23]

Encryption scheme

Algorithms

Individual ciphers supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent.[24] The cryptographic hash functions available for use in TrueCrypt are RIPEMD-160, SHA-512, and Whirlpool.[25]

Modes of operation

TrueCrypt currently uses the XTS mode of operation.[26] Prior to this, TrueCrypt used LRW mode in versions 4.1 through 4.3a, and CBC mode in versions 4.0 and earlier.[7] XTS mode is thought to be more secure than LRW mode, which in turn is more secure than CBC mode.[27]

Although new volumes can only be created in XTS mode, TrueCrypt is backward compatible with older volumes using LRW mode and CBC mode.[7] Later versions produce a security warning when mounting CBC mode volumes and recommend that they be replaced with new volumes in XTS mode.

Keys

The header key and the secondary header key (XTS mode) are generated using PBKDF2 with a 512-bit salt and 1000 or 2000 iterations, depending on the underlying hash function used.[28]

Plausible deniability

TrueCrypt supports a concept called plausible deniability,[29] by allowing a single "hidden volume" to be created within another volume.[30] In addition, the Windows versions of TrueCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.[31]

The TrueCrypt documentation lists many ways in which TrueCrypt's hidden volume deniability features may be compromised (e.g. by third party software which may leak information through temporary files, thumbnails, etc., to unencrypted disks) and possible ways to avoid this.[32] In a paper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The study suggested the addition of a hidden operating system functionality; this feature was added in TrueCrypt 6.0. When a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks.[31] The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released.[33]

There was a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks.[34]

Identifying TrueCrypt volumes

When analyzed, TrueCrypt volumes appear to have no header and contain random data.[35] TrueCrypt volumes have sizes that are multiples of 512 due to the block size of the cipher mode[26] and key data is either 512 bytes stored separately in the case of system encryption or two 128kB headers for non-system containers.[36] Forensics tools may use these properties of file size, apparent lack of a header, and a randomness tests to attempt to identify TrueCrypt volumes.[37] Although these features give reason to suspect a file to be a TrueCrypt volume, there are, however, some programs which exist for the purpose of securely erasing files by employing a method of overwriting file contents, and free disk space, with purely random data (i.e. "shred" & "scrub"[38]), thereby creating reasonable doubt to counter pointed accusations declaring a file, made of statistically random data, to be a TrueCrypt file.[29][39]

If a system drive, or a partition on it, has been encrypted with TrueCrypt, then only the data on that partition is deniable. When the TrueCrypt boot loader replaces the normal boot loader, an offline analysis of the drive can positively determine that a TrueCrypt boot loader is present and so lead to the logical inference that a TrueCrypt partition is also present. Even though there are features to obfuscate its purpose (i.e. displaying a BIOS-like message to misdirect an observer such as, "Non-system disk" or "disk error"), these reduce the functionality of the TrueCrypt boot loader and do not hide the content of the TrueCrypt boot loader from offline analysis.[40] Here again, the use of a hidden operating system is the suggested method for retaining deniability.[31]

Performance

TrueCrypt supports parallelized[41] encryption for multi-core systems and, under Microsoft Windows, pipelined read/write operations (a form of asynchronous processing)[42] to reduce the performance hit of encryption and decryption. On newer processors supporting the AES-NI instruction set, TrueCrypt supports hardware-accelerated AES to further improve performance.[43] The performance impact of disk encryption is especially noticeable on operations which would normally use Direct Memory Access (DMA), as all data must pass through the CPU for decryption, rather than being copied directly from disk to RAM.

In a test carried out by Tom's Hardware, although TrueCrypt is slower compared to an unencrypted disk, the overhead of real-time encryption was found to be similar regardless of whether mid-range or state-of-the-art hardware is in use, and this impact was "quite acceptable".[44] In another article the performance cost was found to be unnoticeable when working with "popular desktop applications in a reasonable manner", but it was noted that "power users will complain".[45]

Incompatibility with FlexNet Publisher and SafeCast

Main article: FlexNet Publisher § Issues with Bootloaders

Installing third party software which uses FlexNet Publisher or SafeCast (which are used for preventing software piracy on products by Adobe such as Adobe Photoshop), can damage the TrueCrypt bootloader on Windows partitions/drives encrypted by TrueCrypt and render the drive unbootable.[46] This is caused by the inappropriate design of FlexNet Publisher writing to the first drive track and overwriting whatever non-Windows bootloader exists there.[47]

Security concerns

TrueCrypt is vulnerable to various known attacks which are also present in other software-based disk encryption software such as BitLocker. To prevent those, the documentation distributed with TrueCrypt requires users to follow various security precautions.[48] Some of those attacks are detailed below.

Encryption keys stored in memory

TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt.[49]

Physical security

TrueCrypt documentation states that TrueCrypt is unable to secure data on a computer if an attacker physically accessed it and TrueCrypt is used on the compromised computer by the user again (this does not apply to a common case of a stolen, lost, or confiscated computer).[50] The attacker having physical access to a computer can, for example, install a hardware/software keylogger, a bus-mastering device capturing memory, or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. Attacks such as this are often called "evil maid attacks".[51]

Malware

TrueCrypt documentation states that TrueCrypt cannot secure data on a computer if it has any kind of malware installed. Some kinds of malware are designed to log keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when he or she gains physical access to the computer.[52]

The "Stoned" bootkit

The "Stoned" bootkit, an MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009,[53][54] has been shown capable of tampering TrueCrypt's MBR effectively bypassing TrueCrypt's full volume encryption.[55][56][57][58][59] (but potentially every hard disk encryption software is affected too if it does not rely on hardware-based encryption technologies like TPM, or—even if it does—if this type of attack is made with administrative privileges while the encrypted operating system is running).[60][61]

Two types of attack scenarios exist in which it is possible to maliciously take advantage of this bootkit: in the first one, the user is required to launch the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to hardware keyloggers, a malicious person needs physical access to the user's TrueCrypt-encrypted hard disk: in this context this is needed to modify the user's TrueCrypt MBR with the Stoned's one and then place the hard disk back on the unknowing user's PC, so that when the user boots the PC and types his/her TrueCrypt password on boot, the "Stoned" bootkit intercepts it thereafter because, from that moment on, the Stoned bootkit is loaded before TrueCrypt's MBR in the boot sequence. The first type of attack can be prevented as usual by good security practices, e.g. avoid running non-trusted executables with administrative privileges. The second one can be successfully neutralized by the user if he/she suspects that the encrypted hard disk might have been physically available to someone he/she does not trust, by booting the encrypted operating system with TrueCrypt's Rescue Disk instead of booting it directly from the hard disk. With the rescue disk, the user can restore TrueCrypt's MBR to the hard disk.[62]

TrueCrypt and the Trusted Platform Module

The FAQ section of the TrueCrypt website states that the Trusted Platform Module (TPM) cannot be relied upon for security, because if the attacker has physical or administrative access to the computer and you use it afterwards, the computer could have been modified by the attacker e.g. a malicious component—such as a hardware keystroke logger—could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, TrueCrypt will not support the TPM.[61]

Security Audits

In 2013 a graduate student at Concordia University published an on-line detailed report, in which he states that he has confirmed the integrity of the distributed Windows binaries of version 7.1a.[63]

A crowdfunding campaign attempting to conduct an independent security audit of Truecrypt has been successfully funded on October 2013 and has since then established contact with Truecrypt developers.[64][65] A partial audit has been successfully completed in 2014, finding "no evidence of backdoors or malicious code". Matthew D. Green, one of the auditors, added "I think it's good that we didn't find anything super critical."[66]

John Doe

In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives.[67][68][69] The court's ruling noted that FBI forensic examiners were unable to get past TrueCrypt's encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe's Fifth Amendment right to remain silent legally prevented the Government from making him or her do so.[70][71]

Operation Satyagraha

In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the help of the FBI, who used dictionary attacks against Dantas' disks for over 12 months, but were still unable to decrypt them.[72]

License and Open Source status

^ TrueCrypt is released under the "TrueCrypt License" which is unique to the TrueCrypt software.[73] It is not part of the pantheon of widely used open source licenses and is not a free software license according to the Free Software Foundation (FSF) license list, as it contains distribution and copyright-liability restrictions.[74] As of version 7.1a (released Feb 2012), the TrueCrypt License is Version 3.0.

Discussion of the licensing terms on the Open Source Initiative (OSI)'s license-discuss mailing list in October 2013 suggests that the TrueCrypt License has made progress towards compliance with the Open Source Definition but would not yet pass if proposed for certification as Open Source software.[75][74]

According to current OSI president Simon Phipps:

...it is not at all appropriate for [TrueCrypt] to describe itself as "open source." This use of the term "open source" to describe something under a license that's not only unapproved by OSI but known to be subject to issues is unacceptable.[74]

As a result of its questionable status with regard to copyright restrictions and other potential legal issues,[76] the TrueCrypt License is not considered "free" by several major Linux distributions and is therefore not included in: Arch Linux,[77] Debian,[78] Ubuntu,[79] Fedora,[80] openSUSE,[81] Gentoo.[82]

End of life and License Version 3.1

The 28 May 2014 announcement of discontinuation of TrueCrypt also came with a new version 7.2 of the software. Among the many changes to the source code from the previous release were changes to the TrueCrypt License — including removal of specific language that required attribution of TrueCrypt as well as a link to the official website to be included on any derivative products — forming a license version 3.1.[83]

Trademark

The TrueCrypt trademark was registered in the Czech Republic under name of David Tesařík.[84]

Planned features

According to the TrueCrypt website[85] the following features were planned for future releases:

  • Full support for Windows 8
  • Ability to encrypt Windows system partitions/drives on UEFI-based computers
  • Command line options for volume creation (already implemented in Linux and Mac OS X versions)
  • "Raw" CD/DVD volumes

Audit


See also

Notes

  1. ^ Using the tcplay implementation

References

  1. ^ a b c "DragonFly On-Line Manual Pages". DragonFly BSD Project. Retrieved 2011-07-17.
  2. ^ "Cryptonite". Google Play. Retrieved 2014-05-24.
  3. ^ "EDS Lite". Google Play. Retrieved 2014-05-24.
  4. ^ http://www.truecrypt.org/localizations.php
  5. ^ http://www.tomsguide.com/us/truecrypt-may-be-compromised,news-18861.html
  6. ^ http://truecrypt.sourceforge.net/
  7. ^ a b c d e f "Version History". TrueCrypt Foundation. Retrieved 2009-10-01.
  8. ^ "Version Information". TrueCrypt User’s Guide, version 1.0. TrueCrypt Team. 2004-02-02. Archived from the original on 2004-02-05. Retrieved 2014-05-28.
  9. ^ a b c TrueCrypt Team (2004-02-03). "P. Le Roux (author of E4M) accused by W.Hafner (SecurStar)". Newsgroupalt.security.scramdisk. a7b8b26d77f67aa7c5cc3f55b84c3975@news.teranews.com. Retrieved 2014-05-28.
  10. ^ David T. (2004-02-07). "Summary of current TrueCrypt situation...?". Newsgroupalt.security.scramdisk. 30e9930aece70b0f63435ecd85a67736@news.teranews.com. Retrieved 2014-05-28.
  11. ^ Carsten Krueger (2004-02-07). "Truecrypt for David T. from Truecrypt-Team". Newsgroupalt.security.scramdisk. 76va20di0jami8nspk743kuddgj6etabhh@4ax.com. Retrieved 2014-05-28.
  12. ^ Andraia Matrix (2004-02-06). "Unofficial TrueCrypt Site". Newsgroupalt.security.scramdisk. 76va20di0jami8nspk743kuddgj6etabhh@4ax.com. Retrieved 2014-05-28.
  13. ^ "Is the source code of your software available?". Drivecrypt FAQ. SecurStar. Retrieved 2014-05-28.
  14. ^ "Version History" (PDF). TrueCrypt User’s Guide, version 3.1a. TrueCrypt Foundation. 2005-02-07. Retrieved 2014-05-28. {{cite web}}: |archive-url= is malformed: flag (help)
  15. ^ Goodin, Dan (2014-05-28), “TrueCrypt is not secure,” official SourceForge page abruptly warns, Ars Technica, retrieved 2014-05-28{{citation}}: CS1 maint: date and year (link)
  16. ^ O'Neill, Patrick (28 May 2014). "TrueCrypt, encryption tool used by Snowden, shuts down due to alleged 'security issues'". The Daily Dot. Retrieved 28 May 2014.
  17. ^ McAllister, Neil (2014-05-28), "TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'", The Register, retrieved 2014-05-29
  18. ^ Goodin, Dan (2014-05-29), Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above?, Ars Technica, retrieved 2014-05-29{{citation}}: CS1 maint: date and year (link)
  19. ^ Bar-El, Hagai (2014-05-30), The status of TrueCrypt, retrieved 2014-05-30{{citation}}: CS1 maint: date and year (link)
  20. ^ a b "Supported Operating Systems". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  21. ^ "Operating Systems Supported for System Encryption". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  22. ^ a b "README". tc-play. Retrieved 2014-03-14.
  23. ^ "FEDORA : Review Request: tcplay - Utility to create/open/map TrueCrypt-compatible volumes". FEDORA. Retrieved 2012-01-25.
  24. ^ "Encryption Algorithms". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  25. ^ "Hash Algorithms". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  26. ^ a b "Modes of Operation". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  27. ^ Fruhwirth, Clemens (2005-07-18). "New Methods in Hard Disk Encryption" (PDF). Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology. Retrieved 2007-03-10.
  28. ^ "Header Key Derivation, Salt, and Iteration Count". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  29. ^ a b "Plausible Deniability". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  30. ^ "Hidden Volume". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  31. ^ a b c "Hidden Operating System". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  32. ^ "Security Requirements for Hidden Volumes". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  33. ^ Alexei Czeskis, David J. St. Hilaire, Karl Koscher, Steven D. Gribble, Tadayoshi Kohno, Bruce Schneier (2008-07-18). "Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications" (PDF). 3rd USENIX Workshop on Hot Topics in Security. {{cite conference}}: Unknown parameter |booktitle= ignored (|book-title= suggested) (help)CS1 maint: multiple names: authors list (link)
  34. ^ Schneier, UW Team Show Flaw In TrueCrypt Deniability. Accessed on: June 12, 2012
  35. ^ Piccinelli, Mario, and Paolo Gubian. "Detecting Hidden Encrypted Volume Files via Statistical Analysis." International Journal of Cyber-Security and Digital Forensics (IJCSDF) 3.1 (2014): 30-37.
  36. ^ "TrueCrypt Volume Format Specification". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  37. ^ http://16s.us/software/TCHunt/tchunt_faq.txt (Archive http://pastebin.com/fU7ijrKn)
  38. ^ diskscrub - disk overwrite utility - Google Project Hosting
  39. ^ "Plausible Deniability". FreeOTFE. Archived from the original on 2013-01-24.
  40. ^ TrueCrypt FAQ - see question I use pre-boot authentication. Can I prevent a person (adversary) that is watching me start my computer from knowing that I use TrueCrypt?
  41. ^ "Parallelization". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  42. ^ "Pipelining". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  43. ^ "Hardware Acceleration". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  44. ^ Schmid, Patrick; Roos, Achim (2010-04-28). "Conclusion". System Encryption: BitLocker And TrueCrypt Compared. Tom's Hardware. Retrieved 2014-05-24.
  45. ^ Schmid, Patrick; Roos, Achim (2010-04-28). "Conclusion". Protect Your Data With Encryption. Tom's Hardware. Retrieved 2014-05-24.
  46. ^ "Freeze when you reboot a Windows system that has TrueCrypt Disk Encryption software and Adobe applications installed". Adobe Creative Suite Help. Adobe Systems. 2009-11-16. Retrieved 2014-05-24.
  47. ^ "Incompatibilities". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  48. ^ "Security Requirements and Precautions". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  49. ^ Alex Halderman; et al. "Lest We Remember: Cold Boot Attacks on Encryption Keys". {{cite web}}: Explicit use of et al. in: |author= (help)
  50. ^ "Physical Security". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  51. ^ Schneier, Bruce (2009-10-23). ""Evil Maid" Attacks on Encrypted Hard Drives". Schneier on Security. Retrieved 2014-05-24.
  52. ^ "Malware". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-24.
  53. ^ "Stoned bootkit White Paper" (PDF). Black Hat Technical Security Conference USA 2009. Peter Kleissner. Retrieved 2009-08-05.
  54. ^ "Stoned bootkit Presentation Slides" (PDF). Black Hat Technical Security Conference USA 2009. Peter Kleissner. Retrieved 2009-08-05.
  55. ^ "Bootkit bypasses hard disk encryption". The H-Security (H-Online.com). Heise Media UK Ltd. Archived from the original on 1 August 2009. Retrieved 2009-08-05.
  56. ^ David M Williams (2009-09-07). "The dark side of open source software is Stoned". iTWire.
  57. ^ Hunt, Simon (2009-08-04). "TrueCrypt vs Peter Kleissner, Or Stoned BootKit Revisited." Simon Hunt. Retrieved 2014-05-24.
  58. ^ Uli Ries (2009-07-30). "Bootkit hebelt Festplattenverschlüsselung aus" (in German). Heise Online.
  59. ^ "Windows-Hacking: TrueCrypt Verschlüsselung umgangen" (in German). Gulli News. 2009-07-30.
  60. ^ "Stoned bootkit attacking TrueCrypt's full volume encryption". TrueCrypt Foundation mail in response to Peter Kleissner on 18/07/2009. Retrieved 2009-08-05.
  61. ^ a b "Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?". TrueCrypt FAQ. TrueCrypt Foundation. Retrieved 2011-08-24.
  62. ^ Kleissner, Peter (2009-07-21). "TrueCrypt Foundation is a joke to the security industry, pro Microsoft". Peter Kleissner. Archived from the original on 2010-08-18. Retrieved 2009-08-05.
  63. ^ Xavier de Carné de Carnavalet (2013). "How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries".
  64. ^ "The TrueCrypt Audit Project". Indiegogo. Retrieved 2013-11-02.
  65. ^ "TrueCrypt Audit Endorsed by Development Team". Threatpost. Retrieved 2013-11-02.
  66. ^ Farivar, Cyrus (2014-04-14), TrueCrypt audit finds “no evidence of backdoors” or malicious code, Ars Technica, retrieved 2014-05-24{{citation}}: CS1 maint: date and year (link)
  67. ^ Palazzolo, Joe (2012-02-23), Court: Fifth Amendment Protects Suspects from Having to Decrypt Hard Drives, The Wall Street Journal, retrieved 2014-05-24{{citation}}: CS1 maint: date and year (link)
  68. ^ Kravets, David (2012-02-24), Forcing Defendant to Decrypt Hard Drive Is Unconstitutional, Appeals Court Rules, Wired, retrieved 2014-05-24{{citation}}: CS1 maint: date and year (link)
  69. ^ Court Rules TrueCrypt User Cannot Be Compelled To Decrypt Hard Disk - informationliberation
  70. ^ United States v. John Doe, 11–12268 & 11–15421 (11th Cir. 2012-02-23).
  71. ^ United States v. John Doe
  72. ^ Leyden, John (2010-06-28). "Brazilian banker's crypto baffles FBI". The Register. Retrieved 2010-08-13.{{cite web}}: CS1 maint: date and year (link)
  73. ^ TrueCrypt License. Accessed on: May 21, 2012
  74. ^ a b c Phipps, Simon (2013-11-15), TrueCrypt or false? Would-be open source project must clean up its act, InfoWorld, retrieved 2014-05-20{{citation}}: CS1 maint: date and year (link)
  75. ^ Fontana, Richard (October 2013). "TrueCrypt license (not OSI-approved; seeking history, context)". Retrieved 2013-10-26.
  76. ^ Tom Callaway of Red Hat about TrueCrypt licensing concern Accessed on July 10, 2009
  77. ^ Arch Linux Truecrypt PKGBUILD Accessed on: July 17, 2011
  78. ^ Debian Bug report logs - #364034. Accessed on: January 12, 2009.
  79. ^ Bug #109701 in Ubuntu. Accessed on: April 20, 2009
  80. ^ TrueCrypt licensing concern Accessed on: April 20, 2009
  81. ^ non-OSI compliant packages in the openSUSE Build Service. Accessed on: April 20, 2009
  82. ^ Gentoo bug 241650. Accessed on: April 20, 2009
  83. ^ "TrueCrypt License Version 3.1". TrueCrypt Foundation. 2014-05-28. Retrieved 2014-05-29.
  84. ^ Intellectual Property Digital Library; search trademarks directory for IRN/925625
  85. ^ "Future". TrueCrypt Foundation. Retrieved 2014-05-24.
  86. ^ http://www.siteadvisor.com/restricted.html?domain=http:%2F%2Fistruecryptauditedyet.com%2F&originalURL=1610730724&pip=false&premium=true&client_uid=630902241&client_ver=3.6.6.129&client_type=IEPlugin&suite=true&aff_id=636&locale=en_us&ui=1&os_ver=6.1.1.0
Wikimedia Commons has media related to TrueCrypt.
Retrieved from "https://en.wikipedia.org/w/index.php?title=TrueCrypt&oldid=610759048"