TrueCrypt

TrueCrypt is a software for data encryption, especially for full or partial encryption of hard disks and removable media. The program runs under Windows from the 2000 version, Mac OS X version 10.4 and Linux using FUSE. TrueCrypt is indeed available as source code, and in the license agreement it is mentioned that TrueCrypt " open source " and "free" is, but the software is considered due to legal problems as neither free software nor do they correspond to the Open Source Definition of Open Source initiative.

Functions

Algorithms

TrueCrypt offers the encryption algorithms AES, Twofish and Serpent. In addition to the use of a single algorithm is also the option available to cascade several algorithms.

Partition or container encryption

TrueCrypt has three modes of operation in dealing with encrypted data:

Concept of plausible deniability

A safety feature of TrueCrypt is the concept of plausible deniability (English plausible deniability ), which is the ability to consciously avoid traces of hidden data. Thus, it is impossible to prove the existence of encrypted data. TrueCrypt provides for this purpose a special feature: hidden container ( Hidden volumes) can be hidden within the free space of another encrypted volume. If you, for example, forced to surrender the password for the volume that you are out only the password for the outer volume; the hidden and encrypted with a different password volume remains undetected. So an attacker sees only unimportant Alibi data, the confidential data are encrypted in the free space of the hidden encrypted volume. However, it should be noted that traces may remain on the physical disk, the operating system or within the programs used, which reveal the existence of the hidden volume for an attacker.

Portable mode

Since version 3.1, TrueCrypt also supports a so-called "portable mode ", meaning the program does not need to be installed (see also Portable Software ). This can eg be started from USB sticks. For this mode, however, Administrator rights are required on the Windows operating systems because, as in the installed version, a device driver must be loaded at the start of TrueCrypt for the ( transparent ) encryption and decryption.

Alternatively, the start is possible at a live system based on Windows such as Windows PE or Bart PE. Since these systems write by itself not to the hard drive, but act in the main memory, a high level of safety is ensured.

Encrypting system partitions

Since version 5.0, TrueCrypt also supports the "Full System Encryption " or " WDE " called (also known as Pre-Boot Authentication known ) complete encryption of Windows system partition or the entire hard disk, on which a system partition is located. Are currently supported Windows XP, Windows Vista, Windows 7 and Windows Server 2003, each in the 32 - or 64 -bit versions. If the entire system partition is encrypted, a special TrueCrypt Boot Loader, which prompts you for a password appears before booting the operating system. This call can be since version 6.1 but also suppress or replace with your own text. As the boot loader is stored unencrypted on the hard drive, does not interfere with the principle of plausible deniability here. Instead, however, a hidden operating system can be stored within a TrueCrypt partition. One advantage of the encryption of the system partition is that temp, swap and hibernation files are stored encrypted on the partition. However, this is version 7.0 for Windows Vista, Windows 7 and Windows 8 systems even without encryption system. TrueCrypt used here, however, Microsoft Windows own encryption mechanisms to securely store these files.

It is possible both to encrypt already existing system partitions and hard drives while Windows is running, as well as to interrupt this process and continue at a later date. Also, it is possible also in the current Windows operating to make the encryption undo. Not yet fully encrypted or decrypted partitions can not be mounted from another system. It is therefore recommended not to unduly disrupt the process.

At the beginning of the encryption process a system partition or disk TrueCrypt creates an ISO image for a system-specific rescue CD ( " Rescue Disk "), which enables you to restore the broken head area or the bootloader in an emergency. The data in the partition can not be recovered by the CD. The ISO image must be burned to CD then; TrueCrypt encryption starts only after the error-free readability of the Recovery CD was examined. Administrators can use this otherwise compelling verification through virtual drives or a command- line option to deal in order to collect the images of several central computer and burn only when needed.

Functionality with Solid State Drives ( SSD)

Due to its high throughput especially at randomly distributed read and write operations to Solid State Drives ( SSD) offer as carrier media for encrypted container files and partitions. Because of the operation of SSDs from those of conventional hard disk drives ( HDD) is fundamentally different, is not yet fully understood, the impact SSD - specific functions such as the ATA TRIM command or implemented in the controllers of SSDs wear leveling have in conjunction with the use of TrueCrypt on the performance and longevity of SSDs. At least with the use of encrypted system partitions leads TrueCrypt the TRIM command to the SSD on. This applies to all partitions that are protected by the encryption system, but not when encrypting conventional partitions and containers. By passing the TRIM command, an attacker can determine how much data is actually stored on the SSD. For hidden operating systems, the TRIM command is not passed to ensure the credible deniability.

Maybe it is recommended for the encryption of entire SSD drives or entire partitions to leave a portion of the space of the SSD unused ( unpartitioned ) to give the SSD controller the opportunity to take advantage of the free blocks for wear leveling and so to increase the longevity of the SSD. For system partitions without hidden operating system, this is not necessary (see above).

In particular, the performance when reading encrypted SSDs has been improved through the support of read-ahead buffering under Windows since version 6.2.

Attack scenario

Since July 2009, a bootkit circulating for all Windows versions of the x86 architecture, which can spy to enter the password for the TrueCrypt pre-boot authentication. So far, EFI systems all x86 machines with conventional BIOS are affected, do not. After a successful infection, the bootkit, which is loaded in a computer start first and hangs between Windows and TrueCrypt, can not be detected by virus scanners.

There is another attack scenario that can lead to obtaining the secret TrueCrypt password. This requires a currently running system with gemountetem TrueCrypt volume. In this state, can be copied with a special software via a FireWire connection to the contents of memory on a locked computer. This dump can then be searched with the attack software and password are extracted. This may eventually be mounted and read by the attacker the TrueCrypt volume.

The use of a so-called Cold Boot attack can be used to attack an encrypted using TrueCrypt volume. Here it is, under certain conditions in a narrow space of time window after you turn off a computer possible to read the data required for decryption cryptographic keys from memory.

License

TrueCrypt is based on Encryption for the Masses ( E4M ), whose development had been discontinued in 2000. In early 2004, the program was further developed as TrueCrypt. A disadvantage of this gradual development is inconsistent license. The source code of the program is indeed open, but individual program parts have different and sometimes author-specific licenses, which are then summarized in the TrueCrypt Collective License, which was not recognized by the OSI certified yet by the Free Software Foundation as free and is GPL - incompatible. A standardization of the license is currently not in view as it the consent of all parties would be necessary. After a check of the license version 1.3 Debian looked due to possible legal issues the license from them to recognize it as a DFSG -compliant. Also the Fedora Project does not recommend the same reasons the use of the software. The current license version 3.0 allows only a passing unchanged for the full program. However, one can use parts of the software or the source code and use in your own projects, if license and copyrights are specified in the program or project and your project is not wearing a similar-sounding name.

History

Different versions for Linux is available since version 4.0. Since version 4.2 it is also possible to create encrypted partitions under Linux, before that only the use of partitions created in Windows was possible. Since version 5.0, TrueCrypt is also available for Mac OS X 10.4 and 10.5 are available. Since version 6.0, there is also for Linux and Mac OS X the ability to create hidden containers (hidden volumes ); is still in version 6.0 by parallelizing the performance has been significantly improved on multi- core processors.

The version 6.1 supports the connection of cryptographic tokens and smart cards over the cryptography standard PKCS # 11

The version 6.2 is improved by use of read-ahead buffers improve the speed of Truecrypt particularly in the use of Solid State Disks ( SSD).

The version 6.3 has among others the support on Windows 7 and Mac OS X 10.6 extended.

With version 7.0, support for hardware -accelerated AES has been introduced. This option is enabled by default in certain system configurations, but can optionally be disabled.

In consequence of the global surveillance and espionage affair, there were increased efforts to improve the reliability of TrueCrypt and to provide trusted binaries available. For this purpose was collected by means of several crowdfunding campaigns about $ 60,000, should be entrusted with the external among other security companies with an audit of the source code. For this purpose also said cryptography expert Bruce Schneier for his support. To manage the donations a non-profit organization called the Open Crypto Audit Project and the seat was established in North Carolina. An initial contract for checking the Windows software and the bootloader was signed with the company iSEC partners; the audit is to begin in January 2014. Another aim of the project is to make the TrueCrypt license compatible with established open source licenses such as the GNU General Public License.

In October 2013 it could be proven that actually make the binaries offered on the TrueCrypt website to download reproduce the published source code and is thus free of extra years not included in the publicly accessible source code backdoors.

Planned features in future versions

For later versions of the program is a TrueCrypt API to control the software with other programs, a Rohverschlüsselung for CD and DVD volumes provided. In addition, to add to the Windows version options to create volumes from the command line; they are already available in versions for Linux and Mac OS X.

Alternatives

Transparent encryption and decryption of data offer next TrueCrypt also:

• FreeOTFE
• EncFS for unix -like file systems
• DiskCryptor
• CrossCrypt
• Dm -crypt
• SecurStick for Windows from Windows XP, Mac OS X and Linux.

As well as the proprietary closed-source products:

• BoxCryptor for Windows, Linux, Mac OS X, Android and iOS is based on the algorithm of EncFS
• Cloudfogger (free)
• Prot -On for Windows, Mac OS X, Android and iOS
• Jetico Bestcrypt
• Free CompuSec
• SafeGuard Easy
• Sophos SafeGuard Enterprise
• PGP Whole Disk Encryption
• DriveCrypt
• BitLocker for Windows Vista and 7 is integrated into Microsoft's operating systems ( Vista / 7 Ultimate and Enterprise editions, Win8 Pro and Win8.1 ).
• The File Vault program since version 10.3 integrated into Apple's operating system Mac OS X.