TrueCrypt - volume encryption [discontinued]
Re: TrueCrypt
DiskCryptor Softpedia Review
P.S. should we make a separate discussion for DiskCryptor (or maybe there is one and I couldn't find it)?
P.S. should we make a separate discussion for DiskCryptor (or maybe there is one and I couldn't find it)?
Re: TrueCrypt
Some news on resurrecting (or whatever) TrueCrypt:
CipherShed (https://ciphershed.org/about/) is a program that's claiming to be forking TrueCrypt and continuing development. It's still in the development stage, but here's what they said about the license situation, although I'm obviously not 100% clear that the original license allows forking: https://wiki.ciphershed.org/License What license they're going to end up using looks like LGPL, but it's currently a bit unclear.
More on this plan here: https://forum.ciphershed.org/viewtopic. ... cense#p289 ...
Assuming they actually go with LGPL for the license, I'm very encouraged by this.
CipherShed (https://ciphershed.org/about/) is a program that's claiming to be forking TrueCrypt and continuing development. It's still in the development stage, but here's what they said about the license situation, although I'm obviously not 100% clear that the original license allows forking: https://wiki.ciphershed.org/License What license they're going to end up using looks like LGPL, but it's currently a bit unclear.
More on this plan here: https://forum.ciphershed.org/viewtopic. ... cense#p289 ...
Assuming they actually go with LGPL for the license, I'm very encouraged by this.
Re: TrueCrypt
I posted something to the website about portability and admin rights in the hopes that brings it up with the DEVs: https://forum.ciphershed.org/viewtopic.php?f=4&t=67webfork wrote:CipherShed
Re: TrueCrypt - volume encryption
[Moderator note: posts about TrueCrypt fork VeraCrypt have been given their own thread.]
Re: TrueCrypt
VeraCrypt is allegedly based on TrueCrypt's source code, so it isn't clear to me just how distinct the two products really are...
FTR, the latest news seem to exonerate TrueCrypt of any wrongdoing:
FTR, the latest news seem to exonerate TrueCrypt of any wrongdoing:
- TrueCrypt Audit Phase II completed: 4 vulnerabilities identified
http://www.ghacks.net/2015/04/02/truecr ... dentified/
- TrueCrypt doesn't contain NSA backdoors
http://betanews.com/2015/04/03/truecryp ... backdoors/
Re: TrueCrypt - volume encryption
FYI, here's a recent Ghacks.net review of CipherShed, highlighting its compatibility with TrueCrypt volumes:
- TrueCrypt alternative CipherShed is not dead
http://www.ghacks.net/2016/04/21/truecr ... iphershed/
Re: TrueCrypt - volume encryption
I welcome the extra effort. Obviously TrueCrypt collapsed for unclear reasons so having two projects might mean it's legacy won't die. Both projects use the the same license (Apache) so it's entirely possible they could grow and improve in tandem.Midas wrote:FYI, here's a recent Ghacks.net review of CipherShed
Re: TrueCrypt - volume encryption
Post-mortem update: Taken at face value, Atavist Magazine credits the creation of TrueCrypt to international cyber-criminal Paul Le Roux, whose apprehension apparently coincides with the takedown of the project page. For those interested, Le Roux exploits make for fascinating reading at:
And even after all the time passed over the project demise, Wikipedia's entry is still a sober account of the program's virtues:
And even after all the time passed over the project demise, Wikipedia's entry is still a sober account of the program's virtues:
Re: TrueCrypt - volume encryption
Just the wikipedia page is totally insane: https://en.wikipedia.org/wiki/Paul_Le_Roux
Anyway if he really just yanked the program from a commercial entity, it sucks that he basically stole the code and gave it away with an open license. Still, I'm sort of glad he did just because so many people have benefited from a quality free security tool. God only knows how many stolen laptops had important financial info and other data kept secret thanks to that program. Still I'm not sure it outweighs the evil from what the article suggests is a multiple-murderer.
Anyway if he really just yanked the program from a commercial entity, it sucks that he basically stole the code and gave it away with an open license. Still, I'm sort of glad he did just because so many people have benefited from a quality free security tool. God only knows how many stolen laptops had important financial info and other data kept secret thanks to that program. Still I'm not sure it outweighs the evil from what the article suggests is a multiple-murderer.
Re: TrueCrypt - volume encryption
Totally!webfork wrote:Just the wikipedia page is totally insane: https://en.wikipedia.org/wiki/Paul_Le_Roux
My take on this is whatever personal (bad) motives drove him, there is an objective outcome that really is a powerful tool for the greater good -- as can be gleaned from various reputable computer security sources (some links below).webfork wrote:I'm sort of glad he did just because so many people have benefited from a quality free security tool. God only knows how many stolen laptops had important financial info and other data kept secret thanks to that program. Still I'm not sure it outweighs the evil from what the article suggests is a multiple-murderer.
Incidentally, although in the aftermath of TrueCrypt's closure the recurring recommendation appears to be to use Microsoft Bitlocker, I wouldn't touch anything Microsoft with the proverbial ten foot pole for this purpose...
- The moral character of cryptographic work
http://boingboing.net/2015/12/09/the-mo ... yptog.html - Everything you need to know about encryption
https://www.washingtonpost.com/news/the ... -about-it/ - Encrypting Your Laptop Like You Mean It
https://theintercept.com/2015/04/27/enc ... like-mean/ - Surveillance Self-Defense EFF Guide
https://ssd.eff.org/en
Re: TrueCrypt - volume encryption
hi
about truecrypt 7.1a when i close it ,it delete LEGACY_TRUECRYPT
so it should be correct
can somebody confirm ?
my hashes
thanks
about truecrypt 7.1a when i close it ,it delete LEGACY_TRUECRYPT
so it should be correct
can somebody confirm ?
my hashes
Code: Select all
< k:\True\truecrypt64\truecrypt-x64.sys >
MD5: 370A6907DDF79532A39319492B1FA38A
SHA-1: 17C46EBC6F4977AFBCF4AA11ECCEE524FD95B1C8
SHA-256: 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8
< k:\True\truecrypt64\truecrypt.sys >
MD5: ED5E4CE36C54F55E7698642E94D32EC7
SHA-1: 62FC4F76540740E63C7F0A33E3A1B66411F0A303
SHA-256: 07BD324083D1784F8F716C528D530003369E6D87EFC7B79BCAA1767F80DA4FDC
< k:\True\truecrypt64\TrueCrypt Format.exe >
MD5: 48538C19ABE905D22E147B1C25D90880
SHA-1: 34442E400E6CB2534F33A0B1599DEFE36EEFEF2A
SHA-256: 4E32F3D2AECBBB202E13738F5465E83BB5F21B05E587D7BBE811C8019116BB77
< k:\True\truecrypt64\TrueCrypt.exe >
MD5: FA8F08013422A4EB68072668B3A73293
SHA-1: 4C4891F5EAFCF9B96BE01E31031992D9E98D39C3
SHA-256: 7F4E7AC770928E9D313B7E91DB4B904A98F3D8BBAC3E0B88FBCA9EF15DD6ED71
thanks
Re: TrueCrypt - volume encryption
Just look them up on VirusTotal (I couldn't figure out how to do direct links).
Re: TrueCrypt - volume encryption
This old piece of analysis just came to my attention but the issue is severe enough to warrant a warning... I have no idea if forks like VeraCrypt exhibit the same behaviour, so heed should be paid.
In my own experience, only two methods dependably synchronized contents of TrueCrypt files existing on different computers.
- Manually copy the entire current file to another computer and overwrite the outdated version -– a time-consuming process that has to be repeated every time synchronization is needed.
- Use FreeFileSync to automate the process. This program has always synchronized TrueCrypt files perfectly for me. (You might have a similar folder synchronization program that also works perfectly for you because it uses the same Windows copying routines that FreeFileSync uses.)
Re: TrueCrypt - volume encryption
Very interesting stuff and good to know. A lot of cloud service free offerings have been more and more generous with file size limits so you can post a larger and larger encrypted volume. However, if the sync is even a few bits off for whatever reason (e.g. I think BitTorrent sync doesn't upload until more than a few megs of data change are detected), you can have some serious problems.
Good post, thanks.
Good post, thanks.