TrueCrypt - volume encryption

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
technicolordreamcoat
Posts: 126
Joined: Wed May 10, 2006 5:08 pm

TrueCrypt - volume encryption

#1 Post by technicolordreamcoat » Tue Sep 19, 2006 5:57 pm

truecrypt v4.2a has been released 3 July 06

User avatar
Andrew Lee
Posts: 2217
Joined: Sat Feb 04, 2006 9:19 am
Contact:

#2 Post by Andrew Lee » Tue Sep 19, 2006 10:02 pm

Database updated. Thanks!

User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#3 Post by Midas » Thu May 29, 2014 5:38 am

Last edited by Midas on Sun Feb 19, 2017 7:21 am, edited 1 time in total.

User avatar
webfork
Posts: 7811
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#4 Post by webfork » Fri May 30, 2014 3:11 pm

I'm split on whether or not to put a disclaimer up on the entry since the security piece of this is really unclear. I mean, insecure to who? Huge organizations with loads of money? It probably wasn't secure against them before either. Maybe we recommend using the version before the current one?

Having seen very large, very well-funded organizations make very dumb security decisions, I'm wondering if not bad isn't more than enough. Shneier for example was still using it as of two weeks ago.

Also, someone in the comments of the link above noted the following:
Those who fear that TrueCrypt is subverted might profit from spending a few minutes pondering that there are Computer Science departments all over the world with many hundreds of professors and thousands of graduate students, some of whom specialize in infosec/crypto.

Because TrueCrypt is so widely used and relied upon, the first CompSci department to announce that they'd proved a backdoor in TrueCrypt would be world-famous, attract rivers of funding, and have the best imaginable prospects for their future careers.
It's certainly a better prospect to work with an open program that has seen this kind of scrutiny rather than closed systems like FileVault and BitLocker for whom serious analysis relies upon their company of origin (Apple and Microsoft).

Suggestions welcome.
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

Marc
Posts: 153
Joined: Sun May 15, 2011 6:06 pm

Re: TrueCrypt

#5 Post by Marc » Fri May 30, 2014 5:05 pm

@Aaron you are aware of recent discoveries about NSA and commercial companies cooperation, aren't you? I can't imagine any sane person, who have followed news, using closed source encryption tools made by a "Fortune 500 company" and expect it's not backdoored. That's why a suggestion by TC developers to use one of such tools would be strange at least. It looks much more like red herring or warrant canary.
This doesn't make sense [not referring to the quote]. And for the time being I'wouldn't migrate data just yet.

User avatar
webfork
Posts: 7811
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#6 Post by webfork » Fri May 30, 2014 5:58 pm

Open TrueCrypt alternatives

* FreeOTFE - definitely portable but not cross platform and doesn't seem to be under development any longer. Still, might be more secure than TrueCrypt.


* encfs4win (Encrypted File System for Windows) http://members.ferrara.linux.it/freddy77/encfs.html ... based on encfs for Linux, it's probably cross-platform. No clear idea of the program maturity.


* DiskCryptor https://diskcryptor.net/ The program has a much better license than TrueCrypt's (GPL) but not very portable. Quoting the FAQ:
> How can I create portable version of DiskCryptor and use it from USB flash drive?

Portable mode will be realized together with container's support as they can be mounted without driver installation. Currently DiskCryptor supports volumes and driver installation is obligatory (administrator rights required) and the following restart (it is possible to load driver without rebooting, however in this case filter can be assigned with volume class only by hacks, which I do not want to use).
The FAQ goes on to say that the driver installation (and admin access requirement) isn't something they could remove without a substantial rewrite. I'm also going to go ahead and guess that this makes the program difficult to take beyond Windows.
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

User avatar
joby_toss
Posts: 2902
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: TrueCrypt

#7 Post by joby_toss » Fri May 30, 2014 9:28 pm

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
http://truecrypt.sourceforge.net/

I don't believe this shit! Why a security software programmer would say that his software "may" contain security issues? Does it or doesn't it? Is this sourceforge page hacked? TC wasn't updated for many months, so I think that 7.1a version is secure enough. I won't switch to any other software until I have real proof that TC is trash. I'll keep an eye on this: https://twitter.com/OpenCryptoAudit/sta ... 4977131520 More here: http://www.pcworld.com/article/2143841/ ... found.html

User avatar
joby_toss
Posts: 2902
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: TrueCrypt

#8 Post by joby_toss » Sat May 31, 2014 10:16 am

Sorry for the double post, but this is important:
http://truecrypt.ch/

User avatar
Andrew Lee
Posts: 2217
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: TrueCrypt

#9 Post by Andrew Lee » Sat May 31, 2014 9:40 pm

I am using TrueCrypt myself and I will simply wait for the code audit to be out.

This whole affair is really fishy but since it is open-source, I think the source code can stand for itself.

User avatar
JohnTHaller
Posts: 614
Joined: Wed Feb 10, 2010 4:44 pm
Location: New York, NY
Contact:

Re: TrueCrypt

#10 Post by JohnTHaller » Sun Jun 01, 2014 6:40 am

While the source code is available, it is worth pointing out that it is not 'open source' by the common definition (according to the FSF, OSI, Ubuntu, Debian, etc). It's more like 'freeware with source available' in many ways. TrueCrypt is under a one-off license called the TrueCrypt license designed to specifically discourage forks. It's incompatible with other open source licenses (limiting code re-use), doesn't permit use of the TrueCrypt name, requires an advertising clause (like the old, frowned-upon, 4-clause BSD license), and specifically allows the original authors to sue you. All of this seems put in place to allow the original authors to shut down the project if they see fit. And to disallow anyone to continue development of 'TrueCrypt' as is without changing the name even if the authors have no interest in continuing.

Realistically, someone could probably continue it as TrueCrypt, but they'd always have the possibility of a lawsuit hanging over their head. And anyone wishing to utilize the code or binaries in other projects will have a similar worry. We still don't know why it was shut down, though several folks in the community are theorizing they they received a National Security Letter and this was their way of letting the world know without stating that they did and being thrown in jail.
PortableApps.com - The open standard for portable software | Support Net Neutrality

User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#11 Post by Midas » Mon Jun 02, 2014 2:17 am

JohnTHaller wrote:We still don't know why it was shut down, though several folks in the community are theorizing they they received a National Security Letter and this was their way of letting the world know without stating that they did and being thrown in jail.
  • In support of that theory one of the best explanations I came across is at http://en.wikipedia.org/wiki/Warrant_Canary...

    And before anyone shouts "conspiracy theory alert", reputable sources confirm that this is not entirely unheard of: some US public libraries setup similar strategies to defend patron privacy in case of user record subpoenas under provisions from so-called "Patriot Act"...

User avatar
webfork
Posts: 7811
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#12 Post by webfork » Thu Jun 05, 2014 4:18 pm

Haller wrote:TrueCrypt is under a one-off license called the TrueCrypt license designed to specifically discourage forks.
I always assumed that the Truecrypt license was there so that they could eventually start a company surrounding that program. This frankly would have protected them better than staying anonymous. After all, Microsoft just successfully defended themselves against an NSL.

Regardless, I much prefer standard, tested licensing.

Hopefully someone will run a kickstarter or something similar and stand the server up in Germany, Switzerland, or whatever country that would be friendly to an effort like this. I don't expect it would ever offer iron clad security, but access to open, reasonably strong security measures shouldn't be revolutionary or strange.

Someone suggested over on Schneier's site that LUKS would be a much better base to start with than forking TrueCrypt. FreeOTFE lists support for them, though I don't know what version since it's evidently no longer under development.
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

User avatar
webfork
Posts: 7811
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#13 Post by webfork » Thu Jun 05, 2014 4:53 pm

webfork wrote:I'm split on whether or not to put a disclaimer up
Given that the website now offers a crippled version of TrueCrypt, I went ahead and added a something.
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#14 Post by Midas » Thu Jun 19, 2014 12:52 am

webfork wrote:Open TrueCrypt alternatives
[...]
* DiskCryptor https://diskcryptor.net/ The program has a much better license than TrueCrypt's (GPL) but not very portable.

User avatar
Midas
Posts: 4294
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#15 Post by Midas » Wed Jul 02, 2014 2:55 pm

For whom it may concern, the Open Crypto Audit Project has this posted at their site:

Post Reply