TrueCrypt - volume encryption [discontinued]

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
technicolordreamcoat
Posts: 116
Joined: Wed May 10, 2006 5:08 pm

TrueCrypt - volume encryption [discontinued]

#1 Post by technicolordreamcoat »

[Moderator note: this is the primary TrueCrypt program thread. View database entry]

---

truecrypt v4.2a has been released 3 July 06

User avatar
Andrew Lee
Posts: 3052
Joined: Sat Feb 04, 2006 9:19 am
Contact:

#2 Post by Andrew Lee »

Database updated. Thanks!

User avatar
Midas
Posts: 6710
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#3 Post by Midas »

Last edited by Midas on Sun Feb 19, 2017 7:21 am, edited 1 time in total.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#4 Post by webfork »

I'm split on whether or not to put a disclaimer up on the entry since the security piece of this is really unclear. I mean, insecure to who? Huge organizations with loads of money? It probably wasn't secure against them before either. Maybe we recommend using the version before the current one?

Having seen very large, very well-funded organizations make very dumb security decisions, I'm wondering if not bad isn't more than enough. Shneier for example was still using it as of two weeks ago.

Also, someone in the comments of the link above noted the following:
Those who fear that TrueCrypt is subverted might profit from spending a few minutes pondering that there are Computer Science departments all over the world with many hundreds of professors and thousands of graduate students, some of whom specialize in infosec/crypto.

Because TrueCrypt is so widely used and relied upon, the first CompSci department to announce that they'd proved a backdoor in TrueCrypt would be world-famous, attract rivers of funding, and have the best imaginable prospects for their future careers.
It's certainly a better prospect to work with an open program that has seen this kind of scrutiny rather than closed systems like FileVault and BitLocker for whom serious analysis relies upon their company of origin (Apple and Microsoft).

Suggestions welcome.

Marc
Posts: 165
Joined: Sun May 15, 2011 6:06 pm

Re: TrueCrypt

#5 Post by Marc »

@Aaron you are aware of recent discoveries about NSA and commercial companies cooperation, aren't you? I can't imagine any sane person, who have followed news, using closed source encryption tools made by a "Fortune 500 company" and expect it's not backdoored. That's why a suggestion by TC developers to use one of such tools would be strange at least. It looks much more like red herring or warrant canary.
This doesn't make sense [not referring to the quote]. And for the time being I'wouldn't migrate data just yet.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#6 Post by webfork »

Open TrueCrypt alternatives

* FreeOTFE - definitely portable but not cross platform and doesn't seem to be under development any longer. Still, might be more secure than TrueCrypt.


* encfs4win (Encrypted File System for Windows) http://members.ferrara.linux.it/freddy77/encfs.html ... based on encfs for Linux, it's probably cross-platform. No clear idea of the program maturity.


* DiskCryptor https://diskcryptor.net/ The program has a much better license than TrueCrypt's (GPL) but not very portable. Quoting the FAQ:
> How can I create portable version of DiskCryptor and use it from USB flash drive?

Portable mode will be realized together with container's support as they can be mounted without driver installation. Currently DiskCryptor supports volumes and driver installation is obligatory (administrator rights required) and the following restart (it is possible to load driver without rebooting, however in this case filter can be assigned with volume class only by hacks, which I do not want to use).
The FAQ goes on to say that the driver installation (and admin access requirement) isn't something they could remove without a substantial rewrite. I'm also going to go ahead and guess that this makes the program difficult to take beyond Windows.

User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: TrueCrypt

#7 Post by joby_toss »

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
http://truecrypt.sourceforge.net/

I don't believe this shit! Why a security software programmer would say that his software "may" contain security issues? Does it or doesn't it? Is this sourceforge page hacked? TC wasn't updated for many months, so I think that 7.1a version is secure enough. I won't switch to any other software until I have real proof that TC is trash. I'll keep an eye on this: https://twitter.com/OpenCryptoAudit/sta ... 4977131520 More here: http://www.pcworld.com/article/2143841/ ... found.html

User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: TrueCrypt

#8 Post by joby_toss »

Sorry for the double post, but this is important:
http://truecrypt.ch/

User avatar
Andrew Lee
Posts: 3052
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: TrueCrypt

#9 Post by Andrew Lee »

I am using TrueCrypt myself and I will simply wait for the code audit to be out.

This whole affair is really fishy but since it is open-source, I think the source code can stand for itself.

User avatar
JohnTHaller
Posts: 714
Joined: Wed Feb 10, 2010 4:44 pm
Location: New York, NY
Contact:

Re: TrueCrypt

#10 Post by JohnTHaller »

While the source code is available, it is worth pointing out that it is not 'open source' by the common definition (according to the FSF, OSI, Ubuntu, Debian, etc). It's more like 'freeware with source available' in many ways. TrueCrypt is under a one-off license called the TrueCrypt license designed to specifically discourage forks. It's incompatible with other open source licenses (limiting code re-use), doesn't permit use of the TrueCrypt name, requires an advertising clause (like the old, frowned-upon, 4-clause BSD license), and specifically allows the original authors to sue you. All of this seems put in place to allow the original authors to shut down the project if they see fit. And to disallow anyone to continue development of 'TrueCrypt' as is without changing the name even if the authors have no interest in continuing.

Realistically, someone could probably continue it as TrueCrypt, but they'd always have the possibility of a lawsuit hanging over their head. And anyone wishing to utilize the code or binaries in other projects will have a similar worry. We still don't know why it was shut down, though several folks in the community are theorizing they they received a National Security Letter and this was their way of letting the world know without stating that they did and being thrown in jail.
PortableApps.com - The open standard for portable software | Support Net Neutrality

User avatar
Midas
Posts: 6710
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#11 Post by Midas »

JohnTHaller wrote:We still don't know why it was shut down, though several folks in the community are theorizing they they received a National Security Letter and this was their way of letting the world know without stating that they did and being thrown in jail.
  • In support of that theory one of the best explanations I came across is at http://en.wikipedia.org/wiki/Warrant_Canary...

    And before anyone shouts "conspiracy theory alert", reputable sources confirm that this is not entirely unheard of: some US public libraries setup similar strategies to defend patron privacy in case of user record subpoenas under provisions from so-called "Patriot Act"...

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#12 Post by webfork »

Haller wrote:TrueCrypt is under a one-off license called the TrueCrypt license designed to specifically discourage forks.
I always assumed that the Truecrypt license was there so that they could eventually start a company surrounding that program. This frankly would have protected them better than staying anonymous. After all, Microsoft just successfully defended themselves against an NSL.

Regardless, I much prefer standard, tested licensing.

Hopefully someone will run a kickstarter or something similar and stand the server up in Germany, Switzerland, or whatever country that would be friendly to an effort like this. I don't expect it would ever offer iron clad security, but access to open, reasonably strong security measures shouldn't be revolutionary or strange.

Someone suggested over on Schneier's site that LUKS would be a much better base to start with than forking TrueCrypt. FreeOTFE lists support for them, though I don't know what version since it's evidently no longer under development.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: TrueCrypt

#13 Post by webfork »

webfork wrote:I'm split on whether or not to put a disclaimer up
Given that the website now offers a crippled version of TrueCrypt, I went ahead and added a something.

User avatar
Midas
Posts: 6710
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#14 Post by Midas »

webfork wrote:Open TrueCrypt alternatives
[...]
* DiskCryptor https://diskcryptor.net/ The program has a much better license than TrueCrypt's (GPL) but not very portable.

User avatar
Midas
Posts: 6710
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: TrueCrypt

#15 Post by Midas »

For whom it may concern, the Open Crypto Audit Project has this posted at their site:

Post Reply