53 comments

[ 3.9 ms ] story [ 126 ms ] thread
No link or mention of the audit? I guess it would be very useful!
It is available the version 7.1a, but the TrueCrypt development has stopped (for now). An alternative solution is VeraCrypt (build over Truecrypt 7.1a): https://veracrypt.codeplex.com/

VeraCrypt says to add extra security features (ex. TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661): https://veracrypt.codeplex.com/discussions/569777#PostConten...

Do you think VeraCrypt is an valid alternative? or have they only fix something in TrueCrypt ( like change the CONSTANT value of iterations )

They're your most realistic option right now. They are actively developing it and added things like newer algorithms (e.g. SHA2).

There's CipherSched but that is basically a completely new program/rewrite which is very far from done.

However, I don't agree with VeraCrypts choices. They've changed several things that make mounting slow (0,5s -> 10s), which is annoying, especially if you mistype the password. Providing the option for increased security isn't bad, but they refuse to give users overrides to disable those slow security options because they are of the opinion that users can't assess the tradeoff for themselves. Which leads people to just go back to truecrypt because it works way better in their minds.

This is an odd conclusion to come to. Are there a lot of users of True/Veracrypt that don't understand this? I guess I just don't see my grandparents using either of these packages, and I can't imagine a lot of "normal" users "trying out" a new encryption program.
Just because a person is older than you doesn't mean they're either stupid or completely non-technical.

Plenty of older people started using computer in the middle of the sixties. So what if we started with card punch machines, tape readers, and mainframes?

Just exactly what do you mean by "normal?" How much computer exposure does it take before one loses that quality and becomes, well, "you?"

There are lots of grandparents coding away in cubes across the world or tinkering with their prized home-brew desktop rig. Take a reality pill, kiddo.

If anything, there are fewer younger people who will tinker with crypto because the vast majority of them think they're invincible, indestructible, and immortal, when they're really just inexperienced and gullible.

I understand that there's a prejudice against older people regarding technical ability, but the parent poster didn't actually say anything regarding old people in general, just about his/her grandparents specifically.
Grandparents _are_ the prototypical older generation. Read areound. That's become the common usage ;-)
So how are we supposed to refer to our actual grandparents, without people assuming we're making a generalization?
10 seconds is ridiculous, especially if you know what you're doing and use strong passphrases.

The passphrase to one of my TrueCrypt volumes is around 30 characters long. It's not completely random, so let's say it only has 2 bits of entropy per character. That's 60 bits total. A brute-force attack would take an average of 2^59 guesses before it succeeds.

At 10 seconds per guess, we're looking at approximately 180 billion years to crack my passphrase. Even if you devoted a million computers to the job (as an extremely well-funded adversary might do), it would still take 180,000 years.

If you weakened the PBKDF to take 1 second instead, it would take 18,000 years to crack my relatively weak passphrase using a million computers. That's still long enough that I don't care at all. Moreover, if I were really paranoid, I can easily bring it back to the 180,000-year mark (or more) by adding a few more characters to my passphrase, which would only take another second to type. So why wait 10 seconds?

You can bruteforce much faster on GPU.

E.g. 20*10^9 ripe160 hashes per second on 8x AMD R9 290X (price is around $3000): https://hashcat.net/oclhashcat/

60 bits are not secure against attacker with medium budget.

Some years before oclHashCat support, I buil a gpu cracker for truecrypt volume TrueCrack (https://code.google.com/p/truecrack/) . To be honest oclHashCat has better performance. Now the board of the oclHashCat tests ( AMD R9 290X ) costs about 300 euro (not $3000).
They used 8 cards for that test.
Then we can use GPUs to speed up VeraCrypt's PBKDF, too.

The point is that there's no need for a PBKDF that takes 10 seconds on modern hardware.

Sure, that 60-bit passphrase is weak. But it takes a trivial amount of effort to increase the entropy of a passphrase. Let's say I increased it to 80 bits. In terms of brute-force resistance, that's equivalent to increasing the PBKDF's iteration count 1 million times.

> They're your most realistic option right now.

zuluCrypt[1] is another option if you are on linux.

Its GPL licensed and exists in a lot of distribution's repositories(Will appear in debian and ubuntu repositories shortly)

It supports TrueCrypt volumes,VeraCrypt volumes and LUKS volumes.

[1] http://mhogomchungu.github.io/zuluCrypt/

Under Linux, what is the advantage of TrueCrypt/zuluCrypt over plain old LUKS? (which is automatically set up on any modern Linux Distro installation)
There is no advantage. Choosing TrueCraft is a choice to use software with more questionable origins.
Plausible deniability? With LUKS everyone can see your volume is encrypted; to avoid that you'd have to use plain dm-crypt/cryptsetup, randomize your drives (time consuming) and manage keys yourself (too much work).
Anyone can be pretty sure that your drive is encrypted rather than full of entropy, anyway.
Imagine somebody decided to use $5 wrench method on you right after you randomized your RAID ;-)
LUKS is an on-disk format where as TrueCrypt is both an on-disk format and an application.zuluCrypt is only an application that supports multiple on-disk formats so your question is not easy to answer since it mixes up different things.

LUKS advantages over TrueCrypt is that it can support up to 8 different passwords and each password security can be fine tuned by a changeable pbkdf2 iteration count that is set per password.

TrueCrypt on-disk format advantages over LUKS is that it can support two volumes(outer one and hidden one) and its header is completely hidden since its encrypted.LUKS volume header is unencrypted and hence visible.

With a LUKS based encrypted volume,its possible to mimic a hidden header on a device through the usage of a "detached header" but this is a property of tools that manage LUKS volumes and not of a LUKS volume on disk-format.It is also possible to mimic a hidden volume through a plain dm-crypt volume at a non zero offset but this is also a property of a tool that manages LUKS volume and not of a LUKS volume format.

When it comes to binary applications,zuluCrypt is better than TrueCrypt because it supports TrueCrypt on-disk format together with other formats and it also supports multiple hidden volumes through the use of plain dm-crypt volumes.

zuluCrypt also supports LUKS volumes with a detached header and this is more or less like TrueCrypt volume that requires a password and a keyfile(the detached header will act as a keyfile in this case).

zuluCrypt also supports plain dm-crypt volumes at a none zero offset and this means it can have more than one "hidden volumes" although it does not offer protection of these hidden volumes.

"TrueCrypt [...] is that it can support two volumes(outer one and hidden one)"

afaik you can have as many hidden volumes you like on Truecrypt provided you have enough space.

Why would someone want to use Veracrypt but not have the increased security? Why not just use Truecrypt?
because people like actively development software. Sublime text is a good example of this.
What new features is veracrypt adding that aren't security related?
I have no idea. People aren't always rational when it comes to their wants.
> Disclaimer: this site is not affiliated with, nor is it the official site of TrueCrypt

AFAIK there are several forks out there. But who is behind them? Can they be trusted?

BTW, for those looking for the code, this is the only reliable host for the Truecrypt source code:

https://github.com/AuditProject/truecrypt-verified-mirror

We don't even know who was behind TrueCrypt itself. How could that be trusted? Because it was open source and people could and have reviewed the code.
"Free open source"? Did they actually get an open source license this time?

If not, this website could be in violation of the license, but as discussed before, it's very unlikely the TrueCrypt authors would pursue this copyright violation.

thats the original caption from their old website.
Why can't the original devs just leak the reason behind all this? I don't expect it on their official website but honestly, how difficult is it to just let people know?
And what? Eat bad food with a bad view for the rest of your life?
Probably because they can't legally disclose the reason.
If I was concerned about my data, I wouldn't touch TrueCrypt with a 10 foot pole. More specifically I wouldn't touch Windows.

Developers don't abruptly shut down projects. If there are problems with the code, they release statements and patches. If they lose interest in the project, they call it orphaned and ask for maintainers. If it's a mix of the two, they at least say so.

But what happened with TrueCrypt was truly bizarre. No warning. No phase-out. Telling people to move to BitLocker?

I think there's only one way to interpret that. They did something bizarre because it was all the noise they could make without telling us what really happened. AKA some of their developers got served gag orders.

But what on earth could a TrueCrypt dev be gagged for? A gag order implies that some three-letter-agency had enough foresight to know they were planning to disclose something. If it was that there was a government backdoor in TrueCrypt itself, how would NSA/FBI know that they discovered it? How would they know that it could be tied back to them? Why didn't the audit [1] catch it? Gag orders are pretty loose in terms of legality in the first place, but even still, would a gag order prevent them from releasing a statement about a security hole (without mentioning its origin) and releasing patches?

It's a total guess, but my theory is that TrueCrypt discovered something outside their codebase (EG: Windows itself) that was undermining encryption. They reached out to Microsoft, who contacted FBI/NSA, and they were served their gag orders. This is the only theory I can think of that makes a gag order possible, in other situations the FBI/NSA wouldn't have been able to know about a disclosure before it happened.

[1]: istruecryptauditedyet.com

If they discovered an issue in Windows, and it led to gag orders, why would they tell people to move to BitLocker (a Microsoft product)?
This is obviously all conjecture, but my argument is that they made their actions as bizarre as possible because it's the only way to get out a distress call. They abruptly push a release that removes all the core functionality. They abruptly say that there will be no future releases. They wanted everyone to plainly see that this isn't them just giving up on the project because they've lost interest.

Suggesting people use Bitlocker is completely against everything they stand for. Here are some quotes off the FAQ on OP's rehosted website:

> > Will TrueCrypt be open-source and free forever?

> Yes, it will. We will never create a commercial version of TrueCrypt, as we believe in open-source and free security software.

> > Why is TrueCrypt open-source? What are the advantages?

> As the source code for TrueCrypt is publicly available, independent researchers can verify that the source code does not contain any security flaw or secret ‘backdoor’. If the source code were not available, reviewers would need to reverse-engineer the executable files. However, analyzing and understanding such reverse-engineered code is so difficult that it is practically impossible to do (especially when the code is as large as the TrueCrypt code).

> Remark: A similar problem also affects cryptographic hardware (for example, a self-encrypting storage device). It is very difficult to reverse-engineer it to verify that it does not contain any security flaw or secret ‘backdoor’.

These same people who condemned closed-source crypto in their FAQ are now suggesting using a closed-source encryption suite? It is completely absurd, and that's the point.

I think a more likely scenario might be that control of the project was seized, and the final release and statements were not from the developers, or they were issued by the developers under duress. It seems more like an agency wanted to shut it down because it worked too well.
I refuse to believe we live in that unfree of a society. I know that we have FISA courts and so forth, but that's still a tier below preventing someone from continuing to publish their computer code. All the 90's cases surrounding cryptography as armaments cemented the notion that it's protected under the first amendment.
> I refuse to believe we live in that unfree of a society.

I could never believe otherwise. Not after everything I've learned in my time on this rock.

I think our society is not this unfree provided you are willing to fight. Several government agencies have the power through fear to do something like this when they deem it necessary, and a very small dev team with no resources or company lawyers to back them up would be an easy target. Sure, fighting such a seizure might yield success, but it is a lot of time and energy and money to devote to a cause. This is the same reason why many people settle lawsuits out of court instead of seeing them through.
I suspect that by recommending encryption software that is highly unreliable like Bitlocker (by virtue of being closed source and developed by Microsoft who we know cannot be trusted) they sent up a huge red flag to their user base.

Nobody would expect the TrueCrypt devs to recommend something like this, so it is immediately suspect and all anyone really needs to asusme something isn't right (like a gag order).

Occam's Razor tells us that the TrueCrypt devs were done with the project and don't share your opinions of Bitlocker and Microsoft.
Except they do share those opinions and very suspiciously changed them in their final message. So what you believe is the simplest explanation doesn't work here.
Who are you to say what opinions they share? Especially considering davts emails...
Bitlocker is by far the most audited encryption solution available...
Audited by who?
I'd imagine by several microsoft crypto experts and the countless people doing auditing for the various organizations that use it.

(Of course I can't really name and shame)

No warning? No phase-out? Are you kidding me. TrueCrypt was completely dead by the time they shut down the project.