58 comments

[ 2.9 ms ] story [ 134 ms ] thread
The Grugq wrote a post [1] discussing TrueCrypt alternatives back in October of last year. It also mentions tc-play and cryptsetup, but additionally mentions tomb [2], which looks very interesting to me.

But while I once wrote for my mom a document with step-by-step instructions on how to create and use a TrueCrypt volume to keep some work documents secured, I don't see any alternative in either post that is going to be as accessible to normal folks (like her) as TrueCrypt.

[1] http://grugq.tumblr.com/post/60464139008/alternative-truecry... [2] http://www.dyne.org/software/tomb/

No reason you can't write a script that automates cryptsetup/luks, or a UI for PySkein or Java Skein, or the plenty of Keccak implementations.
A lot of discussions of TrueCrypt replacements I've read today miss a major point, which is that users of the Windows version are now left with no reliable, up-to-date software with an equivalent feature set and security guarantees. I know we tend to be *nix-heavy here, but some of us used TrueCrypt because it was the best solution for Windows, not because it was cross-platform.
We can always use TrueCrypt, which everyone was fine with and most people were recommending 2 days ago, even though it hadn't been updated it 2 years.
Yes but 2 days ago Truecrypt looked like it was backed by some serious devs (albeit anonymous).
Who hadn't updated their code in 2 years. It's stable software that's likely more secure than most things you'd switch to, whether or not it has active development. I'm not saying you don't want to keep an eye out for a new alternative, but you may want to wait for the dust to settle, since in response to this, it seems likely that we'll see a TC fork.
We can, as long as you believe these new warnings shouldn't be taken at face value. It adds a layer of doubt to the situation that wasn't there before.
TrueCrypt version 7.1a didn't suddenly stop working yesterday. It is still just as secure and easy to use as it ever was. Relying on TC into the future might not be wise, but there's no reason for users to immediately dump it.
This isn't necessarily true. If we take the TC message at face value, it seems like we should all move away from it ASAP.
One of the greatest TrueCrypt features, to me, was that it was multiplatform, much like GPG. Now I have no idea what to do...
If you need full disk encryption, how is appropriately configured BitLocker any less reliable, or offering fewer "security guarantees" than TrueCrypt?

The knee jerk reaction here is "omg, prism, Microsoft!". But the reality is that you have no idea who the TrueCrypt people are and their level of trustworthiness --- for all you know they work for NSA or FSB!

If you are a windows user, use the manual and use BitLocker for FDE and EFS for folder and files.

The most obvious difference is that the TrueCrypt code has had at least the first stage of a formal security audit done, which uncovered no evidence of backdoors. With BitLocker being closed source and no public audits being done, you don't have the same guarantees. BitLocker may be perfectly secure, but I feel I'm justified in saying that its status is much more uncertain.
The most aspects of TC were never publicly audited. People were using it on blind faith only: betting that if somebody had cared to audit he'd publish his findings too.

You can have the same assumption for BitLocker.

You can't audit BitLocker, its source is not available. That's a huge difference.
Microsoft has special licensing models where the sources for OS are available. Somebody looks at that, at least comparable to that how somebody was expected to detect the bug in OpenSSL, or to review TrueCrypt and nobody did until recently, because, well let somebody else care.

So as far as I understand, it is possible to audit Microsoft's crypto code too. I can imagine the audit of crypto code wouldn't find anything. The real problem is:

http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf

"Crypto won't save you either"

"Crypto Summary:

Number of attacks that broke the crypto: 0

Number of attacks that bypassed the crypto: All the rest

- No matter how strong the crypto was, or how large the keys were, the attackers walked around it"

Except Microsoft, for all their protest about backdoors from this project, have actually changed fundamental design aspects of their products, like Skype, Hotmail, Outlook.com, and SkyDrive, in order to enable wholesale spying while advertising 'encryption'.

You wouldn't trust the drunk driver who's crashed his last few vehicles to borrow your car. The intelligence agencies own Microsoft, as far as users are concerned, and when cryptosystems have to be crippled for their priorities, we can't expect them to hold up to other attacks.

It looks like TrueCrypt and BitLocker has been trying to solve a different type of problem.

BitLocker is somewhat more business oriented -- thus they feature things like key recovery, more protection (or might be taken as limitation to some) when the hard drive is removed from one computer and ported to another machine, etc.

TrueCrypt seemed to be aimed more toward security than manageability, lacked those features above, which might have aligned with user demographies that these "business" requirements either they didn't want to have or not relevant.

If BitLocker was open source and verifiable, I'd have a lot more respect and trust for it.
The fact that Bitlocker really wants a TPM to work properly rather than being entirely in software is a pain.

The fact the German and recently Chinese governments have specifically banned their users from trusting windows 8 + TPM doesn't thrill me with confidence.

The fact that bitlocker kindly sends a copy of your HDD recovery key to Microsoft if you have windows 8 linked to your live account doesn't strike me as brilliant, either.

Oh, and the fact I need to upgrade to the Ultimate or Enterprise editions of Windows means it doesn't help a large majority of users.

Even if truecrypt were written as part of an NSA/FBI joint project it's still works across the three main OS's and it has the source code available for scrutiny (deterministic build issues aside).

Unfortunately it doesn't support Windows 8 because of the UEFI problem.
I've said this before in a few places, and it's (semi-) relevant here, but I really think people need to relax about replacing TrueCrypt. Despite the "security concerns" expressed in the TrueCrypt page, which were clearly a joke, there's no reason to think TrueCrypt has any significant vulnerabilities at this time, and the second phase of the audit will take place as scheduled. The last time TrueCrypt was updated was two years ago - it's stable software that doesn't need constant tweaking, so the developers bowing out is not a problem.

Chances are, someone will either fork TrueCrypt (version 3.1 of the TrueCrypt license seems to make this a legitimate possiblity) or create a replacement, possibly using the same container format. TrueCrypt is pretty much just as good as it was before this happened. Give it a couple of months before you start switching over to some other solution (which is likely to be less "battle-hardened" than the incredibly popular TrueCrypt anyway, and thus somewhat more likely to be insecure). There's no rush.

(comment deleted)
I agree. There was no rush to switch away 6 months ago. The latest version (besides the new decrypt-only release) was over a year ago. It's pretty solid from my use-case... and the audit should relax any fears (nothing obvious has been discovered yet).

I think the "security concerns" expressed on the truecrypt page are more-or-less for future visitors to understand the project is not maintained anymore (albeit a poor way to go about expressing that)

>which were clearly a joke

There's a lot of information flying around so I may have missed something. Why is the official page, which states that there are security concerns, "clearly" a joke?

I think it is the flippant manner in which they expose the security concern and recommend a product few would actually use.
Most people took TC recommending Bitlocker as a joke (myself included), because it's a closed-source proprietary encryption method made by Microsoft, which is the ethic that TrueCrypt has represented in the decade that it existed, but even if that's a bit too subtle humor, if you look at the options they give for encryption on other platforms [1], you can see that it's obviously not a serious security-based recommendation.

For Linux, they recommend: >Use any integrated support for encryption. Search available installation packages for words encryption and crypt, install any of the packages found and follow its documentation.

Does that seem serious to you?

For Mac OSX, here is the configuration they recommend for creating an encrypted volume: http://truecrypt.sourceforge.net/OSXNewImage.png

Note where under Encryption they've selected "None".

1. http://truecrypt.sourceforge.net/OtherPlatforms.html

Looking at all the reactions, it doesn't seem that clear they were a joke.
It seems odd that they would remove all of the binaries as well. Want to commit a readonly version? Fine. But what about now, when less technical folks might want to install TrueCrypt on a new computer?

The point is, now another entity will need to establish validity as being a trusted provider; there was no reason to rock the boat per se, and as someone who laughs at most things, it just... really isn't altogether funny, unfortunately.

edit: assuming that it turned out to be a joke, for the sake of discussion (though is there a difference at this point?)

They've always removed old binaries when they release new ones. They used to ban users from their forums when they asked for old binaries.

They've changed binaries too without bumping the version number and then re-released them unannounced.

This has been known for a very long time now. I'm not sure why people are surprised at the latest developments:

http://16s.us/software/TCHunt/TCD/readme.txt

Interesting. Admittedly I hadn't paid a lot of attention other than "get the latest release and install it", so I wasn't aware that they did any of those things. Thanks for clarifying.
The feature request to replace TC in Tails was added to their issue tracker 11 months ago. It is not a knee-jerk reaction to todays events.
That's why I said semi-relevant. I think the renewed interest in finding alternatives in TrueCrypt is clearly due to the devs stepping out, which is unrelated to its removal from Tails. It doesn't even seem implausible that in the (in my opinion, incredibly likely) event of a fork, the new fork will be a strong candidate for inclusion in Tails, assuming it has active development, a FOSS-compatible license and a more open development process (again, all of which may be possible). The reason I wanted to post here was to hopefully convince some people in kneejerk mode to just give the dust a bit of time to settle, since I imagine many people would be using this list to help them migrate.
> Chances are, someone will either fork TrueCrypt (version 3.1 of the TrueCrypt license seems to make this a legitimate possiblity)

Given this comment and some inspiration from tacotime in this [1] post, it dawned on me: What if this whole thing is a not-so-subtle effort by the developer(s) to renew interest in TrueCrypt and pass the torch? The license ambiguity might be an issue (in terms of whether it retroactively covers encryption support in earlier versions or not), but if that were resolved, then perhaps all of this speculation, wild conspiracies, and other noise is for naught. Maybe this is their way of stepping down and saying "Hey, look, we're not maintaining this anymore. We're changing the license, so knock yourselves out."

[1] https://news.ycombinator.com/item?id=7814800

As far as I know encryption wasn't removed in 7.2, just disabled via error messages. You could just fork it given the new license and reenable encryption, right?
If you can believe the anonymous gists that were posted a day or so ago, huge swathes of code were removed containing much/some of the encryption logic. It's possible that may not be true, but forking it would be a possibility.

I'm assuming that the license changes are technically retroactive since it seems the developer(s) have decided it's time to move on (and who can blame them after 10 years?).

(comment deleted)
TrueCrypt is undoubtedly stable, but it is getting rather long in the tooth.

For example, TrueCrypt can't encrypt the system drive if your computer uses UEFI and/or your boot drive has a GPT parition table. This is a major nuisance since nearly all new PCs have UEFI enabled by default. But TrueCrypt development has all but stalled for the last couple of years, and now there's zero hope of ever getting UEFI support.

There's been a lot of hand-wringing about the license, but if the TrueCrypt devs want to be anonymous and/or go away, who's going to complain if someone puts out another version?
Has no one noticed there are alternative implementations already, like BSD-licensed tcplay implementation in DragonFlyBSD?
You do realize that is the very first recommended candidate in the article, right?
I do, as you can see in my comment, but no one else (here in the comments) seems to notice that fact, that this particular implementation is fully open source alternative available since 2011...
Apologies then. I don't think it's that people are unaware of alternatives at large, rather, that tcplay is a limited option at best.

If you're using Linux, or DragonFly, or even Tails, then sure, it should work fine (which is likely why it's being considered as a replacement in Tails), but it doesn't have stated support for OS X, Windows, etc.

TrueCrypt, on the other hand (despite whatever else ails it) is supported on all of the above.

I have been using cryptmount for years, and I can highly recommend it. It is a friendlier, more easy to use interface to the crypto functionality that exists in the linux kernel (dm-crypt)
Wikipedia has a page comparing OTFE (on-the-fly-encryption) products [1].

It compares them on features such as operating system, Hidden containers,, Pre-boot authentication, Single sign-on, Custom authentication, Multiple keys, Passphrase strengthening, Hardware acceleration, TPM, Filesystems, Two-factor authentication

[1] http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_s...

I'll mention my theory of what happened with TrueCrypt here, because it's relevant to a search for alternatives.

I believe TrueCrypt was started as a student project, and was no longer worth the effort to the developer(s). For a student or young developer interesting in cryptography, the reward is in the work itself, and in other people using the software. A decade later, though, with less free time, it's much less fun. At that point, a developer could either commercialize their work, or abandon it. TrueCrypt had very little chance of commercial success, since full-disk encryption comes with all new operating systems, so it's been abandoned.

My conclusion is that only for-pay (open-source or not) FDE software can be a viable alternative to TrueCrypt, anything else will eventually be abandoned too. Consider that every project mentioned on this page is based on dm-crypt, part of the Linux kernel, which is supported financially by Intel, HP, and so on. That is a viable, long-term solution, and probably the only one.

But if we want a diversity of cryptography software, we are going to have to start paying for it.

This all could make sense if license for TC would be open source, like MIT, GPL or AGPL. If he simply do not want work on it - no problem, just give it to people who want to keep it running.
I disagree.

It's entirely possible to have a good free (as in beer and freedom) full disk encryption tool. In fact, we have several which are in quite wide use today. See: dm-crypt, loop-aes, luks, tcplay, encfs, ecryptfs, etc (okay, some of these aren't FDE tools in and of themselves, but parts of a system which can be used for FDE). Anyone who uses FDE on Linux is surely using one or two of these.

It's really just a matter of someone being motivated enough to develop one for Windows. The entire reason for TrueCrypt's popularity over Bitlocker was that it was open source software. All this means is that one developer got sick and tired of it, which is completely understandable, but it can absolutely not be extrapolated to say that all have.

DiskCryptor is currently looking like the next big viable alternative for an open source Windows FDE tool. I'm hoping we see some EFI support though, so I can finally get off BIOS mode.

In my opinion, the best method is to gather a few skilled Windows driver developers to craft a driver based around existing technology, like FreeOTFE, which supports dm-crypt images.

It'll be interesting to see what happens, I certainly think the demand and interest is high enough that we can get some good people on the case. Hopefully some who won't select a ridiculous license.

There is only one free-as-in-beer FDE project that has survived the last decade (loop-AES), out of dozens. The one other survivor (dm-crypt) is backed by serious money (the Linux Foundation). It's safe to assume the odds won't get better in the next decade.

That is, unless we support freely-licensed encryption software, financially, rather than just use it.

Nonsense. ecryptfs has been around almost that long even. And regardless, the maintenance for proprietary FDE products is not much better. Many go in and out of cycle, obsolescence is just a part of software, but there's been 1 or more good encryption options available for a long time.
None of these replace TrueCrypt. One thing that made TrueCrypt interesting was that you could use the same volume on Windows, Mac, and Linux. Items listed in the article are Linux only.