Truecrypt

I’ve long been a fan of Truecrypt for encrypting partitions and creating files with encrypted data for secure storage and transport. The reason I like it so much is that there are a number of cases of government organisations failing to get to the data of a purported criminal nature protected by TrueCrypt.

Although there are many good encryption programs out there Truecrypt covers a number of areas that sets it apart from the others. Lets first look at some of the other methods in use out there that I like.

  • Luks / dmcrypt – This is also one of my favourites and I use this on a regular basis. All my Linux machines are encrypted with luks. Even my Android tablet and phone are encrypted using the Android luks encryption. However, the only drawback (for others) is that it is only applicable to Unix like systems. So far I haven’t found a nice method of using luks on Windows. I have no idea about Macs.
  • PGP / GnuPG – I use this quite a bit for email signing and encryption. Although it is very useful for encrypting partitions stored on HDDs live mounting and encrypting / decrypting on the fly is not an option, so this is not really the space it shines in.

So the above describes what I use on a daily basis. However, on occasion I need to share documents with friends and family. Asking them to have a Linux machine handy just so they can share data with me is not really a practical option, so Windows must also be supported.

This is where TrueCrypt shines. It is available cross platform and has a strong history of successfully protecting data against brute force attacks. Unfortunately, it seems recently the developers, out of the blue, decided to discontinue the development of TrueCrypt.

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

The above is posted on their web site. Put on your tin foil hat. Some theories believe that they were pressured into adding back doors and as an act of rebelion rather bailed on the project (I like this theory), and others believe there are vulnerabilities and they rather decided to bail as a result.

The collective community in the form of Kenneth White and Matthew Green decided to audit the project (as the source code is available) and post their findings of the audit on line on the web site Is TrueCrypt Audited Yet. The first half of the report is already available and things are looking good.

In the same vein a fork of the project started. Called TrueCrypt Next or TC Next started but unfortunately failed for various reasons. Once possibility might be that it is in contravention of the license which precludes a fork containing any reference to TrueCrypt (the name).

Enter CipherShed a fork of TrueCrypt with all the references of TrueCrypt removed from the code. Version 1 is TrueCrypt, rebranded. Eventually the goal is to rewerite all of the code so no trace of the original TrueCrypt remains. We’re eagerly awaiting the first release.

Oh, one more feature I really like on the original TrueCrypt software is the ability to have two passwords for an encrypted partition or file. One password is used to decrypt the actual data that one would like to keep secure, the other is used to decrypt fake data that might appear to be the actual contents. This means one can in theory release a password protecting some of your data that may appear to be valuable without sacrificing the really sensitive contents. And best of all it is not possible to determine IF the second password exists. This feature allows what is commonly called “plausible deniability.”