I have a 1TB hdd, which I would like to encrypt. I would like to make a hidden volume, with almost nothing within but some decoy data, and the rest in a hidden volume.
However, my driver is over 95% full. Is it still possible to do this, or would it have to be done on an empty drive, and then copy the data over?
I could not find the answer to this question in the documentation.
Also, how easy would it be to undo, or unencrypt the drive? Would it again need another empty drive to begin with?
2 Answers 2
Can I encrypt a partition/drive without losing the data currently stored on it?
Yes, but the following conditions must be met:
If you want to encrypt an entire system drive (which may contain multiple partitions) or a system partition (in other words, if you want to encrypt a drive or partition where Windows is installed), you can do so provided that you use TrueCrypt 5.0 or later and that you use Windows XP or a later version of Windows (such as Windows Vista) (select ‘System’ > ‘Encrypt System Partition/Drive’ and then follow the instructions in the wizard).
If you want to encrypt a non-system partition in place, you can do so provided that it contains an NTFS filesystem, that you use TrueCrypt 6.1 or later, and that you use Windows Vista or a later version of Windows (for example, Windows 7) (click ‘Create Volume’ > ‘Encrypt a non-system partition’ > ‘Standard volume’ > ‘Select Device’ > ‘Encrypt partition in place’ and then follow the instructions in the wizard).
Steps to remove the encryption are described here:
According to the documentation a hidden volume stays hidden because it appears as free space. In TrueCrypt free space always has random data in it, however in the case of a hidden volume it’s not actually random data but the hidden volume. I was wondering how is it possible to write (for example add a new file) to the outer volume with out risking overwriting the hidden volume?
As of TrueCrypt 4.0, it is possible to write data to an outer volume without risking that a hidden volume within it will get damaged (overwritten).
When mounting an outer volume, the user can enter two passwords: One for the outer volume, and the other for a hidden volume within it, which he wants to protect. In this mode, TrueCrypt does not actually mount the hidden volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be rejected (until the outer volume is dismounted).
Wouldn’t this make it easy for an attacker to learn there is a hidden volume? As soon as he can’t write to free space he’d know.
For example if an outer volume is created of 5 GB and an inner volume is created with 4 GB. An advisory forces the owner to reveal the password but is given the decoy password to the outer volume. Then the attacker wouldn’t be able to write more than 1 GB (at the most) before seeing that there’s a hidden volume.
Do I understand this correct? Is this a concern or is there a safeguard against this? Does it help to make the outer volume large so the chances of writing to the free space with the inner volume are low. If one was going to store a virtual machine in a hidden volume, that would take up quite a bit of space. It would be quite consuming to double this size by giving lots of room to the outer volume.
Also, what kind of “fake” sensitive files should go in the outer volume? If you think about it, it’s not that easy to make fake confidential looking documents. You wouldn’t be able to store any online passwords because they could be verifies as false easily.
A TrueCrypt hidden volume exists within the free space of a typical TrueCrypt volume. Given then the ‘outer volume’ is accessed it is (almost) impossible to determine if there is a hidden volume within it. This is because TrueCrypt always fills the empty space of an encrypted volume with random data. So a hidden volume looks the same as an empty TrueCrypt volume.
To create and use a hidden volume you need two passwords – one each for the outer and inner (hidden) volumes. When you mount (open) the volume you can use either password and that will determine which of the two is opened. If you want to open just the hidden volume you use one password, and if you want to access just the non-hidden encrypted volume you use the other password.
To create a hidden volume open TrueCrypt and press the ‘Create Volume’ button:
The options for half of this process are almost the same as for setting up a standard TrueCrypt volume and then the process continues for setting up the hidden volume but lets go through the entire process step by step anyway. In the screen shown below you just want to stay with the default setting ‘Create an encrypted file container’:
Press ‘Next >’ and continue to the next screen.
In the above screen you want to be sure that you choose the second option ‘Hidden TrueCrypt Volume’. Select this and click on ‘Next >’ you will then be asked to choose the location and name of the TrueCrypt outer volume.
Click ‘Select File. ‘ and browse to a location for a new TrueCrypt volume. We will use the name ‘myencryptedfile’ in this example. Its the same name as we used in the last example so be aware that if you have just followed those instructions you must now create a new volume with a new name.
Browse to the directory where you want to put the outer volume and enter the name of the volume in the field named ‘Name’ as in the example above. When you are satisfied all is well click on ‘Save’. The file browser will close and you return to the Wizard. Click ‘Next >’. Here you are presented with some very technical choices. Don’t worry about them. Leave them at the defaults and click ‘Next >’. The next screen asks you to determine the size of the outer volume. Note that when you do this the maximum inner ‘hidden’ volume size is determined by TrueCrypt. This maximum size will of course be smaller that the size you are setting on this screen. If you are not sure what the ratio of outer volume size to inner (hidden) volume size is then go through the process now as a ‘dummy’ run – you can always trash the encrypted volume and start again (no harm done).
So choose the size of the outer volume, I will choose 20MB as shown below:
You cannot set the outer volume size to be larger than the amount of free space you have available on your disk. TrueCrypt tells you the maximum possible size in bold letters so create a volume size saller than that. Then click ‘Next >’ and you will be taken to a screen asking you to set a password for the outer (not the hidden, this comes later) volume.
Enter a password that is strong (see the chapter on creating good passwords) and press ‘Next >’. Next TrueCrypt wants you to help it create the random data it will fill the volume up with. So wave your mouse around, browse the web, and do whatever you want for as long as you can. When you feel TrueCrypt should be happy then press ‘Format’. You will see a progress bar zip by and then you will be presented with the next screen:
You can open the outer volume if you like but for this chapter we will skip that and go ahead to create the hidden volume. Press ‘Next >’ and TrueCrypt will work out how the maximum possible size of the hidden volume.
When you see the above screen just press ‘Next >’. Now you must choose the encryption type for the hidden volume. Leave it at the defaults and press ‘Next >’.
Now you will be asked to choose the size of the hidden volume.
I have set (as you see above) the maximum size as 10MB. When you have set your maximum size press ‘Next >’ and you will be promoted to create a password for the hidden volume.
When creating the password for the hidden volume make sure you make it substantially different fro the password for the outer volume. If someone really does access your drive and finds out the password for the outer volume they might try variations on this password to see if there is also a hidden volume. So make sure the two passwords are not alike.
Enter your password in the two fields and press ‘Next >’.
Leave this window at the defaults and press ‘Next >’ and you will be presented with the same screen you have seen before to generate random data for TrueCrypt. When you are happy click ‘Format’ and you should see the following :
The TrueCrypt manual it is referring to is not this manual. They mean this manual : http://www.truecrypt.org/docs/
Click ‘OK’ and keep and exit TrueCrypt. You can now mount the volume as noted in the previous chapter.
6. Optional : Create a double container to avoid forced theft of your data
If you are a secret agent and you need a backup solution in case of torture or in the case where someone would force you to reveal your password, we will explain you how to create a hidden container in your encrypted container.
To learn how it works, here is the diagram proposed by TrueCrypt.
As you can see, a standard container contains a single volume while in the second case, the TrueCrypt volume contains two encrypted volumes :
– The hidden volume in blue : The volume containing your real confidential data.
– The external volume in purple : The volume containing false data.
When you mount your container, TrueCrypt will mount the volume associated with the password that you have specified.
You enter the password of your hidden volume to store your real confidential data and when someone forces you to say your password. You give him the password of the external volume. The person will believe that she has access to your confidential data but in reality, that person has access to your false data.
If you want to create this hidden volume in your encrypted container, it’s important that it is not created in “Dynamic” :
– If this is the case, the person may know that a hidden volume exists.
– If this is not the case, the existence of the hidden volume is undetectable because TrueCrypt writes random data in free space.
To begin, create a standard volume, if it is not already.
Store false data in the encrypted container.
Then click again on “Create Volume” to create the hidden container that will contain real confidential data.
Then, click again on “Create an encrypted file container”.
Then, this time, select “Hidden TrueCrypt volume”.
Choose “Direct Mode” to create a hidden volume in your standard container.
Then, select the file of your standard container by clicking the “Select File” button.
As your standard container is encrypted, TrueCrypt needs your password in order to analyze it.
It is therefore here the password of the volume that is already created.
Note : Remember to specify the key files, if necessary.
If you’re running Windows Vista, 7 or 8, you may need to accept the UAC warning.
Now that TrueCrypt has scanned your encrypted container, you can create your hidden volume.
Select AES as the encryption algorithm. For more informations, refer to the creation of the standard volume.
Enter a size for the hidden volume. The size indicated should be less than the size indicated by TrueCrypt. The maximum size depends on the maximum size of the standard container and the data that are present therein.
Now, specify a different password for your secure and hidden volume.
This password must be secure because it allows access to real confidential data.
The password must be different from the password of the standard container because TrueCrypt decrypt the volume corresponding to the specified password.
Note : You can also specify one or more key files for this volume.
Choose a file system for the hidden volume :
– FAT for compatibility
– NTFS for large files.
Then, click “Format”.
For more informations, refer to the creation of standard volume.
An UAC alert will appear as earlier. Click “Yes”.
At the end of the format, a warning appears. Click OK.
In summary, TrueCrypt will warn you that the external volume of a double container must be “mounted” with the hidden volume protection to prevent damage to your real confidential data. Manipulations are given on the official website of TrueCrypt but we’ll explain in images in the following point.
The hidden volume is now created in your file container. Click “Exit”.
Read this article to find out how to recover files deleted from a TrueCrypt or VeraCrypt container, how to mount and unlock an encrypted disk to access the files.
If you are looking for an easy and effective way to encrypt all computer data, from the system or logical disk and to a backup disk, external USB drive or a memory card, use VeraCrypt. This is an open-source tool meeting the highest data encryption standards.
What is TrueCrypt and VeraCrypt, and why would we use them?
The best way to protect your files from being viewed by other people is to encrypt them. The encryption tool uses a secret key to turn the file contents into a mishmash of symbols. There is no way to read the contents until an unlocking key is used.
The VeraCrypt tool is based on the very popular open-source utility, TrueCrypt. After the TrueCrypt project was closed, a company named IDRIX added new features to the product and fixed security issues.
With VeraCrypt, you can create an encrypted container which can be then mounted in your system as an ordinary disk. All files from this container are encrypted and encrypted on-the-fly. That is why you can view and edit them just as if they were located on your USB drive. When you finish working with them, the tool blocks access to this container, and cleans the keys and file contents from the system memory.
VeraCrypt can also encrypt your system drive, but we recommend using the Windows-integrated tool, BitLocker. A peculiarity of VeraCrypt is the ability to create a hidden encrypted partition. If you are held by law breakers, and demanded to give the key, you can let them have a fake unlocking key that will open the fake volume you have created beforehand. Meanwhile, using the main key will unlock a different volume containing real data.
How to create an encrypted partition?
Download and install the program, then open the Start menu and run VeraCrypt. You will see the main window:
The first step to take is to click Create Volume. This starts the Volume Creation Wizard that offers you a choice of the following options:
Creating an encrypted file container lets you generate such file on any disk currently connected to your computer. After that, such file can be mounted as a logical disk. Inside the file, a standard or hidden VeraCrypt volume can be created (we have just explained the difference above).
We will create a standard volume. The next step is choosing the volume location.
After that, decide on Encryption Algorithm and Hash Algorithm. By default, these are AES, and SHA-512, accordingly. Leave the settings as they are.
Now set the maximum volume size. Let’s set it to 5 GB.
Click Next and go on to create a password. When the password is given, save it to a safe location or use a password which you remember well. There is no way to restore a forgotten or lost password, and you can’t decrypt the date without the password.
You can use any files that can be applied as an alternative to password, by checking the Use key files option.
Click Next and confirm using large files.
Click Next and move on to volume format options and encryption key settings. Click and wait until the encrypted volume is created.
How to mount and unlock the disk to access files?
Click «Select File» in the program’s main window and choose the file where you saved the VeraCrypt container. After the file is chosen, select one of the available disks above. For example, let us select disk XXX and click on Mount.
Now you need to enter the password.
Now go to This PC and check if a new disk appeared there.
Recovering deleted files from a VeraCrypt container
Files deleted by mistake or lost after formatting the encrypted disk can be recovered with the help of Hetman Partition Recovery. Before scanning, you should mount the disk in the program. As VeraCrypt uses on-the-fly encryption principle, the recovery process will be no different from working with any other disk.
Without the unlocking password, all data remains encrypted and can’t be restored.
See the full article with all additional video tutorials. If you still have any questions, please ask in a comments. Also visit our Youtube channel, there are over 400 video tutorials.
A judge recently ordered a US citizen to decrypt storage space on a computer so that police forces could analyze protected files on the system. In this particular case, the defendant was ordered to decrypt the hard drive of her Toshiba notebook no later than February 21, or face the consequences “including contempt of court”.
The ruling may still get overturned, but at this point in time it is not clear how this will turn out.
Encryption makes sure that only authorized users can enable access to data provided that there is no loophole or backdoor built-into the software itself. People traveling to the US may have their mobile computers analyzed by federal agents even without probable cause.
Users have a number of options at their disposal to protect their data from prying eyes. Encryption for instance requires a pass phrase or key to be entered to decrypt the contents of the storage device. If you forget the password, you cannot open the encrypted contents anymore.
There is however a better option for users who want to make sure that they private files stay personal. True Crypt supports so called hidden volumes. These volumes are encrypted volumes inside an encrypted volume. True Crypt calls the concept plausible deniability. You put your important files into the hidden volume, and other files that you do not mind to share with others in the regular encrypted container. When someone asks you to decrypt your data, you enter the password to decrypt the first volume that you do not mind sharing with anyone.
It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.
The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.
Hidden volumes can be created quite easily in True Crypt. New True Crypt users should read through the tutorial posted on the site first to understand the basics of creating encrypted volumes on the computer.
You have the option to create both volumes in one go though, by following the process outlined below. Click on Tools > Volume Creation Wizard. You have two options now how to proceed:
- Create an encrypted file container: This option can be used to create an encrypted file on one of the computer’s hard drive and add a hidden file container to it, or add a hidden file container to an existing encrypted file.
- Encrypt non-system partition/drive: This is basically the same option as above, only that it works partitions and hard drives, and not with files. Please note that all contents of the selected hard drive/partition will get deleted in the process.
I suggest you start with an encrypted file container to see how the process works.
Select Hidden TrueCrypt volume on the next page
Now you have the option to select normal or direct mode. Normal mode creates both the outer and the hidden volume in the process, while direct mode creates a hidden volume inside an existing True Crypt file container.
Lets pick normal mode to demonstrate how both the standard encrypted container and the hidden container within are created.
You now need to select a file name for the outer container. Pick any directory and file name that you want. You can use the file name to your advantage, for instance by making it a .tmp file or a .avi.
You are then asked to select the encryption algorithm and hash algorithm for the outer volume. Pick one each or keep the default settings.
You are then asked to select a size for the file container. Keep in mind that the hidden volume is added to this container file as well. Select a password on the next screen. This password is used to decrypt the files stored in the outer volume. The volume will be formatted afterwards. Move your mouse around to create random values. Click on Format afterwards to create the file. Depending on the size, you may need to switch the file system from FAT to NTFS.
Now that you have created the outer volume, you move on to the next step, the creation of the hidden volume.
The process is nearly identical. You first select the encryption and hash algorithms, then the file size. True Crypt will display the maximum possible hidden volume file size on that screen. Don’t select the maximum if you plan on adding files to the outer volume as well.
The remaining steps are identical. You now have one outer volume, one hidden volume and two pass phrases to decrypt the volumes on your computer.
Mounting the hidden volume
To mount either the outer or hidden volume do the following:
- Select a free drive letter in the True Crypt interface.
- Click on Select File and browse to the encrypted file that you want to mount.
- click on mount afterwards.
- Enter the pass phrase for the outer volume to mount it, or the password for the hidden volume to mount it instead.
If you mount the outer volume you may want to click on mount options to check the “protect hidden volume against damage caused by writing to outer volume” box to avoid to protect the hidden container from being partially or fully overwritten. You need to supply the hidden volume password though for this option.
The very same principle applies to the creation of a hidden volume inside an encrypted partition or hard drive.
- Page History
- Login to edit
For instructions on using the new TrueCrypt GUI, please see TrueCrypt GUI
There is a lot of documentation on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data.
To address this, different projects exist to implement some steganography mechanisms. TrueCrypt is an open-source disk encryption software implementing steganography but as of 7.1 dose not fully support Ubuntu due to an incompatible license and only limited features & documentation are available on Ubuntu.
It is important that you keep a dummy OS and destroy or hide(usb flash drive buried in the garden) the TrueCrypt boot data, otherwise there is no plausible deniability.
Download and install Truecrypt
Create an outer volume (ex: on /dev/sdb1):
Map the corresponding volume (ex: on /dev/sdb1), but do not mount it:
Format outer volume with FAT:
Dismount the volume:
Create a (ex: 50M) hidden volume within the outer volume (ex: on /dev/sdb1):
Map the corresponding hidden volume (ex: on /dev/sdb1), but do not mount it:
Format the hidden volume with a filesystem recognised by mount(8):
Dismount the hidden volume:
Mount the outer volume (ex: /dev/sdb1 on /mnt/tc) with the hidden volume protected:
Copy files to the outer volume:
Dismount the outer volume:
Mount either volume (ex: /dev/sdb1 on /mnt/tc) and enjoy:
TruecryptHiddenVolume (последним исправлял пользователь elatllat 2012-06-08 18:04:27)
Updated: November 23, 2016
Back in 2008, I created a 125GB TrueCrypt file container on an external disk, so that in the case it got lost or stolen or something, the data stored there would not be immediate accessible to curious strangers. In 2016, I ran into a capacity problem. The volume could no longer accommodate all the data that I intended to copy. No more free space.
Most people solve this by creating a bigger container and then copying data into it. True, this is always an option, but could there be a more elegant way? I started exploring and then came across a curious, niche tool called extcv, specifically designed to extend, or rather, resize existing TrueCrypt volumes without reformatting. Let us explore.
Before we continue, a little warning
TrueCrypt. Ah yes. This product was discontinued not that long ago in a rather dramatic fashion by its owners, with some big claims how it was not secure and such. If you put all the fuss and fear aside, TrueCrypt is still a decent encryption product that can help you keep files secure, especially on mobile devices like notebooks and external disks.
There are other programs of this kind – including direct successors to TrueCrypt, but that’s not the point. We’re here to discuss the size and resize issue with volumes, and how to do this elegantly without too much work or overhead. Anything else is just needless security paranoia and philosophy, and that’s not why we’re here. If you’re using TrueCrypt, you’re using it, and you probably can’t or won’t just throw it away.
The second piece of this foreword is to warn you – changing filesystems and containers, encrypted or not, is always a risky operation that can end up with a total, irreversible loss of data. I strongly advise against resizing TrueCrypt volumes unless you have a second backup, preferably unencrypted, of the data stored inside, even for a very short duration while you carry out the resizing work. All that said, let’s move on.
Extcv to the rescue
There are several checkboxes you must tick. Extcv works with TrueCrypt version 7.0a or earlier versions, and it requires the use of the NTFS filesystem inside the volumes. The risks are obvious. You may end up with corrupted containers that cannot be opened or mounted or whatnot. Now, to demonstrate, let’s create an encrypted container first.
The problem what we’re facing:
Anyhow, let’s launch extvc and fix it! Start the program. You will get the explanation and disclaimer. Namely, you should use NTFS, and you should not perform this action on containers that include a hidden volume.
You will need to select the right file (or device) and provide the volume password. After this step, you will be presented with the option to resize it. Like TrueCrypt, you can use KB or MB or GB. Then, click Continue. The program will start its operation and hopefully complete successfully.
I mounted the volume through TrueCrypt without any problems and then examined the data stored inside the container. Everything looks and behaves fine. Good. Of course, working with old software against outdated and unsupported software sounds quite tricky, and you may not be willing to take your chances. Perfectly understandable. But at least you know there’s a way.
Did you use it for your production container?
Now, the big question. Did I use this for my ancient and precious 125GB volume? Well, not just yet. It would be terribly hypocritical of me to tell you to do something without using it myself. Never my way. I am creating containers and testing them like mad, and so far, there are no issues. But that’s never enough. Most importantly, the data stored on the external disk is neither the first nor the third copy, so one day soon, I will muster enough empirical confidence to complete the action on the external USB disk. That’s where we are at the moment.
Extcv is a very interesting little utility. The list of benefits is just as long as the list of doubts, because you’re using a third-party tool to manipulate sensitive personal data, with a significant risk of data loss or corruption. Encryption is never an easy one, especially when you run out of free space.
All that said, I do believe this program, despite its age and limited compatibility when it comes to TrueCrypt versions, offers a fairly robust and safe method of resizing containers without the long and protracted process of creation and formatting of new volumesВ and the subsequent process of data backup. If you intend to test, please first do so with non-essential stuff, thoroughly, create a second copy of your data, and only then commit to the resizing adventure. It should work, but it doesn’t hurt to take precautions. Well, you’ve learned all there is for this little tutorial. When it comes to TrueCrypt, extcv is a nice little companion tool, and you might want to consider it for your arsenal. Job done.
Development of trucrypt ended in 2014. This product should no longer bs used to protect sensitive data.
Everyone has sensitive data on their desktops and servers, be it tax records, paychecks, social security data, credit card information, etc. This information is your lifeblood, and if it fell into the wrong hands your life could be turned upside down. In this day of portable laptops this problem has been amplified. One wrong move on your part and a thief could walk off with your laptop and your precious data. So what does this leave you to do?
There are several pays to protect data on your Linux, Windows and OS X hosts. You can encrypt data by hand with the openssl and gnupg utilities, or you can use an encrypted file system (bitlocker, file vault, fuse encryption plug-ins, etc.) that allows you to transparently encrypt data as it’s read or written to a file or device. Of the various solutions I’ve used, I find the opensource Truecrypt package to be the most versatile of the bunch.
Truecrypt provides a command line and graphical interface that can be used to easily set up an encrypted device to store your data. The software can be downloaded as a package for Windows, Linux or OS X, or you can download the source code and build the software yourself. Once the software is installed you can start the Truecrypt utility from your application menu or by running the Truecrypt executable from a command prompt. This will pop up the Truecrypt main screen as shown here:
To create an encrypted volume, you will need to pick a slot and click “Create Volume”. This will pop up a screen similar to the following:
From this screen you can tell Truecrypt to encrypt a partition/drive or a file. When you specify “Create a volume within a partition/drive”, Truecrypt will encrypt the entire device. When you select “Create an encrytped fiel container”, Truecrypt will create a new file and use that to store all of your encrypted data. In both cases Truecrypt provides transparent access to the contents of devices or files, so the decision to use one over the other really depends on how you want to access your data.
Once you decide between a device or file, you will then be asked if you want to create a standard or hidden volume. A standard volume will allow you to mount the volume and access all of the storage inside of it, while a hidden volume will allow you to mount a volume with a limited set of data and then optionally mount a second volume that is hidden inside that volume. This option provides an additional level of security, since someone who breaks into the main Truecrypt volume won’t know anything about the hidden volume.
If you choose to use a file, you will then be asked to pick a location to store the file. I typically place my Trucrypt files on RAID-protected storage to avoid losing my data in the case of a disk failure. The following screen shows the file selection window:
Once you pick a file or device and click next, the Truecrypt interface will ask you to select the encryption algorithms you would like to use to encrypt your data. I’m always a fan of using strong encryption algorithms that were developed in the public domain, so I usually use AES and RIPEMD-160. Here is the selection screen:
Next you will need to tell Truecrypt how much space you want to dedicate to your encrypted device. Truecrypt will then pre-allocate a file of this size, and initialize it’s contents. Here is the space allocation screen:
To protect your Truecrypt volume, a password or keyfile needs to be specified. If you use a password you should use a cryptographically strong one, and ensure that it is a large passphrase that uses a good mix of characters, alphanumeric and metacharacters.
Truecrypt will also ask you if you want to store files larger than 4GB inside your encrypted volume. If you think you will ever need to do this, you should choose the 4GB option now.
Here is the passphrase selection screen:
Since Truecrypt will mount the device or file as a usable file system, you will need to choose the type of file system you want to use. For Linux hosts you can create an EXT3 or EXT4 file system, for OS X you can create a Mac OS journaled file system and for Windows hosts you can choose FAT. Here is the selection screen:
If you need to take the Truecrypt volume and mount it on other platforms (Windows, Linux, BSD, etc.), you see need to select the mount on other platforms option on the next screen. If not you can use the only mount the volume on OS X or Linux. Here are the screenshots from these screens:
On the final screen, you will need to move your mouse to generate entropy (random data) that can be used to generate strong encryption keys. Once you have wiggled your mouse randomly for a minute or two, you can click the “Format” box to initialize your Truecrypt device. Formatting will take quite some time depending on the size of your Truecrypt volume, and you can monitor progress through the formatting screen:
Once Truecrypt finishes initializing your device, you can return to the main screen and mount the device. To mount the volume from the main screen, you will need to select a slot, the file you specified during the set up process and the password or key you associated with this device. If the heavens align and you input all of this data correctly, the Truecrypt volume should be mounted and you can start writing data to it. The following screen shows how I typically access Truecrypt devices on my Linux desktop:
And through the good old CLI:
You can access your devices in OS X through finder and Windows explorer, or via a command prompt. You gotta love choices!
How often do you leave your computer or mobile device unattended? And how much personal or financial information is stored on those devices? It may surprise you to know that in many cases that information can be easily obtained by a malicious person who has physical access to your device, even if they cannot figure out your password! Fortunately, most operating system manufacturers provide a “disk encryption” solution which scrambles your data and binds it to a password that only you know. Microsoft calls it BitLocker, Apple calls it FileVault, but whatever it is called, basic solutions have some serious drawbacks. One solution, TrueCrypt, has added some advanced features to provide more thorough security to their users, but it has been known for some time that these techniques are lacking under certain situations.
HiVE (PDF) is a new solution for disk encryption which provides more security than all existing schemes. It does not rely on heuristics or obfuscation techniques, but rather strong cryptographic primitives which can be mathematically proven.
We release HiVE to the public. HiVE is currently implemented as a Linux kernel module on top of device mapper.
To see exactly what advantages HiVE provides, it is necessary to look into the background of existing disk encryption techniques.
Hidden Volume Encryption
Disk encryption is a vital technology for our modern world, where more and more sensitive information is being stored on unsecured machines, including cell phones and other mobile devices. Consequently, there are many commercial and built-in solutions for securing sensitive data through encryption. One of the most widely used programs is TrueCrypt. The authors of TrueCrypt even provide a feature that goes above and beyond regular disk encryption, which they call hidden volume encryption.
The motivating idea is that, if someone recovers your device with an encrypted drive, they might now know what data is on the drive, but they know that something is on the it. They can, therefore, try to coerce you into revealing the key which unlocks the drive. They know that such a key must exist, so they can escalate the coercion until you give in.
The remedy to this problem is to allow a user to store two separate encrypted volumes, one inside the other. The inner volume has a separate encryption key from the outer volume, and is stored in the “free” space of that volume. This scheme takes crucial advantage of the fact that encrypted data looks like random bits to someone who doesn’t have the key. Therefore, the user can reveal to a coercer the password to the outer volume, while keeping the inner volume, with their more sensitive data, a secret. The coercer has no way to prove that a second volume exists, since it is plausible that the user had only one encrypted volume in the first place.
However, there are two problems with TrueCrypt. The first is that it is no longer actively developed, and the maintainers have actually discouraged its use at the moment. There are efforts to transition the code to new maintainers and update it, but that could take some time. The second, and more interesting, problem is that this hidden volume technique is only secure against a very limited coercer: one which has one-time access to the machine. If they can read from the disk on more than one occasion (say, while the user is away from their desk for the evening), the existence of a hidden volume can be easily discovered. That is where HiVE comes in.
HiVE is a more robust implementation of hidden volume encryption, which is secure in more situations and against more capable attackers. Particularly, it has the following advantages:
- Instead of being limited to a single hidden volume, HiVE neatly allows for many hidden volumes. This is an advantage because, if single hidden volumes ever became widespread, a coercer could simply assume that you have a hidden volume and have a reasonable chance of being right. Allowing for a variable number of hidden volumes means that they can never be sure whether you have one more volume or if you have given up all of your keys.
- Even if an adversary can see the encrypted disk on separate occasions, they cannot be sure whether further hidden volumes exist. It is very reasonable that a determined attacker could access your machine more than once, so it is necessary to close this security hole to have a more robust solution.
- The security of HiVE is provably secure against a powerful “chosen plaintext” attacker, which means that it will provide very strong security in practice.
HiVE is able to accomplish this through use of a powerful cryptographic tool called Oblivious RAM. For full details, please reference the complete paper, which will appear at the 2014 ACM Conference on Computer and Communications Security.
HiVE currently works on Linux, and requires device mapper support in the kernel (tested on 3.13.6, 64 bit). It is packaged as both a kernel module and a userland utility.
We invite the community to participate in the further development of HiVE, e.g., for porting to different platforms and general performance improvement. If you are interested in improving HiVE, please contact the authors.
Userland tools – ver.2014.11.03 README
Kernel module – ver.2014.11.03 README
Please carefully check the READMEs in the two packages for installation.
Limitations of current implementation:
While the scheme conceptually supports any number of hidden volumes, the current version only allows for two. A future release will add support for more volumes.
HiVE device-mapper target is free software licensed under GPLv2. © 2014 the authors
HiVE userland tool is free software licensed under GPLv3. © 2014 the authors
We are currently offering (paid) internships at Northeastern University/Boston to advance the development of HiVE. Please contact the team!
To avoid misunderstandings and misconceptions about HiVE, we have uploaded a FAQ. We will keep maintaining this FAQ over time.
This material is based upon work supported by the National Science Foundation under Grant Number 1218197.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
What to Know
This article explains how to encrypt files with TrueCrypt. Use these steps to set up a protected file container (an encrypted virtual disk) on your PC using this software.
Please be aware, the development of TrueCrypt was ended in 2014. While you can still download the application and use it, it is no longer supported and therefore likely is open to many security risks.
Open TrueCrypt and Create a New File Container
Once you’ve installed TrueCrypt, launch the software from your programs folder and click the Create Volume button (outlined on the screenshot in blue for clarity) in the main TrueCrypt program window. This will open the “TrueCrypt Volume Creation Wizard.”
Your 3 options in the wizard are to: a) create a “file container,” which is a virtual disk to store the files and folders you wish to protect, b) format and encrypt an entire external drive (like a USB memory stick), or c) encrypt your entire system drive/partition.
In this example, we just want to have a place on our internal hard drive to store sensitive information, so we’ll leave the default first choice, Create a file container, selected and click Next >.
Select the Standard or Hidden Volume Type
Once you’ve chosen to create a file container, you’ll be taken to the “Volume Type” window where you will select the type of encrypted volume you want to create.
Most people will be fine using the default Standard TrueCrypt volume type, as opposed to the other option, Hidden TrueCrypt volume (select the more complex hidden option if you could plausibly be forced to reveal a password, e.g., in cases of extortion. If you are a government spy, however, you probably don’t need this “How To” article).
Click Next >.
Select Your File Container Name, Location, and Encryption Method
Click Select File. to choose a filename and location for this file container, which will actually be a file on your hard disk or storage device.
Do not select an existing file unless you wish to overwrite that file with your new, empty container.
Click Next >.
In the next screen, “Encryption Options,” you can also leave the default encryption and hash algorithm, then click Next >. (This window informs you that the default encryption algorithm, AES, is used by US government agencies to classify information up to the Top Secret level. Good enough for me!)
TrueCrypt is a popular on-the-fly encryption for Windows – it is also available for Mac OS X and Linux. It’s now recommended to use VeraCrypt instead. It can create a file-hosted container or write a partition which consists of an encrypted volume with its own file system (contained within a regular file) which can then be mounted as if it were a real disk. TrueCrypt also supports device-hosted volumes, which can be created on either an individual partition or an entire disk. Because presence of a TrueCrypt volume can not be verified without the password, disk and filesystems utilities may report the filesystem as unformatted or corrupted that may lead to data loss after incorrect user intervention or automatic “repair”.
- 1 Corrupted Standard Volume header
- 2 Corrupted Hidden Volume header
- 3 Corrupted Standard Volume file system
- 3.1 Recovery under Windows
- 3.2 Recovery using whole decryption
- 3.3 Recovery under Linux
- 4 Corrupted Hidden Volume file system
- 5 Recovery of a deleted TrueCrypt partition
Corrupted Standard Volume header
The standard volume header uses the first 512 bytes of the TrueCrypt container. It contains the master keys needed to decrypt the volume. If the header gets corrupted or the container reformatted, TrueCrypt will display Incorrect password or not a TrueCrypt volume. . Using a backup of the volume header is the only possibility to recover the data.
Corrupted Hidden Volume header
The 512 bytes hidden volume header is stored 1536 bytes from the end of the host volume. It’s very unlikely that it becomes corrupted but as previously stated, using a backup of the volume header is the only possibility of recovering the data.
Corrupted Standard Volume file system
Sometimes both Standard Volume header and filesystem boot sector are partially overwritten. After recovering the volume header using a backup, the volume can be accessed but the filesystem is still corrupted.
Recovery under Windows
Run TestDisk, select the drive letter corresponding to the damaged volume, choose None for partition type, Advanced. TestDisk can repair the FAT/NTFS boot sector, ext2/ext3 superblock.
Recovery using whole decryption
Another method is to permanently decrypt the damaged system partition/drive. You can use the VeraCrypt Rescue Disk and next use TestDisk. Run TestDisk, select the drive letter or partition corresponding to the damaged volume, go in the Advanced menu, force the type if necessary and choose Boot (FAT or NTFS) or SuperBlock (ext2/3/4). TestDisk can repair the FAT/NTFS boot sector, ext2/ext3/ext4 superblock.
Recovery under Linux
Find the fuse device and run TestDisk on the volume device.
Run TestDisk, select the volume, choose None for partition type, Advanced. TestDisk can repair the FAT/NTFS boot sector, ext2/ext3 superblock.
Corrupted Hidden Volume file system
If too much data has been stored in the standard volume or if you have tried to defragment the standard volume without protecting the hidden volume ( truecrypt –protect-hidden ), the hidden volume file system may be partially overwritten. TestDisk Advanced menu can be used to rebuild the missing FAT or NTFS boot sector.
Recovery of a deleted TrueCrypt partition
TestCrypt can recover deleted TrueCrypt partition if you know the correct password. VeraCrypt can handle TrueCrypt container and its more secure container. Currently TestCrypt can only find TrueCrypt container, not VeraCrypt one.
TrueCrypt and its follower, VeraCrypt, are wonderful encryption tools that are freely available. These tools can are used to encrypt data at rest on storage devices including external hard drives and USB flash drives. This tutorial explain how to repair your corrupted TrueCrypt/VeraCrypt container (volume) using TestCrypt and get your data back.
Update 2nd January 2021:
We have since the below update recieved a steady stream of inquiries of varying degrees of quality regarding the recovery of damaged VeraCrypt containers.
Please ensure to include:
- A brief description of the damaged container and the issue including screenshot(s) of errors
- Steps you have taken in attempts to repair your damaged container (e.g. formatted, commands, re-paritioning, use of recovery tools or devices)
- What worked and what didn’t work?
Please be assured that your emails are being read and that we are doing the best we can to develop an open source solution that may help people like you with recovering lost files and memories.
In the meantime, feel free to join the discussion in the comments below.
Stay safe and take care out there.
Update 8th November 2020: Users of VeraCrypt needed for research project
The solution in this article seem to work mostly for TrueCrypt users. As of today, a research project has launched in attempts to build a open source software tool that can help VeraCrypt users to repair VeraCrypt volumes and recover the encrypted data. Please email veracrypt
Signs and Symptoms of Broken TrueCrypt/VeraCrypt Volumes
After using TrueCrypt for years to protect my Western Digital external hard drive, I recently noticed that I was no longer able to mount my volume and access my files, and started to panic a bit. I connected the USB to my laptop and tried to mount the volume on Windows, Linux and Mac without success.
In Windows I got the message “You need to format the disk in drive X: before you can use it. Do you want to format it?” and in macOS I tried to mount the disk manually using “diskutil mountDisk /dev/disk2” without success. I also tried to mount the volume using VeraCrypt in TrueCrypt mode. However, I received “Invalid password” and “Invalid Volume” albeit the password entered was correct.
How to Repair TrueCrypt/VeraCrypt Volumes
If you are in a similar situation, I recommend that you try the following steps. By the way, do not attempt to repair any filesystems using “chkdisk” or similar recovery tools at this point as it may damage the volume. If you have already attempted to repair the volume, you may have luck so read on. I recommend you to use any version of Windows to recover your volume.
I’m using a MacBook and used VirtualBox to install Windows 10 on a virtual machine. If using VirtualBox, you will have to give the virtual machine access to the device storing your volume. Connect the USB device or USB cable to the computer and make sure that your host is not trying to mount or occupy its resources.
In VirtualBox and after installing a virtual machine with Windows, right click the virtual machine and click “Settings”. Click “Ports” and “USB”. And make sure “Enable USB Controller” and “USB 3.0 (xHCI) Controller” is enabled. Click the green plus sign to add a new USB filter. In the drop down menu select your storage device and enable it in the list before clicking “OK”.
Finally, start the virtual machine. In my case using USB 1.1 or USB 2.0 did not work, and with USB 3.0 as controller, Windows automatically downloaded the required device drivers. So make sure the virtual machine has internet access. Before you proceed make sure your storage device is listed in “Disk Drives” in “Device Manager”.
TestCrypt is a first aid tool that you can use to recover your TrueCrypt/VeraCrypt volume. It is a Windows tool. So ensure that you have access to a device with Windows installed, or, alternatively, an virtual machine running Windows.
Simply visit http://testcrypt.sourceforge.net and download TestCrypt. You must install the required dependencies, as described in the “Requirements” section on the website before you install TestCrypt, otherwise you won’t be able to mount you volume. And you will receive this error:
Now, connect the device that holds the corrupted volume, and start TestCrypt and follow the on-screen instructions to recover your volume. Note that you must provide the correct password to recover your volume. TestCrypt is a tool to repair your volume, not a password cracking tool. If you can’t remember your password, it is worth guessing as you might be lucky. The recovery process usually takes around 20-30 minutes.
Once recovered, you should be able to navigate your files using Explorer in Windows. TestCrypt is a rescue tool so you will only be able to copy, and not modify any files or folders on the damaged volume. Nevertheless, you still got your data back and now your first priority should be to copy it to a safe place.
Feel free to ask questions in the comments if you are stuck. Or share your approach with others if you succeeded. All the best.
Keluaran SGP: Togel Singapore | Data SGP Prize | Pengeluaran SGP Hari Ini
Keluaran sgp merupakan hasil judi togel singapore yang sudah dirangkum ke dalam tabel data sgp prize. Setiap info pengeluaran sgp hari ini tercepat, bisa dengan mudahnya anda dapatkan di halaman utama kami. Karena, semua keluaran singapore yang disajikan untuk anda, langsung di ambil dari situs utama singapore pools. Sehingga keakuratan pengeluaran singapore prize yang kami sajikan untuk kalian, sudah sepatutnya terjamin sah. Hal ini bertujuan, agar setiap bettor yang sedang mencari info tentang jackpot togel singapore hari ini. Bisa terhindar dari berbagai tindakan kecurangan, maupun kesalahan dalam mendapatkan nomor togel sgp prize yang telah terjadi. Selain itu, kami juga menyajikan rekapan data singapore pools terlengkap yang bisa digunakan oleh para pemain dalam melihat kembali. Nomor apa saja yang sudah pernah terjadi di periode sebelumnya. Semua nomor undian dari keluaran toto sgp hari ini. Akan kami infokan untuk anda secara terupdate, pada jam 17.45 WIB.
Keluaran SGP Hari Ini Sebagai Patokan Sah, Dalam Menentukan Jackpot Togel Singapore Pools
Keluaran sgp hari ini yang berfungsi sebagai patokan sah, dalam menentukan jackpot togel singapore pools. Tentu saja bisa dengan mudahnya anda dapatkan disini. Karena, setiap hasil sgp hari ini yang kami sediakan, sudah pasti terjamin asli. Sehingga bettor tidak perlu lagi cemas dengan undian nomor yang kami persembahkan. Selain itu, nomor keluaran sgp tercepat yang telah disusun rapi ini. Dapat kalian jadikan sebagai acuan sah, dalam menentukan jackpot togel singapore apa saja yang berhasil anda menangkan.
Keluaran singapore hari ini yang kami sediakan menjadi sebuah informasi terpercaya dan akurat. Dimana situs keluaran sgp prize ini, telah dilengkapi dengan berbagai dukungan terkemuka. Salah satunya adalah WLA, atau World Lottery Association. Sehingga semua data keluaran sgp hari ini lengkap yang kami persembahkan untuk kalian telah lolos uji, dan siap untuk digunakan oleh semua pemain judi togel singapore dimana saja.
Togel Singapore Hari Ini Menyediakan Hasil Lengkap, Lewat Data SGP Master
Togel singapore sebagai salah satu bentuk perjudian menebak nomor jitu yang sudah ada sejak jaman dahulu ini. Memberikan berbagai pelayanan terbaik untuk para pemainnya. Sehingga sudah tidak mengherankan, jika togel singapore hari ini banyak diincar oleh para penjudi di dunia. Dimana, salah satunya adalah Indonesia. Layanan berkualitas yang dimiliki oleh togel singapore pools itu sendiri adalah, hasil keluaran sgp prize terlengkap. Dimana, dengan menggunakan rekap data sgp master. Bettor bisa dengan gampangnya, untuk melihat semua hasil undian jackpot yang pernah terjadi di masa lalu hingga sekarang. Setiap hasil togel singapore sgp pools, akan langsung disajikan untuk para pemain lewat tabel yang sudah didukung dengan berbagai perangkat. Baik itu ponsel, tablet, maupun komputer.
Togel singapore selaku judi totobet sgp terbaik ini. Dengan sengaja membuat tampilan data sgp master, agar setiap nomor yang ingin dicari oleh bettor, langsung tersedia di satu halaman saja. Tanpa harus membuka satu-persatu, hasil yang sudah dikeluarkan oleh togel singapore prize itu sendiri. Ya, hal ini dilakukan demi memberikan kemudahan untuk para togelers yang tidak ingin mengambil pusing dalam menyaksikan nomor keluaran togel singapore.
Data SGP Prize Merangkum Seluruh Pengeluaran Singapore Hari Ini
Data sgp menjadi sebuah alat terpenting yang dapatkan digunakan oleh para pemain. Dimana, setiap pengeluaran singapore hari ini, langsung dirangkum ke dalam tabel data sgp prize. Hal ini bertujuan, agar bettor bisa dengan gampangnya melihat semua nomor pengeluaran sgp terlengkap. Format data singapore pools sendiri ramai dicari, karena banyak para master togel yang percaya. Bahwa dengan menggunakan rekapan data pengeluaran sgp prize. bettor bisa mendapatkan berbagai inspirasi, dari nomor hoki apa saja yang berkemungkinan besar untuk muncul pada result sgp hari ini.
Selain itu, rekap data keluaran sgp juga sangatlah membantu para bettor, dalam mendapatkan info pengeluaran singapore prize. Dimana, dengan tersedianya tanggal, hari, dan periode. Tentunya bettor bisa melihat secara langsung nomor apa saja yang telah terjadi di periode yang sedang berjalan ini.
Pengeluaran SGP Hari Ini Tercepat Tersaji Dengan Format Toto SGP Prize
Pengeluaran sgp menjadi sebuah pencarian yang sangat banyak sekali dilakukan di wilayah Indonesia. Hal ini dikarenakan, situs utama togel singapore yang sudah tidak bisa lagi diakses. Tentu saja membuat bettor harus mencari cara, dalam menyaksikan live draw sgp hari ini tercepat. Nah, dengan menggunakan layanan pengeluaran sgp. Tentu saja, bettor bisa dengan mudahnya mendapatkan semua nomor undian yang telah terjadi.
Hasil pengeluaran sgp hari ini tercepat menyajikan nomor undian, dengan menggunakan format toto sgp prize. Hal tersebut dilakukan agar setiap bettor yang menyaksikan nomor jackpot toto sgp, bisa langsung memahami maksud hasil yang di infokan. Selain itu, pengeluaran sgp yang didapatkan, juga langsung terpapar untuk anda, tanpa harus memakan waktu loading website yang memakan waktu cukup lama. Jadi itulah kegunaan dari pengeluaran toto singapore yang bisa memberikan nomor jackpot tercepat, dan terbaru.
Something very weird is going on with the popular free whole-disk encryption suite TrueCrypt. The story is still developing, but it does look like the suite ceases to exist right
Something very weird is going on with the popular free whole-disk encryption suite TrueCrypt. The story is still developing, but it does look like the suite ceases to exist right now. The only explanation its creators have provided so far is that using TrueCrypt “is not secure as it may contain unfixed security issues”.
What kind of issues? – This is something people behind TrueCrypt have not disclosed so far. There are some speculations about the possibility of a backdoor in the software code, but it’s guesswork at best. There was also speculation of a possible deface: TrueCrypt’s official site started redirecting people to the suite’s Sourceforge page all of sudden. Now, however, there is a sort of a consensus that it wasn’t a deface: along with redirect, the software itself is altered too, and now it is showing the very same warning as the Sourceforge site does. Users of TrueCrypt are recommended to migrate from TrueCrypt to Microsoft’s BitLocker: TrueCrypt’s developers offer a step-by-step instructions on how to do this.
TrueCrypt is (well, was) a cross-platform, freeware, “source-available” encryption application that could create a virtual encrypted disk within a file or encrypt a partition or (under Microsoft Windows except Windows 8 with GPT) the entire storage device (pre-boot authentication). It’s been around for almost 10 years, and all this time its developers stayed away from the limelight, even keeping their names in secret.
TrueCrypt’s developers suddenly abandoned the suite without explaining the reason.
The suite was highly praised for its stability, a formidable feature set, support of parallelized encryption for multi-core systems, and, specifically, “plausible deniability” function which allowed a single “hidden volume” to be created within another volume.
By May, 2014 the software had been downloaded 28 million times. And now developers seem to have pulled the plug abruptly, and it does look like a withdrawal – a retreat from the uneasy world of encryption, which is made much more uneasy than before by E. Snowden’s revelations last year.
Actually, it was those revelations that, in part, led to a demand for an independent security audit to find out whether the suite might be tampered with at a certain point. A John Hopkins University’s cryptographer and research professor Matthew Green, a long-time “skeptic” of TrueCrypt launched a dual crowdfunding campaign to get such audit funded. The community has shown a strong interest: Green eventually managed to collect as much as $70,000 (way above the campaign’s set goal), and the first round of audit had been successfully completed earlier this year, yielding no adverse discoveries. The second phase hadn’t even started yet, and now it looks there may not be one. Due to the “clouded” legal status of the TrueCrypt source code it is unclear if anyone would be able to pick up the development.
So, let’s put it straight: For now, nobody except for the TrueCrypt’s developers themselves, of course, actually know what is going on. No information on the nature of the security issue and the possibility to fix it.
The software was popular: 28 million downloads is a large amount itself, and even if only one third of those who downloaded the suite have actually been using it, that’s the population of a large city. Migration to BitLocker is actually available “out of the box” to some users, since it is only shipped with the top-tier versions of Windows (Vista, 7 and 8).
All these people now question whether their data has been secure at all since the day they have started using TrueCrypt. A lack of explanation doesn’t make them feel any easier.
While it is a common wisdom that noone reads EULAs, users expect they can trust software vendors, no matter if the sofware is commercial proprietary or open-source and/or free to use. The last thing people would expect from a software developer is a sudden vanishing into the mist without an explanation. This is not the way things should work. Especially in the information security area.
At a Glance
- Volume and disk level encryption, many algorithms, speedy
- Occasionally over-technical
This free, open-source encryption program lets you place files and folders in “safes” of any size.
Powerful open source program TrueCrypt 7.1 (free/donationware) creates encrypted volumes on your computer, or encrypts entire disks–including your system disk. It allows you to create hidden volumes, or even an entire hidden operating system.
Proper computing practices usually keep people from attacking your system remotely, but there’s still a high risk if they gain physical access to your PC or your drives. Encryption programs such as TrueCrypt render the actual stored data unreadable without the proper key, making it difficult to even determine which parts of the encrypted disk hold data and which hold random gibberish. This imposes very few limits on ordinary system use, as modern encryption software is extremely fast and performs on-the-fly encryption and decryption with a very minimal speed hit.
TrueCrypt can be used by anyone, but it sometimes delves into technical terms. However, the extensive documentation should be understandable to anyone who is in a position to use or need this kind of software.
There are two modes of using TrueCrypt. The first, the easiest for most users, is to create an encrypted volume as a file on an existing disk. This requires a good chunk of free space, though that depends on how much you want secured–if it’s just a few Excel files or the like, you can make a very small volume; if it’s extensive archives, you will need much more space. Once the file is created, it can be mounted like any other Windows disk, and files can be read from it and written to it. All programs treat it like a normal drive: The TrueCrypt drivers intercept all read and write requests, processing the data transparently. Without the password (and/or a key file), no one else can mount that volume, and anyone who copies the encrypted volume will just have random bytes. (Usage tip: This doesn’t apply if they access your system while the volume is mounted and the decryption is running; they will then see the files just as you do. So keep your firewall secure and if you’re in a shared environment, set TrueCrypt to dismount shared volumes after inactivity.)
The second mode is full-volume encryption. This can be a non-system partition, or you encrypt your system drive. Doing the latter provides the maximum in security, since it means that all of the things Windows stores without your knowledge, such as system restore points, temp files, and other clutter, will also be encrypted. It also means that if you ever forget your password, you cannot boot your computer. TrueCrypt will insist you make a recovery CD in the event that the boot level drivers on the encrypted disk become corrupt, but useing the CD still requires you to know the password, and there’s no way to recover or reset the password if you’ve forgotten it.
Encrypting a disk can be time-consuming; it took about 20 hours to encrypt my 1TB USB drive. This process can be safely paused, but the disk cannot be mounted while it’s being encrypted. If you encrypt your system disk, TrueCrypt will do it without locking up your computer, but these actions are best saved for a time when you don’t plan to use your computer for a while.
TrueCrypt has the ability to create hidden volumes, which are useful if you fear you will be forced to reveal a key. Basically, Key 1 unlocks a volume and reveals files and data. Key 2, applied to the same volume, reveals different files. Because the free space on an encrypted volume is random data, it’s very difficult to prove that a volume contains hidden data.
I strongly recommend TrueCrypt as a disk encryption solution. It’s probably enough for most users to set aside a few dozen gigabytes for an encrypted volume to store your most sensitive information, but if your need for security is greater, TrueCrypt will meet it.
Note: This program is donationware. It is free to try, but the author accepts and encourages donations towards further development.
- Source Code
Documentation >” />>” style=”margin-top: 5px”> How to Back Up Securely
How to Back Up Securely
Due to hardware or software errors/malfunctions, files stored on a VeraCrypt volume may become corrupted. Therefore, we strongly recommend that you backup all your important files regularly (this, of course, applies to any important data, not just to encrypted data stored on VeraCrypt volumes).
To back up a non-system VeraCrypt volume securely, it is recommended to follow these steps:
Create a new VeraCrypt volume using the VeraCrypt Volume Creation Wizard (do not enable the Quick Format option or the Dynamic option). It will be your backup volume so its size should match (or be greater than) the size of your main volume.
If the main volume is a hidden VeraCrypt volume (see the section Hidden Volume), the backup volume must be a hidden VeraCrypt volume too. Before you create the hidden backup volume, you must create a new host (outer) volume for it without enabling the Quick Format option. In addition, especially if the backup volume is file-hosted, the hidden backup volume should occupy only a very small portion of the container and the outer volume should be almost completely filled with files (otherwise, the plausible deniability of the hidden volume might be adversely affected).
IMPORTANT: If you store the backup volume in any location that an adversary can repeatedly access (for example, on a device kept in a bank’s safe deposit box), you should repeat all of the above steps (including the step 1) each time you want to back up the volume (see below).
If you follow the above steps, you will help prevent adversaries from finding out:
- Which sectors of the volumes are changing (because you always follow step 1). This is particularly important, for example, if you store the backup volume on a device kept in a bank’s safe deposit box (or in any other location that an adversary can repeatedly access) and the volume contains a hidden volume (for more information, see the subsection Security Requirements and Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability).
- That one of the volumes is a backup of the other.
Note: In addition to backing up files, we recommend that you also back up your VeraCrypt Rescue Disk (select System > Create Rescue Disk). For more information, see the section Vera Crypt Rescue Disk.
To back up an encrypted system partition securely and safely, it is recommended to follow these steps:
If you have multiple operating systems installed on your computer, boot the one that does not require pre-boot authentication.
If you do not have multiple operating systems installed on your computer, you can boot a WinPE or BartPE CD/DVD (‘live’ Windows entirely stored on and booted from a CD/DVD; for more information, search the section Frequently Asked Questions for the keyword ‘BartPE’).
If none of the above is possible, connect your system drive as a secondary drive to another computer and then boot the operating system installed on the computer.
Note: For security reasons, if the operating system that you want to back up resides in a hidden VeraCrypt volume (see the section Hidden Operating System), then the operating system that you boot in this step must be either another hidden operating system or a “live- CD” operating system (see above). For more information, see the subsection Security Requirements and Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability.
Create a new non-system VeraCrypt volume using the VeraCrypt Volume Creation Wizard (do not enable the Quick Format option or the Dynamic option). It will be your backup volume so its size should match (or be greater than) the size of the system partition that you want to back up.
If the operating system that you want to back up is installed in a hidden VeraCrypt volume (see the section Hidden Operating System), the backup volume must be a hidden VeraCrypt volume too. Before you create the hidden backup volume, you must create a new host (outer) volume for it without enabling the Quick Format option. In addition, especially if the backup volume is file-hosted, the hidden backup volume should occupy only a very small portion of the container and the outer volume should be almost completely filled with files (otherwise, the plausible deniability of the hidden volume might be adversely affected).
- Click Select Device and then select the system partition that you want to back up (in case of a hidden operating system, select the partition containing the hidden volume in which the operating system is installed).
- Click OK.
- Select System > Mount Without Pre-Boot Authentication.
- Enter your pre-boot authentication password and click OK.
IMPORTANT: If you store the backup volume in any location that an adversary can repeatedly access (for example, on a device kept in a bank’s safe deposit box), you should repeat all of the above steps (including the step 2) each time you want to back up the volume (see below).
If you follow the above steps, you will help prevent adversaries from finding out:
- Which sectors of the volumes are changing (because you always follow step 2). This is particularly important, for example, if you store the backup volume on a device kept in a bank’s safe deposit box (or in any other location that an adversary can repeatedly access) and the volume contains a hidden volume (for more information, see the subsection Security Requirements and Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability).
- That one of the volumes is a backup of the other.
If you store the backup volume in any location where an adversary can make a copy of the volume, consider encrypting the volume with a cascade of ciphers (for example, with AES-Twofish- Serpent). Otherwise, if the volume is encrypted only with a single encryption algorithm and the algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able to decrypt his copies of the volume. The probability that three distinct encryption algorithms will be broken is significantly lower than the probability that only one of them will be broken.
Northeastern University, Boston, MA, USA
Northeastern University, Boston, MA, USA
Northeastern University, Boston, MA, USA
Northeastern University, Boston, MA, USA
Northeastern University, Boston, MA, USA
Northeastern University, Boston, MA, USA
Northeastern University, Boston, MA, USA
Northeastern University, Boston, MA, USA
23 citation 403 Downloads
New Citation Alert added!
This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
New Citation Alert!
Save to Binder
- Cancel Create
CCS ’14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
With sensitive data being increasingly stored on mobile devices and laptops, hard disk encryption is more important than ever. In particular, being able to plausibly deny that a hard disk contains certain information is a very useful and interesting research goal. However, it has been known for some time that existing “hidden volume” solutions, like TrueCrypt, fail in the face of an adversary who is able to observe the contents of a disk on multiple, separate occasions. In this work, we explore more robust constructions for hidden volumes and present HiVE, which is resistant to more powerful adversaries with multiple-snapshot capabilities. In pursuit of this, we propose the first security definitions for hidden volumes, and prove HiVE secure under these definitions. At the core of HiVE, we design a new write-only Oblivious RAM. We show that, when only hiding writes, it is possible to achieve ORAM with optimal O(1) communication complexity and only poly-logarithmic user memory. This is a significant improvement over existing work and an independently interesting result. We go on to show that our write-only ORAM is specially equipped to provide hidden volume functionality with low overhead and significantly increased security. Finally, we implement HiVE as a Linux kernel block device to show both its practicality and usefulness on existing platforms.
4sysops – The online community for SysAdmins and DevOps
TrueCrypt is a nifty free Open Source disk encryption tool. It encrypts a whole hard disk or partition and also can create virtual volumes. TrueCrypt uses encrypted container files which can be mounted like hard disks. Under Windows, you can assign a driver letter to such a virtual device. I tested version 4.1 for Windows.
- Recent Posts
- If an EC2 Reserved Instance is not applied or used – Thu, Jan 20 2022
- Midnight Commander remote connect via Shell link (copy files over SSH) and SFTP link using FISH and public key authentication – Mon, Jan 17 2022
- Root login via SSH and SFTP on EC2 instances running Linux – Wed, Jan 12 2022
Update: Please, also check out my review about TrueCrypt 5.
All in all, TrueCrypt made a very good impression to me. I sometimes encrypt important confidential data using EFS (Encrypting File System). I think, I’ll switch to TrueCrypt now. Its biggest advantage over EFS is that it hides filenames and folder structure. I also like that one only can mount an encrypted volume when the data on it is needed. This brings some extra security.
TrueCrypt is very easy to use. The manual has 98 pages, but I was able to use TrueCrypt without consulting it. It uses self explaining wizards to create encrypted volumes. I recommend consulting the manual though, if you use TrueCrypt regularly. You will get there, detailed information of how TrueCrypt works.
Within less than a minute, I mounted my first encrypted virtual device. TrueCrypt supports several encryption algorithms.The best known ones are AES, Blowfish and Twofish. The supported bit lengths should be secure enough for the next 100 years or so.
When creating a virtual partition, you have to specify its size. The container file occupies this space even without files in it. One shouldn’t encrypt partitions that already contain files since TrueCrypt has to format it first.
You need a password and/or a keyfile to mount an encrypted device. Any file longer than 16 Bytes is good as a keyfile. TrueCrypt can also create one for you. The advantage of using a keyfile is that it provides protection against keystroke loggers. The safest way certainly is the combination of password and keyfile. TrueCrypt even supports multiple keyfiles. This way, you can manage multi-user shared access since all users have to supply their keyfiles before the encrypted device can be mounted.
Another interesting feature of TrueCrypt are the hidden volumes. Hidden volumes reside within another TrueCrypt volume. One simply uses another password to open a hidden volume. If someone forces you to open the TrueCrypt volume, you only enter the password for the outer volume. It is not possible to prove that a TrueCrypt volume contains a hidden volume. But be careful with hidden volumes. It is possible that you overwrite the contents of a hidden volume with data from the outer volume. The manual explains how one can prevent this.
TrueCrypt is also quite fast. I tested it on a PC with a 1 GHz CPU. It took TrueCrypt 13 seconds to format a virtual disk with 200 MB using AES as encryption algorithm. I then copied 150 MB in 20 seconds to the encrypted virtual volume. Working with encrypted files didn’t seem to be slower than with unencrypted files.
The blog about the inner workings of the Internet from the AVATAR team.
Tagged: AES, data, encryption, Linux, mac, on-the-fly, security, TrueCrypt, volumes
Data encryption and security is a serious concern for business and personal computer use. TrueCrypt is free data encryption software that can encrypt volumes on either an individual partition or an entire storage device. It is supported on Windows 7, Vista, XP, Mac OS X and Linux.
In TrueCrypt, there are three different options for Volume Creation.The first option is to create an encrypted file which can be mounted and used as a drive. The file created by using this method can be copied and emailed or moved to a different space and still retain its encryption. The second option is to encrypt a non-system partition or drive like a flash drive or other external storage device. The last option is the same as the second option except it requires the user to enter a password before the OS boots to fully protect the encrypted files. This option can only encrypt Windows XP, 2003, 2008, Vista and Windows 7 operating systems.
Once a user chooses which TrueCrypt Volume to use, there are two more options: standard or hidden. Standard is very basic and only requires one password. Hidden TrueCrypt volume requires two passwords, one for the hidden partition and another for the non-hidden partition. The only downside to using a hidden partition is if the user fills all of the space on the non-hidden partition, the space on the hidden partition will be overwritten to make space for the non-hidden partition. However, this can be prevented by using the mount option “Protect hidden volume against damage caused by writing to outer volume.”
TrueCrypt uses three different encryption algorithms with five different combinations available. The three algorithms used are AES, Serpent and Twofish. Each encryption can be benchmarked and tested to see which is the right option for your needs. Any option with AES is a good choice because AES is the standard encryption used by the US Federal government, the NSA and the National Institute of Standards and Technology (NIST) among a number of other corporations. Version 7.0 introduced hardware-accelerated AES which takes advantage of Intel’s Westmere-based processors new set of instructions that provide over three times the encryption and decryption rate of AES.
TrueCrypt currently uses the XTS mode which is more secure than Cipher-block chaining (CBC) mode. XTS is based on Xor-Encrypt-Xor (XEX) with a Tweaked CodeBook (TCB) and CipherText Stealing (CTS). The NIST recommended XTS-AES mode for confidentiality on storage devices in a special report from January of 2010. In that report the organization says
“The XTS-AES mode provides confidentiality for the protected data. Authentication is not provided, because the P1619 Task Group designed XTS-AES to provide encryption without data expansion, so alternative cryptographic methods that incorporate an authentication tag are precluded. In the absence of authentication or access control, XTS-AES provides more protection than the other approved confidentiality-only modes against unauthorized manipulation of the encrypted data.”
The crypto hash functions used by TrueCrypt are RIPEMD-160, SHA-512 and Whirlpool. RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a 160-bit message digest algorithm developed in Leuven, Belgium. SHA-512 was designed by the National Security Agency (NSA) and published in 2001 by the NIST as part of SHA-2 set of cryptographic hash functions. Whirlpool was designed by Vincent Rijmen (co-creator of AES) and Paulo S. L. M. Barreto. Out of the three, SHA-512 seems to be the most popular hash function.
TrueCrypt can also protect your files without requiring the use of a password by using keyfiles. A user can chose to use keyfiles in combination with a password or just one or the other. The keyfile could be security tokens, smart cards, a generated file or a random file off the computer such as an mp3 file. You can select more than one file to be used as your keyfile. If you have multiple keyfiles, the order doesn’t matter. Using keyfiles is beneficial in defending against brute-force attacks on a password.
Another great feature of TrueCrypt is the creation of a rescue disk. Once a user encrypts a system partition or drive, TrueCrypt requires that you create a TrueCrypt Rescue Disk. This assists the user in repairing the boot loader if it gets damaged or data is corrupted. It’s a good idea to always make a rescue disk because you never know what can happen once your data is encrypted and this system allows you to retrieve some data so all is not lost if a hard drive goes bad or is infected with malware.
The process to un-encrypt your files, partition or drive is a simple one. First you need to locate the encrypted volume. Next select the drive you want it mounted as. Then type your password and/or use your keyfiles and click “Mount.” When you’re finished, the file that is written to the drive will be encrypted on-the-file. If you have an OS encrypted partition or drive you can only un-encrypt at boot up or from a rescue disk.
TrueCrypt is a great piece of free software that works across multiple OS. The feature that I found to stand out the most was the encrypted file container. TrueCrypt just might give Bitlocker and other disk encryption software a run for their money.
In a nutshell
After some time using the outer volume of a hidden volume in Truecrypt I cannot write to the outer volume anymore. The protection of the inner volume always kicks in before. How do I fix this?
I’m using truecrypt‘s two layered encryption of a USB stick. The outer container carries my semi-sensitive stuff while the inner hidden values has a bit more valuable information. I use both, the inner and outer volume regularly and that is part of the problem. Truecrypt can mount the outer volume for writing while protecting the inner. Usually the inner volume, when not protected this way (or mounted read-only) would be indistinguishable from free space. That is of course part of the plausible deniability scheme of truecrypt.
At the beginning, everything worked as expected. I could copy and delete data to the outer volume as I pleased. Now it seams that I have written and deleted enough data to have filled the outer volume once. Despite the write protection Ubuntu tries now to write to the continuous “free space” that is the inner volume. It does that although enough other free space is on the outer volume. But on this free space there used to be data so its fragmented and the file system write prefers continuous space. The write on the continuous free space of the outer volume of course fails (with the error message in the picture above) as Truecrypt’s inner-volume-protection kicks in.
I know this is expected behaviour, but is there a better way to write to the outer volume that does not attempt to write to the hidden free space at the end?
The whole question could be more generally rephrased to: How do I control, where on a partition data is written in Ubuntu?
- ‘)” data-event=”social share” data-info=”Pinterest” aria-label=”Share on Pinterest”>
- ‘)” data-event=”social share” data-info=”Reddit” aria-label=”Share on Reddit”>
- ‘)” data-event=”social share” data-info=”Flipboard” aria-label=”Share on Flipboard”>
- How to Lock a RAR
- How to Encrypt With BitLocker
- How to Use WinZip to Zip a PowerPoint Presentation
- How to Remove a Hard Drive Partition
- How to Open V2I Files
TrueCrypt is a free, open-source program for strong, on-the-fly encryption. Encryption and decryption of your data is transparent, automatic and occurs in real time, providing strong encryption without the need for advanced technical skills. TrueCrypt can provide a method to protect your valuable business data from theft, especially when traveling with company laptops.
Open the TrueCrypt program on your computer.
Select an encrypted drive to mount from the displayed list or click the “Select File” button at the lower right of the TrueCrypt application window in order to decrypt a virtual volume hidden in a file. Click the “Mount” button at the lower left of the TrueCrypt window.
Enter the password to the encrypted volume or file. If you used keyfiles to encrypt your TrueCrypt volume, click the “Use Keyfiles” checkbox and click on the “Keyfiles. ” button. In the dialog box, select the keyfiles you used to encrypt your volume. Keyfiles are collections of files that are used in place of or along with a password to provide stronger encryption.
Click “Protect hidden volume when mounting outer volume” if you have used two-level encryption to protect your files. Two-level encryption involves adding a second encrypted volume inside the first. This allows you to protect files in the event you are forced to give up the password to your outer volume. However, if you attempt to write data to the outer volume when a hidden volume is present, the data may be damaged and become unusable.
Click the “OK” button in the top right of the password and keyfile prompt to decrypt and mount your TrueCrypt volume.
There are countless reasons why you’d like to make sure your data stays private. Maybe you travel a lot and you’re worried your laptop may be stolen, perhaps you work or live in an environment where other people have access to your computer. In any case, the procedure of encrypting data can be simple and very well integrated into your daily workflow.
One outstanding tool which you can use to encrypt the data on your devices is TrueCrypt. The good news is that besides being open source it also works on all major operating systems – Windows, Mac OS X and Linux. Rich with options, TrueCrypt supports a variety of encryption algorithms:
This versatile piece of software allows you to create a virtual encrypted disk, encrypt an entire partition or storage device as well as encrypt a drive where Windows is installed.
What makes TrueCrypt even more compelling is it’s ability to create hidden volumes. Let’s say for example that you are in a position where you have to give out the password for an encrypted volume. Countries like the US and England are now inspecting traveler’s computers and refusal may give you quite a headache and possibly deny your entrance into the country. TrueCrypt can create a volume within another volume and since free space on any TrueCrypt volume is filled with random information when the volume is created, the hidden volume cannot be distinguished from random data even when the outer volume is mounted. Keep in mind that this feature is not available for Mac OS X at the moment but should be in an upcoming version.
What this article will show you now is how to create an encrypted volume that you can use to fill with data.
Before the wizard can begin creating your encrypted volume, it will instruct you to move your mouse as randomly as possible within its window. This enables TrueCrypt to construct encryption keys of adequate strength.
Once the wizard starts working, the amount of time it will take him to finish the job will depend mainly on the size of the encrypted volume you decided to create. The screenshot above says 2 hours because it was creating quite a large volume of 153 GB. The information window above shows TrueCrypt’s progress at all times so you can plan to do other work until your volume is ready to go.
Once TrueCrypt is done and your volume is prepared you can opt to create another volume or exit the wizard.
In order to copy data into the volume you just created, you have to mount it in TrueCrypt’s main window. You can mount more volumes at once and also check a box that will make sure history is never saved. Think about it, if you’re already making sure your data is encrypted, you might as well cover all the tracks.
Every volume is protected by a password so make sure you use one that’s strong enough and certainly not easy to guess. Your best shot is to usw a combination of uppercase and lowercase letters with numbers and a few special characters. Don’t use anything from the dictionary and you’re on the right track. There’s really no point in encrypting data if the volume is going to be protected by a weak password.
Once mounted, the volume appears in TrueCrypt’s main window like this and it’s prepared to be filled up with data. Make sure you don’t forget to unmount the volume and remember the password, otherwise you’ll be locked out from the same data you were trying to protect.
From Computing and Software Wiki
Data Encryption for Storage Devices is a special case of data at rest  protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.
Encryption is used in cryptography to transform plaintext to ciphertext  . In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue  , the encryption of storage devices becomes an attractive way to avoid such issues.
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008  but an actual standard was agreed upon and established in January 2009  . The standards were established by the Trusted Computing Group (TCG) and are outlined as follows  :
- The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.
- The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.
- The Storage Interface Interactions Specification, which specifies how the TCG’s existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems  . Additionally, free implementations are available, TrueCrypt and FreeOTFE (Free On The Fly Encryption) are two examples of this.
Some or all of the following techniques may be employed by encryption software to keep data secure.
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. Plausible deniability may even be extended to further levels for added security.
This is a feature that adds to the security of plausible deniability. A hidden volume is a steganographic feature that allows “hidden” volumes to be created within a “container” volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.
The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP.
Sometime in the last 24 hours, truecrypt.org began forwarding visitors to the program’s home page on sourceforge.net, a Web-based source code repository. That page includes instructions for helping Windows users transition drives protected by TrueCrypt over to BitLocker, the proprietary disk encryption program that ships with every Windows version (Ultimate/Enterprise or Pro ) since Vista. The page also includes this ominous warning:
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”
“This page exists only to help migrate existing data encrypted by TrueCrypt.”
“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
Doubters soon questioned whether the redirect was a hoax or the result of the TrueCrypt site being hacked. But a cursory review of the site’s historic hosting, WHOIS and DNS records shows no substantive changes recently.
What’s more, the last version of TrueCrypt uploaded to the site on May 27 (still available at this link) shows that the key used to sign the executable installer file is the same one that was used to sign the program back in January 2014 (hat tip to @runasand and @pyllyukko). Taken together, these two facts suggest that the message is legitimate, and that TrueCrypt is officially being retired.
That was the same conclusion reached by Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute and a longtime skeptic of TrueCrypt — which has been developed for the past 10 years by a team of anonymous coders who appear to have worked diligently to keep their identities hidden.
“I think the TrueCrypt team did this,” Green said in a phone interview. “They decided to quit and this is their signature way of doing it.”
Green last year helped spearhead dual crowdfunding efforts to raise money for a full-scale, professional security audit of the software. That effort ended up pulling in more than $70,000 (after counting the numerous Bitcoin donations) — far exceeding the campaign’s goal and demonstrating strong interest and support from the user community. Earlier this year, security firm iSEC Partners completed the first component of the code review: an analysis of TrueCrypt’s bootloader (PDF).
Green said he’s disappointed that the TrueCrypt team ended things as abruptly as they did, and that he hopes that a volunteer group of programmers can be brought together to continue development of the TrueCrypt code. That could be a dicey endeavor given the license that ships with TrueCrypt, which Green says leaves murky and unanswered the question of whether users have the right to modify and use the code in other projects.
“There are a lot of things they could have done to make it easier for people to take over this code, including fixing the licensing situation,” Green said. “But maybe what they did today makes that impossible. They set the whole thing on fire, and now maybe nobody is going to trust it because they’ll think there’s some big evil vulnerability in the code. ”
Green acknowledged feeling conflicted about today’s turn of events, and that he initially began the project thinking TrueCrypt was “really dangerous.”
“Today’s events notwithstanding, I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there,” Green said. “But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits.”
Whether or not volunteer developers pick up and run with the TrueCrypt code to keep it going, Green said he’s committed to finishing what he started with the code audit, if for no other reason than he’s sitting on $30,000 raised for just that purpose.
“Before this happened, we were in process of working with people to look at the crypto side of the code, and that was the project we were going to get done over this summer,” Green said. “Hopefully, we’ll be able to keep TrueCrypt.”
This entry was posted on Thursday 29th of May 2014 12:08 AM