Comments

s March 4, 2008 7:31 AM

It’s OK… better than nothing. You still depend on the attacker being dumb. And it is still limited by the same problems as all these other encryption-centric products.

Bogomips March 4, 2008 7:33 AM

A very good package, but the Linux version has taken a step back from the previous one.

Performance is abysmal due to them having switched to FUSE, no support for filesystems used in Linux like ext3(!), the GUI is still buggy and no pre-boot authentication that I can see.

All in all, it’s a good package for exchanging encrypted FAT32 volumes between operating systems, but nowhere near as useful or polished as the Windows version.

Paeniteo March 4, 2008 7:58 AM

@bogomips: “no support for filesystems used in Linux like ext3(!)”

I am under the impression that I have an ext3 formatted container here, created with 5.0 (as I did not really use Truecrypt on Linux before 5.0).

Bogomips March 4, 2008 8:14 AM

@Paeniteo

Sorry, I should have elaborated a bit more. You can of course format the unencrypted block device using whatever filesystem the distro supports, but it has to be done manually from the command line and it isn’t a straightforward operation. Furthermore it has to be done outside of Truecrypt. Create a container, map it (but don’t mount it) and then format that device using mkfs.

The GUI, which is the major selling point in this release, only supports creating FAT32 containers.

hidden volume March 4, 2008 8:48 AM

The hidden volume lies in an uninterrupted area of free space whose end is aligned with the end of the outer volume, according to http://www.truecrypt.org/docs/hidden-volume.php and hence the truecrypt’s notion of hidden volume is useless for a whole disk encrytion.

“Why did you have a soooo large free space at end of you truecrypt volume, while last defragmentation has been done 3 years ago ? Now, I will force you to also give the password for the hidden volume.”

It would be different if the truecrypt wizard could mark some blocks of the hidden volume as badblocks, and allocate them to construct a phony file in the outer volume.

Sean O'Hara March 4, 2008 9:02 AM

The best part of Steve Gibson’s review is when he talks about Window’s defrag working faster under TrueCrypt — that’s everything you need to know about Microsoft right there.

JoeHonkie March 4, 2008 9:10 AM

Hidden Volume:

Truecrypt encrypts the space, so even free space is not visible as such to outside eyes. If your encryption product doesn’t even encrypt the free space to obscure information like this, it’s a crappy product.

Paeniteo March 4, 2008 9:13 AM

@hidden volume: “hence the truecrypt’s notion of hidden volume is useless for a whole disk encrytion”

Which is probably why Truecrypt doesn’t support it for whole disk encryption.

Its hidden volume is probably most useful in situations where you have a fixed size container that is plausibly quite empty.
They are selling 2GB USB drives for under EUR 10,- here. Despite carrying seldomly more than 100MB around on it, I bought one. You just don’t get smaller drives these days. So while it’s true that it has around 95% of free space, that’s really no indication that there would be a hidden volume (there isn’t :-).

@Bogomips:
Truecrypt is still first and foremost a Windows software and has only recently moved towards Linux.
Be patient.

Paeniteo March 4, 2008 9:16 AM

@JoeHonkie:
The hidden volume feature is for situations where you have to provide your “normal” password.
Hence, the attacker will be able to tell which parts of your drive are supposed to be empty. If a large chunk at the end of the drive is supposedly empty, this might raise suspicions.

Garrett G March 4, 2008 9:27 AM

TC is a pretty darn good product from what I can tell (and you gotta love the price). I’m impressed that v5 supports system encryption (i.e., for the entire drive, including the OS, excluding the master boot record) for Windows OSes. Very impressive when a high level of DAR (data-at-rest) security is desired.

TC continues to be useful for encryption external HDDs, SSDs, etc.

Ed T. March 4, 2008 9:31 AM

@Philippe – I am using the OS X version. Haven’t really exercised it that much yet – though I have a couple of volumes and one encrypted USB thumb drive.

~EdT.

Alan March 4, 2008 9:50 AM

It would be interesting to use system encryption with hidden features. You will be able to install two OS (1 on the standard and the other on the hidden volume). The hidden and standard volumes will be part of the TrueCrypt system encryption features

tim March 4, 2008 10:23 AM

@Paul Renault

I may of missed the memo but when did we start taking Steve Gibson seriously?

jayh March 4, 2008 10:46 AM

I would think it best to travel with just virtual driectories of sensitive files encrypted, but leaving the general c:\bootup and generic stuff wide open. Since a truecrypt virtual directory can carry any file name, it can be more or less ‘hidden’ among all the .dlls etc. in the system.

Anonymous March 4, 2008 10:50 AM

If you want open source, you don’t need truecrypt. The dm-crypt module can be used for whole (excepting a boot partition) disk encryption.
Fedora 9 will have the ability to do this easily for new installs. It isn’t quite working right in rawhide yet, but should be by the beta release (and hopefully by the end of this week).
sm-crypt has the advantage that it is supposed to honor write barriers which is useful if you are running transactions on top of it.

John Ridley March 4, 2008 11:06 AM

I use Truecrypt everywhere.
I have a big chunk of free space in my TC volume because it’s a data transfer device, and I take everything off it when I get home and fill it from scratch every time. It doesn’t NEED defragging. It’s mostly empty because I didn’t happen to be moving a big chunk of data from work to home today.

That’s my excuse anyway.

I would also like to hear “s”‘s elaboration on how we’re relying on the attacker being “dumb”.

dm-crypt is great, except my main use of encryption is for portable devices, mainly on Windows.

Roy March 4, 2008 11:15 AM

Bruce,

What are the relative merits of Twofish, Serpent, and AES (as offered in this version of TrueCrypt)?

The Anti-Bruce March 4, 2008 11:23 AM

@Roy

“What are the relative merits of Twofish, Serpent, and AES (as offered in this version of TrueCrypt)?”

One of the manifest beauties of rubber-hose cryptanalysis is that it works independently of the cipher algorithm.

Other than that weakness (and ones derived from it), there isn’t any substantial difference. The worse case scenario is that you pick Twofish today, and tomorrow someone finds an O(1) attack against it, the next day you re-encrypt with AES.

Lee March 4, 2008 11:48 AM

I’m using TC on OS X. It doesn’t appear to support hidden volumes on OS X, and of course doesn’t support full disk encryption. But it has worked flawlessly for me…I’ve completely replaced encrypted disk images. I frequently need to be able to open the TC volume on my flash drive in both Windows and Mac (the TC file was created under Windows with the previous version of TC) and the Mac opens and uses it without difficulty. I actually haven’t tried going in the other direction yet (opening a TC volume created on Mac in Windows) but based on what I see so far, I expect it would work just fine.

John Ridley March 4, 2008 11:54 AM

Well, if he’s referring to the fact that if someone manages to get to your computer within 2 minutes of turning it off with some liquid nitrogen and can extract the password, I’m not calling that “the attacker being dumb”.

For one thing, I think most people are using TC for thumb drives and other portable data stores; I have TC volumes on CDRs and such. That attack is completely meaningless in these cases. Someone who finds my thumb drive lying in the street can’t exactly come into my house (or even find it) and get my password off.

With TC5’s full boot drive protection, anyone who has a private data loss due to a stolen laptop is just being stupid and lazy. There’s no excuse anymore. This is pretty well respected software, and it’s free.

Roy March 4, 2008 11:59 AM

Thanks. That’s the perspective I needed. I can put all my eggs in one basket without fear. If that basket leaks, I switch baskets.

Alex March 4, 2008 12:13 PM

Use TC5 daily on a usb drive (volume created under windows) to exchange date between work (windows) and home (mac os x). Not one problem encountered so far.

Pugmalien March 4, 2008 12:22 PM

I used TC’s system encryption simply to sufficiently annoy anyone who steals the system into simply formatting/reinstalling it. It has personal emails and MP3s, but those are also backed up to external hard drive and can be accessed by any of my other systems. Overall, I have no real complaints about its functionality.

dragonfrog March 4, 2008 12:33 PM

@Roy – “Thanks. That’s the perspective I needed. I can put all my eggs in one basket without fear. If that basket leaks, I switch baskets.”

Yes and no. That is true as long as you know nobody has acquired a copy of the encrypted drive in between times.

If you are mailing an encrypted disk, you may need to worry about someone having copied the contents and replaced it in the mail to be shipped on.

If the TSA takes a forensic image of your disk, you can change the encryption of the disk to whatever you want, the TSA’s copy can sit around for years waiting for advances in encryption. Of course, the TSA will probably have lost track of their copy by the time that cryptanalytic result comes out…

If your laptop is stolen, you have to hope that whatever encryption scheme you chose will last – you can’t change it now. (Of course any thief who’s not an industrial or government spy will probably just wipe the disk with a pirated copy of XP and sell the computer on eBay, after about 1 minute looking at the passphrase prompt.)

grayputer March 4, 2008 12:35 PM

John Ridley stated:
With TC5’s full boot drive protection, anyone who has a private data loss due to a stolen laptop is just being stupid and lazy. There’s no excuse anymore. This is pretty well respected software, and it’s free.

I comment:
That would be true if it worked. I just tried system encryption on an old laptop (think old enough to toss in car just in case I need it, gateway solo 5300). I install, it reboots, prompts for password, Screen clears (black), and I ‘hang’. To be fair, I’m not sure I actually hang, the black screen does make it difficult to tell.

The good news is I reboot and hit esc at prompt and it will enter the OS and allow me to remove the encryption boot loader. The drive is not encrypted yet, it is still at the ‘test’ stage when it fails (so design points awarded).

Note: I do use TC and have for several versions now. Works great in container mode, even the hidden containers work well. I do like the product and was very excited by the system partition encryption in 5.0. However, I think I’ll wait for at least the next release of the system encryption functionality. Or at least my ‘disposable’ laptop will :).

Paeniteo March 4, 2008 12:59 PM

@dragonfrog: “If you are mailing an encrypted disk, you may need to worry about someone having copied the contents and replaced it in the mail to be shipped on.”

Yes and no. Symmetric encryption provides a certain level of protection against this: As the attacker does not know the password, he could only “blindly” replace data, which would most probably be noted by the recipient (as it would decrypt to nonsense).
Given Truecrypt’s XTS cipher mode, I am not sure about selective bit-flipping and the like, but I don’t think that much harm could be done.

@grayputer: “even the hidden containers work well”

Ha! Please wait while we prepare the thumbscrews, sir…

Anonononononimous March 4, 2008 3:44 PM

I don’t expect Bruce to say anything in this thread, as he works for a company that makes a competing commercial product.

beeble March 4, 2008 4:46 PM

Tried installing this on my system a few days ago. No luck. It won’t even build on 64-bit Linux. I went back to a previous version that does. Doesn’t look much like progress to me.

unnamed_one March 4, 2008 10:01 PM

The only issue with the partial disk encryption is that in Windows there will be a lot of traces to stuff that used to exist on drives that are no longer present – highly suspicious to an advisary.

On the other hand, with full disk encryption they may just force you to give out the password.

For a casual inspection, it would be best to have 2 boot passwords to boot into one system or another, this way one can alway choose.

Ron March 5, 2008 5:18 AM

I tried to build Truecrypt 5 on SUSE 10.2 (32 bit), but it failed looking for fuse.h (fuse-devel ??? – it seems it’s not available for Suse).

Looking at the sources, it seems this is Windows application more or less successfuly ported t other systems.

Crypto-advertising not intended here, but so far I use Jetico Bestcrypt for Linux, happily paid modest price.

I’m still waiting for some working product doing whole-disk (including boot partition) encryption for Linux.

Greg March 5, 2008 6:50 AM

@Ron

If you are serious, consider hardware based solutions. Don’t go cheap either as the XOR scandal shows you get what you pay for.

A good rule of thumb (Bruces in fact) is how much money do the put behind there product. ie provide liability cover in the case of compromised drive like some steering lock manufactures.

Most give non and include a full disclaimer of liability as part of the EULA.

alfora March 5, 2008 8:15 AM

@Jamie

A good question is TC5 still vunerable to this? –

http://www.eff.org/press/archives/2008/02/21-0

Please don’t read only the web page you are refering to but also the original paper. ANY full disk encryption software is vulnerable against the cold boot attack because the encryption key must be stored somewhere in memory in order to decrypt the contents of the disk.

No full disk encryption is vulnerable against this type of attack if you simply switch off your computer and let it rest for a while.

John Ridley March 5, 2008 9:00 AM

I believe that TrueCrypt wipes the passwords from RAM when you dismount. You can set the options to dismount even on screen saver activation, but also by default it dismounts on power down and hibernate.

ISTM that TC is only vulnerable to the RAM read attack if power is cut from the computer, not if it’s properly shut down. Unless the key area gets copied to another piece of RAM or to swap space. The swap space would still be OK in the case of boot drive encryption.

greg March 5, 2008 11:14 AM

The Threat model where this cold boot attack is relevant is so far away from normal that for the vast majority of cases you don’t need to worry.

Please what is remotely plasable about cold boot attacks for normal people? Do you consider Tempest? What about key loggers, bugs in the office? Cell phone cameras? Keyboard listeners? Screen “grabbers”. Cause if these aren’t in your threat model then cold boot attacks don’t belong in there either.

gatopeich March 5, 2008 1:20 PM

@bogomips:
“Performance is abysmal due to them having switched to FUSE”

Yeah and I guess that’s because ALL things in kernel space run much faster. Even better if coded in assembler…

Personal prejudices seem to be the main argument when talking about performance.

Measure! or shut up.

Sorry Bruce, even for you it seems difficult to relate this to security.

alfora March 5, 2008 2:11 PM

@John Ridley: You are correct that TC can be set to unmount volumes when the screen saver starts. But you must also be aware what happens to applications that have open documents.

In some cases you might not want volumes to unmount because your applications cannot handle it.

The point is that you can find a scenario where the computer is running, the encrypted volumes are mounted, the attacker has no logical access to the computer (because of screen saver or suspend to RAM mode) but has physical access to the computer.

In that case the computer is vulnerable to the cold boot attack.

Jamie March 5, 2008 2:50 PM

@alfora

Yes I am patently aware of this:

“Please don’t read only the web page you are refering [sic] to but also the original paper. ANY full disk encryption software is vulnerable against the cold boot attack because the encryption key must be stored somewhere in memory in order to decrypt the contents of the disk.”

I did read the relevant white paper and all associated commentary on the work done by the EFF researchers – I would not be much good at my job if I did not.

IMHO the EFF announcement was the correct reference for this blog – as it gave an overview with reference to the actual paper at the bottom of the page for people that wanted to read further.

To turn off your machine and wait for over a minute every time you walk away to make a cup of tea is not really the answer:

http://www.theregister.co.uk/2008/03/04/windows_password_bypass_tool/

when combined with the above attack

Esurnir March 5, 2008 3:44 PM

Rubber hose cryptanalysis don’t work if you deleted the keyfile “You want me to remember 600 thousand random one and zero ? Go on and try, like if I could !”

Felix Dzerzhinsky March 6, 2008 7:36 PM

Is there a reliable open source product that does full disk encryption in Windows?

Can Truecrypt work in an enterprise environment where users regularly lose thier passwords? How can the sysadmin’s unlock the users password?

Obviously key control is important here.

Paeniteo March 7, 2008 3:06 AM

@Felix: “Can Truecrypt work in an enterprise environment where users regularly lose thier passwords?”

When creating a volume, a rescue CD is created. The Admin can use it to reset the password (he must know the initial password).

ONonononohnooo March 26, 2008 12:17 PM

Truecrypt has failed me again. This time I encrypted an entire USB HDD.. it had all of my music and family photos and videos on it. It had been working fine about an hour ago.. I rebooted I try to open the drive using truecrypt and it says “password incorrect, or not a truecrypt volume” Heres the kicker it did this to both drives that I encrypted with truecrypt.. both of them usb external HDDS… LUCKILY I backed up the header of the 1st drive and restored it.. the other drive I did not… the password is the same for both drives. My first question is why would this happen? Do I have to live in fear that my password will just stop working out of the blue .. or that I’ll have to rely on a backup file to save me from this happening frequently? I just don’t understand why in the hell it would all of the sudden not work. So now I have a drive that I cannot get access to and has a lot of my important data on it. Truecrypt is complete shit.. this is not the first time it’s fucked me over. If anyone can help me out … enlighten me as to why this would happen… please do so. you can reach me at this email address theroadbehind@gmail.com

Jepp April 19, 2008 2:27 AM

@ONonononohnoo

I am sorry you had those problems. I have been in similar conditions. The solution here is to have backups, backups, backups, backup, backups…..

Sincerely I don’t want to rub salt in your wounds, but consider it for the next time you entrust ANY technology with important things.

TreeSmoker April 21, 2009 6:20 PM

So is there actually anyway to protect ourselves against these bloody cold boot bastards or are we all screwed, if say in my case I use Truecrypt to create encrypted containers and hidden containers, if I dismount the drive and shut down my computer, am I still vulnerable? in another words, If some1 booted my pc with my external HDD plugged in (drives not mounted, just HDD plugged in) would the password be in the RAM straight away or would I have to mount the drive and enter the password once before it gets stored in the RAM?. All I keep reading about is how vulnerable anybody is, Someone find a solution! theres got to be some clever chinese hackers hiding somewhere!

Tarzan March 2, 2010 12:16 PM

Hello Folks:

About downloading TrueCrypt and verifying the authenticity of the downloaded file – on Mac OSX, the TrueCrypt official website does not provide clear information on how to verify the downloaded file and the How to use the provided PGP digital signature to verify the DMG file. Even thought, they do provide the fingerprint too, they don’t provide the Checksum which is more commonly used.

The checksum is supposed to be: 0dfb1e09b337d92dd7a90095bc29d909

I did use the MD5 App the get the above checksum, and then I goole it to see if I will find it somewhere and I found it on The Chip Magazine download section, so it looks enough reliable for me to consider the TrueCrypt file that I downloaded directly from the TrueCrypt website.

Anyway, the point of all this is that TrueCrypt should also include the Checksum on their own site.

Now, About TrueCrypt for Mac I would prefer not to see a port, but an actual Mac App who does not use or depend on MacFuse, simply because everything that Google makes these days is not security and privacy conscious. Per example: Google Earth and Picasa Software heavily uses Google Analytics and phones home when installing it and on every update, see article below:

http://www.macosxhints.com/article.php?story=20090424045847496

So, Why someone would like to use a fine security tool like TrueCrypt along side a utility developed by privacy – blood sucker – Google?

Sorry, I just don’t trust MacFuse, it could and may be used to mount remotely anything you have on your Mac.

So, in the mean time, Encrypted Disk images (DMG) created with Disk Utility on a Mac seems to be a little more secure than using TrueCrypt on a Mac. Too bad that Apple does not allow you to copy and paste long and strong passwords from passwords managers to open an Encrypted Disk Image, so remembering and using a 40 digits alphanumeric password, with sign and dashes, to open an encrypted container is just unpractical.

Tarzan.

Snarky June 4, 2014 11:19 PM

Somight we be screwed now, June 2014, that Truecrypt is hackable, and they have given up (probably due to the many recent requests for an audit, and the possibility of Truecrypt all along having been an NSA product?) ?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.