- TrueCrypt
infobox software
caption = TrueCrypt on Windows Vista
developer = TrueCrypt Foundation
latest_release_version = 6.0a
latest_release_date = release date|2008|7|8
programming language = C,C++ , Assembly
operating_system =Cross-platform
language = [http://www.truecrypt.org/localizations.php 30 languages]
genre =Disk encryption software
license = [http://www.truecrypt.org/legal/license TrueCrypt Collective License]
website = [http://www.truecrypt.org/ www.truecrypt.org]TrueCrypt is a
software application used for transparent real-timeon-the-fly encryption . It can create a virtual encrypted disk within a file, or a device-hosted encrypted volume on either an individual partition or an entire storage device. It can encrypt the Windows bootpartition or entire boot drive, and has the ability to create and run a hidden encrypted operating system whose existence is deniable. It isopen source software , distributed under the [http://www.truecrypt.org/legal/license TrueCrypt Collective License] . TrueCrypt natively runs underMicrosoft Windows , with support forMac OS X andLinux .Encryption algorithms
The individual algorithms supported by TrueCrypt are AES, Serpent and
Twofish . Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. Thecryptographic hash function s used by TrueCrypt areRIPEMD-160 , SHA-512, and Whirlpool.Modes of operation
TrueCrypt currently uses the XTS mode of operation. Prior to this TrueCrypt used LRW which is less secure, though more secure than CBC mode (when used with predictable
initialization vector s) used by versions 4.0 and earlier.cite web |first = Clemens |last = Fruhwirth |url = http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf |title = New Methods in Hard Disk Encryption |format = PDF |publisher = Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology |date = 2005-07-18 |accessdate = 2007-03-10]Although new volumes can only be created in XTS mode, older LRW and CBC legacy TrueCrypt volumes can still be mounted.cite web | url = http://www.truecrypt.org/docs/?s=version-history | title = Version History | publisher = TrueCrypt Foundation | work = TrueCrypt Documentation | accessdate = 2007-03-10 ]
Performance
TrueCrypt supports both pipelined and parallelized read and write operations, and utilizes an assembly implementation of AES which almost doubles performance compared to its previously used C implementation.cite web | url = http://www.truecrypt.org/docs/?s=version-history | title = Version History Part 1 | publisher = TrueCrypt Foundation | work = TrueCrypt Documentation | accessdate = 2008-06-04 ]
Using TrueCrypt on a drive may decrease performance due to the encryption overhead, but there have been reports cite web | url = http://www.grc.com/sn/sn-133.htm | title = Security Now! Transcript of Episode #133 | publisher = Gibson Research Corporation | work = Security Now! / TrueCrypt 5.0 | accessdate = 2008-07-12 ] that in some scenarios, encrypting a drive with TrueCrypt 5.0 or later may increase drive performance slightly due to pipelining affecting the way read and write operations are performed.
Security concerns
As with other software-based encryption mechanisms (e.g. PGP), TrueCrypt is vulnerable to
black-bag cryptanalysis . Additionally, there is vulnerability to acold boot attack if the PC is not shut down correctly, allowing the program to clear the encryption key stored inRAM .cite paper|url=http://citp.princeton.edu/memory/|title=Lest We Remember: Cold Boot Attacks on Encryption Keys|author=J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman,Jacob Appelbaum , and Edward W. Felten|publisher=Princeton University |date=February 21 ,2008 |accessdate=2008-06-20] One way to mitigate this attack is to avoid using sleep mode and to completely shut down the PC or hibernate instead. [cite news|url=http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm|title=Don't Panic - Cold Boot Reality Check|publisher=Secude |date=2008-02-21|accessdate=2008-02-22(registration required)] [cite news|url=http://blog.wired.com/27bstroke6/2008/02/encryption-stil.html|title=Encryption Still Good; Sleeping Mode Not So Much, PGP Says|publisher=Wired|date=2008-02-21|accessdate=2008-02-22] .TrueCrypt's hidden volume deniability features may be unintentionally compromised by third party software which may leak information through temporary files, thumbnails, etc, to unencrypted disks. In a recent study,
Windows Vista ,Microsoft Word andGoogle Desktop were evaluated and found to have this weakness. In response to this, the study recommends using the hidden operating system feature now available in TrueCrypt versions 6.0 and later. However, the security of this feature was not evaluated because it had not yet been released at the time. [cite conference |booktitle=3rd USENIX Workshop on Hot Topics in Security |title=Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications |url=http://www.cs.washington.edu/homes/supersat/paper-truecrypt-dfs.pdf |author=Alexei Czeskis, David J. St. Hilaire, Karl Koscher, Steven D. Gribble, Tadayoshi Kohno,Bruce Schneier |date=2008-07-18 ]Planned features
According to the TrueCrypt website [ [http://www.truecrypt.org/future.php Features to be implemented in future versions] ] the following features are planned for future releases:
* Support for external authentication modules (cryptographic tokens)
* Customization of boot loader screen
* Command line options for volume creation (already implemented in Linux and Mac OS X versions)
* Ability to cache pre-boot authentication passwords and to use them to mount non-system TrueCrypt volumes
* 'Raw' CD/DVD volumesHistory
TrueCrypt is based on "Encryption for the Masses" (
E4M ), a popular open sourceOn-the-fly encryption (OTFE) program first released in 1997. However, E4M was discontinued in 2000 as the author,Paul Le Roux , began working on commercial OTFE software (DriveCrypt ).ee also
*
Disk encryption
*Full disk encryption
*Disk encryption software
*Deniable encryption
*Comparison of disk encryption software References
External links
* [http://www.truecrypt.org/ Official TrueCrypt Website]
* [http://forums.truecrypt.org/ Official TrueCrypt Forums]
* [http://perseus.franklins.net/runasradio_0009_eric_marvets_talks_truecrypt.pdf Eric Marvets Talks TrueCrypt]
* [http://www.grc.com/sn/SN-041.htm TrueCrypt at 'Security Now!']
Wikimedia Foundation. 2010.
