http://www.truecrypt.org/future.php

Pushed back to February...but this time with a firm date: February 4, 2008.

Saw that too - can't wait. Excellent program getting better all the time.

When I saw it get past January 20 I thought Truecrypt might push back the date a bit.

Reflect on this, please.
Code for TrueCrypt WDE must not be so similar to commercial packages ( DriveCrypt Plus Pack, Jetico Whole Volume Enc, PGP WDE, CompuSec ) as to create legal problems - not easy, because for some boot operations, code must do the same thing in about the same way. That code has probably been more or less fixed for some time.
Windows Vista support (a major problem) plus newer x64 driver version.
OpenSUSE 10.2 x86 and OpenSUSE 10.3 x86.
Ubuntu 6.06 LTS x86 (many linux systems maintain that level for support reasons).
Ubuntu 7.04 x86 and x64.
Ubuntu 7.10 x86 and x64.
Ubuntu Hardy must be kept in mind for the latest kernel 2-6-24-xx.
Linux GUI should handle all above flavors.
Linux source code that can be compiled for other distros, such as Mandriva, Fedora, etc.
All of which was promised for version 5.0. All for Love, not Money!
Think they had any time for loving....?

{QUOTE-> Reflect on this, please.
---snip---
All of which was promised for version 5.0. All for Love, not Money!
Think they had any time for loving....? <-QUOTE}

I don't quite get your point. Would you please clarify.

I was just outlining some of the tasks necessary for completion of the promises made for version 5.0. Many of those tasks actually involve linux and the distros supported up to now.
And, the TrueCrypt Foundation was established to promote open source encryption for free, so I allude to the "for Love, not Money" phrase and the fact all of the work needed to be done and tested within such short time.

If you WDE your c:\ with pre-boot login etc etc, i wonder if you slave that hard drive to another machine, and mount that device normally with truecrypt software ? Hmmmm

Also i wonder if theres a way to back up the boot up login can be placed on CD/DVD/FLOPPY or backed up for reinstilation.

I could be wrong but isn't today the 4th. Where is version 5?

lol its the 4th all day! Give them time, they are probably brushing up on the documentation or something.

{QUOTE-> I could be wrong but isn't today the 4th. Where is version 5? <-QUOTE}


Its 2/4/2008 5:37 PM GMT, where the makers of Truecrypt live. So they need to wakeup first. :)

i hope it is released within 1 hour as i hope.

*puppy*

{QUOTE-> i hope it is released within 1 hour as i hope.

*puppy* <-QUOTE}

One hour, I hope within one 10−9 of a second. ;)

Ok, its taking too long.

eww... i can't wait anymore...

EDIT: OMG it has changed to feb 5th!

Indeed, rescheduled?!

Look on the bright side, at least with them backing it another day only, we are surely certain to see its release today now.

Well, time is burning on the 5th now as well. Though, as far as I remember, its always said the 5th. Could be just me misreading days ago, but Releasing v5 on the 5th seems like a cute ploy.

Just out of curiosity, are you planning an immediate upgrade to v5, or are you going to wait a month to see if any major problems are reported?

{QUOTE-> Just out of curiosity, are you planning an immediate upgrade to v5, or are you going to wait a month to see if any major problems are reported? <-QUOTE}
My advice would be to hold off for a few months or so and see how it goes. Version 4.3a is very stable and runs beautifully, so there's really no reason to rush into an upgrade, especially one of this magnitude. I'd rather read about the bugs than have to deal with them first-hand, especially with my data and/or OS at stake.

On the other hand, if you have a dedicated test system and some free time, please have at it! I'm dying to hear how the Windows system partition encryption turns out.

as soon as that page says 5.0.... its going to be installed on my pc. I have complete confidence in the ability of the developer(s). I would not disrespect their ability by saying "I have always upgraded right on cue, and i have always had a stable product, but i wont upgrade just incase you screwed something up, i will wait." No way.. Its going on here. The only thing i will be doing is, to use Vmware to test the WDE before i try and roll it out on my pc, to protect myself from any screwups i will make because i dont know the feature inside out.

I have noted in a posting above that the code for Windows WDE is more or less fixed.
For those who need it, source code has been available for years. There are few secrets to most system programmers.
Jetico (BestCrypt) and Securstar (DriveCrypt) have long allowed private reviews to serious programmers.
PGP WDE source code can be downloaded. DiskCryptor (opensource) WDE source has been freely available.
TrueCrypt 5.0 should work fine on XP and Vista. The problems are going to be in the linux arena.

If you look at the News history (http://www.truecrypt.org/news.php), TC 4.1 was released as late as 23:50 GMT, so it could be a late release again today.

Already 23:25 GMT. :doubt:

It's 6th now and still nothing. Hm...

Still a half-hour left on the 5th in GMT. ;)

{QUOTE-> It's 6th now and still nothing. Hm... <-QUOTE}

Still the 5th in the US where the Truecrypt Team resides. But yes, it will probably will be rescheduled again.

Why ppl set release dates if they can't seem to (ever) hold them?

Fano - the TrueCrypt main server is in the US, but the developers are in another time-space continuum stream...... :)

{QUOTE-> Why ppl set release dates if they can't seem to (ever) hold them? <-QUOTE}
No idea. You would think they would have learned from the ESET fiasco, but I guess not. Nothing pisses me off more than when I release date, which was set by the company, is missed.

That's why a lot of companies never use release dates. ;) It is better to have a good product then to rush it out, but yeah, bumping the release date by 1 day seems like the kind of move you would make if you were sure it wouldn't take longer.

We might soon see:

Next release 5.0 scheduled for: Tomorrow

Well, its possible people are starting to equate quality with time it takes to be delivered.

The longer the delay, the higher the quality. Just look at Microso.. uhm. Maybe thats a bad example.

I just hope their forums come back online when its released.

Actually it doesn't. If you're not sure about release date you better don't give out any. Or just partial in weeks time. Not to move them day by day. That pisses ppl off badly.

Indeed it does. Esspecially when it's a specific date. A month in general is better, but still ... it gets old. :(

I'm betting it's worth the wait though!

Herndon, VA.????
I'm glad you're not the GPS in someone's car! :)

Edit: Sorry, responding to vapors.....

{QUOTE-> Why ppl set release dates if they can't seem to (ever) hold them? <-QUOTE}


Maybe because we don't pay them enough for their hard work. :dry:

I can't get on the TrueCrypt website right now ... could this be it?

TrueCrypt's website has just gone down. Its timing out, so I'm going to wishfully think that v5 has been posted and now everyones downloading. Can anyone confirm it?

I doubt the demand was so high that it would shut down their server that quickly. My guess is they willfully took it offline to do some updates and it will be back right quick with version 5.0.

Such a suspense...

They may be flooded by everybody refreshing the page ;D

either the sites slow because everyone on the planet is checking it, or they are uploading new content..... Where is 5.0 ?

Forum is actually "down" not "sorry we are not working blah blah" its actualy "down" as "error 404"

{QUOTE-> Forum is actually "down" not "sorry we are not working blah blah" its actualy "down" as "error 404" <-QUOTE}

For meh it's taking too long to respond, not 404.

No 404 here, just timing out. It's been 3 hours of nothing. :(

Ok I"m back what did I miss...what Truecrypt 5 is still not up. oh well...Truecrypt 5 would make a nice Birthday present..and tomorrow is my birthday.
{QUOTE-> TECHWG Forum is actually "down" not "sorry we are not working blah blah" its actualy "down" as "error 404" <-QUOTE}
The Truecrypt forum has been down since about November 20 2007.

{QUOTE-> Forum is actually "down" not "sorry we are not working blah blah" its actualy "down" as "error 404" <-QUOTE}

Well, the Forum has been out of service for near a month now I believe, if not longer, with a message saying its closed for maintenance or a similar message. Tonight around 8:15EST (3 hours ago) the entire site appears to have fallen off the face of the net.

Their sites, www.truecrypt.org and forums.truecrypt.org, are both timing out in my browser, yet are still pingable with 40-50ms ping times. I guess that shows the site isn't timing out from heavy use. I checked their SourceForge project area, and its still in place, but has no downloads, instead referring back to their main web page.

Guess I'll just have to check on it again tomorrow.

It's here! Download now! :D

WHOoOOoOO released

;D 8):D :P

Downloads are slow, but I'm going to post it to my p2p as soon as its done. (Gnutella v1/v2 and E-Mule. I use Shareaza myself.)

Filename is Windows Version is: "TrueCrypt Setup 5.0.exe"

I am trying to delete 30gb of data from a partition encrypted with serpent, and its taking FOREVER... litterally the timer is stuck on 27 mins... FOREVER, man i never had this problem before, shift + delete = deleted in 10 seconds. Now this is taking tens of minutes. i would mention it in their forum but ITS DOWN...

<<<<<<<<unauthorized link removed>>>>>>


Hashes of the file I just grabbed:
CRC32: 6EC63BB6
MD5: A3D94337991B4B84EAD758D868408823
RIPEMD-128: AB771AD7C6B68D9A7ECCA86EFF7A2164
SHA-1: B0206174B69F2B471F7DCBE9A7B7075247CB0F24
Tiger: A9442329484D6B80AB04554CE5EB6D1FAE2FEB35B2BFD5F9

I cant download the normal previous version now to delete my files because the page says

Error: The requested file might have been removed, had its name changed, is temporarily unavailable, or never existed.

So im stuck with 5.0 where i cant delete files....

{QUOTE-> <<<<<unauthorized link removed>>>>>>


Hashes of the file I just grabbed:
CRC32: 6EC63BB6
MD5: A3D94337991B4B84EAD758D868408823
RIPEMD-128: AB771AD7C6B68D9A7ECCA86EFF7A2164
SHA-1: B0206174B69F2B471F7DCBE9A7B7075247CB0F24
Tiger: A9442329484D6B80AB04554CE5EB6D1FAE2FEB35B2BFD5F9 <-QUOTE}

Verified that those hashes are correct. ;D

{QUOTE-> <<<<<<<<unauthorized link removed>>>>>>>>


Hashes of the file I just grabbed:
CRC32: 6EC63BB6
MD5: A3D94337991B4B84EAD758D868408823
RIPEMD-128: AB771AD7C6B68D9A7ECCA86EFF7A2164
SHA-1: B0206174B69F2B471F7DCBE9A7B7075247CB0F24
Tiger: A9442329484D6B80AB04554CE5EB6D1FAE2FEB35B2BFD5F9 <-QUOTE}


Yes good for md5 and CRC32 ;)

<<<<<<<<unauthorized link removed>>>>>>>>

{QUOTE-> I cant download the normal previous version now to delete my files because the page says <-QUOTE}I think this is the previous version: <<<<<<<<unauthorized link removed>>>>>>>
MD5: 58D4DB75C18B9FBED8B7857485176491
I don't know if this file is unmodified! I found it on my hard drive.

{QUOTE-> I think this is the previous version: <<<<<<<<unauthorized link removed>>>>>>>
MD5: 58D4DB75C18B9FBED8B7857485176491
I don't know if this file is unmodified! I found it on my hard drive. <-QUOTE}

The md5 is good.

Thanks, i found a version on my system i can use, but i dont want to. I have the new version and it should work. Please see my new thread for problems regarding 5.0 and see if you could replicate my big problem that i have. How hard does it really need to be to delete files?

The process to create a new container is Oh so fast, its shot through the roof. Normally the speed is about 13mbs for me, but now its over 30mbs, for serpent which is awesome. but this delete thing has shot me down, and i cant believe this could happen.

My old container (Serpent-AES, created with 4.3a) is working okay. I just deleted 4GB in a flash.

as it should be!

Its just taken me about 20 mins to delete 10 GB of Mp3's from my serpent/RIPEMD-160 partition "300gb partition"

Wow, sorry. :( Hopefully you won't have to remove all the files and create a new container. :-X

I'd like to use Serpent-AES for my system partition, but I'm worried about a performance impact -- I may use just Serpent or AES instead.

Oh god sourceforge servers suck ass and of course you can't select the mirrors. LAME!!!!!! 4Mbit line and i'm downloading slower than i used to with 56k years ago ::)

http://www.truecrypt.org/docs/?s=version-history

{QUOTE-> Truecrypt 5.0 Release

February 5, 2008

New features:

Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)

Pipelined operations increasing read/write speed by up to 100% (Windows)

Mac OS X version

Graphical user interface for the Linux version of TrueCrypt

XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).

Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.

SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).

Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select 'Volumes' > 'Set Header Key Derivation Algorithm'.

Improvements, bug fixes, and security enhancements:

The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).

Many other minor improvements, bug fixes, and security enhancements. (Windows and Linux)

If you are using an older version of TrueCrypt, it is strongly recommended that you upgrade to this version. <-QUOTE}http://www.truecrypt.org/downloads.php

I have had to remove many unauthorized links from this thread. If anyone else posts a similar link there post will be removed. I hope i make myself clear on this matter

Thank you

i am trying out the WDE feature of TC 5 on a test machine

everything went fine through the set up, the rescue CD was verified, then during the WDE pretest after entering my password successfully i received a message about 2 seconds later "insufficient memory for encryption"

so needless to say it makes me abort the pretest & says i cant use the WDE feature. i have never had this problem when using PGP's WDE. any idea what to do?

the test machine is running Vista Home Premium with 1GB RAM, it's also a laptop using shared memory with Intel's GPU.

Hi all,

2Eli997 I followed exactely the same step and the same message appear to me!!

My test machine is :
- dell 9150
- Intel pendium-D 2.8ghz
- 250go WDC WD2500JS controled by raid bios ( raid option is on, factory default )
- 2Go of ram
- nvidia 6800gt
- windows xp pro SP2.

I'm Also having problems with WDE. I made it through the pretest, and then about 5 minutes into the encryption process TC gives me a CRC error and won't continue.

XP SP2
AMD Athlon XP 1500+
640 mb ram
40 GB SAMSUNG SV4012H
ATI RADEON 9200 SE

Same here guys. Insufficient memory when it trys to boot. Thats pretty annoying, huh?

You may be able to control the amount of shared RAM in the bios.

Are you sure it is a problem of RAM? Can it be a problem of free hdd space? Maybe it's copying all data in an encrypted form (since the OS is still running)? How much of your disk is used/free?

2naplot

My test machine with 250go of disk have only windows installed inside..
...and 2Go of ram inside.
I have found no option in the bios to change something related to memory usage.

A quick look inside the code source show that this error message refere to memory usage ( a comparison with current code seg and a constant ), not drive space...

Maybe a version 5.0a ...?

i dont know for sure it's the RAM since the error message doesnt give more detail, but that is what "memory" seems to apply.

highly doubt it's the HDD, although my C: has only about 3GB free space remaining PGP has no problems encrypting it.

i hope alot more people show up with the problem so the TC devs can take a look at it (although if they keep their forums down how will they know?). it's probably just growing pains from finally having a huge new feature like WDE. the TC devs seem VERY cautious with WDE & are trying to avoid future support questions by making you jump through hoops to even install it (they require a rescue disk to be burned & verified, you have to go through WDE pretest).

to anyone interested, i tryed to mount the rescue disk ISO with PowerISO to "trick" TC 5 into verifying it but it didnt work. obviously the TC devs have thought ahead & somehow made the ISO unmountable (has to be burned).

Hi , all

I'ts me again with new tests...

TC WDE work fine on ... my four years old portable !!

Funny no ?
This packard bell portable have only 512mo of ram and a little disk of 30Go with only 1Go free... and 128Mo of the ram is shared for the video !!

I've tried WDE on a second dell (full power version!) with 4Go of ram, 7800gtx, etc..etc.. and still not work....

{QUOTE-> Hi , all

I'ts me again with new tests...

TC WDE work fine on ... my four years old portable !!

Funny no ?
This packard bell portable have only 512mo of ram and a little disk of 30Go with only 1Go free... and 128Mo of the ram is shared for the video !!

I've tried WDE on a second dell (full power version!) with 4Go of ram, 7800gtx, etc..etc.. and still not work.... <-QUOTE}

haha i may have a chance then...

i am ganna try on a different PC also

the beauty of it is, if WDE doesnt work no permanent damage is done. you can just continue using your PC as usual. so the "pretest" is actually a good thing. i would have hated to find out about this problem AFTER my C: had been encrypted.

besides, it's a good idea to upgrade to 5.0 anyways for the security/speed enhancements. then just run the WDE pretest to find out if you "qualify".

it works on my other machine

XP Home, 1GB RAM, shared memory with Intel GPU

reparsed -

RE: "about 5 minutes into the encryption process TC gives me a CRC error and won't continue."

Maybe TC encountered a bad disk sector? Can you run normal chkdsk first and see if it will block out any such sectors?

Just a thought. And, yes, TC should trap bad sectors, handle them, and keep going.....

{QUOTE-> Maybe TC encountered a bad disk sector? Can you run normal chkdsk first and see if it will block out any such sectors? <-QUOTE}

Ran spinRite on the partition and found 1 bad sector, then TC was able to do it's thing.

I'm testing TC5 on a 4GB XP install. It only took about 10 minutes to encrypt (AES, no wiping).

I also tried to mount the encrypted system partition by booting another XP install and running TC5; no luck. I guess that means Bart PE can't be used to repair a damaged install.

{QUOTE->
to anyone interested, i tryed to mount the rescue disk ISO with PowerISO to "trick" TC 5 into verifying it but it didnt work. obviously the TC devs have thought ahead & somehow made the ISO unmountable (has to be burned). <-QUOTE}

You don't have to burn it...
I mounted the rescue disk with the old freeware version of Daemon tools (3.47) and "tricked" it just fine.

There is a pdf file included in the install. Please read the instructions for preparing a bootable rescue CD containing a backup of the key from your system install. You can make a CD with a way to recover.

My response above was to reparsed. Sorry, should have noted that.

here's something i wonder about now that TC 5 can do WDE. in the documentation it talks about those 3 major security risks, pagefile, hibernate file, crash dump. it states that if you use WDE the pagefile is now protected, but for hibernate & crash dump the TC Driver just automatically disables them instead. shouldnt WDE be able to protect all 3 of those areas now?

here is what it states for the hibernate & crash dump

"Note: If your system partition/drive is encrypted by TrueCrypt, the TrueCrypt driver automatically prevents Windows from hibernating the computer (for information on how to encrypt the system partition/drive, see the chapter System Encryption)."

"Note: If your system partition/drive is encrypted by TrueCrypt, the TrueCrypt driver automatically prevents Windows from writing any data to memory dump files (for information on how to encrypt the system partition/drive, see the chapter System Encryption)."

Thats going too far. yes the page file is protected, and so should the hibernation dump and crash dumps, they are al on the system partition. I personally suffer from BSODS once in a while, and it is vitally important for me to analyse my crash dump files, to locate my problem. If TC driver bypasses the windows GUI settings, and forces system to not write crashdumps, then thats bad indeed.

Disabling the hibernate file and crash dumps on a system where the entire windows partition is encrypted seems sort of backwards, no?

Perhaps hibernating doesn't work with the WDE for some reason. I'll be sacrificing my current install to test it :D

I thought I replied once but must have poofed.

I'm wondering about the hibernation issue myself. As much as I want to do the encryption on my laptop, losing Hibernation isn't an option for me right now. This is a showstopper for me, for WDE, in addition to their forums being closed.

Hibernation would bring the disk up for full access to anyone to use. Whats the point in using full disk encryption if your going to hibernate the system?

{QUOTE-> I thought I replied once but must have poofed.

I'm wondering about the hibernation issue myself. As much as I want to do the encryption on my laptop, losing Hibernation isn't an option for me right now. This is a showstopper for me, for WDE, in addition to their forums being closed. <-QUOTE}

This is much the same as PGP WDE. They claim to allow hibernation, but upon closer inspection you see they really don't. While PGP will allow the hibernation mode to kick in, you can't get out of hibernation mode without rebooting and re-authenticating. What's the difference? Just a comparision thought.

{QUOTE-> Hibernation would bring the disk up for full access to anyone to use. Whats the point in using full disk encryption if your going to hibernate the system? <-QUOTE}

Exactly

Same issue with the system partition drive memory issue.

for people having the "insufficient memory for encrypting" issue i would suggest filling out the bug form, the more people who do the more seriously they will take it. even if it turns out not to be a bug, we might be able to get a better explanation & a possible work around.

https://www.truecrypt.org/bugs/


i've always liked TC's driver cache option, & for those who will use the same password for WDE as they do with their file containers. i wonder if it would be possible to cache the password at WDE bootup so you dont have to enter it again once Windows has started to open file containers. because right now you have to enter the same password twice.

i'm still not quite so sure they should force users to create a rescue disc, i have a feeling that feature will be yanked in the future. if not, others could take it upon themselves to edit the code & release an altered "nag-free" version of TC to the market, thats also malware infected but unknowing people will still D/L it & it could damage TC's reputation. ive had a ton of products offer to make me a rescue disc but none ever forced me too. i realize they are trying to reduce support questions, but it's a free product & they are not required to support it anyways.

i havent rebooted since earlier today, but do they offer a "show keystrokes" option with WDE? i've always hated the current method, grab the mouse > click the box > reclick password area. PGP's approach of just hitting the Tab key works much better.

I downloaded the new version and it works just fine. I didn't realize how much a truecrypt folder was like any other folder. I just did some experiments. I was able to email a small truecrypt folder (5MB). I zipped it too. And I created a 150MB folder and split it and rejoined it with HJsplit. It is a really cool program.:thumb:

Hibernation is still desirable, the purpose of WDE is to prevent offline attacks, which are still impossible if the system resumes from hibernation, IE you still have to enter a password to get into windows and still can't just remove the disk to get to the data.

While I don't use hibernation much anyway, it was my understanding that the computer was actually "off" during hibernation, but had instructions to load a backup of the last session's system memory from some file on the hard drive. If that's how it actually works, then it doesn't seem like there should be any security issues with hibernation.

Is there any chance that the "switch" to tell the computer whether it's booting normally or waking up from hibernation is stored on the first track of the hard drive (overwriting the normal boot code until the computer boots back from hibernation)? It doesn't seem like that would be the case, but I can't see why else they'd disable it (unless I'm misunderstanding the mechanism by which hibernation works, which is quite possibly the case).

I think that some are confusing Stand-by (Power components off, but not everything. "Restarting" puts you back at the Windows login / Desktop) with Hibernate (Power off, cold system no power required. "Restarting" goes starts at the BIOS POST, and hands off to the boot loader.).

I don't understand why you couldn't request a password as normal to decrypt the drive granting access to hiberfil.sys which contains the contents of RAM at the time of instituting the Hibernation. I don't think hibernation affects the MBR at all, because if it did, hibernation would trigger MBR "Anti-Write" protections offered to prevent MBRs from being infected with viruses in some BIOS.

For those with Laptops, Hibernate is one of the best features available, since power is a commodity, especially when your away from the outlet. Stand-by is good, but it still drains power over time. I do hope this is something that could be fixed. This almost usurps a feature that I think is more important, which is the ability to access containers without having any administrator access and no pre-install. I don't know why it can't be implemented as a program that opens containers similar to say WinZip, allowing you to extract (minimum) or add (would be great) files to a container.

{QUOTE-> I'd like to use Serpent-AES for my system partition, but I'm worried about a performance impact -- I may use just Serpent or AES instead. <-QUOTE}

Don't be concerned. There's good cryptographic reason behind simply using the AES. Consult this post of mine (http://www.wilderssecurity.com/showpost.php?p=1146894&postcount=35), to read my thoughts on why you should choose the AES over Twofish or Serpent. If you want more reassurance, consult another post of mine (http://www.wilderssecurity.com/showpost.php?p=1172422&postcount=5), which references the opinions of David Wagner (co-designer of Twofish) and Ross Anderson (co-designer of Serpent); they both recommend the AES.

Now that TrueCrypt is available for OS X, I'll give it a try. Until then, I'm not sure of the performance overhead associated with TrueCrypt's cascade implementations. Regardless, I think they should be excluded from the implementation altogether, for reasons discussed in other posts; they're unnecessary. Cheers!

Single-boot, Multi-boot? Whats the difference in functionality? I know the difference in the systems configuration, but how does truecrypt treat things differently?

TechWG: the program makes a distinction between encrypting an entire device (everything but the mbr+bootloader), and only the windows partition. In either case it appears as if TC is trying to protect users, if you select full device encryption and then tell truecrypt you have a non windows OS installed in another partition, it stops you because that other OS cant support system encryption. It also seems to do some checking to ask you if you have grub installed in the MBR at the moment etc. However if you only encrypt the windows partition you can in fact dual boot other OS easily, just make sure you don't write over the MBR or the TC bootloader.

To those of you having the memory problem, it appears as if this error has nothing to do with the system ram available. It seems the bootloader executes in real mode, which has fairly limited memory available for code. It could be that your bios isn't providing enough memory in real mode for the bootloader to do its job.

Ok, I just fired up a VM, Encrypted it and got this message when attempting to enable Hibernation.

{QUOTE-> TrueCrypt has prevented hibernation. Encryption of hibernation storage files is currently not supported.

Note: When a computer hibernates (or enters a power-saving mode), the content of its system memory is written to a hibernation storage file residing on your drive. TrueCrypt would not be able to prevent encryption keys and the contents of sensitive files opened in RAM from being saved unencrypted to the hibernation storage file. <-QUOTE}

That said, I now understand why its disabled, however it seems like it should still be available if the system is encrypted. Hibernation is available if the system is not encrypted. Is it me, or did the developers do this backwards??

It also appears that there is room for hope as they specifically say "currently not supported".

Also, I forget if it was this thread, but you can fool TrueCrypt by mounting the image, and therefore not burning the CD Image.

tried that with alcohol, it did not like it, i burned it.

I had completel success, bootloader works, password works, disc works, encryption speed is good, counterstrike source took maybe twice too 3 times as long to initially load (not suprising) but the game worked flawlessly, and i was owning in a french server. Everything SO FAR works smashingly

{QUOTE-> TechWG: To those of you having the memory problem, it appears as if this error has nothing to do with the system ram available. It seems the bootloader executes in real mode, which has fairly limited memory available for code. It could be that your bios isn't providing enough memory in real mode for the bootloader to do its job. <-QUOTE}


funny thing is, the PC of mine it doesnt work on is brand new (just a few months old). you would think that all modern PC's would ship with enough BIOS memory.

{QUOTE-> Don't be concerned. There's good cryptographic reason behind simply using the AES. Consult this post of mine (http://www.wilderssecurity.com/showpost.php?p=1146894&postcount=35), to read my thoughts on why you should choose the AES over Twofish or Serpent. If you want more reassurance, consult another post of mine (http://www.wilderssecurity.com/showpost.php?p=1172422&postcount=5), which references the opinions of David Wagner (co-designer of Twofish) and Ross Anderson (co-designer of Serpent); they both recommend the AES.

Now that TrueCrypt is available for OS X, I'll give it a try. Until then, I'm not sure of the performance overhead associated with TrueCrypt's cascade implementations. Regardless, I think they should be excluded from the implementation altogether, for reasons discussed in other posts; they're unnecessary. Cheers! <-QUOTE}



Justin do you recommend using the AES-TWOFISH-SERPENT encryption? Is it unbrakeble ?

In another forum I read, that the "insufficient memory" problem has something to do with the AHCI-Mode (native sata-mode) or with the Raid-mode if you are using a Raid.
So I switched it in my Bios from Ahci to Ide and the encryption started working.
The Problem is, that even after the encryption is finished you can't switch back to AHCI.

You might get a blue screen when windows is starting, by switching to AHCI.
If that is the case, you have to change a value in the registry. It worked for me.

Heres the relevant error in boot/windows/bootmain.cpp

// Check memory
uint16 codeSeg;
__asm mov codeSeg, cs
if (codeSeg == TC_BOOT_LOADER_LOWMEM_SEGMENT)
{
PrintError ("Insufficient memory for encryption");

And heres where TC defines the memory needed in boot/windows/bootdefs.h:

// Total memory required (CODE + DATA + BSS + STACK) in KBytes - determined from linker map.
#define TC__BOOT_MEMORY_REQUIRED 60



It seems likely it really is a memory problem, but what triggers it and who will be affected seems to be determined by individual bios differences.

{QUOTE-> Justin do you recommend using the AES-TWOFISH-SERPENT encryption? Is it unbrakeble ? <-QUOTE}

Using code-based game-playing techniques, we have provable results that show cascades composed of at least three block ciphers, with three independent keys, to be the minimum, for a significant gain in security. Triple encryption increases security (significantly) in a way that double encryption cannot (negligibly); triple encryption is the shortest potentially "good" cascade, in this sense. Furthermore, we're not sure if security increases when you increase the number of block ciphers in a cascade beyond four.

Triple encryption is the "sweet spot," if you will, but, as I've said many times, the added complexity of implementing a cascade just isn't warranted, compared to what it gives you, and the implementation risks that come along with it. Either way, if you want to take advantage of the security that cascades are meant to provide, you should be using at least three independently keyed block ciphers. However, fiddling with multiple block ciphers is more likely to cause problems, than provide any noticeable security gain.

At least, that's the trend I've noticed in practice. So, in short, I don't recommend using a cascade of AES, Twofish, and Serpent; it's not that I think it's insecure, though. It very well may be the case that TrueCrypt's cascade implementations are secure; in that case, given what we know about cascades, a cascade of three independently keyed block ciphers should offer a significant gain in security over that of single and double encryption.

I don't want consumers thinking they need to use them and I don't want software vendors thinking they need to implement them. The reality is that the AES is sufficient, and a conservative recommendation for both security reasons (i.e., it receives more cryptanalysis than any other block cipher) and engineering reasons (i.e., it's simple to recycle for encryption, authentication, and a PRF). The latter reason takes advantage of the former reason.

Refer to this post of mine (http://www.wilderssecurity.com/showpost.php?p=1177498&postcount=92) for more, including references to opinions by David Wagner (co-designer of Twofish) and Ross Anderson (co-designer of Serpent), both supporting the use of the AES, over Twofish or Serpent, whenever possible. Cheers!

It is like TrueCrypt gets a wrong value from the Bios, when in ahci or another sata-modus or raid, so it thinks that there isn't enough memory.

an I found this:

On some systems, when performing the system encryption pretest, the TrueCrypt Boot Loader reports the following error: Insufficient memory for encryption. This issue will be addressed in the next version of TrueCrypt.

see here: http://www.truecrypt.org/docs/issues-and-limitations.php

It's possible that the bios uses extra memory in those modes.

Either way the solution i suppose is to make the bootloader smaller somehow, which they could in fact do.

awesome, thx for the news Mich. looks lik my bug report (and whoever else submitted 1) worked! they acknowledged & posted the problem in less than 1 day, what company will do that for you? thats why everybody loves the TC Dev's.

The size is not the issue, i have had beautiful GUI based boot loaders before, for different encryption, and boot managers etc. I think its a bug with the handling of the systems memory, not a problem with the memory or the size of the loader.

CDburnerXP (the most popular freeware burner) cannot burn the ISO's giving the message "this is not a valid ISO file" just like PowerISO couldnt mount it with the same message. luckily Nero can burn it for me.

i know the TC devs are reading this thread, i have never had a problem mounting or burning ISO's before. if you guys have altered the ISO in order to prevent people form mounting it (which now is even effecting burning it) please rectify the issue. if it's just a bug hopefully it will be addressed.

it would be nice if people would list the apps they are using for mounting/burning & if it worked or not. it might help the TC Dev's figure out whats wrong. so far for me...

Nero 6 - burned successfully (didnt try mounting with it)
PowerISO 3.8 - couldnt mount
CDburnerXP 4 - couldnt burn

about to try Nero 8 for mounting (or burning if mounting doesnt work)

I'm wondering if their goal was to prevent people from mounting it, for if it was, why not have TC burn it instead of creating an ISO? I'm sure there would be a way. Personally, I'm glad for the ISO, since I tested using VMWare, and definitely did not want or need to burn a disk.

VMWare v6 - Mounted into system OK, TrueCrypt recognized it as a valid recovery disk.
Nero 7 DriveImage (v3.0.0.12) - Mounted, however Windows reported it as a bad format or corrupted disk.
Nero Burning ROM v7 (v7.10.1.0) - Burned Image to a new image OK.
IZArc v3.7 - Opened image, but didn't show any file structure.

{QUOTE-> CDburnerXP cannot burn the ISO's giving the message "this is not a valid ISO file" just like PowerISO couldnt mount it. luckily Nero can burn it for me.

i know the TC devs are reading this thread, i have never had a problem mounting or burning ISO's before. if you guys have altered the ISO in order to prevent people form mounting it (which now is even effecting burning it) please rectify the issue. if it's just a bug hopefully it will be addressed. <-QUOTE}

Eli997:

I was able to burn the iso using BurnAware Free Edition, available here:
http://www.glorylogic.com/

Base Memory 631 was my number when I ran the program they asked to be ran. What did you guys get?

for everybody having the "insufficient memory for encryption" message here is your chance to help the TC Devs. they have updated the docs "issues & limitations" section with instructions

http://www.truecrypt.org/docs/?s=issues-and-limitations

From reading the issues page, it appears the problem lies in how much memory the bios makes available to truecrypt when the processor is in real mode.

{QUOTE-> If you encountered this error, you can help us solve this issue by booting a
special test ISO image, which displays the amount of free base memory on
your system. <-QUOTE}

Likely not something that can be worked around easily without making the bootloader smaller. Anyone who has this issue definitely download that ISO and report its findings to the developers.

http://www.truecrypt.org/special-downloads/BootMemoryTest.zip

{QUOTE-> Eli997:

I was able to burn the iso using BurnAware Free Edition, available here:
http://www.glorylogic.com/ <-QUOTE}

I was able to burn the ISO successfully, but only after using the software recommended by TrueCrypt (ImgBurn worked as well). All of the commercial CD burners I tried only made me a shiny set of coasters. ;D However, even with InfraRecorder and ISORecorder I could not successfully boot off of the disk. I tried many iterations of burning options and with different machines (SATA, IDE), but no luck. I was able to mount and boot off the ISO in VMware 6. However, I could not get a physical Rescue CD to boot a physical machine.

Has anyone successfully booted a Rescue Boot disk outside of VMware?

{QUOTE-> Has anyone successfully booted a Rescue Boot disk outside of VMware? <-QUOTE}

I booted the Rescue CD without a problem.

{QUOTE-> CDburnerXP (the most popular freeware burner) cannot burn the ISO's giving the message "this is not a valid ISO file" just like PowerISO couldnt mount it with the same message. luckily Nero can burn it for me.

i know the TC devs are reading this thread, i have never had a problem mounting or burning ISO's before. if you guys have altered the ISO in order to prevent people form mounting it (which now is even effecting burning it) please rectify the issue. if it's just a bug hopefully it will be addressed.

it would be nice if people would list the apps they are using for mounting/burning & if it worked or not. it might help the TC Dev's figure out whats wrong. so far for me...

Nero 6 - burned successfully (didnt try mounting with it)
PowerISO 3.8 - couldnt mount
CDburnerXP 4 - couldnt burn

about to try Nero 8 for mounting (or burning if mounting doesnt work) <-QUOTE}

ImgBurn - burned successfully
Daemon tools 3.47 - mounted successfully

Both of the above have yet to fail me in anything to date.
Why do so many people use Nero for burning images? It seems like there is nothing but problems with it... though it worked in your case. And isn't PowerISO designed more for editing and creating images?

anybody boot from a True Image/Norton Ghost CD & make an "image" of their C: yet? that way your image is still completely encrypted. then try restoring back?

i am ganna try eventually, problem is though if it doesnt work you have to reinstall.

there are other methods like, some people create images from a running OS which creates an unencrypted image but then store it inside of a TC container.

results will vary depending on the WDE program, imaging program, and method used. i had varying degree's of success with PGP WDE.

another bug, a big 1!!!

i can no longer mount volumes over my internal network, i keep getting error messages.


computer A: home server with closed TC file container

computer B: laptop connecting to server via wifi trying to mount file container locally on laptop

Hello,

{QUOTE-> another bug, a big 1!!!

i can no longer mount volumes over my internal network, i keep getting error messages. <-QUOTE}

From http://www.truecrypt.org/docs/?s=issues-and-limitations :
{QUOTE->
Known Issues & Limitations :

[...]

Due to a bug introduced in TrueCrypt 5.0, it is not possible to access mounted TrueCrypt volumes over a network. Temporary solution: downgrade to TrueCrypt 4.3a (http://www.truecrypt.org/pastversions.php)

[...]
<-QUOTE}

Regards,
gkweb.

The Truecrypt forums are finally up!

{QUOTE-> I booted the Rescue CD without a problem. <-QUOTE}

Did you have to do anything special in terms of settings to burn? What software did you use? CD or DVD? Obviously, the TC group have done something "extra" to the ISO that makes a lot of the burning and mounting software unable to read the *.iso file. Workaround or specifics would be much appreciated.

{QUOTE-> Did you have to do anything special in terms of settings to burn? What software did you use? CD or DVD? Obviously, the TC group have done something "extra" to the ISO that makes a lot of the burning and mounting software unable to read the *.iso file. Workaround or specifics would be much appreciated. <-QUOTE}

I used InfraRecorder to burn the TC rescue disc, just used the default settings.

{QUOTE-> I used InfraRecorder to burn the TC rescue disc, just used the default settings. <-QUOTE}

Thanks reparsed.

I've traced it to an incompatibility with Dell laptops. I took some of the disks I made yesterday and successfully booted an old HP laptop. So, there must be something breaking between the odd file-system format of the TrueCrypt rescue disk and the Dell CD readers (tested on D600 through D630 with none able to boot.) Unfortunately, there are no BIOS settings to manipulate a CD reader. :(

Tried to copy the CD contents via Linux, in the hopes of getting a bootable USB flash, but Linux did not see the FS as standard either. ???

{QUOTE-> Using code-based game-playing techniques, we have provable results that show cascades composed of at least three block ciphers, with three independent keys, to be the minimum, for a significant gain in security. Triple encryption increases security (significantly) in a way that double encryption cannot (negligibly); triple encryption is the shortest potentially "good" cascade, in this sense. Furthermore, we're not sure if security increases when you increase the number of block ciphers in a cascade beyond four.

Triple encryption is the "sweet spot," if you will, but, as I've said many times, the added complexity of implementing a cascade just isn't warranted, compared to what it gives you, and the implementation risks that come along with it. Either way, if you want to take advantage of the security that cascades are meant to provide, you should be using at least three independently keyed block ciphers. However, fiddling with multiple block ciphers is more likely to cause problems, than provide any noticeable security gain.

At least, that's the trend I've noticed in practice. So, in short, I don't recommend using a cascade of AES, Twofish, and Serpent; it's not that I think it's insecure, though. It very well may be the case that TrueCrypt's cascade implementations are secure; in that case, given what we know about cascades, a cascade of three independently keyed block ciphers should offer a significant gain in security over that of single and double encryption.

I don't want consumers thinking they need to use them and I don't want software vendors thinking they need to implement them. The reality is that the AES is sufficient, and a conservative recommendation for both security reasons (i.e., it receives more cryptanalysis than any other block cipher) and engineering reasons (i.e., it's simple to recycle for encryption, authentication, and a PRF). The latter reason takes advantage of the former reason.

Refer to this post of mine (http://www.wilderssecurity.com/showpost.php?p=1177498&postcount=92) for more, including references to opinions by David Wagner (co-designer of Twofish) and Ross Anderson (co-designer of Serpent), both supporting the use of the AES, over Twofish or Serpent, whenever possible. Cheers! <-QUOTE}


In which way triple cascade is far more secure than double?

I believed that cascades were implemented in case of a vulnerability were discovered in one of the algorithms and to avoid patterns by encrypting pseudo random datas...


Looking forward for your reply,

tx

{QUOTE-> In which way triple cascade is far more secure than double? <-QUOTE}

A double cipher's effective key length is essentially no more than that of a single cipher, since the upper bound on the advantage hits one (i.e., meet-in-the-middle attack), for the double cipher, at the same point it does for the single cipher (i.e., exhaustive search). To be fair, that doesn't say all there is to say about the security of a double cipher. Rather, we can say that its security, in the Shannon model, is increased. In other words, the success probability of an adversary is much lower in the case of a double cipher than with a single cipher (i.e., it would require more queries to gain the same advantage). All in all, though, the meet-in-the-middle attack severely limits the gain; while you gain something, it is negligible. (By negligible, I mean half a bit of security for an advantage 0.5.)

Take DES, for example. First, we model the block cipher as a family of random permutations - one for each key. The adversary gets oracle access to the block cipher and its inverse. The adversary's job is to distinguish the cascade and its inverse from a random permutation and its inverse, roughly. If the adversary wants an advantage 0.5, he'll have to ask $2^{50}$ queries, $2^{55.5}$ queries, and $2^{78.5}$ queries, for single, double, and triple encryption, respectively. You might notice that the gap between single encryption and double encryption is relatively small, while the gap between double encryption and triple encryption is significantly larger. As such, to approach the security you would expect from a composition of multiple ciphers, the minimum is three; it provides the security that one might naively expect from double encryption. Four has been shown to be no worse than three, regarding maximal advantage, but, to the best of my knowledge, we still don't know if adding more ciphers, beyond three, really increases security.

Triple encryption increases security (significantly) in a way that double encryption cannot (negligibly); it follows that triple encryption, with three independent keys, is the shortest potentially "good" cascade, in this sense. This has been proven under the ideal-cipher model, using code-based game-playing techniques. (Note, I use "Shannon model" and "ideal-cipher model" interchangeably.)

{QUOTE-> I believed that cascades were implemented in case of a vulnerability were discovered in one of the algorithms <-QUOTE}

I address the fallacies of the "just in case" mentality, in this post (http://www.wilderssecurity.com/showpost.php?p=1166110&postcount=14), as well as the reality of security, from an implementation perspective.

{QUOTE-> and to avoid patterns by encrypting pseudo random datas... <-QUOTE}

We assume that a block cipher, such as the AES, behaves like a PRP; that is, it's "hard" to distinguish the AES from a random permutation. (Read "hard" as "computationally infeasible.") Cascades aren't a necessity in achieving this.

Thank you for your answer.

{QUOTE-> Thank you for your answer. <-QUOTE}

You're quite welcome. If there are any concepts you'd like me to elaborate on, I'd be more than happy to. Cheers!

back down again for several hours, maybe they are getting ready to update with 5.0a?

Yup. 5.0a is out!

5.0a

February 12, 2008

Improvements:

The memory requirements for the TrueCrypt Boot Loader have been reduced by 18 KB (eighteen kilobytes). As a result of this improvement, the following problem will no longer occur on most of the affected computers: The memory requirements of the TrueCrypt Boot Loader 5.0 prevented users of some computers from encrypting system partitions/drives (when performing the system encryption pretest, the TrueCrypt Boot Loader displayed the following error message: Insufficient memory for encryption).


Bug fixes:

On computers equipped with certain brands of audio cards, when performing the system encryption pretest or when the system partition/drive is encrypted, the sound card drivers failed to load. This will no longer occur. (Windows Vista/XP/2003)

It is possible to access mounted TrueCrypt volumes over a network. (Windows)

TrueCrypt Rescue Disks created by the previous version could not be booted on some computers. This will no longer occur. (Windows Vista/XP/2003)

Note: If your TrueCrypt Rescue Disk created by TrueCrypt 5.0 cannot be booted on your computer, please upgrade to this version of TrueCrypt and then create a new TrueCrypt Rescue Disk (select 'System' > 'Create Rescue Disk').

Many other minor bug fixes. (Windows, Mac OS X, and Linux)

http://www.truecrypt.org/downloads.php

Yes so good that the programmers are oh so quick at fixing a problem with hard core programming, yet cant impliment antispam on their site that lets people actually sign up and post..

doesn't look like 5.0a resolves the multiple/extended partitions issue unfortunately :(

{QUOTE-> doesn't look like 5.0a resolves the multiple/extended partitions issue unfortunately :( <-QUOTE}

Yea. I'm confused by their Known Issues page myself, as it reads:


[Note: The following issue does not affect TrueCrypt 5.0a or any later versions.] If you encrypt an entire system drive that contains extended partitions using TrueCrypt 5.0, the extended partitions become inaccessible. However, note that the data stored on the partitions are not lost (they are only encrypted). To make the partitions accessible again, please decrypt the entire drive (from the menu bar of the main TrueCrypt window, select System > Permanently Decrypt System Partition/Drive) and then restart the computer.
TrueCrypt currently does not support encrypting an entire system drive that contains extended (logical) partitions. You can encrypt an entire system drive provided that it contains only primary partitions. Extended (logical) partitions must not be created on any system drive that is partially or fully encrypted (only primary partitions may be created on it). Note: If you need to encrypt an entire drive containing extended partitions, you can encrypt only the system partition and create partition-hosted TrueCrypt volumes within any non-system partitions on the drive.


Either I'm reading to deeply or confusing myself, but if the first is fixed, how is the second not?

I receive stop 7E BSOD (check for virus) after trying to encrypt the whole harddisk or C:\. Then later you can start windows after using last known good and also see the Bootmenu of Truecrypt but doesn´t encrypt. TC gives you possibility to try again but in all cases TC5 and TC5a fail. Probably because stack <unknown> 0x1 slipped into Truecrypt.exe.

{QUOTE-> I receive stop 7E BSOD (check for virus) after trying to encrypt the whole harddisk or C:\. Then later you can start windows after using last known good and also see the Bootmenu of Truecrypt but doesn´t encrypt. TC gives you possibility to try again but in all cases TC5 and TC5a fail. Probably because stack <unknown> 0x1 slipped into Truecrypt.exe. <-QUOTE}

Hmm, I haven't heard of that BSOD yet on the TC forums. Do you have MBR Write Protection enabled in your BIOS?

{QUOTE-> Either I'm reading to deeply or confusing myself, but if the first is fixed, how is the second not? <-QUOTE}

I think I encrypted the whole drive (system partition and extended ones) - which doesn't work.

What I think they're saying is you can encrypt either the system partition on its own - and then create Truecrypt volumes on the extended partitions OR encrypt the whole drive provided it's only made up of primary partitions.

Better if they allow you to encrypt the whole caboodle (primary partition, extended partitions and all) but I guess I'll just have to be patient.........

{QUOTE-> I think I encrypted the whole drive (system partition and extended ones) - which doesn't work.

What I think they're saying is you can encrypt either the system partition on its own - and then create Truecrypt volumes on the extended partitions OR encrypt the whole drive provided it's only made up of primary partitions.

Better if they allow you to encrypt the whole caboodle (primary partition, extended partitions and all) but I guess I'll just have to be patient......... <-QUOTE}
Aye. I'm being very patient myself, as I only want to encrypt my laptop at this time, but can't afford to do so until TC supports Hibernation.
The one thing I will definitely have in place is a backup of my hard drive before I do anything.

@KooKy: http://i28.tinypic.com/15i9au8.jpg

F79... is likely the address of ndistapi.sys.

{QUOTE-> Do you have MBR Write Protection enabled in your BIOS? <-QUOTE}I don´t have such a feature.

Beside how to remove TC bootscreen? I already uninstalled TC but bootscreen remained.

Try using the Rescue CD and replacing the original bootloader from the tools menu.

Truecrypt 5 rated as unsafe as well as bitlocker and apple encryption: http://www.golem.de/0802/57886.html
Link is in german but there is a youtube video where you can check their technique!

It's not like these programs couldn't just overwrite their allocated memory with trash when dismounting their volumes rendering password recovery totally useless...

If the encrypted file has not been opened for a while, is this still a problem? Or is this just for files that were opened during a particular session before shut down? Is there some kind of product that will overwrite or clear RAM on demand?

{QUOTE-> It's not like these programs couldn't just overwrite their allocated memory with trash when dismounting their volumes rendering password recovery totally useless... <-QUOTE}
TrueCrypt already secure-erases both the password (if cached in memory, which is optional) and the keyfile when a volume is dismounted.

The vulnerability mainly refers to computers that are stolen or otherwise appropriated while an encrpted volume is still mounted, but in a suspended or standby state. This would be more likely to occur when WDE (whole disk encryption) is in use, since the user normally does not dismount the encrypted volume until he shuts down the computer.

{QUOTE-> The vulnerability mainly refers to computers that are stolen or otherwise appropriated while an encrpted volume is still mounted, but in a suspended or standby state. This would be more likely to occur when WDE (whole disk encryption) is in use, since the user normally does not dismount the encrypted volume until he shuts down the computer. <-QUOTE}Yes but thats the most important reason why someone would use tc5. Whole disc encryption sounds like a dream that never really becomes true in terms of 100% security.