Thread for TrueCrypt alternatives [FOSS preferred]

Discussion in 'privacy technology' started by Morthawt, May 29, 2014.

Thread Status:
Not open for further replies.
  1. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Truecrypt 7.2 does in-place decryption of separate non-system partitions?
     
  2. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    I checked it out in vmware. It does not do in-place decryption of hidden volumes. So if you make the most of TrueCrypt you are doomed. You need another drive to move the data to.
     
  3. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Can I just ask an obvious question: Why the rush to move to something else? Is it really just the "may contain unfixed security issues" message? It seems to have been all but completely confirmed that the "unsecure" warning is just a "this is no longer maintained" alert. Again the preliminary audit didn't find anything significantly jarring, and the second phase will continue as planned .

    I just find it incredibly bizarre that the devs simply ceasing support for TC creates such a frenzy that people would actually consider moving to much less vetted alternatives. I mean FreeOTFE? Scramdisk on Win9x? Are you people serious?
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    This is PaulyDefran, and I approve that ^ message! :D
     
  5. yyzyyz

    yyzyyz Registered Member

    Joined:
    Jun 5, 2010
    Posts:
    9
    Ditto. I see no reason to seek alternatives just yet and I doubt there's anything comparable out there which is also open source.
     
  6. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
  7. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    All I'm saying is I don't quite see the logic in moving to a 15+ year-old OS to use a security product that's been abandonware for roughly just as long, because the product you're currently using was last updated 2 years ago and was announced to be discontinued 2 days ago.

    "Holy crap! This awesome encryption application that is the most widely used source-available program of its kind in the world, that has been the go-to app for pretty much every paranoid technophile, that is currently undergoing a $70k grassroots audit to confirm its security, and that has foiled LEA's up to the highest ranks of the most powerful governments in the world...has just lost maintenance support by its developers! Better switch to some obscure abandonware program that hasn't been vetted or even updated in a decade."

    Steve Gibson sums it up pretty good...
    https://www.grc.com/misc/truecrypt/truecrypt.htm

    See what I'm saying, @S.B.?
     
    Last edited: May 30, 2014
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The other options mentioned here might not be viable for Win 7 and 8 users, but for those who haven't switched from XP or an earlier system, they are completely viable alternatives. They're also viable in virtual environments on more current host systems. I wasn't advocating switching to earlier operating systems. I listed those apps for users who never left those older systems. Some of us don't agree with the newer is better philosophy. When ciphers like Blowfish and apps like Scramdisk have remained unbroken for 15 years, I'll trust them.
     
  9. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
    I have used TC for years and years only to manage containers, and I will continue using it. I have never seen the need to encrypt the Windows partition.

    But I have checked for possible alternatives. The only one seems to be BestCrypt, $6o a year. It´s not easy to replace TC.
     
  10. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Well when it comes to operating systems, yes in general newer is better. (Especially if by "not-newer" you mean something over 10-20 years old and that is no longer supported or maintained.)

    And no one said anything was wrong with Blowfish (well, unless you count the man who authored it saying he was surprised anyone was still using it and recommending they switch to something else. Hmm. Why does that sound familiar?)

    And for that matter, no one is even talking about ciphers. We're talking about encryption software. There's a difference.

    Again, TrueCrypt has been the standard for basically a decade, and it's not only had plenty of eyes on the source code throughout those years, I say again, it's stood up to the most powerful governments/LEAs in the world. I still don't see how the developers simply saying "we're not going to update this anymore" is even cause for alarm, let alone a reason to jump to something with whose security is much less known, and that "hasn't been broken" in large likelihood because it hasn't even been used in over a decade.
     
  11. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    I have checked and both veracrypt and DiskCryptor are free and in development. I had email contact from both developers. I am leaning towards DriveCryptor because it can also encrypt and mount raw optical disc media as well as encrypt partitions and the system partitions. If you create a vhd file from disk management you can also create container files too.
     
    Last edited: May 30, 2014
  12. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
    Do you mean "DriveCrypt"? It´s more expensive than BestCrypt. It seems that VeraCrypt can be an alternative. VHD files are not an alternative to me. For example, I want to be able to backup the container and mount it in another Windows 7 or 8.x computer if necessary. Can I do this with a VHD?
     
  13. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    I edited. I mean DiskCryptor. I do not know why I keep calling it DriveCrypt. Yes you can do that with vhd. It is just a file that windows mounts.
     
  14. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    What I never understand is why all these diehards set themselves up to have to constantly defend their use of deprecated products when the only attributes they seem to be able to offer in favor of them are just as valid for the products they refuse to use.

    I mean when was AES, Twofish, or Serpent broken? Did I miss something? I hear all this stuff about "But Blowfish has never been broken!" as if the whole world is using standards that have been broken.

    It's even crazier in this context...here we've got a secure product, that as far as we know has never been broken (despite attempts from everything from local police and sheriff's offices to the FBI (and probably beyond)), which incorporates standards which have never been broken, (despite much a wider usage and therefore more attacks)...and we've got people talking about moving to things which have not seen near the usage, scrutiny, maintenance, and endorsement by professionals...simply because the developers were "no longer interested" in maintaining it.

    I mean you're pretty much saying "I'm gonna go use these products whose own developers recommend people not use, because the developers of the product I'm using now recommend I not use it."
     
  15. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    You can believe whatever you wish, and can ignore whatever facts you wish.

    I personally believe it prudent not to ignore two warnings posted by the TC developers in large red letters stating "Using TrueCrypt is not secure as it may contain unfixed security issues" and "Using TrueCrypt is not secure".

    The current TC page also states "You should migrate any data encrypted by TrueCrypt ..." (emphasis mine). You are also free to ignore the TC developers' recommendations as to what you "should" do. No skin off my back.

    The Register reports that "Bruce Schneier has told us he's switched back to Symantec's PGPDisk to encrypt his data." (http://www.theregister.co.uk/2014/05/29/truecrypt_analysis/). You apparently disagree with Schneier's actions. That is your prerogative. As I see it, he has taken the more cautious and prudent course of action in paying attention to the TC developer's warnings, and in migrating his data as per their recommendation.

    When the dust settles it may turn out that the TC developers' warnings were a mere tempest in a teapot. It alternatively may turn out that there is still another shoe to drop in this ongoing story. I personally don't know what will happen. Nevertheless I am reluctant to ignore the TC developers' warnings and recommendations, and I am currently moving away from my good friend TrueCrypt (to Diskcryptor) at least until the storm passes. From a safety and security standpoint, moving away from TC for the time being seems to me to be the most prudent course of action.

    __
     
    Last edited: May 30, 2014
  16. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
  17. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    @S.B.
    I admit that would be pretty surprising if it turned out to be true that Bruce Schneier switched to a Symantec product. Thanks for that.

    Here's the rub though: Back in those days when he was using/recommending it, it was still in the hands of the old PGP team members (whom Bruce knows and trusts). And as he says in that old Wired piece, he was even on the Tech Advisory Board of PGP Corp at the time. That software has been in the hands of Symantec for over 4 years now, and Bruce said he was using TrueCrypt because especially in light of all the revelations, he was hedging his bets (i.e. it's less likely for TC to be compromised than a big company product where we know standards and products have been deliberately weakened.)

    And sure, they publish some source code. But it's not only redacted, it's also out of date. And more importantly, you can't do anything with it. It's not as if you can compile it, so what good is it? You can have the entire crypto world inspect what they publish, you still have no way of knowing that's what you're installing. It's more "security theatre" than the TSA if you ask me.

    And other thing...it's possible they're calling it "Symantec's PGPDisk" because Bruce is behind on the times and that's what he called it. As far as I know, there never actually was such a thing. When Symantec acquired PGP it became "PGP Whole Disk Encryption" (and now apparently it's "Symantec Drive Encryption"). And there was also something called PGP Desktop which is now "Symantec Encryption Desktop".

    This makes me wonder if Bruce really went with the current Symantec product, or if he literally went back to the same product he was using 7 years ago (which was not affiliated with Symantec). This is entirely possible, as he's only dealing with an air gap machine, with minimal everything. When you're working with that kind of setup, you actually could be running a Windows9x.

    At that point, sure, I'd have no problem going with the ol' PGP. That's probably had even more real world vetting than TC (and it's own handful of court cases). This is why I feel confident about GnuPG (although it's of course not a whole disk solution.)

    But yes, at this point, given the preliminary audit of TC coming up clean (i.e. without any real issues), and the sheer wide use of TC and all the scrutiny that comes with that, and even more importantly, these real world cases that someone linked in the other thread...I'm just not seeing how anything else out there (other than the old PGP) measures up. Certainly not abandonware from the '90s that only works on pre-Windows NT machines.

    And keep in mind, they didn't tell you to go to Diskcryptor. They told you to go to Microsoft's BitLocker. I think that says something. And I think the fact that you're choosing to only listen to half of their "advice" says more.
     
    Last edited: May 30, 2014
  18. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    PGP disk goes way back. The CKT versions of PGP had it. 6.5.8ckt - Build:08 is one of the best versions ever released, far superior to the official versions at the time, and XP compatible. I've used it for years for storing malware samples.
     
    Last edited: May 30, 2014
  19. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    @Randcal

    Actually the TC developers state "You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." DiskCryptor fits fully within this recommendation.

    Although the TC developers give specific instructions on how to migrate to BitLocker they never state or suggest that BitLocker is the only choice available to Windows users.

    One thing is absolutely clear: the TC developers recommend that data encrypted by TrueCrypt should be migrated away from TC.

    Regards.

    __
     
  20. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
    All developers recommend migrating away from unsupported end of life software:
    Microsoft recommend migrating from XP, is it broken before someone finds a new exploit? No
    How likely is one to be found in the short to medium term? Very
    Have I consequently migrated? Yes

    Is TrueCrypt broken before anyone finds an exploit? Equally no
    Is it likely one will be found in the short to medium term? Errr not so much, people have been unsucessful trying for years
    Am I worried enough to find an alternative before someone does? Um no, I think I'll have a long wait before I have to scramble
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, someone who controls TC developers' credentials does recommend that. But we don't know who they are, or who said TC developers are, or perhaps were.
     
  22. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Erm...so does RSA Data Protection Manager. Or hell, a "virtual disk image" doesn't even have to be encrypted at all. So, what...The TC developers are suggesting you migrate encrypted data to encrypted or unencrypted areas? Anything's better than an unbroken program that foils the FBI and Scotland Yard's Snowden unit, right? Even plaintext! teeheehee
     
  23. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    To anyone interested in DiskCryptor, I have made a thread in this section of the forum dedicated to a video tutorial I have made, so anyone curious about this particular software please check the thread I created for the video demonstration and tutorial. I cover what is in the tutorial on that thread. Hope you find it as useful as I intend it to be.
     
  24. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
    Thanks, it's probably my next choice if there turns out to be an actual problem with Trucrypt 7.1a
    I'm not seeing a proven cause to jump ship on TrueCrypt just yet though
    Unless and until someone demonstrates a system encrypted with TrueCrypt can be decrypted or started without the password I truly see no reason to jump purely because it's no longer supported, it works just as well now as it did last week.

    Until it's broke I'm not fixing it.

    The video is well done though
     
  25. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    Thank you.

    Yes, there is no rush, but I just like the idea of being on something currently developed, that way I do not need to scramble to fix anything when the time comes that TC is compromised or the subject of an attack that will go unfixed. I just would prefer to always be on the software that is updated so I can simply update my software rather than have to go through the headache of getting new drives, encrypting with the new software and moving everything across, then encrypting the old drives with the new thing. I can just swap things over gradually at my own pace and then I am ready.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.