What is the best free disk/file encryption with no back doors? Government subpoena resilient. And your reasons?Would open source product necessarily be better? Your views? Thanks in advance.
For which OS? If it's for Windows 7 and 8 there's TrueCrypt 7.1a which has been verified to be free of backdoors. There's also DiskCryptor which is GPL licensed, and VeraCrypt, but neither of these have been audited yet so there's no real guarantee they're free of backdoors. I don't know if TrueCrypt works on Windows 10 with MBR, but it definitely won't work with GPT. I use VeraCrypt for Windows 10, and LUKS/Cryptsetup for Linux (already built-in).
For now I need it for Windows 8.1 but for later Linux. Two OS on one laptop. I also need to secure my usb sticks and individual files on HD. Thanks in advance.
In Linux, use LUKS. But if you're dual booting, getting TrueCrypt or VeraCrypt to play nice with LUKS is not so easy. Maybe Palancar will chime in
Chiming in ---- LOL! Both TC and VC play very nice with Linux. Since I am using a Linux OS obviously the applications for me (TC and VC) are archival not system disk. For my linux system disks its is LVM on LUKS. Opinions may vary but I have looked through as much code as I can, and that is significant on these software products. I prefer to abandon LUKS for my encrypted archives for security accordingly: In my case I commonly store extensive archives off premises to protect against fire, theft, and ultimately adversary acquisition of my data. TC or VC allow for a superb construction of a solid decoy volume, which offsets my risks should an archive end up in the wrong hands. Since I don't own the premises where archives are stored this allows me to be comfortable knowing that any pressure to an "associate" storing this data for me can be eliminated by opening the shell volume. I am masterful at constructing a volume that appears beyond super sensitive. The hidden and true sensitive data will never be discovered unless I make a serious operator error. I would like to think I am beyond those at this point of my software development. [crossed fingers] In the strict sense of the word all three encryption models listed in the thread so far appear to be unbreakable if applied correctly. Attacks have been made on all three and they are proven to withstand adversarial assault. I would be remiss if I didn't mention a reminder note that YOU the user must be aware of the OS you are using while handling any encryption sofware. If your adversary has access to the OS used while handling those archives the security is all but useless. Examine full encryption of the OS if the encrypted archives and the OS are on the same premises. My .02
Your certain VeraCrypt has no backdoor? Would it work if I plug a usb stick or external HD into the linux Virtual Box and use LUKS/Cryptsetup to encrypt files that are wordpad .rtf files?
think about it, how can anyone be sure? better to use (IMO) TC/VC/CS/diskcryptor than bitlocker and similar ;-).
It is open-source, so anyone can check it, then again, that does not mean, that anyone did. Like with openssl, there was a vulnerability present for years, because no one bothered to check it out, just saying open source gave it credibility.
What happened to FreeOTFE? It used to work fine on XP but newer Windows versions do not load the unsigned drivers that come in the package. Does anyone know if signed drivers are available for it?
The problem with backdoors is not very likely in the encryption software but is certain to be in Windows. At least that is why I believe TrueCrypt shut down. The TC developers realized that it was all too easy to get around the encryption in Windows. For example, the volume master key is supposed to stay in memory, never being written to disk, but that is not guaranteed by Microsoft. Also, law enforcement officers, private detectives etc.. can use any number of tactics to hack your machine and install backdoor tools on your machine if they are determined. So, if you must use Windows, and want to encrypt really important stuff, use a PE boot disk like TAILS and make sure your machine is never out of your possession. OR, use LINUX
I was wondering if anyone had any experience or comments about any of the following: CryFS https://www.cryfs.org gocryptfs https://nuetzlich.net/gocryptfs/ EncFS https://vgough.github.io/encfs/ securefs https://github.com/netheril96/securefs
Lets just examine the archive of data on an external hard drive. I am not discussing Windows system disks where security is concerned (its pointless). As stated several posts up I have decided to use VC 1.19 on 100% Linux system disks for external media volume creation. The issues of backdoors, in my opinion, are not the primary concern. I am more concerned about the stability of the algo used to create the volumes being "crackable" by 3 letter agencies. I have spent a great deal of time comparing LUKS vs VC strictly and solely for the purpose of archiving data off premises. I use LUKS exclusively for my LVM on LUKS system disks. I do not use the customary header hardness nor do I use the default AES algo, both of these on my systems are custom configs. I have looked through the code and was very involved with TC (LTRM) and beyond on those old forums. Rambling yep. It comes down to this for me. As off premises archives I have coded hidden volumes with the "good stuff" and yet my shell/decoys are very very convincing. I have done this not only to protect myself but my "associates" from the 5 dollar wrench adversary. My outer/shell volume is formatted with a file system that conventional VC would not support a hidden volume within. Therefore with public code there can be NO hidden volume. Its a toss up LUKS vs VC for archives. The hidden volume (that cannot exist according to VC filesystem code) sways me to go that route as opposed to straight LUKS. I believe that either will hold up as long as you are not in a "5 dollar wrench" scenario.
I, have FileVault2 FDE turned on on my MAC, and change my password regularly. It uses AES-128-XTS which is good enough for my needs. If it was discovered that there was a back door, o oh, for Apple.
Sarah Dean went missing from the scene in 2011/2012. Some that claimed to know her said she passed away. She was a very talented cryptographer and left behind remnants of several projects she was involved with when all communications from her ceased. There was a fork called "LibreCrypt" that was introduced on github by TDK for one summer in 2015. It too was dropped and that's the last of what was Sarah's original FreeOTFE. Excellent software, no question.
There were some possible work-arounds for 64-bit Vista and Win7 apparently. (I haven't tried them myself.) Additional Information for Windows Vista x64 and Windows 7 x64 Users Only https://web.archive.org/web/2013012...docs/Main/impact_of_kernel_driver_signing.htm Excerpt: "Fortunately, there are a number of methods of loading unsigned drivers under Windows Vista x64/Windows 7 x64, without having to pay for a digital certificate, and these are summarised below. As a consequence, it is possible to use FreeOTFE under Vista x64/Windows 7 x64 by using the methods shown as be successful below "
I'm still using DiskCryptor and in my experience it works very well on windows 10 and modern hardware, when you have a UEFI system you can back the partitions up change the partition layout to MBR and restore the system, and it will boot in BIOS mode no need to reinstall it. Now are there down sides, well one, restoring from hibernation takes forever on my new thinkpad. I think the issue here is that the CSM is not implemented in a very performant way, so adding UEFI support to DC would be something to aim for. Also DC compiles with VS2017 and an up to date windows10 WDK fine, just a few fixes needed: https://github.com/DavidXanatos/DiskCryptor
