are there some truecrypt forks ?

Hi

i don't know if fork or forks is the right word , but i read here in this forum

seeing truecrypt is a open source , i would like to know if there are other forks

in short the same code (compiled) with some new features

thanks

 

Here's something along those lines...

http://sourceforge.net/projects/veracrypt/

Note: VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format.

Oh and lacie-private-public...

http://www.hacker10.com/encryption-...-public-aes256-encryption-based-on-truecrypt/

 

thanks veracrypt look very cool , do you try it?
sadly it's incomaptible with truecrypt
but it has some nice features

 

Diskcryptor is probably the most known. As you can see here, some can get pretty adamant about it being superior.

There's also things like tcplay and cryptsetup, but they are really command line tools, so it may be more cumbersome than you're comfortable with. However there is another project called "zuluCrypt" that will allow you to manage your truecrypt volumes using a GUI interface as well as a CLI interface, which will work as a front end for those. It's supposed to give a "one stop solution" to easy management of LUKS,PLAIN and TRUECRYPT volumes.

These are all mentioned here.

Finally, Here's a thread with suggested alternatives to TrueCrypt.

 

thanks
more then an alternative i was looking for a trucrypt with more features seeing it's open source should be easy to add

 

Well, I haven't used those tools, but they may very well offer other features. That's the impression I got when reading about them.

That's kind of like saying "seeing as how humans have known for decades proper ways to perform brain surgery, it should be easy enough to correct paraplegia."

 

Very interesting!!

 

Despite TruCrypt forks, there is a new password cracking tool that has been verified to crack TruCrypt 5.0+. See the thread entitled "No password is safe from new breed of cracking software" in the other security issues & news subforum just posted.

-- Tom

 

1) You couldn't hyperlink it?

2) It's not new...it's an old tool that got updated

3) You already posted about it a week ago. (That's why your new thread got merged.)

4) This is not really a threat to anyone following good protocol. We already went into this here and here.

5) This "No password is safe" fearmongering-for-attention is getting kind of old, no?


As I keep saying, just do the math...

This specific article claims "8 million guesses per second" (it doesn't mention what hardware is required, nor against which hash, but let's go with it)...

Just to keep the numbers a bit more manageable, let's start with 10 characters (below mandatory minimum on most systems), just alpha/numeric (no special characters). So that's a 62 character keyspace, divide the total by 2 (law of averages), against 28,800,000,000 guesses per hour...

Assuming it's random, (i.e. not "password12") that password will likely be guessed in... 1,663.38 years.

Hmm.

Okay, but 8 million guesses/second, that's pretty slow. After all, the 25 GPU cluster from last year could get up to 350 billion per second (granted, that was only against NTLM, and if you used an actual decent hash, that number plummets to the 364,000 range (all the way down to just 71,000 with Bcrypt)).

But we're going all out here. I mean, 55 characters...we're going to need some serious computing power. As we did in my other post linked above, lets pretend there is a system out there that can make 100 Trillion guesses per second. That's 360,000,000,000,000,000 guesses per hour. (I'm pretty sure that even on the fastest (i.e. weakest) hashing algorithm, there is no system out there that can achieve this speed.) But let's just do the math.

At that many guesses per hour, it would still take almost 32 years to crack just a 13 character random alpha-numeric password. Bump it up just one more character to 14, and you're looking at 1,966.29 years.

Just 14 characters, at 100 trillion guesses per second.

Wanna go for 55?

60,493,166,731,760,900,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.00
...years.

(And we're still just using letters and numbers...we haven't even allowed for the use of special characters.)


Still think your passwords are in trouble?

 

No wonder the USA is in so much financial mess!

We could have sent the FBI a link so that they wouldn't have wasted so many thousands of dollars and many months trying to help Brazil break into that suspected fraudulent banker's encrypted hard drives. Just think of the wasted time and money we could have saved. And man, after all their expenses and trouble they ended up with ZIPPO, only to send the still fully encrypted drives back with NO progress at all.

Joking of course, but if you stop and think it through I could site no less than half a dozen high profile cases where TC stopped adversaries cold. What more proof do you need in combination with some smart folks examining the source code by line.

I am just saying!!!!!!!!!

 

Hi JackmanG,

Thanks for the feedback. The articles are moved around so much here - its hard to keep track of where they are located - especially when looking in what is the obvious forum to post.

Why don't you discuss your data with atom on the article's referenced forum and get his take on your comments?

To find the hardware and hashes you need to go to the release notes link I recommended.

-- Tom

 

1) Any time a thread is merged or moved somewhere, a forwarding link is left behind...so in a sense, thread links will always be right where you originally found them, and you should have no trouble finding a moved thread. (I'm surprised you haven't seen this, given the fact that you know how often threads are moved).

2) Using the search function, you can easily find all threads started by any given user (including yourself).

I assume "atom" is a user here. I don't know him, but if you'd like to send him a link to my post and request his feedback, I'd be happy to read it.

I've looked at every link you posted in that thread. They are all news articles and one forum thread. You'll need to point out which one contains "release notes".

...Regardless,

1) I doubt the hardware needed to achieve even 8 million guesses is anything any average person could/would have,

2) I'd be incredibly surprised if anyone but the highest level government agencies would have the hardware needed to achieve that speed on any decent hash.

3) As I said, to my knowledge, there exists not a single system (nor array of systems) in the world that could achieve 100 Trillion guesses per second on any hash...let alone a cryptographically slow one.

...So I really think specs are moot. I already basically proved that unless your password appears in a dictionary, guessing 55 characters is a pipedream within a pipedream...from a pipedream.

 

Hi JackmanG,

FYI, I do use the search function, but don't always find what I am looking for. And since the software is a new enhancement to existing software that now cracks TruCrypt, one would think that old theory arguments are no longer sufficient to understand what was done regardless, in order to reduce the search space set of possible solutions to the problem.

Pipedreams aside (which in theory I couldn't agree more) there is a practical side to my recommendations so that anyone interested enough can put theory aside and get into the down and dirty of what looks like some new software techniques.

atom is the developer of the software at the forum pointed to by the "release notes" link in the article referenced as the first link in my original post about the cracking software - obviously, you did not read it all the way down to where the Change Log starts, so I will post it for you here and recommend you read it for the information about the software and hardware. You will find validation for some of your comments. Yeah!

release notes link.

I just love it when someone posts about what is impossible due to theoretical arguments especially when something new breaks that seems to paint a new picture. That is not to disparage theory, but it sure would help if the "context" of the author (in this case atom) were considered in order not to confuse theory with practice. Sure, for a proper understanding of what was done, there may need to be some resolution between the two, but to do that - the context is always necessary in order to understand the issues painted in a new light.

-- Tom

 

And directly from the above linked release notes:

According to the above:

You would need 35 2x hd6990's to get 8,000,000 p/s on PBKDF2-HMAC-RipeMD160.
You would need 169 2x hd6990's to get 8,000,000 p/s on PBKDF2-HMAC-Whirlpool.

And if you didn't know which hash was used, you'd have to try all 3, and you'd need even more than 169 2x hd6990's.

And if you had to try 3x cascaded ciphers, it would even be three times slower.

 

VeraCrypt or DiskCryptor? The question.

My main pet peeve with TrueCrypt is bad attitude on their "support" forums (forum rules).
(For what it's worth: http://www.indiegogo.com/projects/the-truecrypt-audit )

I am also looking for a software which is capable of producing 2 hidden partitions: C: for system, D: for program files. As it is supposed to be.