Thread for TrueCrypt alternatives [FOSS preferred]

What do you mean by that?

 

Just to add a bit more on DriveCrypt history. There was a usenet group, alt.security.scramdisk, which I visited regularly for several years or more. The group continued well after the demise of Scramdisk, and was quite active over many of the first years of Securstar (DriveCrypt). Shaun Hollingsworth (scramdisk author, and subsequently a principal at SecurStar) was virtually always there and was a really really big help on any problems anyone had with Scramdisk or Drivecrypt, or encryption in gereral, on a regular day-to-day basis. Shaun talked about going from free and open source, to commercial, on numerous occasions and also caught more than a bit of flack for that on more than one occasion. He said he had a family he needed to feed and that was why he formed, or joined, the company with Hafner, who apparently was responsible for raising the financing the company needed. They were always quite open about Hafner, and his past. Hafner was a reformed hacker. They felt his computer expertise was a good thing for the company, and that did make sense. People do make mistakes; *stuff* does happen; some ppl grow from it.

I bought both of Securstar's DriveCrypt products and used them for at least a year, probably longer. Very good products that had good enterprise-type capabilities built in as I recall. As I also recall, IBM and other large enterprises were big customers of SecurStar. The licensing scheme for DriveCrypt seemed to me, and lots of other ppl to be somewhat onerous, in that licensed products were limited to a single computer, and SecurStar required that licensing software be attached to that computer, and that licensing software automatically checked credentials of the computer via the internet, when user installed upgrades or updates of the SecurStar software. Seemed invasive. Shaun said that the approach wasn't his choice, but he loved and needed to feed his family... And licensing was a fact that people in the real commercial world simply had to deal with.

At some point the newsgroup began to be filled more and more with trolls, and hecklers. Shaun seemed to be harassed more and more often, and his appearances became fewer and fewer.

I moved onto TrueCrypt. Liked their licensing scheme, and price much better. And I personally didn't need any enterprise capabilities.

At one point Shaun became more active again just as the computer world was moving from WinXP to Win7. NTFS disk software changes were a major part of the WINXP to WIN7 transition and required major changes to both DriveCrypt and to TrueCrypt. Securstar supporters and Shaun were amazed at how seemingly easily the non-commercial TrueCrypt made all of the necessary changes, seemingly overnight, meanwhile Shaun and SecurStar had needed many many man-hours (person-hours?) and major investments to adapt their products. TrueCrypt finished and rolled out their changes well before DriveCrypt. At that point various ppl inclucuing Shaun questioned how a non-commercial, presumably part-time group could pull this off without help from someone (such as three letter agencies). I personally didn't care to hear that type of stuff, and noted that ScecurStar, itself, boasted on their own web site about their close ties to govt and/or military groups who required only the best security. Shaun never claimed to know of any negative facts about TC. Eventually the TC talk disappeared.

Later I learned about the bad history between SecurStar and TC, and wished that Shaun had mentioned that, for the sake of full disclosure, at that time. But he may have figured that everyone knew that already. Or maybe he simply made a mistake. I've definitely made my own share of mistakes; and I wish I could change lots of things as I look through the glasses of 20/20 hindsight. But I'll say this. Shaun was a really really good guy, and really really helpful. I believe he legitimately questioned how TC was able to pull off what they did.

I figured maybe TC ppl were just really smart and worked really hard - I've known more than a few workaholics over the years, and it's pretty clear to me that some people are just born with a motor that runs all the time; and those people can't turn off or slow down that motor whether they want to, or need to, or not. Could explain TC. Or maybe not.

For literally years, Shaun proved himself a good, smart, and caring developer. SecurStar always had excellent customer service.

My two cent add-on to history.

__

 

I mean that they don't keep adversaries out. I don't trust their key/passphrase management protocols. They all seem vulnerable to compromise of the machine that they're installed in. Maybe I'm just ignorant.

Or maybe I'm expecting too much. I'd like to see all of the encryption and key/passphrase management going on inside the drive, with a low-level user interface, and extreme physical hardening. Basically, I'd like to see SSDs that are built like TPMs.

 

Tried to reach http://www.statemaster.com/encyclopedia/TrueCrypt but got this ?



Found it on google cache though. I'd head of Scramdisk before, but not e4m, or the 2 coders involved. So interesting reading on their & it's background !

 

Ah, good old Scramdisk! alt.scramdisk or what have you...remember it well. S.B. and I must have been there at the same time Win98SE and OutlookExpress reading NNTP groups circa 1998! I remember donating to Shaun and he was so thankful. Good dude, it seemed.

 

^ -- Sometimes seems there's more than a bit of connectedness in this world...

Best Regards.

__

 

I remember reading something about this, but I never read any official study. Do you have any papers on this?

Definitely. I don't have time to look for the AES reports, but you'll find it easily with google.

Yes. It's in the report.

I think you're mostly correct. AES (rijndael) does get more attention and gets tested more because it's the most used cipher, but in overall security Twofish does better and I'm sure if Twofish gets tested as much as rijndael it would be proven that it's, as the report states, more secure than rijndael.

Rijndael indeed is the fastest, but it comes with a price, which is overall security.

I'll download and install DiskCryptor and I'll edit this post to post a screenshot of the software's benchmark tool.

 

It just tells us something about WH's personality and his company. Also, have a look at that link: http://infosecurity.ch/20100201/evi...-a-fake-independent-research-on-voice-crypto/ If you trust SecureStar, fair enough. I am pretty confused about the connection between the "current" TC devs and E4M & ScramDisk. Crazy stuff, indeed. But yes, E4M was quite good.

 

IDEA is the best algorithm. It has never been hacked. If I recall correctly, ScramDisk and E4M used it. Now, it is just used by BestCrypt (Jetico).

 

As far as I know, I don't have any reason to have an opinion about Wilfred Hafner.

I had never even heard of SecureStar etc before TrueCrypt's recent flameout. TrueCrypt was the first encryption package that I used. But I moved to Linux before getting seriously into FDE. And I was never moved to research TrueCrypt's pedigree. Arguably it's about as relevant to TrueCrypt 7.1 as Bell Labs' UNIX is to Windows, OS X or Linux. While I'm sure that traces remain in the code, inherited backdoors and/or zero-days are unlikely.

 

well thank you for all the info on SecureStar guess me recommending drivecrypt as a possible alternative not the best !

I still like DC and TC but will look into this bestcrytp from jetico

edit: just looked over at the features on the jetico website, don't see hidden os or FDE feature.....

Has hidden volumes though so still interesting.

 

Care to prove your point?

 

I try. Look at http://www.pa.msu.edu/reference/pgpdoc2.html and search for IDEA. Also: http://www.media-crypt.com/ and http://searchsecurity.techtarget.com/definition/International-Data-Encryption-Algorithm Above all, I wonder why nobody else (except Jetico) is using IDEA?

 

I can't find the academic papers with a cursory search, but http://cmrr.ucsd.edu/people/Hughes/documents/DataSanitizationTutorial.pdf makes interesting reading.

A snippet:

(My bold, paranoids please note the order of events).

From this we deduce that, absent any reallocated sectors (easily determined by reading out the S.M.A.R.T data)*, a single on-track overwrite of the entire drive by other means is just as effective. Encrypting in-place performs such an overwrite as part of the encryption process, no further drive wiping required.

I've discounted things like host protected areas, which SE would get, but encryption or a software based wipe won't, in the real world they contain nothing sensitive unless the user himself set them up and put something sensitive there.

Now, since I expect the paranoids to all start shouting:

It's quite simple, for anything secret, non-technical idiots (read management) are requred to be present and confirm proper destruction of the secret data has taken place, rather than train them to spend lots of expensive overremunerated time ensuring the wipe did occur without error, they specify "is the drive in tiny fragments now?". Even management can determine that. This frees them to pointlessly hassle subordinates in the time saved.

*
In the case where there are reallocated sector(s), it's up to the user to assess for himself if a single (or n) 512/4096 byte block(s) in a population of possibly multiple gigabytes is likely to contain anything sensitive, or if they should wipe/destroy and replace the drive, such users might also want to consider if such a drive is reliable enough for continued use anyway.

 

You might want to read https://www.schneier.com/paper-truecrypt-dfs.pdf before getting too excited about hidden volumes by themselves.
Unless you plan accessing them from a live environment anyway.

 

The paper that you mention is quite old. With today's HDs, the following pattern is (even for EnCase) good enough: Delete with wiping, scheme "One random pass", plus MFT records, plus directory slacks, plus NTFS Transactions Log File, plus unused space in Swap file (unless it is encrypted). A defragmentation software that runs permanently such as PerfectDisk will make it 120% impossible to recover anything (and adds more fun for forensic people).

 

Yes, BestCrypt from Jetico got the hidden volume feature. https://www.jetico.com/products/personal-privacy/bestcrypt-container-encryption then look at enhanced hidden containers.

 

Yes the paper is old, as you point out, it's got even harder to recover data from newer drives since then, and my conclusion from that paper was already "One pass is enough" Since the original question was regarding whole disk encryption, it amounts to one random pass (or the encryption is no good).

 

Yes, please accept my apologies. I missed your point but as you stated you made the correct conclusion. Sorry again.

 

Well, "good enough" is relative. You wouldn't expect highest security environments to refrain from physical destruction. One of the reasons physical destruction is used is because it is essentially impossible to guarantee that storage devices haven't retained information in areas that are inaccessible to host based wiping tools.

If you meant to imply that defragmentation, or defragmentation plus position optimizations, alone, would be a reliable approach I must question that. I think the tool would have to be explicitly designed to assure wiping of things like non-moved file slack, spaces from which files were moved but to which no other files were moved, etc. Does PerfectDisk, for example, explicitly perform those functions [by default]?

 

Nobody realistically expects high security or even big commercial enterprises to use other than drive destruction, the economics of checking and auditing become unrealistic, feeding drives to a shredder while recording the serials is fast.. and very very easy to check the result (big pile of bits). Senior people are expected to witness and sign off on it.. their time is expensive.

 

This is exactly what I was talking about a few days ago in this same thread. I'll never understand it.

I could name tons of ciphers that have "never been broken." I could make one up right now and claim it's "never been broken." Does that mean they're all "the best?"

What's even crazier is, it's not even true about IDEA. It was broken 2 years ago already. (The authors of the paper say their attack does not threaten the practical use of IDEA, but it's hardly true for you to say it's "never been broken", particularly when there are plenty of other ciphers whose strength hasn't been proven to be able to be reduced. (At least not on the full standard rounds, like IDEA was.))

Maybe it's not the best algorithm?

 

You are absolutely correct writing that a file defrag tool would not be sufficient. You need above all a file wiping tool that deletes with wiping (scheme "One random pass"), plus MFT records, plus directory slacks, plus NTFS Transactions Log File. Also, if the Swap file is not encrypted, that should be sanitized as well. I only wanted to say that additional defrag definitely would make recovery impossible (120%). But defrag alone is not appropriate, of course. Yes, and if you would get rid of your machine, physical destruction of the HD clearly is best.

 

@Haggishunter
Personally I think HD destruction might be overkill, not that I have any state secrets, merely normal personal data (and not much of that very personal) wipe drive and reinstall should be plenty to defeat anything short of, and probably including, lab attacks which would cost way more than the value of any data that might be recovered. I probably *would* employ a paranoid scheme, one pass random data, then a second of zeros and check for non zero bytes, purely because verifying a random pass is written correctly is awkward.

 

GeekCrypt: A Secure Fork of TrueCrypt.

I received an email from the tails-support@boum.org mailing list sent by Bill Cox aka waywardgeek@gmail.com announcing the effort.

-- Tom