Best free disk/file encryption with no backdoors?

Discussion in 'privacy technology' started by The Count, Aug 14, 2016.

  1. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    147
    Location:
    France
    What is the best free disk/file encryption with no back doors? Government subpoena resilient. And your reasons?Would open source product necessarily be better? Your views?

    Thanks in advance.
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,088
    Location:
    Brasil
    For which OS? If it's for Windows 7 and 8 there's TrueCrypt 7.1a which has been verified to be free of backdoors. There's also DiskCryptor which is GPL licensed, and VeraCrypt, but neither of these have been audited yet so there's no real guarantee they're free of backdoors. I don't know if TrueCrypt works on Windows 10 with MBR, but it definitely won't work with GPT.

    I use VeraCrypt for Windows 10, and LUKS/Cryptsetup for Linux (already built-in).
     
  3. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    147
    Location:
    France
    For now I need it for Windows 8.1 but for later Linux. Two OS on one
    laptop. I also need to secure my usb sticks and individual files on HD.

    Thanks in advance.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,988
    In Linux, use LUKS. But if you're dual booting, getting TrueCrypt or VeraCrypt to play nice with LUKS is not so easy. Maybe Palancar will chime in :)
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,162
    Chiming in ---- LOL!

    Both TC and VC play very nice with Linux. Since I am using a Linux OS obviously the applications for me (TC and VC) are archival not system disk. For my linux system disks its is LVM on LUKS.

    Opinions may vary but I have looked through as much code as I can, and that is significant on these software products. I prefer to abandon LUKS for my encrypted archives for security accordingly: In my case I commonly store extensive archives off premises to protect against fire, theft, and ultimately adversary acquisition of my data. TC or VC allow for a superb construction of a solid decoy volume, which offsets my risks should an archive end up in the wrong hands. Since I don't own the premises where archives are stored this allows me to be comfortable knowing that any pressure to an "associate" storing this data for me can be eliminated by opening the shell volume. I am masterful at constructing a volume that appears beyond super sensitive. The hidden and true sensitive data will never be discovered unless I make a serious operator error. I would like to think I am beyond those at this point of my software development. [crossed fingers]

    In the strict sense of the word all three encryption models listed in the thread so far appear to be unbreakable if applied correctly. Attacks have been made on all three and they are proven to withstand adversarial assault.

    I would be remiss if I didn't mention a reminder note that YOU the user must be aware of the OS you are using while handling any encryption sofware. If your adversary has access to the OS used while handling those archives the security is all but useless. Examine full encryption of the OS if the encrypted archives and the OS are on the same premises. My .02
     
  6. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    147
    Location:
    France
    How does one go about setting up and implementing this encryption decoy method for Windows 8.1?
     
  7. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    147
    Location:
    France
    Your certain VeraCrypt has no backdoor?

    Would it work if I plug a usb stick or external HD into the linux Virtual Box and use LUKS/Cryptsetup to encrypt files that are wordpad .rtf files?
     
  8. klarm

    klarm Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    76
    Location:
    europe
    think about it, how can anyone be sure?
    better to use (IMO) TC/VC/CS/diskcryptor than bitlocker and similar ;-).
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    It is open-source, so anyone can check it, then again, that does not mean, that anyone did. Like with openssl, there was a vulnerability present for years, because no one bothered to check it out, just saying open source gave it credibility.
     
  10. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    495
    Are you certain *any* FDE software is backdoor free?
     
  11. Yuhler Speertraeger

    Yuhler Speertraeger Registered Member

    Joined:
    Mar 26, 2019
    Posts:
    1
    Location:
    Brazil
    What happened to FreeOTFE? It used to work fine on XP but newer Windows versions do not load the unsigned drivers that come in the package. Does anyone know if signed drivers are available for it?
     
  12. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    98
    The problem with backdoors is not very likely in the encryption software but is certain to be in Windows. At least that is why I believe TrueCrypt shut down. The TC developers realized that it was all too easy to get around the encryption in Windows. For example, the volume master key is supposed to stay in memory, never being written to disk, but that is not guaranteed by Microsoft. Also, law enforcement officers, private detectives etc.. can use any number of tactics to hack your machine and install backdoor tools on your machine if they are determined.
    So, if you must use Windows, and want to encrypt really important stuff, use a PE boot disk like TAILS and make sure your machine is never out of your possession. OR, use LINUX
     
  13. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    418
    Location:
    Dallas, TX
  14. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,162
    Lets just examine the archive of data on an external hard drive. I am not discussing Windows system disks where security is concerned (its pointless). As stated several posts up I have decided to use VC 1.19 on 100% Linux system disks for external media volume creation. The issues of backdoors, in my opinion, are not the primary concern. I am more concerned about the stability of the algo used to create the volumes being "crackable" by 3 letter agencies. I have spent a great deal of time comparing LUKS vs VC strictly and solely for the purpose of archiving data off premises. I use LUKS exclusively for my LVM on LUKS system disks. I do not use the customary header hardness nor do I use the default AES algo, both of these on my systems are custom configs. I have looked through the code and was very involved with TC (LTRM) and beyond on those old forums.

    Rambling yep. It comes down to this for me. As off premises archives I have coded hidden volumes with the "good stuff" and yet my shell/decoys are very very convincing. I have done this not only to protect myself but my "associates" from the 5 dollar wrench adversary. My outer/shell volume is formatted with a file system that conventional VC would not support a hidden volume within. Therefore with public code there can be NO hidden volume.

    Its a toss up LUKS vs VC for archives. The hidden volume (that cannot exist according to VC filesystem code) sways me to go that route as opposed to straight LUKS. I believe that either will hold up as long as you are not in a "5 dollar wrench" scenario.
     
  15. BriggsAndStratton

    BriggsAndStratton Registered Member

    Joined:
    Aug 28, 2018
    Posts:
    63
    Location:
    A Galaxy Far Far Away.
    I, have FileVault2 FDE turned on on my MAC, and change my password regularly. It uses AES-128-XTS which is good enough for my needs. If it was discovered that there was a back door, o oh, for Apple.
     
  16. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,312
    Location:
    Here, There and Everywhere
    Sarah Dean went missing from the scene in 2011/2012. Some that claimed to know her said she passed away. She was a very talented cryptographer and left behind remnants of several projects she was involved with when all communications from her ceased. There was a fork called "LibreCrypt" that was introduced on github by TDK for one summer in 2015. It too was dropped and that's the last of what was Sarah's original FreeOTFE. Excellent software, no question.
     
  17. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    45
    There were some possible work-arounds for 64-bit Vista and Win7 apparently.
    (I haven't tried them myself.)

    Additional Information for Windows Vista x64 and Windows 7 x64 Users Only
    https://web.archive.org/web/2013012...docs/Main/impact_of_kernel_driver_signing.htm

    Excerpt:

    "Fortunately, there are a number of methods of loading unsigned drivers
    under Windows Vista x64/Windows 7 x64, without having to pay for a digital
    certificate, and these are summarised below.

    As a consequence, it is possible to use FreeOTFE under Vista x64/Windows 7
    x64 by using the methods shown as be successful below "
     
  18. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    Viena
    I'm still using DiskCryptor and in my experience it works very well on windows 10 and modern hardware, when you have a UEFI system you can back the partitions up change the partition layout to MBR and restore the system, and it will boot in BIOS mode no need to reinstall it.

    Now are there down sides, well one, restoring from hibernation takes forever on my new thinkpad. I think the issue here is that the CSM is not implemented in a very performant way, so adding UEFI support to DC would be something to aim for.

    Also DC compiles with VS2017 and an up to date windows10 WDK fine, just a few fixes needed: https://github.com/DavidXanatos/DiskCryptor
     
    Last edited: Apr 22, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.