TrueCrypt 6.1 is out

One of the features I was looking forward to has been added to TrueCrypt; Security Tokens.

I first understood this to mean a keyfile could be stored on a device like a USB flash drive and used for preboot authentication but, It seems it's more involved than that.

 

Nice, but "Ability to encrypt a non-system partition without losing existing data on the partition" does not work on XP what makes it useless to 90% of advanced users and companies.
Cause those are going to skip vista and never use it.

http://forums.truecrypt.org/viewtopic.php?t=13380

EDIT: Great the thread was already closed with no statement about the suggested ways to enable this features for XP

Just in case the TC forum thread gets deleted, here the 2 ways to get the said feature for XP:

1. TC supports VSS only for the system partition and I presume it wont work for non system partitions encrypted in place cause those are going to be turned into normal TC volumes and not that transparently en/decrypted as the system volume is.
Adding the above requested ability would also benefit all this Vista users out there.

2. XP always leaves 8 MB or so free after the last partition, any assuming you have only one partition on your HDD or its the last one this feature could work just fine for XP without the need to resizing the FS.

 

David -

Lets see. TC Forum closes immediately a thread that points out a shortcomming in TC. Why does this not surprise me anymore? I'm still using v5.1a, and I see no compelling reason at this point to upgrade at all. I am seriously losing faith in the project based on their community interaction. As far as I'm concerned, the Admins on the forums are the 'face' of TC even if they are not the devs themselves, I'm losing faith in the devs for not doing anything about the admins.

 

I agree, TC is not acting in good faith, if they gag their fora.

 

I have also been gagged there, for suggesting their bootloader with truecrypt 20 places in big letters all over it, that asks for my "hidden or decoy os password" might just be a small tipoff that there is infact a hidden os

edit: thankfully, this is fixed in 6.1

 

AAAARRRGGGHHHH !!!!!

Header backups still not working !!

How long has that been a bug ?

 

Maby we should make a list of stuff that should be in the next TC release and post it in form of a petition on thair forum, and get as many users as possible to post there, in case the thread gets closed reopen it by a different user.
imho some kind of a polite online demonstration.

Lets start the list :
1. repair Header backups
2. implace encryption for XP (point 2 of my early post)
3. inplace reencryption with an other headre key
4. VSS support (a real one or point 1 of my early post)
5. native support for rescue USB stick instead of a CD/DVD
6. if feasable keyfiles form USB/floppy
7. soft reboot capability without entering the PW (storred in ram or HDD or usb/floppy and after use erased)
8. option to dissable the write protection in the hidden OS for unhidden/unencrypted drives (not every ones thread model includes an skilled forensic expert, and finaly the user should have the choice)
9. mounting TC volumes as into empty NTFS folders without the need to 1st mount them with a drive letter

ofcause all this sugestions are open for discussion and you are welcome to add your own.

 

There are some good suggestions there DavidXanatos. I would like to see them implemented into TC.

I hope they haven’t forgotten the CD/DVD RAW option they have on their “to do” list.

However I wish they would fix all known bugs first before adding any more functionality !

 

Yea, but the question is how to convince the TC devs to implement this suggestions

 

What TC shortcoming? It doesn't point out any TC shortcoming. Obviously, the thread is a Vista flame war and the poster complains about XP not being able to shrink a filesystem (unlike Vista). Again, no TC shortcoming (it's XP's shortcoming).

The thread was obviously locked because it was a good old Vista flame war (it was not deleted).

KookyMan you're a true troll. Seriously.

 

Its a shortcoming of TC because there are 2 good ways to implement this feature for XP without the need to enabling TC to shring the FS.

In fact my proposal 2 for XP is simple to implement than what they did for vista, cause it basically the same what TC does under vista but just without resizing the FS but the partition instead (what is an easyer task), leaving it up to the user to make the needed space.

And as writen in the original thread from my proposal 1 also vista users would benefit and is also very simple cause all the needed mechanisms already ware implemented for the OS HDD.

 

The thread is an off-topic Vista flame war. Any decent admin would lock an off-topic flame war.

TC has introduced a new feature that requires Vista. I see no shortcoming (except for the shortcoming of Windows XP).

 

Well, do you try to start a flamewar?

It actually does not Mather whos shortcoming it is the only thing mathers is that they could implement this feature for the 70% of XP users out there with minimal afford, but they decided not to, for what ever non technical reason.

And thats not a polite way to manage an project of that magnitude, imho they are turning their backs on 70% of their users, as said before implementing that for XP is as easy as for vista actually even bit easer.

 

Maybe not so polite.

You can always try to spread the word about truecrypt.

If there are bugs, security flaws you can ask people like

Bruce Schneier http://www.schneier.com/blog/
Steve Gibson http://www.grc.com/securitynow.htm
Leo Laporte http://leoville.com/
The EFF http://www.eff.org/search?text=truecrypt

to investigate, write reviews about truecrypt.

You can always take your case to those that have reviewed truecryt in the past. See if they are interested in updated information.

You can always add your security concerns to
http://en.wikipedia.org/wiki/Truecrypt

 

Is that necessary when you have a rescue.iso? Don´t think so.

 

I think you are misunderstanding what header backups I am talking about. Hidden container ones.

 

SecMonk,

Before you call me a troll (a complete first for me on any forum) I was not referring to only this posting. The TC Forums have started to lose a lot of threads lately. In fact, a couple months ago, the forum was closed for about 30-45 days, and when it came back online, a large number of threads had been deleted. Some that were against the 'new' rules (some of which make little obvious sense), and others that were just critical of TC. Actually they deleted a number of "why have the forums been down?" threads as well.

 

Yep, misunderstood by me, alright.

I encrypted a 250 Gigs Harddisk @ 2 x 3,8 Ghz Core2 it took 3 hours then I analyzed the look of the raw file system and saw no real difference in relation to a unencrypted volume except that the file system was unformatted in partition editors and the whole hd was filled. Could it be possible that the encryption process takes place inside ntfs file system? I mean a encapsulated thing inside ntfs but Raw remains untouched??!Other assumption: A supervised raw layer over true encryption?! Possible that someone created such a thing?
Imho I could see stealth communications in raw file systems without touching the internet, I only checked ntfs fs. It doesn´t seem that TrueCrypt goes to the bottom of the root something takes place on a deeper seat, spooky thing.
I don´t mean the boot sector but most raw filled stuff behind sector0 like if it´d encapsulate all filled things you have on your hd incl. tc encryption. Sort of stealth HD-Supervisor.
Personally I only feel good if the whole harddisk is filled with zeroes and I can verify this with a look onto the raw fs. It would be damn cool if TrueCrypt would use a raw marker that I could distinguish their encryption from other raw data on harddisk. I mean that I can see that nothing evil from the hardware or e.g. low/high freq.(lf, hf) radio or dsp signal stuff (e.g. Echelon) encapsulates truecrypts encryption.

 

Same here. I'm tied down to version 5a and from the looks of things, that might be for times indefinite. O Well.

EASTER

 

Some of this just confused me, but let me weed out the parts that I think I understand.

Something to keep in mind is that TC's goal is to have any encrypted container appear as random data, and be undetectable. It's easy to make something detectable on purpose, but they decided against it so you can't prove that it is encrypted data.

TC Encryption takes place outside of NTFS, so I'm not getting that question/statement.

 

So you mean it is the raw data that I see on the harddisk but this random raw data looks not random it looks systematic like a stealth bot system. I see a system call me insane but I see a stealth system and it looks nearly exactly like the covert vpn channel communication when you surf the internet.

Here an Example of the raw data from the harddisk I encrypted with tc 6.1 (I also erased HPA with tc):
http://i35.tinypic.com/iwrhck.jpg Some know it also as SUS Zombie, I wonder why there is always the word JOD? They use several catchwords, that is no random data imho, rather looks like Echelon, stealth bot stuff or another idea: Bios rootkit with (virtual) layered file system that encapsulates tc encryption.
That´s why it´d be cool if one could set a marker to see TC in raw e.g. like:
----------THIS IS TC ENCRYPTED------------- or at least the option to verify if everything really worked and the possibility to remove such markers if everything is okay.

 

I presume you was watching on your HDD from withing the booted encrypted OS, here of cause you was shown the encrypted plain text data my your HDD editor cause the TC driver transparently en/de crypts the HDD content when the OS kernel accesses the HDD.
To see the Encrypted data you have to boot some other OS for example WinPE from a CD and then look on your encrypted HDD.

Basically don't make any assumptions, it you don't necessary have to, in case of TC you don't, just read the source code it stays exactly what its doing, and how it works.

 

No not true, I accessed the raw hd from external media and from outside to analyze its content.

But if eeprom or bios of the board would be compromised it also could set a layer
over the usual file system that was one idea because it happens during cold boot that this system is automatically reset three times until default bios settings are back, three times because a real dualbios is present, so something @hardware level wants to force the bios defaults or its own pre-bootcode defaults.

 

Hi Could someone enlighten me as to which is the last version where header backup worked? I have used 6.1 now. Will I be able to go back to a previous version without having to re-encrypt?

Thanks for your help.

 

Last time I knew, 5.1 has no problems in the backup department, however because of a fundimental design change of the containers, v5 is not compatable with v6 containers.