I have many computers encrypted with Truecrypt 7.1a (current version) with the whole drive encrypted. Today one of them shows the Windows 7 splash screen for a moment and then goes into startup repair which can't read the encrypted drive. I've tried the various safe modes and what not.
The solution is to decrypt the drive and then run startup repair to fix the drive. The problem is that is going to take 50 hours. I've started that process for this situation but I need to have a way to cover myself when this happens to the next PC.
What can I do to avoid decrypting the whole drive? I can't be the only one facing this problem so I feel like I must be missing something.
Thanks!
8 Answers
If you're quick enough, you can hit the [F8] button immediately after pressing Enter (after entering your TrueCrypt password) and it will give you the ability to repair your computer or enter any of the safe modes, etc.
Just verified it using Windows 7 Professional and TrueCrypt 7.1.
If Windows is damaged and cannot start, [..]
Note: Alternatively, if Windows is damaged (cannot start) and you need to repair it (or access files on it), you can avoid decrypting the system partition/drive by following these steps: Boot another operating system, run TrueCrypt, click Select Device, select the affected system partition, select System > Mount Without Pre-Boot Authentication, enter your pre-boot-authentication password and click OK. The partition will be mounted as a regular TrueCrypt volume (data will be on-the-fly decrypted/encrypted in RAM on access, as usual).
You can partition the 500gb disk to 50gb system partition or something like that, then you just have to decrypt 50gb(only the system disk/partition).
You should have access to the Truecrypt portal that will give you a master key for that HD.
Take take the HD out of current workstation and use it on different workstation.
Unlock it with the key and repair.
*Intel i-series can make a critical issues with encrypting software.
The problem you are encountering with using from another computer the Select Devicecommand with 'Mount Without Pre-Boot Authentication'might be a bug in the latest version 7.1 of TrueCrypt.
From TrueCrypt Forums Accessing TrueCrypt-encrypted System Volume while Connected Externally :
Known Issues
Affects: TrueCrypt 7.1 for Windows
Issue: Volumes cannot be mounted by selecting System > Mount Without Pre-Boot Authentication.
Workaround: Until this bug is fixed, you can work around it by following these steps:
- Click Mount.
- Click Mount Options
- Enable 'Mount partition using system encryption without pre-boot authentication'
The best way is to decrypt the Drive/Partition with True Crypt Recovery CD (Created during encryption), then repair the Windows. This is work great.
The [F8] trick did not work for me and neither did Startup Repair but this was a one line fix to be able to boot again:
bcdboot c:Windows /l en-us /s c:
I feel strongly that this would work before decrypting, but since I had already decrypted before finding this command, I don't know for sure. It took 2 days for researching via a phone, backing up the drive, then permanently decrypting via Truecrypt boot loader, but it did work.
To execute, get to the Windows recovery environment using Startup Repair or a Win 7 cd, mount truecrypt using UBCD4Win (or perhaps from a flash drive may be easier) and run that command above on the letter drive you've selected to mount on.
Props to OP: https://superuser.com/a/937292/551538
If anyone has a way to re-encrypt a system (decoy) partition (1) in a hidden OS configuration I'd love your opinion. Right now it seems like it will prevent my ability to boot to one of the OS's.
You could always run on the encrypted drive.I have been successful in doing so in similar situations inc startup fail and bsod.
Not the answer you're looking for? Browse other questions tagged windows-7windowshard-driveencryptiontruecrypt or ask your own question.
Jump to navigationJump to searchDeveloper(s) | TrueCrypt Foundation |
---|---|
Initial release | February 2004; 15 years ago[1] |
Final release | 7.2 / May 28, 2014; 4 years ago[2] |
Written in | C, C++, Assembly[3] |
Operating system | Windows, macOS, Linux[3] |
Size | 3.30 MB |
Available in | 38 languages[4] |
English, Arabic, Basque, Belarusian, Bulgarian, Burmese, Catalan, Chinese (Simplified), Chinese (Hong Kong), Chinese (Taiwan), Czech, Danish, Dutch, Estonian, Finnish, French, Georgian, German, Greek, Hungarian, Indonesian, Italian, Japanese, Korean, Latvian, Norwegian (Nynorsk), Persian, Polish, Portuguese (Brazil), Russian, Slovak, Slovenian, Spanish, Swedish, Turkish, Ukrainian, Uzbek (Cyrillic), Vietnamese | |
Type | Disk encryption software |
License | TrueCrypt License 3.1 (source-availablefreeware) |
Website | www.truecrypt.org |
TrueCrypt is a discontinued source-availablefreewareutility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication).
On 28 May 2014, the TrueCrypt website announced that the project was no longer maintained and recommended users find alternative solutions. Though development of TrueCrypt has ceased, an independent audit of TrueCrypt (published in March 2015) has concluded that no significant flaws are present.[5]
Alternatives include a freeware project based on the TrueCrypt code, VeraCrypt, as well as numerous other commercial and open-source products.
- 1History
- 1.4Alternatives
- 2Operating systems
- 3Encryption scheme
- 4Plausible deniability
- 5Performance
- 6Security concerns
- 8Legal cases
- 9License and source model
- 13External links
History[edit]
TrueCrypt was initially released as version 1.0 in February 2004, based on E4M (Encryption for the Masses). Several versions and many additional minor releases have been made since then, with the most current version being 7.1a.[1]
E4M and SecurStar dispute[edit]
Original release of TrueCrypt was made by anonymous developers called 'the TrueCrypt Team'.[6] Shortly after version 1.0 was released in 2004, the TrueCrypt Team reported receiving email from Wilfried Hafner, manager of SecurStar, a computer security company.[7] According to the TrueCrypt Team, Hafner claimed in the email that the acknowledged author of E4M, developer Paul Le Roux, had stolen the source code from SecurStar as an employee.[7] It was further stated that Le Roux illegally distributed E4M, and authored an illegal license permitting anyone to base derivative work on the code and distribute it freely. Hafner alleges all versions of E4M always belonged only to SecurStar, and Le Roux did not have any right to release it under such a license.[7]
This led the TrueCrypt Team to immediately stop developing and distributing TrueCrypt, which they announced online through usenet.[7] TrueCrypt Team member David Tesařík stated that Le Roux informed the team that there was a legal dispute between himself and SecurStar, and that he received legal advisement not to comment on any issues of the case. Tesařík concluded that should the TrueCrypt Team continue distributing TrueCrypt, Le Roux may ultimately be held liable and be forced to pay consequent damages to SecurStar. To continue in good faith, he said, the team would need to verify the validity of the E4M license. However, because of Le Roux's need to remain silent on the matter, he was unable to confirm or deny its legitimacy, keeping TrueCrypt development in limbo.[7][8]
Thereafter, would-be visitors reported trouble accessing the TrueCrypt website, and 3rd party mirrors appeared online making the source code and installer continually available, outside of official sanction by the TrueCrypt Team.[9][10]
In the FAQ section of its website, SecurStar maintains its claims of ownership over both E4M and Scramdisk, another free encryption program. The company states that with those products, SecurStar 'had a long tradition of open source software', but that 'competitors had nothing better to do but to steal our source code', causing the company to make its products closed-source, forcing potential customers to place a substantial order and sign a non-disclosure agreement before being allowed to review the code for security.[11]
Le Roux himself has denied developing TrueCrypt in a court hearing in March 2016, in which he also confirmed he had written E4M.[12] On the other hand, he did reportedly order employees of his around 2007 to encrypt their hard drives with E4M, later with TrueCrypt.[13]
Version 2.0[edit]
Months later on 7 June 2004, TrueCrypt 2.0 was released.[1] The new version contained a different digital signature from that of the original TrueCrypt Team, with the developers now being referred to as 'the TrueCrypt Foundation.' The software license was also changed to the open sourceGNU General Public License (GPL). However, given the wide range of components with differing licenses making up the software, and the contested nature of the legality of the program's release, a few weeks later on 21 June, version 2.1 was released under the original E4M license to avoid potential problems relating to the GPL license.[1][14]
Version 2.1a of the software was released on 1 October 2004 on truecrypt.sourceforge.net
sub-domain.[1] By May 2005, the original TrueCrypt website returned and truecrypt.sourceforge.net
redirected visitors to truecrypt.org
.
End of life announcement[edit]
On 28 May 2014, the TrueCrypt official website, truecrypt.org
, began redirecting visitors to truecrypt.sourceforge.net
with a HTTP 301 'Moved Permanently' status, which warned that the software may contain unfixed security issues, and that development of TrueCrypt was ended in May 2014, following Windows XP's end of support. The message noted that more recent versions of Windows have built-in support for disk encryption using BitLocker, and that Linux and OS X had similar built-in solutions, which the message states renders TrueCrypt unnecessary. The page recommends any data encrypted by TrueCrypt be migrated to other encryption setups and offered instructions on moving to BitLocker. The SourceForge project page for the software at sourceforge.net/truecrypt
was updated to display the same initial message, and the status was changed to 'inactive.'[15] The page also announced a new software version, 7.2, which only allows decryption.
Initially, the authenticity of the announcement and new software was questioned.[16][17][18] Multiple theories attempting to explain the reason behind the announcement arose throughout the tech community.[19][20][3]
Shortly after the end of life announcement of TrueCrypt, Gibson Research Corporation posted an announcement titled 'Yes.. TrueCrypt is still safe to use' and a Final Release Repository to host the last official non-crippled version 7.1 of TrueCrypt.[3]
Alternatives[edit]
TrueCrypt may still be used on supported platforms.[21] There are at least two TrueCrypt forks, one Free Software re-implementation as well as open-source and commercial alternatives.
CipherShed[edit]
As of June 2014, there is also a software fork named CipherShed, with resources and infrastructure funded[22] by truecrypt.ch
,[23][24] developed by CipherShed.org
, and audited by a crowdfunded security audit team (c.f. § Security audits).[25]
VeraCrypt[edit]
VeraCrypt is a fork of TrueCrypt. Security improvements have been implemented and issues raised by the TrueCrypt code audit just before the TrueCrypt developers retired have been addressed.
tc-play[edit]
tc-play is an independently-developed open-source implementation of the TrueCrypt format.[26] It is a freecommand-line implementation available for Linux and DragonFly BSD under BSD license.[27][28] Its disk encryption method and container format are managed by Linux Kernel via dm-crypt module.[29][30] ZuluCrypt, a graphical front end for tc-play,[31] is available on several Linux distributions.[32]
Operating systems[edit]
TrueCrypt supports Windows, OS X and Linux operating systems.[33] Both 32-bit and 64-bit versions of these operating systems are supported, except for Windows IA-64 (not supported) and Mac OS X 10.6 Snow Leopard (runs as a 32-bit process).[33] The version for Windows 7, Windows Vista, and Windows XP can encrypt the boot partition or entire boot drive.[34]
Independent implementations[edit]
There is an independent, compatible[27][28] implementation, tcplay, for DragonFly BSD[27] and Linux.[28][35]
The Dm-crypt module included in default Linux kernel supports a TrueCrypt target called 'tcw' since Linux version 3.13.[30][36][37]
Encryption scheme[edit]
Algorithms[edit]
Individual ciphers supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent.[38] The cryptographic hash functions available for use in TrueCrypt are RIPEMD-160, SHA-512, and Whirlpool.[39]
Modes of operation[edit]
TrueCrypt currently uses the XTSmode of operation.[40] Prior to this, TrueCrypt used LRW mode in versions 4.1 through 4.3a, and CBC mode in versions 4.0 and earlier.[1] XTS mode is thought to be more secure than LRW mode, which in turn is more secure than CBC mode.[41]
Although new volumes can only be created in XTS mode, TrueCrypt is backward compatible with older volumes using LRW mode and CBC mode.[1] Later versions produce a security warning when mounting CBC mode volumes and recommend that they be replaced with new volumes in XTS mode.
Keys[edit]
The header key and the secondary header key (XTS mode) are generated using PBKDF2 with a 512-bitsalt and 1000 or 2000 iterations, depending on the underlying hash function used.[42]
Plausible deniability[edit]
TrueCrypt supports a concept called plausible deniability,[43] by allowing a single 'hidden volume' to be created within another volume.[44] In addition, the Windows versions of TrueCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.[45]
The TrueCrypt documentation lists many ways in which TrueCrypt's hidden volume deniability features may be compromised (e.g. by third party software which may leak information through temporary files, thumbnails, etc., to unencrypted disks) and possible ways to avoid this.[46] In a paper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The study suggested the addition of a hidden operating system functionality; this feature was added in TrueCrypt 6.0. When a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks.[45] The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released.[47]
There was a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks.[48]
Identifying TrueCrypt volumes[edit]
When analyzed, TrueCrypt volumes appear to have no header and contain random data.[49] TrueCrypt volumes have sizes that are multiples of 512 due to the block size of the cipher mode[40] and key data is either 512 bytes stored separately in the case of system encryption or two 128kB headers for non-system containers.[50] Forensics tools may use these properties of file size, apparent lack of a header, and randomness tests to attempt to identify TrueCrypt volumes.[51] Although these features give reason to suspect a file to be a TrueCrypt volume, there are, however, some programs which exist for the purpose of securely erasing files by employing a method of overwriting file contents, and free disk space, with purely random data (i.e. 'shred' & 'scrub'[52]), thereby creating reasonable doubt to counter pointed accusations declaring a file, made of statistically random data, to be a TrueCrypt file.[43][53]
If a system drive, or a partition on it, has been encrypted with TrueCrypt, then only the data on that partition is deniable. When the TrueCrypt boot loader replaces the normal boot loader, an offline analysis of the drive can positively determine that a TrueCrypt boot loader is present and so lead to the logical inference that a TrueCrypt partition is also present. Even though there are features to obfuscate its purpose (i.e. displaying a BIOS-like message to misdirect an observer such as, 'Non-system disk' or 'disk error'), these reduce the functionality of the TrueCrypt boot loader and do not hide the content of the TrueCrypt boot loader from offline analysis.[54] Here again, the use of a hidden operating system is the suggested method for retaining deniability.[45]
Performance[edit]
TrueCrypt supports parallelized[55]:63 encryption for multi-core systems and, under Microsoft Windows, pipelined read/write operations (a form of asynchronous processing)[55]:63 to reduce the performance hit of encryption and decryption. On newer processors supporting the AES-NI instruction set, TrueCrypt supports hardware-accelerated AES to further improve performance.[55]:64 The performance impact of disk encryption is especially noticeable on operations which would normally use direct memory access (DMA), as all data must pass through the CPU for decryption, rather than being copied directly from disk to RAM.
In a test carried out by Tom's Hardware, although TrueCrypt is slower compared to an unencrypted disk, the overhead of real-time encryption was found to be similar regardless of whether mid-range or state-of-the-art hardware is in use, and this impact was 'quite acceptable'.[56] In another article the performance cost was found to be unnoticeable when working with 'popular desktop applications in a reasonable manner', but it was noted that 'power users will complain'.[57]
Incompatibility with FlexNet Publisher and SafeCast[edit]
How can i work in visualizer 3d okm. Installing third-party software which uses FlexNet Publisher or SafeCast (which are used for preventing software piracy on products by Adobe such as Adobe Photoshop) can damage the TrueCrypt bootloader on Windows partitions/drives encrypted by TrueCrypt and render the drive unbootable.[58] This is caused by the inappropriate design of FlexNet Publisher writing to the first drive track and overwriting whatever non-Windows bootloader exists there.[59]
Security concerns[edit]
TrueCrypt is vulnerable to various known attacks which are also present in other software-based disk encryption software such as BitLocker. To prevent those, the documentation distributed with TrueCrypt requires users to follow various security precautions.[60] Some of those attacks are detailed below.
Encryption keys stored in memory[edit]
TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt.[61]
Physical security[edit]
TrueCrypt documentation states that TrueCrypt is unable to secure data on a computer if an attacker physically accessed it and TrueCrypt is used on the compromised computer by the user again (this does not apply to a common case of a stolen, lost, or confiscated computer).[62] The attacker having physical access to a computer can, for example, install a hardware/software keylogger, a bus-mastering device capturing memory, or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. Attacks such as this are often called 'evil maid attacks'.[63]
Malware[edit]
TrueCrypt documentation states that TrueCrypt cannot secure data on a computer if it has any kind of malware installed. Malware may log keystrokes, thus exposing passwords to an attacker.[64]
The 'Stoned' bootkit[edit]
The 'Stoned' bootkit, an MBRrootkit presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009,[65][66] has been shown capable of tampering TrueCrypt's MBR, effectively bypassing TrueCrypt's full volume encryption.[67][68][69][70][71] Potentially every hard disk encryption software is affected by this kind of attack if the encryption software does not rely on hardware-based encryption technologies like TPM, or if the attack is made with administrative privileges while the encrypted operating system is running.[72][73]
Two types of attack scenarios exist in which it is possible to maliciously take advantage of this bootkit: in the first one, the user is required to launch the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to hardware keyloggers, a malicious person needs physical access to the user's TrueCrypt-encrypted hard disk: in this context this is needed to modify the user's TrueCrypt MBR with that of the Stoned bootkit and then place the hard disk back on the unknowing user's PC, so that when the user boots the PC and types his/her TrueCrypt password on boot, the 'Stoned' bootkit intercepts it thereafter because, from that moment on, the Stoned bootkit is loaded before TrueCrypt's MBR in the boot sequence. The first type of attack can be prevented as usual by good security practices, e.g. avoid running non-trusted executables with administrative privileges. The second one can be successfully neutralized by the user if he/she suspects that the encrypted hard disk might have been physically available to someone he/she does not trust, by booting the encrypted operating system with TrueCrypt's Rescue Disk instead of booting it directly from the hard disk. With the rescue disk, the user can restore TrueCrypt's MBR to the hard disk.[74]
Trusted Platform Module[edit]
The FAQ section of the TrueCrypt website states that the Trusted Platform Module (TPM) cannot be relied upon for security, because if the attacker has physical or administrative access to the computer and you use it afterwards, the computer could have been modified by the attacker e.g. a malicious component—such as a hardware keystroke logger—could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, TrueCrypt will not support the TPM.[73]
Security audits[edit]
In 2013 a graduate student at Concordia University published a detailed online report, in which he states that he has confirmed the integrity of the distributed Windows binaries of version 7.1a.[75]
A crowdfunding campaign attempting to conduct an independent security audit of TrueCrypt was successfully funded in October 2013. A non-profit organization called the Open Crypto Audit Project (OCAP) was formed, calling itself 'a community-driven global initiative which grew out of the first comprehensive public audit and cryptanalysis of the widely used encryption software TrueCrypt'.[76] The organization established contact with TrueCrypt developers, who welcomed the audit.[77][78] Phase I of the audit was successfully completed on 14 April 2014, finding 'no evidence of backdoors or malicious code'. Matthew D. Green, one of the auditors, added 'I think it's good that we didn't find anything super critical.'[79]
One day after TrueCrypt's end of life announcement, OCAP confirmed that the audit would continue as planned, with Phase II expected to begin in June 2014 and wrap up by the end of September.[80][81] The Phase II audit was delayed, but was completed 2 April 2015 by NCC Cryptography Services. This audit 'found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.'[82][83][84] The French National Agency for the Security of Information Systems (ANSSI) stated that while TrueCrypt 6.0 and 7.1a have previously attained ANSSI certification, migration to an alternate certified product is recommended as a precautionary measure.[85]
According to Gibson Research Corporation, Steven Barnhart wrote to an email address for a TrueCrypt Foundation member he had used in the past and received several replies from 'David'. According to Barnhart, the main points of the email messages were that the TrueCrypt Foundation was 'happy with the audit, it didn't spark anything', and that the reason for the announcement was that 'there is no longer interest [in maintaining the project].'[86]
According to a study released 29 September 2015, TrueCrypt includes two vulnerabilities in the driver that TrueCrypt installs on Windows systems allowing an attacker arbitrary code execution and privilege escalation via DLL hijacking.[87] In January 2016, the vulnerability was fixed in VeraCrypt,[88] but it remains unpatched in TrueCrypt's unmaintained installers.
Legal cases[edit]
Operation Satyagraha[edit]
In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the help of the FBI, who used dictionary attacks against Dantas' disks for over 12 months, but were still unable to decrypt them.[89][90]
United States v. John Doe[edit]
In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives.[91][92] The court's ruling noted that FBI forensic examiners were unable to get past TrueCrypt's encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe's Fifth Amendment right to remain silent legally prevented the Government from making him or her do so.[93][94]
David Miranda[edit]
On 18 August 2013 David Miranda, partner of journalist Glenn Greenwald, was detained at London's Heathrow Airport by Metropolitan Police while en route to Rio de Janeiro from Berlin. He was carrying with him an external hard drive said to be containing sensitive documents pertaining to the 2013 global surveillance disclosures sparked by Edward Snowden. Contents of the drive were encrypted by TrueCrypt, which authorities said 'renders the material extremely difficult to access.'[95] Detective Superintendent Caroline Goode stated the hard drive contained around 60 gigabytes of data, 'of which only 20 have been accessed to date.' She further stated the process to decode the material was complex and 'so far only 75 documents have been reconstructed since the property was initially received.'[95]
Guardian contributor Naomi Colvin concluded the statements were misleading, stating that it was possible Goode was not even referring to any actual encrypted material, but rather deleted files reconstructed from unencrypted, unallocated space on the hard drive, or even plaintext documents from Miranda's personal effects.[96] Glenn Greenwald supported this assessment in an interview with Democracy Now!, mentioning that the UK government filed an affidavit asking the court to allow them to retain possession of Miranda's belongings. The grounds for the request were that they could not break the encryption, and were only able to access 75 of the documents that he was carrying, which Greenwald said 'most of which were probably ones related to his school work and personal use.'[97]
James DeSilva[edit]
In February 2014, an Arizona Department of Real Estate IT department employee, James DeSilva, was arrested on charges of sexual exploitation of a minor through the sharing of explicit images over the Internet. His computer, encrypted with TrueCrypt, was seized, and DeSilva refused to reveal the password. Forensics detectives from the Maricopa County Sheriff's Office were unable to gain access to his stored files.[98]
Lauri Love[edit]
In October 2013, British–Finnish activist Lauri Love was arrested by the National Crime Agency (NCA) on charges of hacking into a US department or agency computer and one count of conspiring to do the same.[99][100][101] The government confiscated all of his electronics and demanded he provide them with the necessary keys to decrypt the devices. Love refused. On 10 May 2016 a District Judge (Magistrate's Court) rejected a request by the NCA that Love be forced to turn over his encryption keys or passwords to TrueCrypt files on an SD card and hard drives that were among the confiscated property.[102]
Druking[edit]
In the special prosecutor investigation for Druking in South Korea, the special prosecutor decrypted some of the files encrypted by TrueCrypt by guessing the passphrase.[103][104]
The special prosecutor said the hidden volumes were especially difficult to deal with. He decrypted some of encrypted files by trying words and phrases the druking group had used elsewhere as parts of the passphrase in order to make educated guesses.[105][106][107][108]
License and source model[edit]
TrueCrypt was released under the source-available 'TrueCrypt License' which is unique to the TrueCrypt software.[109][110] It is not part of the panoply of widely used open source licenses and is not a free software license according to the Free Software Foundation (FSF) license list, as it contains distribution and copyright-liability restrictions.[111] As of version 7.1a (the last full version of the software, released Feb 2012), the TrueCrypt License was version 3.0.
Discussion of the licensing terms on the Open Source Initiative (OSI)'s license-discuss mailing list in October 2013 suggests that the TrueCrypt License has made progress towards compliance with the Open Source Definition but would not yet pass if proposed for certification as Open Source software.[111][112]
According to current OSI president Simon Phipps:
..it is not at all appropriate for [TrueCrypt] to describe itself as 'open source.' This use of the term 'open source' to describe something under a license that's not only unapproved by OSI but known to be subject to issues is unacceptable.[111]
As a result of its questionable status with regard to copyright restrictions and other potential legal issues,[113] the TrueCrypt License is not considered 'free' by several major Linux distributions and is therefore not included in Debian,[114] Ubuntu,[115] Fedora,[116] or openSUSE.[117]
The wording of the license raises doubts whether those who use it have the right to modify it and use it within other projects. Cryptographer Matthew Green noted that 'There are a lot of things [the developers] could have done to make it easier for people to take over this code, including fixing the licensing situation', and speculates that since they didn't do those things (including making the license more friendly), their intent was to prevent anyone from building on their code in the future.[118]
End of life and license version 3.1[edit]
28 May 2014 announcement of discontinuation of TrueCrypt also came with a new version 7.2 of the software. Among the many changes to the source code from the previous release were changes to the TrueCrypt License — including removal of specific language that required attribution of TrueCrypt as well as a link to the official website to be included on any derivative products — forming a license version 3.1.[119]
On 16 June 2014, the only alleged TrueCrypt developer still answering email replied to a message by Matthew Green asking for permission to use the TrueCrypt trademark for a fork released under a standard open source license. Permission was denied, which led to the two known forks being named VeraCrypt and Cyphershed as well as a re-implementation named tc-play rather than TrueCrypt.[120][121]
Trademarks[edit]
In 2007 a US trademark for TrueCrypt was registered under the name of Ondrej Tesarik with a company name TrueCrypt Developers Association[122] and a trademark on the 'key' logo was registered under the name of David Tesarik with a company name TrueCrypt Developers Association.[123]
In 2009 the company name TrueCrypt Foundation was registered in the US by a person named David Tesarik.[124] The TrueCrypt Foundation non-profit organization last filed tax returns in 2010,[125] and the company was dissolved in 2014.[citation needed]
See also[edit]
References[edit]
- ^ abcdefg'Version History'. TrueCrypt Foundation. Archived from the original on 8 January 2013. Retrieved 1 October 2009.
- ^'TrueCrypt'.
- ^ abcdGibson, Steve (5 June 2014), TrueCrypt, the final release, archive, Gibson Research Corporation, retrieved 1 August 2014
- ^'Language Packs'. truecrypt.org. TrueCrypt Foundation. Archived from the original on 5 December 2012.
- ^'Open Crypto Audit Project'(PDF).
- ^'Version Information'. TrueCrypt User's Guide, version 1.0. TrueCrypt Team. 2 February 2004. Archived from the original on 5 February 2004. Retrieved 28 May 2014.
- ^ abcdeTrueCrypt Team (3 February 2004). 'P. Le Roux (author of E4M) accused by W.Hafner (SecurStar)'. Newsgroup: alt.security.scramdisk. Usenet:[email protected]. Retrieved 28 May 2014.
- ^David T. (7 February 2004). 'Summary of current TrueCrypt situation..?'. Newsgroup: alt.security.scramdisk. Usenet:[email protected]. Retrieved 28 May 2014.
- ^Carsten Krueger (7 February 2004). 'Truecrypt for David T. from Truecrypt-Team'. Newsgroup: alt.security.scramdisk. Usenet:[email protected]. Retrieved 28 May 2014.
- ^Andraia Matrix (6 February 2004). 'Unofficial TrueCrypt Site'. Newsgroup: alt.security.scramdisk. Usenet:[email protected]. Retrieved 28 May 2014.
- ^'Is the source code of your software available?'. Drivecrypt FAQ. SecurStar. Archived from the original on 2 June 2014. Retrieved 28 May 2014.
- ^Ratliff, Evan (29 April 2016). 'The Next Big Deal'. Retrieved 1 May 2016.
- ^Ratliff, Evan. 'I'm Your Boss Now'. Retrieved 26 April 2016.
- ^'Version History'(PDF). TrueCrypt User's Guide, version 3.1a. TrueCrypt Foundation. 7 February 2005. Archived(PDF) from the original on 30 December 2008. Retrieved 2 March 2017.
- ^tc-foundation (28 May 2014). 'TrueCrypt project page'. SourceForge. Archived from the original on 30 May 2014. Retrieved 30 May 2014.
- ^Goodin, Dan (28 May 2014), ''TrueCrypt is not secure,' official SourceForge page abruptly warns', Ars Technica, Condé Nast, retrieved 28 May 2014
- ^O'Neill, Patrick (28 May 2014). 'TrueCrypt, encryption tool used by Snowden, shuts down due to alleged 'security issues''. The Daily Dot. Retrieved 28 May 2014.
- ^McAllister, Neil (28 May 2014), TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure', The Register, retrieved 29 May 2014
- ^Goodin, Dan (29 May 2014), 'Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above?', Ars Technica, Condé Nasta, retrieved 29 May 2014
- ^Bar-El, Hagai (30 May 2014), The status of TrueCrypt, retrieved 30 May 2014
- ^Bar-El, Hagai (24 July 2014), TrueCrypt Alternatives?, retrieved 25 July 2014
- ^Digest of the first PMC meeting, CipherShed, 4 July 2014, retrieved 27 December 2014
- ^Stahie, Silviu (30 May 2014), TrueCrypt Not Dead, Forked and Relocated to Switzerland, Softpedia, retrieved 30 May 2014
- ^CipherShed: about page, 28 October 2014, retrieved 28 October 2014
- ^Security enthusiasts may revive 'TrueCrypt' encryption tool after mystery shutdown, Rawstory, Reuters, 29 May 2014, retrieved 30 May 2014
- ^Brož, Milan; Matyáš, Václav (17 June 2014), The TrueCrypt On-Disk Format—An Independent View, IEEE, doi:10.1109/MSP.2014.60
- ^ abc'DragonFly On-Line Manual Pages'. DragonFly BSD Project. Retrieved 17 July 2011.
- ^ abc'README'. tc-play. Retrieved 14 March 2014.
- ^'dm-crypt: Linux kernel device-mapper crypto target - IV generators'. cryptsetup. 11 January 2014. Retrieved 13 June 2014.
- ^ ab'index : kernel/git/stable/linux-stable.git - path: root/drivers/md/dm-crypt.c'. Kernel.org cgit. 20 January 2014. Line 241. Retrieved 13 June 2014.
- ^Mhogo Mchungu, zuluCrypt is a front end to cryptsetup and tcplay and it allows easy management of encrypted block devices, retrieved 4 May 2017
- ^Erik Bärwaldt (August 2013), 'Lock and Key', Linux Magazine (153), retrieved 4 May 2017
- ^ ab'Supported Operating Systems'. TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
- ^'Operating Systems Supported for System Encryption'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 8 January 2013. Retrieved 24 May 2014.
- ^'Fedora Review Request: tcplay - Utility to create/open/map TrueCrypt-compatible volumes'. FEDORA. Retrieved 25 January 2012.
- ^'dm-crypt: Linux kernel device-mapper crypto target - IV generators'. cryptsetup. 11 January 2014. Retrieved 10 June 2014.
- ^'[dm-devel] [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers'. redhat.com. Retrieved 17 June 2014.
- ^'Encryption Algorithms'. TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
- ^'Hash Algorithms'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 25 May 2014. Retrieved 24 May 2014.
- ^ ab'Modes of Operation'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 4 September 2013. Retrieved 24 May 2014.
- ^Fruhwirth, Clemens (18 July 2005). 'New Methods in Hard Disk Encryption'(PDF). Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology. Retrieved 10 March 2007.
- ^'Header Key Derivation, Salt, and Iteration Count'. TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
- ^ ab'Plausible Deniability'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 26 February 2008. Retrieved 24 May 2014.
- ^'Hidden Volume'. TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
- ^ abc'Hidden Operating System'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 16 April 2013. Retrieved 24 May 2014.
- ^'Security Requirements for Hidden Volumes'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 17 September 2012. Retrieved 24 May 2014.
- ^Alexei Czeskis; David J. St. Hilaire; Karl Koscher; Steven D. Gribble; Tadayoshi Kohno; Bruce Schneier (18 July 2008). 'Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications'(PDF). 3rd USENIX Workshop on Hot Topics in Security. Archived from the original(PDF) on 27 December 2008.
- ^Schneier, UW Team Show Flaw In TrueCrypt Deniability. Accessed on: 12 June 2012
- ^Piccinelli, Mario, and Paolo Gubian. 'Detecting Hidden Encrypted Volume Files via Statistical Analysis.' International Journal of Cyber-Security and Digital Forensics (IJCSDF) 3.1 (2014): 30-37.
- ^'TrueCrypt Volume Format Specification'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 19 June 2013. Retrieved 24 May 2014.
- ^'Archive'. Archived from the original on 7 May 2014. Retrieved 2 March 2017.
- ^'diskscrub - disk overwrite utility - Google Project Hosting'. Retrieved 16 July 2014.
- ^'Plausible Deniability'. FreeOTFE. Archived from the original on 24 January 2013.
- ^TrueCrypt FAQ - see questionI use pre-boot authentication. Can I prevent a person (adversary) that is watching me start my computer from knowing that I use TrueCrypt?
- ^ abc'TrueCrypt User Guide'(PDF) (7.1a ed.). TrueCrypt Foundation. 7 February 2012.
- ^Schmid, Patrick; Roos, Achim (28 April 2010). 'Conclusion'. System Encryption: BitLocker And TrueCrypt Compared. Tom's Hardware. Retrieved 24 May 2014.
- ^Schmid, Patrick; Roos, Achim (28 April 2010). 'Conclusion'. Protect Your Data With Encryption. Tom's Hardware. Retrieved 24 May 2014.
- ^'Freeze when you reboot a Windows system that has TrueCrypt Disk Encryption software and Adobe applications installed'. Adobe Creative Suite Help. Adobe Systems. 16 November 2009. Retrieved 24 May 2014.
- ^'Incompatibilities'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 16 April 2013. Retrieved 24 May 2014.
- ^'Security Requirements and Precautions'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 16 April 2013. Retrieved 24 May 2014.
- ^Alex Halderman; et al. 'Lest We Remember: Cold Boot Attacks on Encryption Keys'.
- ^'Physical Security'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 13 September 2012. Retrieved 24 May 2014.
- ^Schneier, Bruce (23 October 2009). ''Evil Maid' Attacks on Encrypted Hard Drives'. Schneier on Security. Retrieved 24 May 2014.
- ^'Malware'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 13 September 2012. Retrieved 24 May 2014.
- ^'Stoned bootkit White Paper'(PDF). Black Hat Technical Security Conference USA 2009. Peter Kleissner. Retrieved 5 August 2009.
- ^'Stoned bootkit Presentation Slides'(PDF). Black Hat Technical Security Conference USA 2009. Peter Kleissner. Retrieved 5 August 2009.
- ^'Bootkit bypasses hard disk encryption'. The H-Security (H-Online.com). Heise Media UK Ltd. Archived from the original on 1 August 2009. Retrieved 5 August 2009.
- ^David M Williams (7 September 2009). 'The dark side of open source software is Stoned'. iTWire.
- ^Hunt, Simon (4 August 2009). 'TrueCrypt vs Peter Kleissner, Or Stoned BootKit Revisited.' Simon Hunt. Retrieved 24 May 2014.
- ^Uli Ries (30 July 2009). 'Bootkit hebelt Festplattenverschlüsselung aus' (in German). Heise Online.
- ^'Windows-Hacking: TrueCrypt Verschlüsselung umgangen' (in German). Gulli News. 30 July 2009.
- ^'Stoned bootkit attacking TrueCrypt's full volume encryption'. TrueCrypt Foundation mail in response to Peter Kleissner on 18 July 2009. Retrieved 5 August 2009.
- ^ ab'Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?'. TrueCrypt FAQ. TrueCrypt Foundation. Archived from the original on 16 April 2013. Retrieved 24 August 2011.
- ^Kleissner, Peter (21 July 2009). 'TrueCrypt Foundation is a joke to the security industry, pro Microsoft'. Peter Kleissner. Archived from the original on 18 August 2010. Retrieved 5 August 2009.
- ^Xavier de Carné de Carnavalet (2013). 'How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries'.
- ^'Welcome to the Open Crypto Audit Project'. Open Crypto Audit Project. Archived from the original on 31 May 2014. Retrieved 31 May 2014.
- ^'The TrueCrypt Audit Project'. Indiegogo. Retrieved 2 November 2013.
- ^'TrueCrypt Audit Endorsed by Development Team'. Threatpost. Retrieved 2 November 2013.
- ^Farivar, Cyrus (14 April 2014), 'TrueCrypt audit finds 'no evidence of backdoors' or malicious code', Ars Technica, Condé Nast, retrieved 24 May 2014
- ^Goodin, Dan (30 May 2014), 'TrueCrypt security audit presses on, despite developers jumping ship', Ars Technica, Condé Nast, retrieved 31 May 2014
- ^Doctorow, Cory (29 May 2014), Mysterious announcement from Truecrypt declares the project insecure and dead, Boing Boing, retrieved 31 May 2014
- ^Green, Matthew (2 April 2015). 'Truecrypt report'. A Few Thoughts on Cryptographic Engineering. Retrieved 4 April 2015.
- ^Green, Matthew (18 February 2015). 'Another update on the Truecrypt audit'. A Few Thoughts on Cryptographic Engineering. Retrieved 22 February 2015.
- ^'Truecrypt Phase Two Audit Announced'. Cryptography Services. NCC Group. 18 February 2015. Retrieved 22 February 2015.
- ^'Possible abandon de TrueCrypt par ses développeurs'. ssi.gouv.fr. Agence nationale de la sécurité des systèmes d’information. 2 June 2014. Retrieved 21 June 2014.
- ^Gibson, Steve (30 May 2014). 'And then the TrueCrypt developers were heard from!'. TrueCrypt Latest Release Repository. Gibson Research Corporation. Archived from the original on 30 May 2014. Retrieved 30 May 2014.
- ^http://www.pcworld.com/article/2987439/encryption/newly-found-truecrypt-flaw-allows-full-system-compromise.html
- ^CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
- ^Leyden, John (28 June 2010). 'Brazilian banker's crypto baffles FBI'. The Register. Retrieved 13 August 2010.
- ^Dunn, John E. (30 June 2010), FBI hackers fail to crack TrueCrypt, TechWorld, retrieved 30 May 2014
- ^Palazzolo, Joe (23 February 2012), Court: Fifth Amendment Protects Suspects from Having to Decrypt Hard Drives, The Wall Street Journal, retrieved 24 May 2014
- ^Kravets, David (24 February 2012), Forcing Defendant to Decrypt Hard Drive Is Unconstitutional, Appeals Court Rules, Wired, retrieved 24 May 2014
- ^United States v. John Doe, 11–12268 & 11–15421 (11th Cir. 23 February 2012).
- ^United States v. John DoeArchived 15 January 2013 at the Wayback Machine
- ^ abHosenball, Mark (30 August 2013), UK asked N.Y. Times to destroy Snowden material, Reuters, archived from the original on 30 May 2014, retrieved 30 May 2014
- ^Colvin, Naomi (31 August 2013). '#Miranda: Where is the UK Government getting its numbers from?'. Extraordinary Popular Delusions. Auerfeld.com. Archived from the original on 30 May 2014. Retrieved 30 May 2014.
- ^Greenwald, Glenn (6 September 2013). Greenwald: UK's Detention of My Partner Was Incredibly Menacing Bid to Stop NSA Reports(Video) (News broadcast). New York: Democracy Now!. Event occurs at 5:12. Retrieved 30 May 2014.
- ^Stern, Ray (4 February 2014), 'True Crypt' Encryption Software Stumps MCSO Detectives in Child-Porn Case, Phoenix New Times, archived from the original on 30 May 2014, retrieved 30 May 2014
- ^Halliday, Josh (29 October 2013). 'Briton Lauri Love faces hacking charges in US'. theguardian.com. Guardian Media Group. Retrieved 13 May 2016.
- ^'Briton Lauri Love faces new US hacking charges'. BBC News Online. BBC. 27 February 2014. Retrieved 13 May 2016.
- ^'Hacker Charged with Breaching Multiple Government Computers and Stealing Thousands of Employee and Financial Records'. fbi.gov. Alexandria, VA: U.S. Department of Justice. 24 July 2014. Retrieved 15 May 2016.
- ^Masnick, Mike (10 May 2016). 'Judge Rejects Attempt To Force Lauri Love To Decrypt His Computers, Despite Never Charging Him With A Crime'. Techdirt. Floor64. Retrieved 13 May 2016.
- ^[일문일답] ‘드루킹 특검’ 종료…“수사 종료 자체 판단…외압 없었다”, NewsPim, 2018.08.27., http://newspim.com/news/view/20180827000369
- ^특검 '김경수, 킹크랩 개발·운영 허락…댓글 8800만건 조작 관여', Maeil Business Newspaper, 2018.08.27., http://news.mk.co.kr/newsRead.php?year=2018&no=538301
- ^'드루킹 일당이 걸어둔 암호 풀어라'…특검, 전문가 총동원, Yonhap, 2018/07/18, http://www.yonhapnews.co.kr/bulletin/2018/07/18/0200000000AKR20180718142500004.HTML
- ^"드루킹 댓글조작 1/3 암호…FBI도 못 푸는 트루크립트 사용", OBS Gyeongin TV, 2018.07.19, http://voda.donga.com/3/all/39/1394189/1
- ^'Top ten password cracking techniques, http://www.alphr.com/features/371158/top-ten-password-cracking-techniques
- ^'FBI도 못 푼다'는 암호 풀자 드루킹 측근들 태도가 변했다, Chosun Broadcasting Company, 2018.07.18, http://news.tvchosun.com/site/data/html_dir/2018/07/18/2018071890102.html
- ^TrueCrypt License. Accessed on: 21 May 2012 Archived 30 May 2012 at Archive.today
- ^TrueCrypt Collective License. Accessed on: 4 June 2014
- ^ abcPhipps, Simon (15 November 2013), TrueCrypt or false? Would-be open source project must clean up its act, InfoWorld, retrieved 20 May 2014
- ^Fontana, Richard (October 2013). 'TrueCrypt license (not OSI-approved; seeking history, context)'. Archived from the original on 29 October 2013. Retrieved 26 October 2013.
- ^Tom Callaway of Red Hat about TrueCrypt licensing concern Accessed on 10 July 2009
- ^Debian Bug report logs - #364034. Accessed on: 12 January 2009.
- ^Bug #109701 in Ubuntu. Accessed on: 20 April 2009
- ^TrueCrypt licensing concern Accessed on: 20 April 2009
- ^non-OSI compliant packages in the openSUSE Build Service. Accessed on: 20 April 2009
- ^'TrueCrypt Goes the Way of Lavabit as Developers Shut it Down Without Warning'. Ibtimes.co.uk. Retrieved 1 June 2014.
- ^'truecrypt-archive/License-v3.1.txt at master · DrWhax/truecrypt-archive'. GitHub. 28 March 2014. Retrieved 23 July 2018.
- ^Green, Matthew D. (16 June 2014). 'Here is the note..' Archived from the original(Twitter) on 22 June 2014. Retrieved 22 June 2014.
- ^Goodin, Dan (19 June 2014), 'Following TrueCrypt's bombshell advisory, developer says fork is 'impossible'', Ars Technica, Condé Nast, retrieved 22 June 2014
- ^'Trademark Electronic Search System (TESS)'. tmsearch.uspto.gov. Retrieved 31 August 2017. (search trademark directory for 'TrueCrypt')
- ^'77165797 - Markeninformation USPTO - via tmdb'. Tmdb.de. Retrieved 31 August 2017.
- ^'Entity Details - Secretary of State, Nevada'. Nvsos.gov. 19 August 2009. Retrieved 31 August 2017.
- ^'Truecrypt Foundation'(PDF). CitizenAudit.org. Retrieved 31 August 2017. (search database for 'TrueCrypt')
External links[edit]
- Official website
- Open Crypto Audit Project (OCAP) – non-profit organization promoting an audit of TrueCrypt
- IsTrueCryptAuditedYet.com – website for the audit
Archives[edit]
- Past versions on FileHippo
- Past versions on GitHub
- Past versions on truecrypt.ch
- Last version on Gibson Research Corporation website
Veracrypt: I think I accidently deleted the boot loader. Is there anyone who is familiar with veracrypt and could help me? Please.
Hi, I real am desperate at the moment as I think that I did something really foolish. My OS System drinve (C:) is encrypted with VeraCrypt. A couple hours ago after cleaning (log files, cache) Windows7 with TuneUp Utilities, I couldn't boot Windows 7 anymore and also getting <Startup Repair cannot repair this computer automatically.
I searched the web and found: http://answers.microsoft.com/en-us/windows/forum/all/startup-repair-cannot-repair-this-computer/718e1c0c-a907-404e-b48e-700e4e65c248?auth=1 where I tried the first suggestion, clicking on 'Command prompt' and enter following commands:
bootrec /fixmbr
and
bootrec /fixboot
Now, I'm was not asked for my VeraCrypt password anymore and got this screen: https://i.imgur.com/JugqHOH.jpg
I thought that I accidently deleted VeraCrypt's boot loader and tried to load VeraCrypt's Rescue Disk (tried with 2 different ones) but am getting this: https://i.imgur.com/IwwlGO4.jpg
VeraCrypt Boot Loader
Disk Error
Disk Error
Disk Error
Loader damaged! Use Rescue Disk: Repair Options > Restore VeraCrypt Boot Loader
I have a CD-Rom drive, 2 VeraCrypt Rescue Disks and one Windows 7 DVD (I can boot from it but it doesn't see C: drive where the enrypted Win7 is currently installed) ---and some hope that one of you guys may have an idea what I can try. I really need my laptop for work and have not the slightest idea what I did and how to fix what I did. Thanks a lot in advance.
edit:
Data recovered: https://veracrypt.codeplex.com/discussions/647486
Using TrueCrypt on Linux and Windows
Update 2: TrueCrypt audit results released (PDF)
Update: the TrueCrypt project unexpectedly shut down on 28 May 2014. A mirrored copy of TrueCrypt.org is available on Andryou.com. The home page of the next incarnation of TrueCrypt is TrueCrypt.ch.
After numerous revelations this year of the National Security Agency’s (NSA) frightening capabilities of mass spying on phone calls and Internet traffic (see, for example, PRISM), there has been a renewed interest in online privacy and the securing of our electronic data communications, such as Web and email activity. More and more Internet users are looking for solutions to keep their files, emails, and Web searches private. Help is not far off: one of the most effective ways to foil surveillance is by using encryption to make your data unreadable by other parties.
Data can be encrypted in two states – when it is in transmission through a communications network, or when it is at rest (i.e., stored on some sort of storage medium, such as a computer hard drive like the internal drive of your PC or an external USB flash drive). This blog has already covered SSH, RetroShare, and the Tor network as options for securing data in transit. Now we will look at TrueCrypt, perhaps the most popular solution for encrypting data at rest. This article will explain how TrueCrypt works and how you can utilize it on the two most popular operating systems, Microsoft Windows and Linux.
Jump to:
Crack Truecrypt File
The basics of width='820'>TrueCrypt command options (Linux)
Description
truecrypt --
auto-mount=devices|favoritesAuto mount device-hosted or favorite volumes.truecrypt --
backup-headers[=VOLUME_PATH]Backup volume headers to a file. All required options are requested from the user.truecrypt -c or --
create[=VOLUME_PATH]Create a new volume. Most options are requested from the user if not specified on command line. See also options --
encryption, -k, --
filesystem, --
hash, -p, --
random-source, --
quick, --
size, --
volume-type. Note that passing some of the options may affect security of the volume (see option -p for more information).
Inexperienced users should use the graphical user interface to create a hidden volume. When using the text user interface, the following procedure must be followed to create a hidden volume:
1) Create an outer volume with no filesystem.
2) Create a hidden volume within the outer volume.
3) Mount the outer volume using hidden volume protection.
4) Create a filesystem on the virtual device of the outer volume.
5) Mount the new filesystem and fill it with data.
6) Dismount the outer volume.
If at any step the hidden volume protection is triggered, start again from step 1.truecrypt -C or --
change[=VOLUME_PATH]Change a password and/or keyfile(s) of a volume. Most options are requested from the user if not specified on command line. PKCS-5 PRF HMAC hash algorithm can be changed with option --
hash. See also options -k, --
new-keyfiles, --
new-password, -p, --
random-source.truecrypt --
create-keyfile[=FILE_PATH]Create a new keyfile containing pseudo-random data.truecrypt -d or --
dismount[=MOUNTED_VOLUME]Dismount a mounted volume. If MOUNTED_VOLUME
is not specified, all volumes are dismounted. See below for description of MOUNTED_VOLUME
.truecrypt --
delete-token-keyfilesDelete keyfiles from security tokens. See also command --
list-token-keyfiles.truecrypt --
display-passwordDisplay password while typing.truecrypt --
encryption=ENCRYPTION_ALGORITHMUse specified encryption algorithm when creating a new volume.truecrypt --
exploreOpen explorer window for mounted volume.truecrypt --
export-token-keyfileExport a keyfile from a security token. See also command --
list-token-keyfiles.truecrypt -f or --
forceForce mounting of a volume in use, dismounting of a volume in use, or overwriting a file. Note that this option has no effect on some platforms.truecrypt --
filesystem=TYPEFilesystem type to mount. The TYPE
argument is passed to the mount command with option -t. Default type is ‘auto’. When creating a new volume, this option specifies the filesystem to be created on the new volume (only ‘FAT’ and ‘none’ TYPE is allowed). Filesystem type ‘none’ disables mounting or creating a filesystem.truecrypt --
fs-options=OPTIONSFilesystem mount options. The OPTIONS argument is passed to mount with option -o when a filesystem on a TrueCrypt volume is mounted. This option is not available on some platforms.truecrypt -h or --
helpDisplay detailed command line help.truecrypt --
hash=HASHUse specified hash algorithm when creating a new volume or changing password and/or keyfiles. This option also specifies the mixing pseudorandom function family (PRF) of the random number generator.truecrypt --
import-token-keyfilesImport keyfiles to a security token. See also option --
token-lib.truecrypt -k or --
keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,…]Use specified keyfiles when mounting a volume or when changing password and/or keyfiles. When a directory is specified, all files inside it will be used (non-recursively). Multiple keyfiles must be separated by commas. Use double commas (,,) to specify a comma contained in keyfile’s name. Keyfile stored on a security token must be specified as
token://slot/SLOT_NUMBER/file/FILENAME
. An empty keyfile (-k “”) disables interactive requests for keyfiles. See also options --
import-token-keyfiles, --
list-token-keyfiles, --
new-keyfiles, --
protection-keyfiles.truecrypt -l or --
list[=MOUNTED_VOLUME]Display a list of mounted volumes. If MOUNTED_VOLUME
is not specified, all volumes are listed. By default, the list contains only volume path, virtual
device, and mount point. A more detailed list can be enabled by the verbose output option (-v).truecrypt --
list-token-keyfilesDisplay a list of all available security token keyfiles. See also command --
import-token-keyfiles.truecrypt --
load-preferencesLoad user preferences.truecrypt -m or --
mount-options=OPTION1[,OPTION2,OPTION3,…]Specifies comma-separated mount options for a TrueCrypt volume as follows:
headerbak: Use backup headers when mounting a volume.
nokernelcrypto: Do not use kernel cryptographic services.
readonly|ro: Mount volume as read-only.
system: Mount partition using system encryption.
timestamp|ts: Do not restore host-file modification timestamp when a volume is dismounted (note that the operating system under certain circumstances does not alter host-file timestamps, which may be mistakenly interpreted to mean that this option does not work).
See also option --
fs-options.truecrypt --
mount[=VOLUME_PATH]Mount a volume interactively. Volume path and other options are requested from the user if not specified on command line.truecrypt [MOUNTED_VOLUME]Specifies a mounted volume. One of the following forms can be used:
1) Path to the encrypted TrueCrypt volume.
2) Mount directory of the volume’s filesystem (if mounted).
3) Slot number of the mounted volume (requires --
slot).truecrypt --
new-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,…]Add specified keyfiles to a volume. This option can only be used with command -C.truecrypt --
new-password=PASSWORDSpecifies a new password. This option can only be used with command -C.truecrypt --
non-interactiveDo not interact with the user.truecrypt -p or --
password=PASSWORDUse specified password to mount/open a volume. An empty password can also be specified (-p “”). Note that passing a password on the command line is potentially insecure as the password may be visible in the process list (see ps) and/or stored in a command history file or system logs.truecrypt --
protect-hidden=yes|noWrite-protect a hidden volume when mounting an outer volume. Before mounting the outer volume, the user will be prompted for a password to open the hidden volume. The size and position of the hidden volume is then determined and the outer volume is mounted with all sectors belonging to the hidden volume protected against write operations. When a write to the protected area is prevented, the whole volume is switched to read-only mode. Verbose list (-v -l) can be used to query the state of the hidden volume protection. Warning message is displayed when a volume switched to read-only is being dismounted.truecrypt --
protection-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,…]Use specified keyfiles to open a hidden volume to be protected. This option may be used only when mounting an outer volume with hidden volume protected. See also options -k and --
protect-hidden.truecrypt --
protection-password=PASSWORDUse specified password to open a hidden volume to be protected. This option may be used only when mounting an outer volume with hidden volume protected. See also options -p and –protect-hidden.truecrypt --
quickDo not encrypt free space when creating a device-hosted volume. This option must not be used when creating an outer volume.truecrypt --
random-source=FILEUse FILE
as a source of random data (e.g., when creating a volume) instead of requiring the user to type random characters.truecrypt --
restore-headers[=VOLUME_PATH]Restore volume headers from the embedded or an external backup. All required options are requested from the user.truecrypt --
save-preferencesSave user preferences.truecrypt --
size=SIZEUse specified size in bytes when creating a new volume.truecrypt --
slot=SLOTUse specified slot number when mounting, dismounting, or listing a volume.truecrypt -t or --
textUse text user interface. Graphical user interface is used by default if available. This option must be specified as the first argument.truecrypt --
testTest internal algorithms used in the process of encryption and decryption.truecrypt --
token-lib=LIB_PATHUse specified PKCS #11 security token library.truecrypt -v or --
verboseEnable verbose output.truecrypt --
versionDisplay program version.truecrypt --
volume-properties[=MOUNTED_VOLUME]Display properties of a mounted volume.truecrypt --
volume-type=TYPEUse specified volume type when creating a new volume. TYPE can be ‘normal’ or ‘hidden’. See option -c for more information on creating hidden volumes.TrueCrypt command line examples
Synopsis:
truecrypt [OPTIONS] COMMAND
truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]
Create a new volume:
truecrypt -t -c
Mount a volume:
truecrypt volume.tc /media/truecrypt1
Mount a volume as read-only, using keyfiles:
truecrypt -m ro -k keyfile1,keyfile2 volume.tc
Mount a volume without mounting its filesystem:
truecrypt
--
filesystem=none volume.tc
Mount a volume prompting only for its password:
truecrypt -t -k '
--
protect-hidden=no volume.tc /media/truecrypt1
Dismount a volume:
truecrypt -d volume.tc
Dismount all mounted volumes:
truecrypt -d
If you experience problems trying to get TrueCrypt to work as desired on Linux, search for a solution in the Linux section of the official TrueCrypt discussion forum. You will need to create an account there to view and make posts.
Installing TrueCrypt on Windows
First head to the official TrueCrypt download page and download the setup file for Windows. When you launch the installer, you will be given the option to either perform a standard installation or just extract the contents of setup .exe file (if you choose the latter, you can copy the files to a USB Flash drive and run TrueCrypt in portable mode).
Using TrueCrypt on Windows
The TrueCrypt GUI on Windows is very similar to the Linux version. There are, however, a few interesting differences. First, in the main TrueCrypt GUI on Windows you can see that the first column is called “Drive” rather than “Slot”, and potential drive letters are shown rather than numbers.
The Preferences interface on TrueCrypt for Windows is quite different from the Linux version.
You will also notice that the available options in the Volume Creation Wizard on Windows is different from what you see using Linux. Specifically, the option for “create a volume within a partition/drive” is absent; in its place are two others: “Encrypt a non-system partition/drive” and “Encrypt the system partition or entire system drive”. This discrepancy exists because “whole disk” system encryption is only available for the Windows OS.
The TrueCrypt Beginner’s Tutorial gives a step-by-step account of enabling disk encryption using the Windows GUI. If you experience problems trying to get TrueCrypt to work as desired on Windows, search for a solution in the official TrueCrypt discussion forum. You will need to create an account there to view and make posts.
TrueCrypt command lines options on Windows
As in Linux, you can utilize TrueCrypt from a non-graphical command line environment if you wish. Sourced from the TrueCrypt Command Line Usage page.
TrueCrypt.exe command options (Windows)
Description
truecrypt.exe /a or /auto [devices | favorites] If no parameter is specified, automatically mount the volume. If devices
is specified as the parameter, auto-mount all currently accessible device/partition-hosted TrueCrypt volumes. If favorites
is specified as the parameter, auto-mount favorite volumes designated as “mount upon logon”. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit. truecrypt.exe /b or /beep Beep after a volume has been successfully mounted or dismounted. truecrypt.exe /c or /cache [y | n] Enable or disable password cache, Note that turning the password cache off will not clear it (use /w to clear the password cache). truecrypt.exe /d or /dismount [drive letter] Dismount volume specified by drive letter
. When no drive letter is specified, dismounts all currently mounted TrueCrypt volumes. truecrypt.exe /e or /explore Open a Windows Explorer window after a volume has been mounted. truecrypt.exe /f or /force Forces dismount (if the volume to be dismounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access). truecrypt.exe /h or /history [y | n] Enables or disables saving the history of mounted volumes. truecrypt.exe /help or /? Display command line help. truecrypt.exe /k or /keyfiles [keyfile | search path] Specifies a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:keyfile1.dat /k d:KeyfileFolder /k c:kf2
. To specify a keyfile stored on a security token or smart card, use the following syntax: token://slot/SLOT_NUMBER/file/FILE_NAME
. truecrypt.exe /l or /letter [drive letter] Driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used. truecrypt.exe /m or /mount [bk|rm|recovery|ro|sm|ts] bk or headerbak: Mount volume using embedded backup header. All volumes created by TrueCrypt 6.0 or later contain an embedded backup header (located at the end of the volume).
recovery: Do not verify any checksums stored in the volume header. This option should be used only when the volume header is damaged and the volume cannot be mounted even with the mount option headerbak.
rm or removable: Mount volume as removable medium.
ro or readonly: Mount volume as read-only.
ts or timestamp: Do not preserve container modification timestamp.
sm or system: Without pre-boot authentication, mount a partition that is within the key scope of system encryption (for example, a partition located on the encrypted system drive of another operating system that is not running). Useful e.g. for backup or repair operations.
Note: If you supply a password as a parameter of /p, make sure that the password has been typed using the standard US keyboard layout (in contrast, the GUI ensures this automatically). This is required due to the fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. truecrypt.exe format.exe /n or /noisocheck Do not verify that TrueCrypt Rescue Disks are correctly burned. Warning: never attempt to use this option to facilitate the reuse of a previously created TrueCrypt Rescue Disk. Note that every time you encrypt a system partition/drive, you must create a new TrueCrypt Rescue Disk even if you use the same password. A previously created TrueCrypt Rescue Disk cannot be reused as it was created for a different master key. truecrypt.exe /p or /password [password] The volume password. If the password contains spaces, it must be enclosed in quotation marks (e.g., /p “My Password”). Use /p “” to specify an empty password. Warning: this method of entering a volume password may be insecure, for example, when an unencrypted command prompt history log is being saved to unencrypted disk. truecrypt.exe /q or /quit [background|preferences] Automatically perform requested actions and exit (main TrueCrypt window will not be displayed). If preferences
is specified as the parameter (e.g.,/q preferences), then program settings are loaded/saved and they override settings specified on the command line. /q background launches the TrueCrypt Background Task (tray icon) unless it is disabled in the Preferences. truecrypt.exe /s or /silent If /q is specified, suppresses interaction with the user (prompts, error messages, warnings, etc.). If /q is not specified, this option has no effect. truecrypt.exe /v or /volume [volume] Path to a TrueCrypt volume to mount (do not use when dismounting). For a file-hosted volume, the path must include the filename. To mount a partition/device-hosted volume, use, for example, /v DeviceHarddisk1Partition3
(to determine the path to a partition/device, run TrueCrypt and click ‘Select Device’). You can also mount a partition or dynamic volume using its volume name (for example, /v ?Volume{5cceb196-48bf-46ab-ad00-70965512253a}
). To determine the volume name use e.g. mountvol.exe
. Also note that device paths are case-sensitive. truecrypt.exe /w or /wipecache Wipes any passwords cached in the driver memory.
TrueCrypt.exe command line examples
Mount the volume d: myvolume
as the first free drive letter, using the password prompt (the main program window will not be displayed):
truecrypt /q /v d:myvolume
Windows xp 64 bits.
Dismount a volume mounted as the drive letter X (the main program window will not be displayed):
truecrypt /q /dx
Mount a volume called myvolume.tc
using the password MyPassword
, as the drive letter X. TrueCrypt will open an Explorer window and beep; mounting will be automatic:
truecrypt /v myvolume.tc /lx /a /p MyPassword /e /b
TrueCrypt tips and FAQs
Tips:
- Before installing and using TrueCrypt, do a complete backup of your data and make sure the backup is valid.
- When not using your device, shut it down. Do not simply lock the screen or go to sleep/hibernate mode.
- Use the hidden OS feature in case you compelled to reveal your password unwillingly. The official TrueCrypt site states:
When running, the hidden operating system appears to be installed on the same partition as the original operating system (the decoy system). However, in reality, it is installed within the partition behind it (in a hidden volume). All read/write operations are transparently redirected from the system partition to the hidden volume. Neither the operating system nor applications will know that data written to and read from the system partition is actually written to and read from the partition behind it (from/to a hidden volume). Any such data is encrypted and decrypted on the fly as usual (with an encryption key different from the one that is used for the decoy operating system).
- Glue up Firewire, Thunderbolt, PCMCIA, etc. ports to prevent DMA attacks. A DMA attack occurs when the attacker has physical access to the device and to memory address space via physical connections like Firewire and PCMCIA. These hardware connections interface directly to the OS kernel and therefore have complete access to RAM. Special purpose hardware devices can read and write arbitrary data to a computer’s memory, including encryption keys. Example attack on Macs. (Wikipedia).
FAQs:
1. Can I be forced to provide my TrueCrypt password?
In the United Kingdom, if you do not do so you can be held criminally liable for such an offense as explained in these cases here, here, and here. US citizens should look closely at the Boucher case (decision (PDF); analysis), as well as the Judge Blackburn case in Colorado.
2. Why is TrueCrypt so difficult to crack?
Because it uses AES combined with PBKDF2 for key derivation. PBKDF2 is currently considered state of the art in passphrase expansion. It basically hashes the passphrase with a salt one thousand times to resist brute force attacks. The salt is an effective measure against rainbow tables.
3. Is there any way to defeat TrueCrypt?
Rather than defeating TrueCrypt’s cryptographic algorithms, it would be much easier to simply obtain the TrueCrypt password using illicit methods such as:
- Evil maid attacks – occurs when an attack gains physical access to a target unbeknownst to the victim and installs malware such as keyloggers (Schneier).
- Cold boot attacks – extract the encryption keys from RAM while the computer is still running and data is in a decrypted state (Wikipedia).
- Rubber hose attacks – beating the person with a hose until they tell you the password, as shown here (Wikipedia).
4. I don’t like TrueCrypt/TrueCrypt doesn’t work for me. Are there any alternatives?
Have a look at Wikipedia’s comparison of disk encryption software.
Further reference
16s.us, TCHunt Truecrypt volume locator (offline, try here)
Code.google.com, Cryptonite: EncFS and TrueCrypt on Android
Code.google.com, Truecrack brute-force password cracker for TrueCrypt
CryptographyEngineering.com, Let’s audit TrueCrypt (official Audit TrueCrypt)
Dailydot.com, Does being forced to decrypt a file violate the Fifth Amendment?
Delogrand.blogspot.fi, Extracting cached passphrases in Truecrypt
Github.com, TC-play TrueCrypt implementation
H-online.com, Attacking Truecrypt with TCHead
InfosecInstitute.com, Introduction to TrueCrypt
Media-addicted.de, Solid State Drives and TrueCrypt: durability and performance issues
Microsoft.com, CryptDB: Processing queries on an encrypted database (also CryptDB official)
Pingdom.com, How to secure your Google Drive with TrueCrypt (podcast)
Privacylover.com, Is there a backdoor in TrueCrypt?
TechRepublic.com, Resolving TrueCrypt and Volume Shadow Copy conflicts
Theregister.com, Brazilian banker’s crypto baffles the FBI
Truecrypt.org, TrueCrypt official FAQs
Volatility-Labs.blogspot.it, TrueCrypt Master Key Extraction And Volume Identification.
Volokh.com, 11th Circuit Finds 5th Amendment Right Against Self-Incrimination Protects Against Being Forced to Decrypt Hard Drive
YouTube.com, TrueCrypt on Kali Linux, TrueCrypt on Windows 7, and TrueCrypt on USB flash drives
ZDnet.com, Schneier research team cracks TrueCrypt (2008)
Recommended reading
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!
Basics of Digital ForensicsKali Linux Cookbook
Darknet: Staying Anonymous OnlineSimple Steps to Data Encryption Star wars: episode viii trailer.
Using Digital Forensics and Investigative TechniquesUnderstanding Cryptography
Advertisements
truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]
truecrypt -t -c
truecrypt volume.tc /media/truecrypt1
truecrypt -m ro -k keyfile1,keyfile2 volume.tc
truecrypt
--
filesystem=none volume.tctruecrypt -t -k '
--
protect-hidden=no volume.tc /media/truecrypt1truecrypt -d volume.tc
truecrypt -d
TrueCrypt.exe command options (Windows)
Description
devices
is specified as the parameter, auto-mount all currently accessible device/partition-hosted TrueCrypt volumes. If favorites
is specified as the parameter, auto-mount favorite volumes designated as “mount upon logon”. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit.drive letter
. When no drive letter is specified, dismounts all currently mounted TrueCrypt volumes./k c:keyfile1.dat /k d:KeyfileFolder /k c:kf2
. To specify a keyfile stored on a security token or smart card, use the following syntax: token://slot/SLOT_NUMBER/file/FILE_NAME
.recovery: Do not verify any checksums stored in the volume header. This option should be used only when the volume header is damaged and the volume cannot be mounted even with the mount option headerbak.
rm or removable: Mount volume as removable medium.
ro or readonly: Mount volume as read-only.
ts or timestamp: Do not preserve container modification timestamp.
sm or system: Without pre-boot authentication, mount a partition that is within the key scope of system encryption (for example, a partition located on the encrypted system drive of another operating system that is not running). Useful e.g. for backup or repair operations.
Note: If you supply a password as a parameter of /p, make sure that the password has been typed using the standard US keyboard layout (in contrast, the GUI ensures this automatically). This is required due to the fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available.
preferences
is specified as the parameter (e.g.,/q preferences), then program settings are loaded/saved and they override settings specified on the command line. /q background launches the TrueCrypt Background Task (tray icon) unless it is disabled in the Preferences./v DeviceHarddisk1Partition3
(to determine the path to a partition/device, run TrueCrypt and click ‘Select Device’). You can also mount a partition or dynamic volume using its volume name (for example, /v ?Volume{5cceb196-48bf-46ab-ad00-70965512253a}
). To determine the volume name use e.g. mountvol.exe
. Also note that device paths are case-sensitive.d: myvolume
as the first free drive letter, using the password prompt (the main program window will not be displayed):truecrypt /q /v d:myvolume
Windows xp 64 bits.truecrypt /q /dx
myvolume.tc
using the password MyPassword
, as the drive letter X. TrueCrypt will open an Explorer window and beep; mounting will be automatic:truecrypt /v myvolume.tc /lx /a /p MyPassword /e /b
When running, the hidden operating system appears to be installed on the same partition as the original operating system (the decoy system). However, in reality, it is installed within the partition behind it (in a hidden volume). All read/write operations are transparently redirected from the system partition to the hidden volume. Neither the operating system nor applications will know that data written to and read from the system partition is actually written to and read from the partition behind it (from/to a hidden volume). Any such data is encrypted and decrypted on the fly as usual (with an encryption key different from the one that is used for the decoy operating system).
Code.google.com, Cryptonite: EncFS and TrueCrypt on Android
Code.google.com, Truecrack brute-force password cracker for TrueCrypt
CryptographyEngineering.com, Let’s audit TrueCrypt (official Audit TrueCrypt)
Dailydot.com, Does being forced to decrypt a file violate the Fifth Amendment?
Delogrand.blogspot.fi, Extracting cached passphrases in Truecrypt
Github.com, TC-play TrueCrypt implementation
H-online.com, Attacking Truecrypt with TCHead
InfosecInstitute.com, Introduction to TrueCrypt
Media-addicted.de, Solid State Drives and TrueCrypt: durability and performance issues
Microsoft.com, CryptDB: Processing queries on an encrypted database (also CryptDB official)
Pingdom.com, How to secure your Google Drive with TrueCrypt (podcast)
Privacylover.com, Is there a backdoor in TrueCrypt?
TechRepublic.com, Resolving TrueCrypt and Volume Shadow Copy conflicts
Theregister.com, Brazilian banker’s crypto baffles the FBI
Truecrypt.org, TrueCrypt official FAQs
Volatility-Labs.blogspot.it, TrueCrypt Master Key Extraction And Volume Identification.
Volokh.com, 11th Circuit Finds 5th Amendment Right Against Self-Incrimination Protects Against Being Forced to Decrypt Hard Drive
YouTube.com, TrueCrypt on Kali Linux, TrueCrypt on Windows 7, and TrueCrypt on USB flash drives
ZDnet.com, Schneier research team cracks TrueCrypt (2008)
Apparently http://www.lostpassword.com/kit-forensic.htm can be used to crack truecrypt hard drive encryption. Has anyone tried it and is it possible to crack truecrypt files too with this software?
Passware Kit Forensic, complete with Passware FireWire Memory Imager, is the first and only commercial software that decrypts BitLocker and TrueCrypt hard disks, and instantly recovers Mac and Windows login passwords of seized computers.
2 Answers
This attack only works on Full-Disk Encrypted systems, or otherwise requires that the volume be mounted at the time the attack is undertaken (or when the system last hibernated). the attack works by accessing the key in ram, which wouldn't be possible in the case of a unmounted volume. If the key cannot be found in memory, it attempts to find it in hiberfil.sys, but if the volume was not loaded during the last hibernation, the key will not be there either.
NOTE: If the target computer is turned off and the encrypted volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns brute-force attacks to recover the original password for the volume. http://www.lostpassword.com/hdd-decryption.htm
So, use a strong password, disable hibernation, and do not mount volumes on boot (only mount on demand when you need to, and dismount when you are done) and you should be pretty safe against this tool.
I strongly doubt this. The only decryption methods for truecrypt containers to my knowledge are brute force ones, and thus if you have a strong passphrase and your system is not compromised by a keylogger or other malware it will not be possible to recover a truecrypt file within minutes. This is an article about an truecrypt brute force tool, unfortunately in german, but it's quite slow and so I really doubt the statements made for this toolset.
Since beeing downvoted I want to clarify my statement: if you have a dismounted Truecrypt container and no hiberfil to look for the password chances will be minimal with brute force in case of a strong password. Of course, a system in hibernation state and with mounted truecrypt container you are vulnerable.