Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

TrueCrypt 5.0 Released, Now Encrypts Entire Drive

CmdrTaco posted more than 6 years ago | from the wear-a-condom-people dept.

330

A funny little man writes "The popular open source privacy tool, TrueCrypt, has just received a major update. The most exciting new feature provides the ability to encrypt an entire drive, prompting the user for a password during boot up; this makes TrueCrypt the perfect tool for non-technical laptop users (the kind who are likely to lose all of that sensitive customer data). The Linux version receives a GUI and independence from the kernel internals, and a Mac version is at last available too."

Sorry! There are no comments related to the filter you selected.

Slashdotted (1)

hsdpa (1049926) | more than 6 years ago | (#22319952)

The site is sooo slooow. Mirror please! But the update seems great!

Re:Slashdotted? (1, Informative)

b100dian (771163) | more than 6 years ago | (#22319960)

..redditted!

Re:Slashdotted? (1)

imbaczek (690596) | more than 6 years ago | (#22320146)

Both!

Mod me +5 Captain Obvious. kthx.

Re:Slashdotted (0, Offtopic)

susub23 (1152089) | more than 6 years ago | (#22320038)

...and now the site is down completely. Sorry TrueCrypt...you just lost my interest.

Re:Slashdotted - Download Mirror on Filehippo (5, Informative)

HP-UX'er (211124) | more than 6 years ago | (#22320082)

Here it is [filehippo.com]

Re:Slashdotted (4, Insightful)

apathy maybe (922212) | more than 6 years ago | (#22320110)

Actually, I've been having trouble accessing the site all day.

I've been looking forward to the Linux GUI since I read about it, checking back, checking back etc.

Then today, suddenly the entire site is virtually inaccessible.

On the actual release, I think it is going to be good. After all, we see a new MacOS version, a Linux GUI and a few other nice little tools which most people might not even notice.

On the actual software, I love TrueCrypt, I use it both in Windows (where it, simply, is so easy to use), and in Linux (command-line, mehs all around, plus you have to go and delete history if you don't want to save the fact that your using it (or perhaps the fact that a specific file/partition is a container)).

The hidden-partition feature is the bees knees, especially for those extra secret documents, just hide them behind some porn, financial data or something else which you access and make changes to regularly (to hide if you are making changes to the hidden volume).

The ability to back-up headers makes this software great for businesses or governments (can restore a password if a user loses it), and this new encrypt the entire system thing, simply swell (though it doesn't work on Linux/MacOS I don't think).

Anyway, as always, check out the Wikipedia article for more info. http://en.wikipedia.org/wiki/TrueCrypt [wikipedia.org]

Re:Slashdotted (1)

hsdpa (1049926) | more than 6 years ago | (#22320168)

Actually, I've been having trouble accessing the site all day.
That sounds like DDoS in my ears: New revamped version with nice features => site goes mysteriously down and is partially accessable with response times at over 10 seconds.

Re:Slashdotted (1)

somersault (912633) | more than 6 years ago | (#22320548)

I thought that was called the 'Slashdot effect', or the fact that a lot of people have been waiting for the new version and now are downloading it and sucking up all the bandwidth.

Re:Slashdotted (1)

FutureDomain (1073116) | more than 6 years ago | (#22320610)

You must be new here.
Slashdot effect [wikipedia.org]

Re:Slashdotted (4, Informative)

telchine (719345) | more than 6 years ago | (#22320158)

The site is sooo slooow. Mirror please! But the update seems great!
http://sourceforge.net/projects/truecrypt/ [sourceforge.net]

Re:Slashdotted (2, Informative)

RandoX (828285) | more than 6 years ago | (#22320192)

IMPORTANT--Official_TrueCrypt_distribution_packages_can_be_downloaded_only_from_www.truecrypt.org

Thanks a lot (1)

Teran9 (1163643) | more than 6 years ago | (#22319964)

There goes any chance of downloading version 5.0 today.

Independence from Kernel Internals? (1, Insightful)

gweihir (88907) | more than 6 years ago | (#22319974)

I do not think that is feasible for what is essentially part of a disk-driver. Marketing-lies now on Linux versions as well? Linux must be going mainstream...

Re:Independence from Kernel Internals? (1)

FudRucker (866063) | more than 6 years ago | (#22320000)

yup, i agree, i knew this would happen as Linux gains market share and popularity...

Re:Independence from Kernel Internals? (5, Informative)

Chris Mattern (191822) | more than 6 years ago | (#22320010)

It is also, of course, impossible that it encrypts the *entire* disk. It may encrypt all the partitions your running system uses, but unless your BIOS has encryption support (which it doesn't), you can't have an encrypted boot partition.

Re:Independence from Kernel Internals? (1)

hilather (1079603) | more than 6 years ago | (#22320128)

Thats a very good point. If the site wasnt slashdotted I'd be reading it right now trying to figure that out myself. The boot sector seems like the area that would need the encryption, otherwise the part of the program that is doing the key negotiation would be exposed. I'll be honest, I've heard of truecrypt but never been interested in it. What kind of security could this provide? I would like to encrypt my entire laptop drive, but I'm not going through all the trouble if its just another easy layer to break through. Any Truecrypt experts out there?

Re:Independence from Kernel Internals? (5, Informative)

Chris Mattern (191822) | more than 6 years ago | (#22320326)

Yes, they can recover key and encryption algorithms from the unencrypted boot sector. But if they can crack you simply by knowing the unencryption program, you're boned anyways. What they *can't* recover, assuming that your encryption vendor hasn't screwed up, is your key. And without that, they can't read your encrypted partitions. If they've done it right, it's secure. Somebody in possession of your laptop but without your passphrase cannot read the disk, no matter what he does, except for the boot partition, and there won't be any useful data there. I don't use Truecrypt and haven't researched them, so I can't guarantee that they did it right (look at WEP, where they managed to botch the encryption for a major standard, resulting in it having to be replaced by WPA). I believe every laptop should be "whole disk" encrypted--it's just too easy for a laptop to disappear. I run debian on my laptop, so I used cryptmount to encrypt my disk. If you're not encrypting your laptop's disk, you definitely should be. A brief glance over some recent news stories should tell you why.

Re:Independence from Kernel Internals? (5, Interesting)

filbranden (1168407) | more than 6 years ago | (#22320356)

Hi, I read the site yesterday (from Firehose), and I think I can say one thing or two.

TrueCrypt does a good job of encryption, it's not a trivial level. It uses strong algorithms, and you can choose from 5 or 6 different algorithms. It doesn't store your password anywhere in the disk, when you type the password, it tries to decrypt the header, and if it makes sense (I guess if checksums match) then it knows it's the right password and it goes on, otherwise not. It uses basically the XEX (almost sure that's the name... I don't really know what it is, this is what I remember from the site) schema, but XEX uses only one key for two purposes, and TrueCrypt uses two different keys for these two purposes.

The whole-disk encryption (the correct term is partition encryption) seems to work well, at least from the documentation, I didn't try it (yet). It includes a boot sector that does the part of asking the password during boot and decrypting the partition. The boot sector is obviously encrypted, and I suppose it also stores some unencrypted data to implement the boot code (I don't believe it can be done in 512 bytes only), but after you boot the OS, everything it sees is encrypted, so it will protect even temporary files or logs created by the OS on that drive. Even if it doesn't encrypt 100% of the data (boot sector, boot code), it encrypts everything that you should encrypt. What it doesn't encrypt is not secret in any way.

I tried previous versions and I liked it, it is really a great product, and if 5.0 does everything they say it does, I guess it's really worth it. Whole-disk encryption is no longer missing from this excellent software, many businesses need it for laptops (just see how many information theft happened last year due to lost laptops). I believe TrueCrypt is going mainstream now.

Re:Independence from Kernel Internals? (5, Informative)

filbranden (1168407) | more than 6 years ago | (#22320760)

Oh, I forgot to mention. According to their website, TrueCrypt can encrypt the boot partition even after the OS is installed, even with Windows.

Basically, you install it, then you ask it to encrypt the whole disk. It will install the boot code to ask the password and decrypt the partition before loading the OS, and then it will start encrypting your partition in the background, you may continue using the OS. You may even reboot the machine, it will boot correctly and continue encrypting from where it stopped. If it really works as they say it does, this version is indeed amazing.

Re:Independence from Kernel Internals? (4, Informative)

gweihir (88907) | more than 6 years ago | (#22320460)

I would like to encrypt my entire laptop drive, but I'm not going through all the trouble if its just another easy layer to break through. Any Truecrypt experts out there?

I am not a TrueCrypt expert, but I follow the discoveries of the crypto community. It seems TrueCrypt is highly respected. While it cannot defeat a (hardare in this case) keylogger, the crypto used seems to be strong crypto implemented according to current standards. Not a snake-oil product with home-rolled ciphers or "passwordless" security or such nonsense. At the moment, nobody admits being able to breaking it and I am not aware of instances that indicate it has been broken. And, other than many other products, it is widely used. Personally I would say it is on a level with PGP/GnuPG/dm-crypt/LUKS with regard to security level offered.

Re:Independence from Kernel Internals? (1)

Bandman (86149) | more than 6 years ago | (#22320138)

Assuming the password isn't stored plaintext in the boot partition, isn't an encrypted data partition the important part?

Re:Independence from Kernel Internals? (1)

Chris Mattern (191822) | more than 6 years ago | (#22320174)

Yes. Having an unencrypted boot partition isn't much of a vulnerability if you did your encryption right. That doesn't change the fact that saying you've encrypted "the entire disk" is a marketing lie.

Re:Independence from Kernel Internals? (0)

Anonymous Coward | more than 6 years ago | (#22320276)

At what point did anyone state that the "entire disk" that is being encrypted is also your boot disk?

Your boot disk could be a small USB stick that you plug into the computer so that it can decrypt your main disk.

Re:Independence from Kernel Internals? (1)

gweihir (88907) | more than 6 years ago | (#22320500)

Assuming the password isn't stored plaintext in the boot partition, isn't an encrypted data partition the important part?

True. I am not criticizing the technology. I think it is sound. I am criticizing the marketing statement.

Re:Independence from Kernel Internals? (1)

Ed Avis (5917) | more than 6 years ago | (#22320290)

You could boot from a floppy or a CD and mount the whole disk (/dev/sda) as your root filesystem. Dunno if TrueCrypt supports this out of the box.

Re:Independence from Kernel Internals? (2, Informative)

Maljin Jolt (746064) | more than 6 years ago | (#22320354)

It is also, of course, impossible that it encrypts the *entire* disk. It may encrypt all the partitions your running system uses, but unless your BIOS has encryption support (which it doesn't), you can't have an encrypted boot partition.

Your concept of impossible is, of course, a little bit flawed, for I have at least 5 *entire* disks encrypted in this single box I am writing on. And some of them has no partitions, just a filesystem over raw disk.

Re:Independence from Kernel Internals? (4, Informative)

CarpetShark (865376) | more than 6 years ago | (#22320426)

unless your BIOS has encryption support (which it doesn't), you can't have an encrypted boot partition.


Of course you can. You just can't have an encrypted MBR... unless you boot from a floppy or a USB drive you keep on your person, or something like that. Note that bios limitations can also be circumvented with linuxbios ;)

Re:Independence from Kernel Internals? (1)

AmiMoJo (196126) | more than 6 years ago | (#22320674)

That isn't entirely accurate. You can encrypt the boot partition, just not the boot record part which contains executable code. The code is driver for Truecrypt volumes that allows Windows to access them for booting the OS. All the files on the boot partition are encrypted, and the key is not stored anywhere.

Re:Independence from Kernel Internals? (0)

Anonymous Coward | more than 6 years ago | (#22320736)

No, you are wrong. It can encrypt all of the partitions, system drive included. I haven't actually used TrueCrypt 5, but having read their blurb I am 100% certain that they replace the boot-loader. Their code will prompt for a password before the system starts loading, patch the BIOS functions with custom encryption-aware code and perform on-the-fly encryption for ALL disk operations. That means the boot drive can be encrypted.

This is quite straight forward in theory, but really, really difficult in practice (not least of all because you only have 500 or so bytes of code to play with in the boot-block). If they've pulled it off, and this works, it is a massive thing - enterprise software to do this kind of work costs hundreds of dollars per user.

Independence from kernel internals means that TrueCrypt hopefully won't break every time the Kernel is patched, which I believe has been a problem in the past. I guess they have created some kind of bare-bones ABI in the kernel source that can be re-compiled without needing to recompile TrueCrypt. Now stop being dumb-asses!

The final excuse. (5, Interesting)

Anonymous Coward | more than 6 years ago | (#22319976)

That removes the last excuse people have for not encrypting everything..."It is too complicated". Total encryption with a password at bootup...couldn't be simpler.

Re:The final excuse. (5, Insightful)

stevie.f (1106777) | more than 6 years ago | (#22320134)

Nope, the last excuse for people is "What's encryption?"

Re:The final excuse. (1)

chord.wav (599850) | more than 6 years ago | (#22320226)

Simpler uh? Expect more of the "Duh, I don't remember my password" problems, then.

Never underestimate stupid people, specially on large groups.

Re:The final excuse. (1)

somersault (912633) | more than 6 years ago | (#22320604)

But then you finally have a good reason to buy a supercomputer (to crack the passwords)! Or, alternatively, you could write them all down and put them in a safe.

Re:The final excuse. (1)

n6kuy (172098) | more than 6 years ago | (#22320638)

No problem.
It's written on a piece of paper stuck to the bottom of your laptop.

Re:The final excuse. (1)

Lumpy (12016) | more than 6 years ago | (#22320768)

SILLY! write the password on the bottom of your laptop!

Re:The final excuse. (5, Informative)

Lord Ender (156273) | more than 6 years ago | (#22320404)

No. Encryption imparts serious performance penalties. Normally, things like DMA allow you to transfer data directly from your disk to your RAM, another disk, or another device. With encryption, every bit must pass through the CPU to do crypto on it. It some cases, that is a very noticeable delay. At our company, that delay was too long for some purposes, so I had them use DriveLock instead, which has no performance penalty.

Re:The final excuse. (2, Insightful)

mi (197448) | more than 6 years ago | (#22320834)

A reasonable compromise would be to encrypt only the "interesting" data — such as the /home partition and, maybe, the /var/log (or simply make sure the particular log-files you wish to protect — such as maillog — reside on the encrypted /home).

Whoever tries to crack your laptop is unlikely to be interested in the standard-issue binaries you may have installed...

Re:The final excuse. (4, Interesting)

phantomcircuit (938963) | more than 6 years ago | (#22320876)

All I have to say is this [technocrat.net] .

Re:The final excuse. (1)

maxume (22995) | more than 6 years ago | (#22320550)

What about 'my data is more valuable to me than it is to anyone else'? I'm pretty sure that's a good reason not to bother with encryption.

Respectfully disagree. (1)

seeker_1us (1203072) | more than 6 years ago | (#22320824)

The final excuse is "encryption slows the computer down too much." Whether this is true or an excuse, depends upon the user's circumstances and need for security.

a pity the British government won't use it (4, Funny)

tolworthy (1205778) | more than 6 years ago | (#22319978)

It's not by Microsoft. Plus they don't have much data left to lose.

Mirror, mirror, on the wall... (0)

Anonymous Coward | more than 6 years ago | (#22319984)

Truecrypt.org took a fall.

Mirror anyone?

Re:Mirror, mirror, on the wall... (2, Informative)

Library Spoff (582122) | more than 6 years ago | (#22320188)

You can ONLY download from truecrypt.org. According to the sourceforge page anyway...

if truecrypt.org is still down (-1)

Anonymous Coward | more than 6 years ago | (#22320002)

Re:if truecrypt.org is still down (2, Informative)

Sal Zeta (929250) | more than 6 years ago | (#22320062)

Too Bad that for some reasons they refuse to upload any files on the sourceforge server. There is only a "the files are only on truecrypt.org.html" available.

Re:if truecrypt.org is still down (4, Informative)

leuk_he (194174) | more than 6 years ago | (#22320528)

5.0

February 5, 2008

            New features:

        *

            Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
        *

            Pipelined operations increasing read/write speed by up to 100% (Windows)
        *

            Mac OS X version
        *

            Graphical user interface for the Linux version of TrueCrypt
        *

            XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).

            Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.
        *

            SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).

            Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select 'Volumes' > 'Set Header Key Derivation Algorithm'.

            Improvements, bug fixes, and security enhancements:

        *

            The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).
        * Many other minor improvements, bug fixes, and security enhancements. (Windows and Linux)

            If you are using an older version of TrueCrypt, it is strongly recommended that you upgrade to this version.

4.3a.......

==============
System Encryption

TrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots (a TrueCrypt-encrypted system drive may also contain non-system partitions, which are encrypted as well).

System encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), swap files, etc., are permanently encrypted. Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well.

System encryption involves pre-boot authentication, which means that anyone who wants to gain access and use the encrypted system, read and write files stored on the system drive, etc., will need to enter the correct password each time before Windows boots (starts). Pre-boot authentication is handled by the TrueCrypt Boot Loader, which resides in the first cylinder of the boot drive.

Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running (while the system is being encrypted, you can use your computer as usual without any restrictions). Likewise, a TrueCrypt-encrypted system partition/drive can be decrypted in-place while the operating system is running. You can interrupt the process of encryption or decryption anytime, leave the partition/drive partially unencrypted, restart or shut down the computer, and then resume the process, which will continue from the point it was stopped.

To encrypt a system partition or entire system drive, select System > Encrypt System Partition/Drive and then follow the instructions of the wizard. To decrypt a system partition/drive, select System > Permanently Decrypt System Partition/Drive.

The mode of operation used for system encryption is XTS (see the section Modes of Operation). For further technical details of system encryption, see the section Encryption Scheme in the chapter Technical Details.
=======
Operating Systems Supported for System Encryption

TrueCrypt can currently encrypt the following operating systems:

        * Windows Vista

        * Windows Vista x64 (64-bit) Edition

        * Windows XP

        * Windows XP x64 (64-bit) Edition

        * Windows Server 2003

        * Windows Server 2003 x64 (64-bit)

Re:if truecrypt.org is still down (3, Informative)

Scott Lockwood (218839) | more than 6 years ago | (#22320076)

IMPORTANT: Official TrueCrypt distribution packages can be downloaded only from www.truecrypt.org (above, select 'Project' > 'Web Site')


You Fail It.

Re:if truecrypt.org is still down (3, Informative)

base3 (539820) | more than 6 years ago | (#22320106)

Thanks, but the packages are not available to download from SourceForge. "IMPORTANT: Official TrueCrypt distribution packages can be downloaded only from www.truecrypt.org (above, select 'Project' > 'Web Site') Notes"

How to DDoS your favorite open source project. (3, Funny)

Scott Lockwood (218839) | more than 6 years ago | (#22320022)

Step 1: Post on Slashdot
Step 2: ???
Step 3: Profit!

Re:How to DDoS your favorite open source project. (1)

Loibisch (964797) | more than 6 years ago | (#22320306)

This particular news item was probably submitted by a puppet of the *IAA...

Re:How to DDoS your favorite open source project. (0)

Anonymous Coward | more than 6 years ago | (#22320398)

It's not /.'ed.
The contents are encrypted, duh.

Site (0, Offtopic)

w3bd4wg (938648) | more than 6 years ago | (#22320042)

Does not Slashdot notify the site owner of the post?

Re:Site (1)

Rob T Firefly (844560) | more than 6 years ago | (#22320094)

The few zillion referrer tags coming from this URL is sort of an "OH HAI GUYZ!"

Re:Site (1)

shakestheclown (887041) | more than 6 years ago | (#22320422)

Where are the Snowdens of yesteryear?

One thing annoys me: (4, Interesting)

imsabbel (611519) | more than 6 years ago | (#22320048)

They have to option to convert boot drives to encrypted drives... even while the system is running.
Thats nice.

But how about converting non-boot drives?
Doesnt seem to be possible.

Not everybody starts with a blank sheet, or has double the needed capacity to empty first one HD and then another...

Re:One thing annoys me: (1)

Grym (725290) | more than 6 years ago | (#22320162)

Converting non-boot drives seems like a fringe use, honestly. Most people can just make a new truecrypt volume and then mount like normal. For everyone else, move the files temporarily onto DVD-R/CD-R media, create a truecrypt volume, then move the files into the new truecrypt volume. Problem solved.

-Grym

Re:One thing annoys me: (0)

Anonymous Coward | more than 6 years ago | (#22320436)

And remember to microwave the DVDs/CDs after your finished with them, if it's information you want to keep secret.

Re:One thing annoys me: (1)

Firehed (942385) | more than 6 years ago | (#22320590)

That's still a pain in the ass if they can already do it on the drive you're running from. Surely that's much more complicated than encrypting data that's NOT loaded as part of your kernel.

I'd be much more likely to convert a non-boot drive to full encryption anyways. I find typing a password in enough of a pain so a nice, long, secure passphrase would drive me nuts on bootup. I'd much rather just store any sensitive data on a second disk - not only does that mean I'm not completely hosed if I forget the passphrase (or make a typo while pounding out a paragraph while I'm in a hurry), but I can easily physically separate the encrypted sensitive data so it never has to go offsite.

Re:One thing annoys me: (1)

Jugalator (259273) | more than 6 years ago | (#22320938)

Yes, granted it would be safer security-wise to encrypt the system drive than going through the trouble of ensuring the system doesn't store anything sensitive on it without your knowledge.

However, if the encryption is only about personal documents, mails, and simple things like that, and you don't need "deep" encryption of various stuff that may risk ending up on the system drive without your knowledge, I would also rather encrypt a non-system drive. That way, you would as you say not always have to enter a passphrase, and also gain a lot of performance boosts since an operating system that's running encrypted (swap file and all) could have a noticeable performance penalty.

Re:One thing annoys me: (1)

HP-UX'er (211124) | more than 6 years ago | (#22320884)

don't forget to destroy the media afterwards!

Re:One thing annoys me: (3, Insightful)

hey! (33014) | more than 6 years ago | (#22320328)

That doesn't seem so important to me.

If you want something encrypted, you put it on a truecrypt drive; you can move it from the original drive to the truecrypt drive, then juggle the drive letters if you use windows, the mount points otherwise. The only thing that can't get this treatment is the boot drive, therefore (uniquely) you have an absolute need for a way to encrypt that while it is running.

Re:One thing annoys me: (2, Insightful)

waddleman (1230926) | more than 6 years ago | (#22320512)

Assuming there is free space to move data between and have room for a new partition. While not critical, still an inconvience

Re:One thing annoys me: (0)

Anonymous Coward | more than 6 years ago | (#22320886)

What do you mean with "truecrypt drive" -- a TC image file or an external hard drive?

Because if you have the scenario with a 160 GB data drive with 100 GB in use and no large enough external hard drive lying around, you won't have space to move the unencrypted data to the encrypted storage if you intend to use an encrypting image to move to. Note that TC do NOT support "growing" volumes, but only static ones. So you'd really want to make the 160 GB TC image in one go if you intend to use image files. And then you'd have to use something like DVD's as temporary storage...

Re:One thing annoys me: (1)

TheSkyIsPurple (901118) | more than 6 years ago | (#22320950)

I know we'd be interested in this, but we need something that can be rolled out to tens of thousands of machines automatically, encrypts in the background with minimal hassle to the user, won't lose data if power is lost during encryption, and will resume automatically after the system comes back on.

Our current Windows-only solution does that, so the Macs get left untouched... which works out OK for me, but is technically a problem =-)

Risky? (0)

Anonymous Coward | more than 6 years ago | (#22320668)

What are the chances I could break my system with this? I'm dual-booting Vista and Ubuntu with Grub. Does TrueCrypt add it's own bootloader, and will this play nice with Vista/Ubuntu?

Download here (as the site seems down atm) (3, Informative)

_bug_ (112702) | more than 6 years ago | (#22320064)

http://sourceforge.net/projects/truecrypt/ [sourceforge.net]

Press release here [sourceforge.net] .

We are pleased to announce that TrueCrypt 5.0 has been released. Among the new features are the ability to encrypt a system partition or entire system drive (i.e. a drive where Windows is installed) with pre-boot authentication, pipelined operations increasing read/write speed by up to 100%, Mac OS X version, graphical interface for the Linux version, XTS mode, SHA-512, and more.

After four years of development, during which millions of people downloaded a copy of TrueCrypt, it is the only open-source disk encryption software that runs on Windows, Mac OS X, and Linux. The newly implemented ability to encrypt system partitions and system drives provides the highest level of security and privacy, as all files, including any temporary files that Windows and applications create on system drives (typically, without the user's knowledge or consent), swap files, etc., are permanently encrypted. Large amounts of potentially sensitive data that Windows records, such as the names and locations of files opened by the user, applications that the user runs, etc., are always permanently encrypted as well. For more information, please see http://www.truecrypt.org/docs/?s=version-history [truecrypt.org]

Re:Download here (as the site seems down atm) (2, Interesting)

base3 (539820) | more than 6 years ago | (#22320130)

You can't get the distribution from SourceForge. The download page only contains text directing the would-be downloader to truecrypt.org.

Re:Download here (as the site seems down atm) (1)

Shabbs (11692) | more than 6 years ago | (#22320142)

Sourceforge no longer carries the latest versions. Distribution is only via truecrypt.org. We'll have to wait the Slashdotting out.

Re:Download here (as the site seems down atm) (0)

Anonymous Coward | more than 6 years ago | (#22320148)

http://superb-west.dl.sourceforge.net/sourceforge/truecrypt/IMPORTANT--Official_TrueCrypt_distribution_packages_can_be_downloaded_only_from_www.truecrypt.org.html [sourceforge.net]

As of November 2, 2005, all official TrueCrypt distribution packages can be downloaded only at:

http://www.truecrypt.org/downloads.php [truecrypt.org]

SourceForge.net mirror servers are no longer used. For more information, visit www.truecrypt.org

In case you have messy hair (1)

jeric23 (1154589) | more than 6 years ago | (#22320384)

And no mirror, try file hippo ( http://www.filehippo.com/download_truecrypt [filehippo.com] ).
If that somehow fails you, or want to download it even faster. Try the P2P channel, I hear that's a popular one these days. Check your local listings for TrueCrypt v5.

What about wake up? (4, Interesting)

unbug (1188963) | more than 6 years ago | (#22320072)

I almost never turn off my laptop, I just close the lid. Will it ask me for a password when it wakes up again?

Re:What about wake up? (1)

smooth wombat (796938) | more than 6 years ago | (#22320144)

If it's anything like SafeBoot, no. Would you want to have to put in a username and password twice every time your laptop went to sleep?

The way SafeBoot works you only have to get past it once, when your machine starts, then you log onto the domain.

Re:What about wake up? (4, Informative)

apathy maybe (922212) | more than 6 years ago | (#22320152)

In Windows at least (not sure with the other versions), you can set it to dismount mounted volumes whenever certain ACPI events (lid closing, suspend or hibernate etc.) happen.

This forces you to re-enter your password to access the volume.

Of course, you should have an option in your OS to ask you for your login password whenever you close and then open your lid as well.

Re:What about wake up? (0)

unbug (1188963) | more than 6 years ago | (#22320340)

Of course, you should have an option in your OS to ask you for your login password whenever you close and then open your lid as well.
I don't see how that helps. Simple way of circumventing this:

  • Wake up laptop, do not try to log in on the console.
  • Hook it up to a network.
  • Log in remotely, exploiting a vulnerability in the OS (every OS has one).
  • Access encrypted drive.
Not asking for a password on wake up looks like a huge security hole to me.

Re:What about wake up? (2, Informative)

twoshortplanks (124523) | more than 6 years ago | (#22320184)

No, but you should have a screensaver that won't let you use the computer unless you enter a password.

Normally this wouldn't offer complete protection - you could just reboot from a system disk and access the filesystem, but with truecrypt (or FileVault, or any of the other encrypted file system solutions) they can't do this.

Re:What about wake up? (1)

binaryspiral (784263) | more than 6 years ago | (#22320324)

I think you're missing the point. The data continues to be encrypted - even if your operating system is using it.

So if your computer is in sleep mode or has a screen saver - you need to password protect your computer so that you control who accesses your data and apps.

If I wanted your data, and I didn't know your password - I would get your entire drive (either by stealing it, booting up with a liveCD, or image it to another drive). Now I can't even do that because the data is encrypted on the disk, not just password protected by the OS.

Re:What about wake up? (1)

Lord Ender (156273) | more than 6 years ago | (#22320444)

Unless the thief is specifically targeting your data, the computer will have to make it through the black market, and the battery will die before someone who knows what they are doing gets their hand on your PC.

Re:What about wake up? (1)

Exp315 (851386) | more than 6 years ago | (#22320746)

I agree, that's the key weakness in Truecrypt. I hibernate both my desktop and laptop systems, and mounted Truecrypt drives remain mounted with no need to re-enter the password no matter how much time has passed. A data thief would have no problems. I think Truecrypt needs a review of their real-world security. And BTW, I've run into bugs with previous versions of Truecrypt used to encrypt USB drives where it suddenly stopped accepting the password and I lost access to the data. Nothing vital lost, but enough to scare me off using Truecrypt again.

download link (0, Redundant)

treak007 (985345) | more than 6 years ago | (#22320164)

The site is down, but the sourceforge page is not.

http://sourceforge.net/projects/truecrypt/ [sourceforge.net]

Re:download link NOT (0)

Anonymous Coward | more than 6 years ago | (#22320284)

If you'd take a moment and actually LOOK at their Sourceforge entry, you'd not have posted this. Here's what it says there:

IMPORTANT: Official TrueCrypt distribution packages can be downloaded only from www.truecrypt.org (above, select 'Project' > 'Web Site')

So - no Truecrypt 5 until http://www.truecrypt.org/ [truecrypt.org] is back up. Sit tight folks.

Finally a Linux GUI :) (2, Interesting)

Loibisch (964797) | more than 6 years ago | (#22320214)

I've been waiting for this release. I know that real men use the command line for each and everything including brewing their morning coffee, but I was really looking forward to the graphical user interface. :) Of course, thanks to Slashdot now the site (which has been dead slow all day) has now been blasted out of orbit...

Ah well, maybe the storm will be over till I'm home.

Re:Finally a Linux GUI :) (1)

Hatta (162192) | more than 6 years ago | (#22320504)

I've been waiting for this release. I know that real men use the command line for each and everything including brewing their morning coffee

Holy shit, you can do that?! And I've been weighing, grinding, and pouring my own coffee by hand. This is one time I really wouldn't mind being replaced by a very small shell script.

Re:Finally a Linux GUI :) (1)

Loibisch (964797) | more than 6 years ago | (#22320738)

Sure you can, here you go: HTML version [linux.com] | text version [slackwaresupport.com]

My favorite part must be from the "device driver" section:

Just read kernel hacker's guide, implement a device driver (it could even be user space I think). Please compile it as a module, so that we won't need a kernel compile in every update. Then write:
        echo cappuccino > /dev/coffee
And you will have a hot cup of coffee in minutes! Remember to give the right permission to /dev/coffee, depending on whether you want only root making coffee or not.
Have fun setting that one up. :)

Dual boot? (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22320272)

How well does this play with with the other *legitimate* operating system you might have on the computer? Would you be locked out of a drive on the other?

Will the karma whores . . . (0)

Anonymous Coward | more than 6 years ago | (#22320322)

. . . please quit linking to SourceForge. The download packages ARE NOT AVAILABLE THERE, as would be obvious if the posters had bothered to look before trying to farm points.

Mac version??? (1)

Rufty (37223) | more than 6 years ago | (#22320374)

Is the long promised OSX version out yet? Or still vapourware???

Hard Drive Read/Write Times (2, Interesting)

sjaguar (763407) | more than 6 years ago | (#22320386)

As someone who has never used a full-drive encrypted, how does this impact hard drive access? Will reads/writes be noticeably slower (assuming a relatively new drive)? Will this affect utilities such as a defragmenter or disk checker? How much slower will boot up be? What about memory or CPU usage?

I am all for more security. But, if it slows my laptop down to the point of un-usability....

Downloading (3, Funny)

margam_rhino (778498) | more than 6 years ago | (#22320402)

I will just wait until you pesky North Americans are in bed and download in the morning UK time, ha ha. Wait, no, everyone forget I said that! Aww, now you all will try then.

OT -- what's the state of flash encryption? (1)

swb (14022) | more than 6 years ago | (#22320408)

Like for USB drives?

Are there any standalone encryption systems that don't require software install on the host environment but can "mount" an encrypted disk file on a USB drive?

Re:OT -- what's the state of flash encryption? (1)

Thyamine (531612) | more than 6 years ago | (#22320706)

It seems to me that you'd have to have software installed or part of any system you wanted to access that USB/removable media on. Otherwise the system won't recognize that it's encrypted and see gibberish, or won't know how to decrypt it at best. I know that some USB drives (at least the thumb drives) come with small applications for just that purpose, but you have to install it on each system you want to run it, and I don't know how secure it is as I've never used it myself.

Encryption is for terrorists. (2, Funny)

w3bd4wg (938648) | more than 6 years ago | (#22320442)

http://www.truecrypt.org/downloads/transient/9b6d4c43d4/TrueCrypt%205.0%20Source.zip [truecrypt.org] Forbidden You don't have permission to access /downloads/transient/9b6d4c43d4/TrueCrypt 5.0 Source.zip on this server. Apache/1.3.34 Server at www.truecrypt.org Port 80 I cannot get the source. The NSA has removed it.

Features-Changes List from Truecrypt.org: (0)

Anonymous Coward | more than 6 years ago | (#22320468)

5.0

February 5, 2008

New features:

* Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)

* Pipelined operations increasing read/write speed by up to 100% (Windows)

Mac OS X version

* Graphical user interface for the Linux version of TrueCrypt
* XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).

Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.

* SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).

Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select 'Volumes' > 'Set Header Key Derivation Algorithm'.

Improvements, bug fixes, and security enhancements:

* The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).

* Many other minor but dickalicious improvements, bug fixes, and security enhancements. (Windows and Linux)

If you are using an older version of TrueCrypt, it is strongly recommended that you upgrade to this version.

Linux 64bit? (2, Informative)

Wubby (56755) | more than 6 years ago | (#22320552)

Any word on 64bit binaries for Linux? I've compiled the Non-gui version without issue before, but with a gui, things get more complicated. GTK/KDE? Which libraries? etc etc etc etc etc

FIPS 140-2? (2, Interesting)

soboroff (91667) | more than 6 years ago | (#22320662)

Are they planning to submit their system for FIPS 140-2? The US OMB decreed that most laptops must be encrypted with full-disk FIPS 140-2-compliant encryption, but the only certified tools for this exist for Windoze. The algorithms used are fine, but this stamp of approval would be very useful for federal Linux and Mac users!

!slashdotted (1)

Nimey (114278) | more than 6 years ago | (#22320664)

The site is back up & is actually responding pretty quickly.

I will always encrypt (5, Interesting)

Bobb Sledd (307434) | more than 6 years ago | (#22320764)

Being in the US, I have become so paranoid now that I encrypt everything with TrueCrypt. Whether it's MP3's, DVDs or pr0n or just simply my web browser cache, it all goes into the encrypted file. Long hard password and keyfiles, and then I also use hidden volumes.

And one big big big reason I use encryption: Usenet. I often use NewsBin to indiscriminately download all the binaries in a given group. I think this is very dangerous. And many times you get some very illegal junk you just don't want lying around -- but I can't get to it for several days to manually filter through it. ISPs get the benefit of being an ISP and not having to filter their caches for content; I do not get that same benefit. If I get caught with something I shouldn't have, it's jail time.

So if it comes up that I had inadvertently downloaded some kiddie pr0n through Usenet newsgroup (which is often mixed in with legitimate stuff), and my machine gets searched, I want some protection. And both: the things I downloaded and the things I have deleted simply CAN NOT be found.

ZFS Encryption (1)

FunkyELF (609131) | more than 6 years ago | (#22320786)

There was a point where I wanted to build a RAID-5 system and use LUKS / dm-crypt. Seemed like too many layers, too many places for something to go wrong if one phantom bit got flipped. Once ZFS gets encryption I'll build myself a nice new file server.

a Mac version (1)

wiredog (43288) | more than 6 years ago | (#22320844)

That's already built in to the Mac OS, as it should be. Just use FileVault.

Ooooopsss (1)

ClooD (749552) | more than 6 years ago | (#22320916)

Where is the "I lost my hard drive password" link?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?