The software is used to create encrypted partitions on hard drives, or create virtual encrypted disks within a file. Once encrypted, the data stored on a partition requires a password to access. TrueCrypt was a popular means of disk encryption on both Mac OSX and Windows operating systems with millions of users.
After its anonymous developers ditched TrueCrypt under somewhat mysterious circumstances, theories swirled about potential security flaws that could compromise users’ data. The most damning came from Google’s Project Zero security team, which uncovered two previously unknown vulnerabilities. One of them allows an application running with normal user privileges to escalate those privileges to an administrative level.
Is TrueCrypt secure?
In 2015, the Fraunhofer Institute for Secure Information Technology conducted a formal audit of the last stable release of TrueCrypt. The 77-page report found several other bugs in TrueCrypt, but ultimately determined that the software is secure when used for its primary use case. That is, to encrypt data at rest such as on an external hard drive or USB drive. The Institute acknowledged that the bugs uncovered by Google do exist, but they can not be exploited to give attackers access to encrypted data.
While encrypting data on an external drive got the Institute’s all clear, the same task on a computer’s memory or a mounted drive did not. If a drive is mounted, the key used to encrypt data is stored in the computer’s memory. That key can be recovered and used to decrypt data at a later time.
Still, the likelihood of a hacker taking advantage of these circumstances is pretty slim. Either the encrypted container must be mounted, in which case the decrypted data is available anyway, or the computer must go into hibernation with the encrypted container mounted. If someone accesses a computer while an encrypted container is open, then that’s game over anyway. Otherwise, users must not allow computers with encrypted, mounted drives to hibernate while an encrypted container is open.
Should I use TrueCrypt?
If you have an older system with one of the original versions of TrueCrypt installed, and you’re not using it on unmounted drives, you should be in the clear barring the unlikely scenarios above. TrueCrypt is slightly less secure for mounted drives for the reasons described above.
But if you don’t already have TrueCrypt, then downloading and installing it now could put you at risk. Remember that the software was officially discontinued over two years ago, and hasn’t officially been available for download since. While some websites and torrents claim to offer a genuine copy of TrueCrypt for download, there’s little means to know whether it has been tampered with, especially if you’re not a software expert.
Some users point to archived copies available on Github, where the code can be freely audited. But most of those repositories haven’t been audited by experts because doing so is a time-consuming and costly procedure. The Open Crypto Project says one Github repository, a copy of TrueCrypt 7.1, is verified.
While there’s no evidence to support such a claim, some users say the security of TrueCrypt contains backdoors for government officials.
If you’re really set on using TrueCrypt, that’s probably your best bet. But we recommend trying a newer alternative. Some of these disk encryption tools are forks of the original TrueCrypt, while others were developed separately.
Here’s a brief breakdown, with more details on each below:
- VeraCrypt is open-source and code audited, improves on TrueCrypt, works on Mac and PC, and allows creation of encrypted containers
- Bitlocker is built into Windows, is not open-source, only encrypts full disks, and has no plausible deniability mechanism
- DiskCryptor is a Windows-only tool, is open source but not audited, allows the bootloader to be installed on a USB or CD, and works faster than others
- Ciphershed is another TrueCrypt fork, works with old TrueCrypt containers, is slow with updates, and works on Mac, PC, and Linux
- FileVault 2 is built into Mac OSX Lion and later, only allows full disk encryption, and is not open source
- LUKS is an open-source option for Linux, supports multiple algorithms, but does not offer much support for non-Linux systems
VeraCrypt is a fork of TrueCrypt and is widely considered its successor. It performs all of the same functions as TrueCrypt and then some. VeraCrypt adds security to the algorithms used for system and partitions encryption. These improvements make it immune to new developments in brute-force attacks, according to developers. You can find a full list of improvements and corrections that VeraCrypt made on TrueCrypt here.
VeraCrypt uses 30 times more iterations when encrypting containers and partitions than TrueCrypt. This means it takes a bit longer for the partition to start up and containers to open, but does not affect application use.
VeraCrypt is free and open source, and it always will be. The code is routinely audited by independent researchers. Because it is, at its core, very similar to TrueCrypt, audits of the original software still apply to VeraCrypt.
VeraCrypt supports two types of plausible deniability–the existence of encrypted data is deniable because an adversary cannot prove that unencrypted data even exists. Hidden volumes reside in the free space of visible container volumes–space which would otherwise be filled with random values if the hidden volume did not exist. Hidden operating systems exist alongside visible operating systems. If an adversary forces you to hand over a password, you can just give them the password for the visible OS.
Bitlocker is popular Windows-only software used to encrypt entire volumes using the AES encryption algorithm with a 128- or 256-bit key. Unlike TrueCrypt and VeraCrypt, Bitlocker cannot create encrypted containers. Entire partitions must be encrypted at once.
While this approach works for some people, keep in mind that if you leave your computer logged in and someone else uses it, all of your files will be visible. Windows has a separate encryption system called EFS (encrypted file system) for encrypting single files and folders, but these are also unlocked whenever the user is logged in.
Bitlocker is not open source, which means the public cannot inspect it for backdoors. Due to Microsoft’s friendly relationship with the NSA, this could be a deal-breaker for many. Concerns were also raised when Microsoft removed the Elephent Diffuser–a feature that prevents encrypted disk modification–for performance reasons.
Bitlocker does not have a plausible deniability mechanism, although you could make the argument that the contents of your hard drive were modified because of the missing Elephant Diffuser. That’s a stretch, though.
Bitlocker verifies that attackers haven’t modified the software used to boot the computer.
DiskCryptor is another Windows-only full disk encryption solution. Relative to the above options, very little formal security analysis has been performed on DiskCryptor even though it’s open source. We also don’t know much about the authors and their motives. Skepticism as to whether the software is truly sound runs high. So why is it popular?
DiskCryptor is fast and easy to use. It requires far fewer computing resources and encrypts faster than TrueCrypt. DiskCryptor uses 256-bit AES, Twofish, Serpent or a combination of cascaded algorithms in XTS mode to carry out encryption. Serpent is reportedy the fastest.
DiskCryptor supports encryption of external devices including hard drives, USB drives, CDs, and DVDs. It supports several multi-boot options.
If you’re hiding something from the NSA, DiskCryptor probably is not the best option. But it should work fine if your computer is stolen or a nosy nephew tries to access your files.
DiskCryptor plausible deniability feature allows you to install a computer’s bootloader onto a USB drive or CD. Without the bootloader, the encrypted contents of a computer’s hard drive look like blank space with random data. The downside to this approach is you must always use the CD or USB bootloader to start the computer and decrypt data.
Like VeraCrypt, CipherShed started as a fork of TrueCrypt. It’s available for Windows PC, Mac OSX, and Linux, although it must be compiled for the latter two. The first non-alpha version was released in February this year, but there’s still no product (v1.0 or later) release.
Development seems to be much slower than VeraCrypt, but it is inching forward. The faults in TrueCrypt have been patched.
Other than being further behind in development, CipherShed doesn’t differentiate itself much from VeraCrypt. You can perform full disk encryption or create encrypted containers.
One upside is that CipherShed can be used with TrueCrypt containers, while the newer versions of VeraCrypt are not. VeraCrypt’s increased key derivation (the iterations mentioned above) make it incompatible with TrueCrypt containers, but arguably more secure as well.
CipherShed relies on hidden volumes–just like VeraCrypt–for plausible deniability.
FileVault 2 is Apple’s answer to Bitlocker. First launched with OSX Lion, the Mac-only software uses an AES-XTC 128-bit algorithm for full disk encryption. The user’s login password is used as the encryption key.
Similar to Bitlocker, FileVault 2 has no option to create encrypted containers. That means once you’ve logged into your Macbook, all of the hard drive’s data is unencrypted and visible until the system is powered down.
Another shared similarity to Bitlocker: FileVault 2 is not open source. That means it cannot be audited by the public and may contain backdoors.
For Linux users, LUKS is based on cryptsetup and uses dm-crypt as the disk encryption backend. Short for Linux Unified Key Setup, LUKS specifies a platform-independent standard on-disk format for use in various tools.
LUKS doesn’t have all the features of VeraCrypt or other options, but it offers more flexibility when it comes to encryption algorithms.
LUKS doesn’t travel well between operating systems and only really works well for Linux, although Windows users can access LUKS-encrypted disks using LibreCrypt.
LUKS does not support plausible deniability.
A final note on plausible deniability
Don’t pick your encryption software based on its plausible deniability mechanism. While it’s a nice bonus, it’s a weak defense.
In terms of disk encryption, plausible deniability means no one can prove there is encrypted data on your computer because the encrypted data looks the same as no data at all–just random noise.
The problem is that the noise can look a little too random, and a keen expert can spot other signs that a disk has been encrypted (this is called “entropy analysis”). The debate of whether plausible deniability would actually hold up either in a court of law or a torture chamber is highly debatable.
“Bank vaults under Hotels in Toronto, Ontario” by Jason Baker licensed under CC BY 2.0