TrueCrypt - Freeware Encryption Tool :

A place to talk about Encryption and how to crack it !
User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Sun Apr 14, 2013 3:04 pm

This is the best of the best among encryption tools.
It can encrypt a container file or an entire disk, including OS disk.
If you are thinking about encrypting something, then look at this tool !

http://www.truecrypt.org/
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

Re: TrueCrypt - Freeware Encryption Tool :

Postby LostAdaptives » Tue Jun 10, 2014 8:35 pm

Hi Spildit

I would like to know your opinion about what recently happened to TrueCrypt...

I mean what the REAL underlying causes may be in you opinion ?

If the products contains vulnerabilities the reasonable thing to do is to FIX them, NOT to close the project...
May be the developer has been "contacted" by some "dark" people that came in some black car :-)


Also...

Take a look to the fork project called "VeraCrypt"
https://veracrypt.codeplex.com/
https://veracrypt.codeplex.com/

It seems an improvement in some aspects (improved anti-bruteforcing, improved number of iterations on crypto algorytms)

For example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much more harder for an attacker to gain access to the encrypted data.


regretfully it doesn't support Linux (yet)...

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

Re: TrueCrypt - Freeware Encryption Tool :

Postby LostAdaptives » Tue Jun 10, 2014 9:01 pm

Also


for those who couldn't download the TrueCrypt in time (the current version in the original site is NOT the original one and now cannot encrypt, only decrypts= :


http://truecrypt.ch/

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Tue Jun 10, 2014 10:09 pm

Uhmm....

I was not even aware that TrueCrypt project had ended.

I've just checked the project web page and it makes sense.

Without wanting to start a conspiracy theory, what they stated is that the WinXP support ended, and the other windows platforms have integrated encryption, so because they don't want to develop and patch further the truecrypt software, they consider it "unsafe".

This doesn't even mean that the software have flaws, it just means that further develop ended and if some flaws are discovered in the future they will not be patched and you might end up with a false sense of security.

You stated that the truecrypt software can no longer encrypt ? Did you try this ?

http://sourceforge.net/projects/truecry ... e/download

I'm not feeling in the mood of using those versions, just in case.

If you have the older software from the time the project was still running, I guess that there is no point in using the "new" versions, just in case something fishy is going on .....

Without entering on the conspiracy mode, I think that if I were developing TrueCrypt and I wanted to stop developing it, this would be the way I would proceed.

If the TrueCrypt people were to be paid by some agency it would have been more likely that they would insert a backdoor on the software instead of stopping the project this way, because the majority of people will just run the software and will not bother to check the source code.
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Tue Jun 10, 2014 10:18 pm

I wouldn't use the "VeraCrypt", I would use older versions of TrueCrypt instead.

- TrueCrypt does work as I know for a fact that security agencies fought and loose against it, as long as the password is BIG and a combination of random letters and numbers not in the dictionary.

- VeraCrypt might look stronger but might as well have backdoors.

- Older versions of TrueCrypt like 7 will format the "encrypted" partition the same way newer version will do. That is why when you install 7.2 to open volumes done by 7.1 it will not say the volume is not safe and you should encrypt it in other way. Meaning that the software itself is improved, but the encrypted data would still be the same among those versions. If you can't crack one you can't crack the other, and you will have more chances not to be affected by a possible backdoor in older versions.

- Iterations of the key just mean that it will take more time to test them when you have less iterations. So it would take more time to brute force because the time to test each key is way bigger when you have more iterations. At any rate TrueCrypt have enough iterations to keep any bruteforce attacker busy, as long as you use a big key.
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Tue Jun 10, 2014 10:29 pm

I'm attaching TrueCrypt Setup 7.1a in case 7.2 doesn't encrypt or contain some sort of "unwanted" code.

At the time I'm publishing this there is no proof neither anything to believe that TrueCrypt have been cracked or it's no longer safe/secure to use.

TrueCrypt Setup 7.1a.rar
(2.58 MiB) Downloaded 247 times


By the way, this version is the one I have on my own computer and was installed some time ago, and the file was taken from the TrueCrypt original website when the project was still active. I didn't download this from any other place, so this is the original version, not modified in any way.

At this point downloading TrueCrypt from a 3rd party site might as well be a problem, as the code might have been modified by the 3rd party and compiled back to look like TrueCrypt and in fact backdoors might had been added.
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

Re: TrueCrypt - Freeware Encryption Tool :

Postby LostAdaptives » Wed Jun 11, 2014 1:34 pm

Spildit wrote:Uhmm....

I was not even aware that TrueCrypt project had ended.

I've just checked the project web page and it makes sense.

Without wanting to start a conspiracy theory, what they stated is that the WinXP support ended, and the other windows platforms have integrated encryption, so because they don't want to develop and patch further the truecrypt software, they consider it "unsafe".

This doesn't even mean that the software have flaws, it just means that further develop ended and if some flaws are discovered in the future they will not be patched and you might end up with a false sense of security.

You stated that the truecrypt software can no longer encrypt ? Did you try this ?

http://sourceforge.net/projects/truecry ... e/download

I'm not feeling in the mood of using those versions, just in case.

If you have the older software from the time the project was still running, I guess that there is no point in using the "new" versions, just in case something fishy is going on .....

Without entering on the conspiracy mode, I think that if I were developing TrueCrypt and I wanted to stop developing it, this would be the way I would proceed.

If the TrueCrypt people were to be paid by some agency it would have been more likely that they would insert a backdoor on the software instead of stopping the project this way, because the majority of people will just run the software and will not bother to check the source code.


Thanks for your view on this... I appreciate this I know that you are a lover of Cryptography as well as harddisks internals

When I saw that... well... I had to go to the bathroom, wash my face two times with cold water and went to read the screen again... I thought it was some king of April's fools thing or something of that kind...

I mostly agree... No I will not try the "newest" version ;)
https://en.wikipedia.org/wiki/TrueCrypt#cite_note-1
http://beta.slashdot.org/story/203161

The most obvious difference is that 7.2a will only decrypt files previously encrypted with earlier versions of TrueCrypt. 7.2a is crippled in that it cannot create new encrypted folders, files or whole disks. It was apparently engineered to be broken and serve only as a tool to recover previously encrypted volumes.

On the other hand, a OSS coder that has a HUGE community behind and just states (in present tense) "TrueCrypt not secure" and that's all.... uhmmm

he/she/they could have just said: We no longer have the resources (time/funds) to keep this project updated and /or Future Crypto research could lead to vulnerabilities in TrueCrypt due to a lack of project maintenance... But it says IT IS NOT SECURE (in present tense)

Also that "Windows support thing" stated by the authors makes little sense because TruEcrypt is also used in Linux/*nix instead of Bitlocker

I also have and had the original downloads taken from the beginning of the project.

I didn't want to imply that TrueCrypt developers (necessarily) work for any "INTEL" agency (pun intended ;-) ) but rather the opposite , I mean perhaps they didn't want to cooperate after being contacted by the "men in black suits" and closed the project. I Remember Lavabit @Edward Snowden case, etc

Regarding Police and FBI that couldn't break TrueCrypt => Yes This is correct if you use a strong long enough key or combine that with key files,


I still remember that banker case, and the FBI defeated etc ...

when they can "Break it" they really use other ways as memory auditing, leaked temporary files from office, etc, swap files audits, "evil maid attacks", cold boot attacks/RAM remanence, etc
...But the big INTEL agencies would (and in fact Do) sacrifice their small "sisters". NSA and CIA don't share most intel info and devels even with FBI sometimes even on critical National Security issues (no examples needed right? ;-)) Even the Congress nor the President (or PM in UK/AU) know most of the real activities of these NSA/NRO/GCHQ... guys (as stated by several insiders and whistle blowers)


Anyway TC It's one of the encryption systems I use

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Wed Jun 11, 2014 7:29 pm

Well, thanks for sharing your views as well.

Also security is relative. We must always try to define what we are trying to protect against.

In my particular case I'm not afraid that the FBI or NSA or whatever can crack my truecrypt volumes, what I'm afraid is that some street punk can steal my phone or laptop and decrypt the drive or volume and get the private text files with my passwords out of it.

As I'm not trying to "defend" against those "BIG" agencies, I feel comfortable to use TrueCrypt as up until now there is no info about a major exploit or "hack" that might be easily known by the general public and that can defeat TrueCrypt, so if someone gets hold of my phone or laptop it's more reasonable to assume they will delete the info rather then try to decrypt it, and for me that is reasonable enough.

There is no proof that the secret agencies doesn't have some sort of technology to defeat crypto, despite the fact that I think they can't unless they brute force (in case of a well implemented Crypto System like TrueCrypt). But of course if someone can crack it then it will be as well just a question of time for other people to figure out how to do so, assuming there is some weakness on he ciphers or implementation.
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

Re: TrueCrypt - Freeware Encryption Tool :

Postby LostAdaptives » Wed Jun 11, 2014 7:41 pm

Well, you already now that
some of the big agencies "may have" favoured algorythms that have some weakness and even inserted "cryyptographic shortcuts" in some of the welknown cryptography systems

NSA (RSA) NIST case, etc


http://en.wikipedia.org/wiki/NIST_SP_800-90A

http://www.pcworld.com/article/2082720/ ... versy.html

http://www.wired.com/2013/09/rsa-adviso ... algorithm/


This way they don't even need a huge building full of computers in parallel computing (or any "quantum technology" as some guys say)

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Wed Jun 11, 2014 8:02 pm

The good thing about TrueCrypt is that you can select a set of different ciphers for the same volume. That way if one cipher is broken or have a backdoor, the others will compensate for that, and there is no way to know that more that one cipher was used, so it will solve that problem as well, unless all ciphers that you use are broken, and even so the person attempting to crack it would have to know the ciphers that you had used and the order that you used as well.

Regarding quantum computer, yes, if quantum technology ever comes to exist, it will crack all crypto in a moment, as quantum computing by definition have the ability to try all the possible combinations of a key at once. So if it ever comes to exist it will be the end for our crypto. As Steve Gibson stated sometime ago on "Security Now" the analogy would be like a strong building/bank vault trying to defend against teleportation. If teleportation comes to exist the vaults of that kind will be useless. But we are as far as having teleportation as we are from having quantum computers :)
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

Re: TrueCrypt - Freeware Encryption Tool :

Postby LostAdaptives » Fri Jun 13, 2014 2:30 pm

Spildit wrote:I wouldn't use the "VeraCrypt", I would use older versions of TrueCrypt instead.

- TrueCrypt does work as I know for a fact that security agencies fought and loose against it, as long as the password is BIG and a combination of random letters and numbers not in the dictionary.

- VeraCrypt might look stronger but might as well have backdoors.

- Older versions of TrueCrypt like 7 will format the "encrypted" partition the same way newer version will do. That is why when you install 7.2 to open volumes done by 7.1 it will not say the volume is not safe and you should encrypt it in other way. Meaning that the software itself is improved, but the encrypted data would still be the same among those versions. If you can't crack one you can't crack the other, and you will have more chances not to be affected by a possible backdoor in older versions.

- Iterations of the key just mean that it will take more time to test them when you have less iterations. So it would take more time to brute force because the time to test each key is way bigger when you have more iterations. At any rate TrueCrypt have enough iterations to keep any bruteforce attacker busy, as long as you use a big key.


If the TrueCrypt project is continued as a fork by another team, etc (and hopefully re-audited again, (since apparently innocent changes such a simple assign inside comparison can be a covert "trapdoor") it would be nice to have increased iterations.

I like the mental game of thinking about the computer power I had ten or twenty years ago, and what we have now in any common Android Smart Phone with multicores and a GPU that seems out of a CGI studio. It's staggering...
I can Imagine a room full of racks as a "cheap" crypto-breaking farm full of small-sized (beaglebone/Raspberry size computers) or Blade-type in a bigger setup in some array-clustered parallelized configuration.


I took it as a Philosophy... it doesn't matter that you are not Snowden... or William Binney .... also... Who knows who you will be or where/whom will you work for in a few years...

Anyway, Essentially I Agree that this trend of "Over-kill" increasing of iterations have a "image/publicity" security feeling reassurance component...

...In Cryptography we need to take this thing of Key Iterations and related issues... with a grain of SALT ;) 8-)

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Fri Jun 13, 2014 6:22 pm

Well, thanks for the comment and I liked the grain of SALT joke (salting hashes to avoid rainbow table attacks) !

Regards.
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

Re: TrueCrypt - Freeware Encryption Tool :

Postby LostAdaptives » Fri Jun 13, 2014 7:29 pm

Spildit wrote:Well, thanks for the comment and I liked the grain of SALT joke (salting hashes to avoid rainbow table attacks) !

Regards.


Very smart you're... have a nice weekend in the dream land

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Fri Jun 13, 2014 7:39 pm

LostAdaptives wrote:
Spildit wrote:Well, thanks for the comment and I liked the grain of SALT joke (salting hashes to avoid rainbow table attacks) !

Regards.


Very smart you're... have a nice weekend in the dream land


Guess that "Google is your friend" (Talking about the Dreamstone) !
Thanks and wishing you the same !
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Sat Jun 14, 2014 2:20 am

Regarding the TrueCrypt "Self-Takedown" you might enjoy to listen the Security Now episode #458 and learn what Steve Gibson thinks about that matter.

https://media.grc.com/sn/sn-458.mp3
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Sat Jun 14, 2014 2:46 am

1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

Re: TrueCrypt - Freeware Encryption Tool :

Postby LostAdaptives » Thu Jun 19, 2014 5:17 pm

About the new proposed logo for TrueCrypt fork:
http://design.cedeon.co.uk/blog/2014/so ... rypt-logo/

The Moebius infinity idea looks pretty good, perhaps a little bit wide for a reduced 16pix icon however?

...

It 's been announced that people behind VeraCrypt and TCNext (TrueCrypt Next) will be doing a joint effort to advance in a new version and possibly keep compatibility:

https://truecrypt.ch/2014/06/veracrypt- ... mmon-goal/

Time will tell...

User avatar
Spildit
Posts: 1554
Joined: Sat Apr 06, 2013 4:59 pm
Location: Portugal
Contact:

Re: TrueCrypt - Freeware Encryption Tool :

Postby Spildit » Wed Jun 25, 2014 9:20 pm

Thanks for the update !
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)

User avatar
LostAdaptives
Registered User
Registered User
Posts: 11
Joined: Mon May 26, 2014 4:22 pm

TrueCrypt, cryptography aNd StegAnography ? ;-)

Postby LostAdaptives » Thu Jun 26, 2014 10:05 pm

TrueCrypt, cryptography aNd StegAnography ?

;)
https://www.livebusinesschat.com/smf/in ... pic=5629.0


Return to “Encryption”

Who is online

Users browsing this forum: No registered users and 1 guest

cron