TrueCrypt was creating encrypted virtual disks as well as encrypted partitions. After the encryption, you needed a password to access the data. The quality of encryption has made TrueCrypt popular on many systems, including Windows and Mac.
The abandonment of the project didn’t have a good impact, and many believed that there’s something wrong with it. People started thinking that there are vulnerabilities within the program. Even Google has confirmed that the data is not safe.
Google’s Project Zero actually managed to find 2 major flaws that were unknown before. People started worrying about their data and its safety, and the main question was how secure is TrueCrypt?
Table of Contents
Is It Secure?
Since people wanted an answer, researchers decided to find out. The Fraunhofer Institute for Secure Information Technology was the one who tried to find out. They decided to analyze the last known stable version of the program in 2015. The report they’ve submitted has had 77 pages, and it found even more bugs.
Still, they decided that the flaws are not that severe, and so they pronounced that the program is safe to use. At least for its main use, which is encrypting the data on hard drives or USB drives.
When asked about the bugs that Google has found earlier, researchers confirmed them. Still, according to them, the very nature of the bugs will not allow access to encrypted data. That means that attackers can’t use them to break the encryption or access the info.
Yet, when the researchers tried to check whether the computer’s memory or mounted drive would be safe, the results were not as good. According to their research, mounting of the drive stores the encryption key in the device memory. Also, it’s not that hard to recover it, which means that it can break the encryption if found.
The researchers have stated that this scenario isn’t very likely to happen. The potential hackers can only get the key if they mount the encrypted container. If that’s the case, they’ll have access to the data anyway.
Another way to get to the data is if the computer goes into hibernation after you mount the container. And if someone can get to the device while the container itself is open, then the data is not safe anyway. The point is, don’t ever let your computer go into hibernation after mounting the encrypted drives.
Should You Use TrueCrypt?
When it comes to whether or not to use it, it depends. You should be okay if you’re using one of the original versions that have managed to stick around on some of the older systems. Still, it’s probably less safe for use on mounted drives, as we saw previously.
As for the new users, if they try to install it and use it now, they would be at risk. Security and safety of any software depend on constant updates, fixes, and producing new versions. And remember, TrueCrypt didn’t receive an official update for three years now.
You can probably find many torrents or even standalone websites that claim to have the real TrueCrypt copy. These sources aren’t official and you shouldn’t trust them, especially because the product is most likely tampered with. If you don’t know exactly what you are doing when it comes to software, you might be at much bigger risk that way.
Github also has several archived copies, and the code can be audited there. On the other hand, real experts didn’t have a hand in such tasks for a long time. The reason for that is the fact that the process takes a lot of time, and it’s expensive too.
One of the Github repositories allegedly holds a verified copy, and even the Open Crypto Project says so. However, many users are still skeptical about using it because of the belief that TrueCrypt has several backdoors used by the government.
For those who insist on using TrueCrypt, the Github’s copy (version 7.1) is most likely the best option. However, using an alternative is a much safer choice, and there are many that can do the job. Some of them even came from TrueCrypt itself, and others came to be on their own.
What Are The Alternatives To TrueCrypt
We have six suggestions for an alternative to TrueCrypt. Each of them is more than capable of doing the job right, and in the end, the choice is yours.
Those recommendations are:
- VeraCrypt – creates encrypted containers, works on Windows and Mac, and is came out of the original TrueCrypt.
- LUKS – This is an alternative for Linux users, other systems won’t get much support. It’s an open-source option and it supports several algorithms.
- Bitlocker – this one isn’t an open-source and it can only encrypt full disks. It comes with the Windows system, and it doesn’t have a deniability mechanism.
- FileVault 2 – This one isn’t open source either. It comes as a part of every version of Mac since Mac OSX Lion, and with it, you only get full disk encryption.
- Ciphershed – this one is also a TrueCrypt fork, but it’s slow when it comes to updates. It still works with the TrueCrypt containers, and it supports Windows, Linux, and Mac.
- DiskCryptor – only used on Windows. It isn’t audited, but it’s still an open source. It is faster than most others, and you can use it for installing a bootloader on a CD or USB.
Now that you know the alternatives, let’s see what they are like in detail:
This one is one of the forks of an original TrueCrypt. Many even consider it to be TrueCrypt’s successor, which speaks enough about VeraCrypt’s popularity and quality. It offers pretty much everything that TrueCrypt did, but it does even more than that.
VeraCrypt offers many different improvements, like algorithm security on its encryptions. Things like that are making it almost completely immune to the attacks that rely on brute force. Or at least that’s what its developers claim.
VeraCrypt, naturally, works a bit differently than TrueCrypt. For example, it uses much more iterations for container encrypting. Thirty times more, to be exact, and such change can’t help it but affect the speed. It also affects the time that containers take to open. Still, it won’t have any effect on the use of the app, so you shouldn’t worry about that.
It’s also free, as well as open source. It’s pretty similar to TrueCrypt, and not just on the surface, but down to the core. Also, independent researchers are routinely auditing its code,
Another important thing about it is that there are two different types of plausible deniability that it supports. That means that the very existence of the encrypted data can be denied. That’s mostly because nobody can prove that there’s data that is not under encryption.
So, you can hide the encrypted data in two ways. One is via hidden operating systems. These systems exist together with the visible OSs. Basically, if someone (your adversary, for example) tried to force the password out of you, simply give them the one for the visible system.
Another way is hidden volumes. You can find those inside the regular, visible space of the container volumes. When the hidden volumes exist there, there’s no place for the random values that usually occupy the space.
LUKS is a perfect substitute for TrueCrypt if you’re a Linux user. It’s short for Linux Unified Key Setup, and its base is cryptsetup. It also has a special platform-independent standard which is the same one that many different tools are using.
You won’t find all of the VeraCrypt’s features on it, but it has a lot more flexibility around encryption algorithms. Also, it works great on Linux, but not that good on Mac or Windows. Despite that, Windows users are still able to get access to disks that LUKS encrypts. All they need is LibreCrypt
Bitlocker is a popular software that’s only available for Windows users. It uses AES 128-bit key, and even 256-bit key. With it, you can encrypt entire volumes, but it can’t create containers like TrueCrypt and VeraCrypt. That means that you must encrypt everything at once.
Many people don’t have any problems with this way of doing things. Still, don’t forget that anyone will be able to see all of your files if the computer is logged in when they use it.
If you’re a fan of encrypting files individually, there’s another encryption system that Windows offers. It’s called Encrypted File System, or EFS for short. However, these are also visible for as long as you are logged in.
Due to the fact that it’s not open source, not anyone can inspect it for backdoors. This is a problem for many users, especially if you remember that Microsoft and NSA aren’t strangers to each other.
Users also worry that Microsoft might have removed the feature known as Elephent Diffuser. If they did remove it, the most likely reason are performance issues.Another possible dealbreaker is the fact that Bitlocker can’t offer a plausible deniability function,
After the creation of Bitlocker, Apple couldn’t resist the urge to respond, and the result is FileVault 2. It’s primarily made for Mac, and it starts with the OSX Lion system. It uses AWS-XTC 128-bit encryption and it works on an entire disk. The encryption key is simply the login password that belongs to the user.
It can’t create containers, just like Bitlocker, so that’s another thing that they have in common. That also means that all of the data is completely visible from the moment you log into the Mac. It will remain like that for as long as the system is operational.
Just like Bitlocker, it’s also not open source, and the public can’t inspect it.
CipherShed is another piece of software that comes as a fork of TrueCrypt. It works on all three, Windows, Linux, and Mac. It’s relatively new since its first version only appeared in February last year.
Its biggest issue is with development, that is slower than another TrueCrypt’s fork, VeraCrypt. Still, it’s moving forward, and TrueCrypt’s flaws are slowly being fixed.
Apart from the slow process of development, this software doesn’t have other big issues. It’s pretty similar to VeraCrypt in other aspects, and it allows the creation of encrypted containers, as well as full disk encryptions.
One of CipherShed’s advantages is the fact that it’s able to use TrueCrypt containers. Not many others can do that, VeraCrypt included. This is due to the fact that VeraCrypt’s increased key derivation isn’t compatible with TrueCrypt’s legacy. Still, many would argue that this makes it safer than TrueCrypt.
Finally, we have DiskCryptor. This one is also only available for Windows users. Despite the fact that it is open source, there was very little activity in form of formal security analysis. Its creators are also unknown, just like their motives. Due to that, many are quite a skeptic whether or not is the software even reliable.
So if the situation is that bad, what makes it so popular? Well, for one, it’s easy to use, and also very fast, too. You don’t need so many different computing resources for it either. The encryption is very strong, and you can choose from several of them. The options are:
- 256-bit AES,
- Combination of XTS mode’s cascaded algorithms
With it, you can encrypt external devices, and it also supports many multi-boot options. Once again, it’s probably not the best one if you’re planning on hiding things from the NSA. Mostly because of the Windows-only thing. Still, in the case of a theft, it should work pretty good.
Another plus is the fact that it offers plausible deniability feature. If you don’t install the bootloader, whatever external device you put it on will simply look blank. The obvious downside is that you yourself won’t be able to decrypt your own files without the bootloader either.
TrueCrypt had a purpose, and to many, it was a software for everyday use. Unfortunately, its time has ended, and using it is simply not worth it, and not secure. Still, as you can see from this guide, there are many alternatives for you to choose from.
None of them is perfect, but neither was TrueCrypt. It all comes down to compromise, and hopefully, this guide will help you reach one.