TrueCrypt

TrueCrypt: What Happened, What It Means, and What Happens Now

Based on the sum of the evidence that’s now filtered in, and in the consensus view of experts, the primary cause of the TrueCrypt crisis of the last few days was developer fatigue. After 10 years of thankless work developing the open source disk encryption tool, faced with the need to do major extending and refactoring of the codebase to support new technical requirements and demands from security auditors, the anonymous author or authors decided to throw in the towel. The way they did it tells of more complex motives, and has supplied ample fuel to the conspiracy theorists of the world. But importantly, there is no evidence that these events were motivated by any known security flaw or trust deficiency in TrueCrypt or in its build or distribution process, or by any act of coercion. And in spite of the apparently deliberate reputational damage committed by the developers, unless and until demonstrated otherwise, TrueCrypt is in fact still secure, and this story is far from over. …

Something Rotten Has Occurred in TrueCrypt Land

An extremely significant event affecting TrueCrypt has occurred. It is not yet clear whether it is legitimate or a hoax, and if legitimate, what it means. The truecrypt.org web site has been redirected to a sourceforge landing page advising that development has ended and warning, ambiguously, that the program either is not secure or may not be secure in the future. The messaging proceeds to push users onto BitLocker or other native disk encryption programs. A newly built, apparently legitimately signed, but crippled set of installers numbered version 7.2 are offered. No one is sure exactly what has happened, whether this is a defacement or the real deal, and if it is real, how to interpret it. The matter is still unfolding and being debated. …

TrueCrypt Container Sizing for Optical Media

One of the most consistently referenced articles here is my procedure for preparing and burning encrypted CDs with TrueCrypt. It ranks highly on Google for “truecrypt cd” and “truecrypt dvd”, so those referred are often searching for the best TrueCrypt container size to use with optical media. However, while I made a size recommendation for CD-R’s explicit in the original article, I only mentioned DVD-R’s in passing, enough to match the keyword but not to convey the actual answer people are looking for. Allow me to correct that omission now. …

TrueCrypt 7.1a Released

A minor update to the TrueCrypt free open-source disk encryption tool arrived today, version 7.1a, some five months since the release of the previous stable version. I have upgraded several systems to the new version without issue, including two laptops with pre-boot authentication and full disk encryption, and a media server where I use TrueCrypt to create and work with encrypted file-container volumes as part of my backup process. …

TrueCrypt Benchmark, Hardware-Accelerated AES Enabled

A Look at the Performance Impact of Hardware-Accelerated AES

In 2010, semiconductor manufacturers began migrating the algorithmically intensive portions of the AES cipher on-die in the form of the AES-NI instruction set. Many cryptographic APIs and applications have enabled support for this new technology, and none hesitate to tout the promise of major performance improvements. Intel demonstrates 3x to 10x acceleration versus pure software implementations, while the authors of TrueCrypt set the expectation of 4x to 8x speed gains. Can these performance boosts be recognized in practice, and how much of these gains can be captured in present day, real world scenarios? …

TrueCrypt 7.1 Released

Sparse remarks in the changelog for today’s updated release of the TrueCrypt free open-source disk encryption tool, version 7.1, the first new release in nearly a year. Primarily it looks like they have added support for Mac OS X 10.7 Lion. I venture the usual assessment that this update may safely be viewed as optional for users already running at least TrueCrypt 7.0, the most recent major release, absent those experiencing any specific issues. …

Top