From Seo Wiki - Search Engine Optimization and Programming Languages

Jump to: navigation, search
File:TrueCrypt Logo.png
File:TrueCrypt on windows vista.png
TrueCrypt on Windows
Developer(s) TrueCrypt Foundation
Stable release 6.3a / November 23, 2009; 133467451 ago
Written in C, C++, Assembly
Operating system Cross-platform - Windows, Mac OS, Linux
Available in 30 languages
(although most are incomplete translations)
Type Disk encryption software
License source available (TrueCrypt Collective License)

TrueCrypt is a software application used for real-time on-the-fly encryption. It is distributed without cost, and has source code available. It can create a virtual encrypted disk within a file or a device-hosted encrypted volume on either an individual partition or an entire storage device. TrueCrypt is distributed under the TrueCrypt Collective License.


Operating systems

TrueCrypt supports Microsoft Windows, Mac OS X and Linux operating systems[1] (using FUSE) and encrypted volumes can be made portable. Both 32-bit and 64-bit versions of these operating systems are supported, except for Windows 9x (not supported), Mac OS X 10.6 Snow Leopard (32-bit only) and IA-64 (not supported).[2] The version for Windows 7, Windows Vista or Windows XP can encrypt the boot partition or entire boot drive[3] and has the ability to create and run a hidden encrypted operating system whose existence is deniable.[4]

Encryption algorithms

Individual algorithms supported by TrueCrypt are AES, Serpent and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. The cryptographic hash functions used by TrueCrypt are RIPEMD-160, SHA-512 and Whirlpool.

Modes of operation

TrueCrypt currently uses the XTS mode of operation. Prior to this, TrueCrypt used LRW mode in versions 4.1 through 4.3a, and CBC mode in versions 4.0 and earlier.[5] XTS mode is thought to be more secure than LRW mode, which in turn is more secure than CBC mode.[6]

Although new volumes can only be created in XTS mode, TrueCrypt is backward compatible with older volumes using LRW mode and CBC mode.[5] Recent versions produce a security warning when mounting CBC mode volumes and recommend that they be replaced with new volumes in XTS mode.


TrueCrypt supports both pipelined (only under Microsoft Windows[7]) and parallelized read and write operations to improve performance, though using TrueCrypt on a drive will still decrease performance when compared to using a disk directly due to the encryption overhead.

The performance impact of disk encryption is especially noticeable on operations which would normally use Direct Memory Access (DMA), as all data must pass through the CPU for decryption, rather than being copied directly from disk to RAM.


TrueCrypt is vulnerable to various attacks. To prevent certain types of attack, the TrueCrypt website recommends users follow various security precautions[8].

Listed below are known security concerns pertaining to TrueCrypt and, where possible, some ways to avoid them.

Plausible deniability

TrueCrypt's hidden volume deniability features may be unintentionally compromised by third party software which may leak information through temporary files, thumbnails, etc, to unencrypted disks. In a recent study, Windows Vista, Microsoft Word and Google Desktop were evaluated and found to store information on unencrypted disks. In response to this, the study suggested using hidden operating system feature functionality, now available in TrueCrypt versions 6.0 and later (TrueCrypt will then make local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks)[9]. The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released.[10]

Identifying TrueCrypt volumes

TrueCrypt volumes do not contain known file headers and their content is indistinguishable from random data, so while it is theoretically impossible to prove that certain files are TrueCrypt volumes, their presence may very well provide reasonable suspicion (probable cause)[11] they contain encrypted data. TrueCrypt volume files have file sizes that are evenly divisible by 512 and their content passes chi-square randomness tests. These features can be used to identify TrueCrypt volumes with a high probability[12]. Two tools which claim to be able to identify Truecrypt volumes, and which specifically target encrypted files, are Forensic Innovations's File Investigator[13][14] and TCHunt[15].

Passwords stored in memory

TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method (which would apply in particular to a notebook computer stolen while in power-on, suspended, or screen-locked mode) has been successfully used to attack a file system protected by TrueCrypt.[16]

The "Stoned" bootkit

The "Stoned" bootkit, a MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat[1] Technical Security Conference USA 2009[17][18], has been shown capable of tampering Truecrypt's MBR effectively bypassing Truecrypt's full volume encryption.[19][20] (but potentially every hard disk encryption software is affected too if it doesn't rely on hardware-based encryption technologies like TPM, or - even if it does - if this type of attack is made with administrative privileges while the encrypted operating system is running[21][22]).

Two types of attack scenarios exist in which it is possible to maliciously take advantage of this bootkit, currently written for Win32 platforms only: in the first one, the user is required to launch the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to hardware keyloggers, a malicious person needs physical access to the user's Truecrypt-encrypted hard disk: in this context this is needed to modify the user's Truecrypt MBR with the Stoned's one and then place the hard disk back on the unknowing user's PC, so that when the user boots the PC and types his/her Truecrypt password on boot, the "Stoned" bootkit intercepts it thereafter because, from that moment on, the Stoned bootkit is loaded before Truecrypt's MBR in the boot sequence. The first type of attack can be prevented as usual by good security practices, i.e. avoid running non-trusted executables with administrative privileges; the second one can be successfully neutralized - by the side of a user who suspect his/her encrypted hard disk might have been physically available to someone he/she doesn't trust - by booting the encrypted operating system with Truecrypt's Rescue Disk instead of booting it directly from the hard disk.[23]

Developers' identities

The TrueCrypt developers use the aliases "ennead" and "syncon".[24]

The domain name "" was originally registered to a false address ("NAVAS Station, ANTARCTICA")[25][26], and was later concealed behind a Network Solutions private registration.[27]

The TrueCrypt trademark was registered in the Czech Republic under name of "David Tesařík".[28]


The TrueCrypt Collective License does not meet the Open Source Definition, and thus has not been approved by the Open Source Initiative. It is not considered "free" by any of the major GNU/Linux distributions (Debian[29], Ubuntu[30], Fedora[31], openSUSE[32], Gentoo[33]). The license is not considered "free" mainly because of distribution and copyright-liability reasons.[34]

Planned features

According to the TrueCrypt website[35] the following features are planned for future releases:

  • Hardware-accelerated AES (Intel Westmere processors, optional)
  • Command line options for volume creation (already implemented in Linux and Mac OS X versions)
  • 'Raw' CD/DVD volumes

Version history

TrueCrypt is based on Encryption for the Masses (E4M), an open source on-the-fly encryption (OTFE) program first released in 1997. However, E4M was discontinued in 2000 as the author, Paul Le Roux, began working on commercial OTFE software.

Version Release Date Significant Changes
1.0 February 2, 2004 Initial release. Featured support for Windows 98, ME, 2000 and XP. Added plausible deniability for containers (although due to its simplistic nature, the practical value of the "plausible deniability" offered in this version is debatable[36]), and various bugfixes and improvements over E4M.
1.0a February 3, 2004 Removed support for Windows 98 and ME because the author of the Windows 9x driver for E4M (the ScramDisk driver) gave no permission that would allow his code to be used in projects derived from E4M.[37]
2.0 June 7, 2004 Added AES algorithm. Release made under the GNU General Public License, and signed as the TrueCrypt Foundation – previous versions were signed by TrueCrypt Team.
2.1 June 21, 2004 New release due to licencing issues relating to the GNU General Public License. This release was made under original E4M license.[38]
2.1a October 1, 2004 Removed IDEA encryption algorithm. Version released on, which became the official TrueCrypt domain. The official TrueCrypt domain moved back to again at the beginning of May 2005, and the SourceForge website redirects to there.
3.0 December 10, 2004 Added hidden volume support for containers. Added the Serpent and Twofish algorithms, along with cascaded cipher support.
3.1 January 22, 2005 Added portable "Traveller mode", along with new volume mounting options such as being able to mount as "read only".
4.0 November 1, 2005 Added support for Linux, x86-64, Big Endian machines, Keyfiles, the Whirlpool hash algorithm and language packs.
4.1 November 25, 2005 Added LRW mode, which is more secure than CBC mode for on-the-fly storage encryption.[6] LRW mode also neutralized an exploit that could (under certain circumstances) be used to compromise the plausible deniability of a TrueCrypt volume by allowing it to be distinguished from random data.[5]
4.2 April 17, 2006 Added various features to the Linux version, such as the ability to create volumes, change passwords and keyfiles, generate keyfiles and backup/restore volume headers. In the Windows version, it introduced support for dynamic (sparse file) volumes.
4.3 March 19, 2007 Added support for Windows Vista, support for file systems using sector sizes other than 512 bytes. This release phased out support of 64-bit block ciphers, disallowing creation of new containers using the Blowfish, CAST-128 or Triple DES algorithms.
5.0 February 5, 2008 Introduced XTS mode of operation. Added Mac OS X support, Linux graphical interface and Windows system disk encryption with pre-boot authentication, ability of creation of hidden volumes within NTFS volumes, but removed the ability to create hidden volumes on Linux, use the tool on a non-gui console and the ability to create encrypted partitions from the text mode. Encrypting the system volume for Windows 2000 is no longer supported.[39] Encrypting containers and non-system volumes is still supported, however.[40]
5.1 March 10, 2008 Added support for hibernation on Windows computers where the system partition is encrypted, the ability to mount a partition in Windows that is within the key scope of system encryption without pre-boot authentication, and added command line options for creating new volumes in Linux and Mac OS X. This version also reduced the minimum memory requirements for the TrueCrypt Boot Loader (AES) from 42 KB to 27 KB in Windows and included significant improvements in AES encryption/decryption performance. Changed to assembly implementation of AES [41].
6.0 July 4, 2008 Parallelized encryption/decryption on multi-core processors (or multi-processor systems). Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors. Container header format updated to allow for a built-in backup, this allows recovery of containers with very minor damage to their headers. Ability to create and run an encrypted hidden operating system whose existence is impossible to prove. Ability to create hidden volumes under Mac OS X and Linux.
6.0a July 8, 2008 On systems where certain inappropriately designed chipset drivers were installed, it was impossible to encrypt the system partition/drive. This will no longer occur. Other minor bug fixes.
6.1 October 31, 2008 Ability to encrypt a non-system partition without losing existing data on the partition (in place encryption) on Windows Vista and Windows 2008. Added support for security tokens and smart cards (two-factor authentication), though only to store keyfiles (without encryption). TrueCrypt bootloader now customizable. Pre-boot passwords can now mount non-system volumes. Linux and Mac OS X versions can now mount an encrypted Windows system drive.
6.1a December 1, 2008 Minor improvements, bug fixes, and security enhancements.
6.2 May 11, 2009 The I/O pipeline of the Windows version now uses read-ahead buffering to improve read performance, especially on solid-state drives.
6.2a June 15, 2009 Improved file container creation speed on systems that have issues with write block sizes greater than 64 KB. The 'Device not ready' error will no longer occur when the process of decrypting a system partition/drive is finished. Other minor improvements and bug fixes.
6.3 October 21, 2009 Full support for Windows 7 and Mac OS X 10.6 Snow Leopard.
6.3a November 23, 2009 "Minor" unspecified improvements and bug fixes.

See also

References and notes

  5. 5.0 5.1 5.2 "Truecrypt version history". Truecrypt foundation. Retrieved 2009-10-01. 
  6. 6.0 6.1 Fruhwirth, Clemens (2005-07-18). "New Methods in Hard Disk Encryption" (PDF). Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology. Retrieved 2007-03-10. 
  7. Pipelining support only under Windows as for ver 6.3a
  8. TrueCrypt page: Security Requirements and Precautions
  10. Alexei Czeskis, David J. St. Hilaire, Karl Koscher, Steven D. Gribble, Tadayoshi Kohno, Bruce Schneier (2008-07-18). "Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications". 3rd USENIX Workshop on Hot Topics in Security. 
  13. - Forensic Innovations FI Tools for Windows
  14. - Forensic Innovations: TrueCrypt is now Detectable
  15. TCHunt - Find TrueCrypt Files
  16. Alex Halderman et al.. "Lest We Remember: Cold Boot Attacks on Encryption Keys". 
  17. "Stoned bootkit White Paper" (PDF). Black Hat Technical Security Conference USA 2009. Peter Kleissner. Retrieved 2009-08-05. 
  18. "Stoned bootkit Presentation Slides" (PDF). Black Hat Technical Security Conference USA 2009. Peter Kleissner. Retrieved 2009-08-05. 
  19. "Bootkit bypasses hard disk encryption". The H-Security ( Heise Media UK Ltd.. Retrieved 2009-08-05. 
  20. "TrueCrypt vs Peter Kleissner, Or Stoned BootKit Revisited..". Simon Hunt. Retrieved 2009-08-05. 
  21. "Stoned bootkit attacking Truecrypt's full volume encryption". Truecrypt Foundation mail in response to Peter Kleissner on 18/07/2009. Retrieved 2009-08-05. 
  22. ""Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?"". TrueCrypt FAQ. Truecrypt Foundation. Retrieved 2009-08-05. 
  23. "TrueCrypt Foundation is a joke to the security industry, pro Microsoft". Peter Kleissner post and expert comments about Stoned bootkit. Peter Kleissner. Retrieved 2009-08-05. 
  24. Developer email address
  25. domain information for TrueCrypt
  26. WHOIS
  27. Network Solutions WHOIS
  28. Intellectual Property Digital Library; search trademarks directory for IRN/925625
  29. Debian Bug report logs - #364034. Accessed on: January 12, 2009.
  30. Bug #109701 in Ubuntu. Accessed on: April 20, 2009
  31. TrueCrypt licensing concern Accessed on: April 20, 2009
  32. non-OSI compliant packages in the openSUSE Build Service. Accessed on: April 20, 2009
  33. Gentoo bug 241650. Accessed on: April 20, 2009
  34. Tom Calloway of Red Hat about TrueCrypt licensing concern Accessed on July 10, 2009
  35. Features to be implemented in future versions
  36. Plausible Deniability
  37. The authors of Scramdisk and E4M exchanged some code – the author of Scramdisk provided a driver for Windows 9x, and the author of E4M provided a driver for Windows NT, enabling cross-platform versions of both programs.
  38. "TrueCrypt User's Guide" (PDF). TrueCrypt Version 3.1a. TrueCrypt Foundation. 2005-02-07. p. p.44. Retrieved 2007-05-01. 
  39. TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Systems Supported for System Encryption
  40. TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Supported Operating Systems
  41. "Version History Part 1". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2008-06-04. 

External links

Template:Crypto navboxar:تروكربت bs:TrueCrypt cs:TrueCrypt de:TrueCrypt es:TrueCrypt fr:TrueCrypt is:TrueCrypt it:TrueCrypt hu:TrueCrypt nl:TrueCrypt ja:TrueCrypt pl:TrueCrypt pt:TrueCrypt ru:TrueCrypt fi:TrueCrypt sv:TrueCrypt th:TrueCrypt uk:TrueCrypt

Personal tools

Served in 0.871 secs.