What is Digg?79 Comments
- tearingdownmask, on 10/11/2007, -1/+20Truecrypt is my encryption program of choice. It's very secure, open source, free, and it has a lot of features. This article is about the Linux version though, so it's not a whole lot of help to me. But if you are looking for an encryption program, this is the one I recommend. It even has hidden containers which give you plausible deniability.
- MasterQ, on 10/24/2007, -0/+18Thats the beauty of the hidden volumes. There is absolutely no way to differentiate a hidden volume from random filler data in the parent volume. The program itself can't even tell that there is a hidden volume somewhere in the parent volume. The way it works is when you put in a decryption key, it decrypts it and looks for a mountable volume inside the file. If there is one, it mounts it. Therefore, without that key there is no way to tell the volume from random data.
- rnelsonee, on 10/24/2007, -0/+15The point is it doesn't matter if they know about it or not. The hidden volume data is encrypted just as the normal volume is (except it's encrypted from the back of the partition to the front). Because it's encrypted, it's all pseudo-random. So even if other people are aware of the hidden partition feature, there is *no* way to ascertain whether or not a hidden partition is used. A volume that has a normal partition (in the front sectors) with no hidden volume has nothing but pseudo-random data after the partition. So a volume with a normal partition and a hidden partition looks exactly like a volume with no hidden partition. Hence, plausible deniability. If a court demands a password from you, you can give them the one to the normal partition, and claim there is no hidden partition. There is no way for the courts to determine whether or not you're lying.
Also, fun fact: One of TrueCrypt's gripes that users have asked about: Why are there so few encryption methods? With 7 or so methods, some of them daisy-chained - some people have asked why we can't AES-encrypted a volume say, 10 times. The reason is: TrueCrypt encrypts *everything* - including the encryption method. So when TrueCrypt decrypts a volume, it starts with the first algorithm, and then the 2nd, 3rd ....etc, until it gets valid data. It doesn't even know how to decrypt the data, so it just tries everything. This goes to show you how paranoid the TC developers are. - Gadren, on 10/11/2007, -1/+14TrueCrypt is great (I use it to store certain...uh...files). However, in Windows at least, it can't be truly portable because mounting the volume requires administrator access (or at least for TrueCrypt to have been installed before, by an administrator). This makes TrueCrypt unsuitable for use on any random computer you want to use with your flash drive.
- drakia, on 10/14/2007, -5/+18"Worried about losing your valuable data when your laptop gets stolen? Don't wait and encrypt your data now!"
... How exactly does encrypting your data stop you from LOSING it?
Other than that, looks like a nice program. - trghpy, on 10/11/2007, -2/+14@Wailord
download source
unzip
configure
make
make install
Oh yea, make sure xtools is installed. - TheLoneWolf071, on 10/11/2007, -0/+12Truecrypt is a very nice encryption program. It does have some linux problems, because you have to have a kernel module installed in order to use it. In windows you do have to have privileges because it actually makes a new portable drive. I like it... I use it for windows and have never had a problem. Used it for ubuntu, a little problem with the kernel module, had to recompile, which is not for everyone. I do see this going great places in a few years though.
- cogitocogito, on 10/24/2007, -0/+11It doesn't matter whether they know about the hidden container feature or not. A truecrypt partition doesn't allocate space on the fly. It's fixed at the time of creation, and a file is created and filled with random data. Say your partition is 15 GB. There is no reason to suppose that the entire partition is being used to store data. If your password produces, say, 5-10 GB of data that would reasonably be encrypted, that's tremendous plausible deniability.
Remember, the partition file ALWAYS looks completely like random data. There are no unencrypted headers, for example. I would imagine most truecrypt users do not use hidden containers. Unless there's overwhelming reason to suppose a hidden container is being used, it seems highly unlikely one would be held in contempt (and I don't believe it's ever happened).
- kidd3ckz, on 10/11/2007, -0/+11They probably have wives...
- cogitocogito, on 10/30/2007, -3/+12Yeah, in this day and age I wouldn't dream of using anything closed source for serious encryption. Who knows what deals are struck privately with the government?
And the hidden containers are great. Otherwise, you could wind up rotting in jail in contempt of court for failing to provide the key. Just stick some gay porn or something else "embarrassing" in the main container, and your confidential files in the hidden container. - michuk, on 10/11/2007, -1/+10BTW, if you prefer DM_Crypt (which is not portable but works a bit nicer with linux kernel), read the previous tutorial: http://polishlinux.org/howtos/encrypted-home-partition-in-linux/ (DM_Crypt+LUKS+cryptsetup).
- chromecast, on 10/11/2007, -1/+9An OS X version would be a terrific thing to have for those of us that juggle two (or three) platforms...
Right now you can do something similar using AES encrypted ".DMG's" but its not exactly Windows friendly. As of now, Ive been using Truecrypt on my mac via Parallels (winxp).. its a little painful but it works... - fgsfds, on 10/11/2007, -1/+8"And the hidden containers are great. Otherwise, you could wind up rotting in jail in contempt of court for failing to provide the key. Just stick some gay porn or something else "embarrassing" in the main container, and your confidential files in the hidden container."
I dunno about where you live, but in the US I'm pretty sure that they aren't allowed to force you to provide evidence to incriminate yourself. - MasterQ, on 10/11/2007, -0/+6I was just gunna post the exact same thing... i've been using it for over a year now to hide my porn ;)
- nogami, on 10/11/2007, -0/+6"But it's only plausable when people who do inspect the computer don't know *****. Having TrueCrypt on your computer is essentially having the responsibility of having a hidden partition on a device. Even the least paranoid can see what problem is presented when the program used itself advertises it's hidden partition feature."
There's a difference between an encrypted partition and a hidden container within that partition though. And there's no way to prove that a hidden container exists inside the encrypted partition. Yes, truecrypt supports that feature, but even experts wouldn't be able to prove if it's active or not. - fgsfds, on 10/24/2007, -0/+6Knowing that it's possible and proving it to be the case are two completely different things.
Now, why does everybody seem to assume that people are using encryption to hide files that would be of interest to the court?
There are perfectly legal uses of encryption that people seem to discount - such as protecting embarrassing information on a shared system, keeping sensitive information (Such as: customer credit card numbers, trade secrets, bank account info, etc) from being compromised in the event of a meatspace security failure, and countless other valid reasons that don't involve anything illegal. - CompIsMyRx, on 10/11/2007, -0/+5Now to make the ultimate porn directory!
Really though, I just use bcrypt (blowfish version of crypt) to encrypt small files. - hiPpymIck, on 10/11/2007, -1/+6Steve Gibson podcast about TrueCrypt
http://www.twit.tv/sn41 - cogitocogito, on 10/11/2007, -0/+5"I dunno about where you live, but in the US I'm pretty sure that they aren't allowed to force you to provide evidence to incriminate yourself."
True, but you may be required to supply the password for some reason other than your own prosecution, such as the prosecution of someone else or in a civil matter. - gfixler, on 10/11/2007, -0/+5I like what he has to say, but not the manner in which he says it. He's making me really nervous with his hyper, stuttery, out-of-breath way of talking.
- tristan55555, on 10/24/2007, -4/+9As if court ordered computer nerds wouldn't know about the "hidden" container feature...
- jackyyll, on 10/11/2007, -0/+5I'm pretty sure TrueCrypt just creates a file as the partition, so it should back it up as a normal file and all you need to do is reinstall truecrypt and type in your password as normal.
- egorgry, on 10/11/2007, -2/+6Dugg + because true crypt is great and it's open so you can be sure there is no little backdoor for the man to exploit.
@wailord
The osx version is coming. patience young grasshopper. ;) http://www.truecrypt.org/future.php
The nice thing is that it's oss so you can help move things along if you have the ability to program. In the mean time you can do as trghpy suggested and compile the source. It should be as easy as he laid out. - gfixler, on 10/11/2007, -0/+4TrueCrypt has been rocking for me since last year, when I switched to Linux, and found out about it. I've figured out lots more fun you can have with it since then, by fiddling with ideas. I also use it on Windows, but I'm more restricted as to what I can do. I use the UI on XP, and it's lots of mouse clicking to either choose the volume, or select to mount "favorites," which I do now to save a few seconds, and it doesn't allow me to build up pipelines. The UI maps the 2 volumes I use on XP to different logical drives.
On Linux, the various volumes I use mount to 'mount points,' which are just empty folders. I've souped it up with some functions in my .bashrc that override the 'cd' command, such that when I switch into one of my code folders, it automatically attempts to mount the appropriate TrueCrypt volume to it, if it isn't mounted. For me, I just 'cd mel,' (MEL scripts for Maya), and it asks for a password. If I enter it correctly, it mounts the volume, and I'm just in the folder with my MEL scripts. In truth, it's actually then a mounted folder of my working copy of an SVN repository of my MEL scripts :) When I'm done, I type 'melout' and it unmounts it for me.
I've taken it further, though. The cd bash function override trick is nice if I just want to jump into that directory and work on things, but I keep my SVN repo on my thumb drive, inside a TrueCrypt volume, so I can carry a safe version of the repo with me, instead of worrying about securing it online, as I'm the only one using it right now. In Linux, I stick the thumb drive in, type 'mel,' and it creates a ~/pendrive folder, mounts the thumb drive's TrueCrypt volume to that, creates a ~/melbak folder, and mounts my local MEL SVN repo backup volume to that, mounts my local mel TrueCrypt volume to ~/mel, then copies the SVN repo from the thumb drive to the mounted backup volume, unmounts the volume, and deletes the ~/melbak backup mount point, as I don't like clutter in my home directory. This essentially automates backups for me of my thumb drive svn repo, and hides all of it from me, so I don't have to see it, or think about it. Then I can CD into ~/mel, and work on my script library. When I'm done working, I type 'unmel,' and it unmounts the thumb drive and local MEL TrueCrypt volumes, removes the now empty ~/pendrive mount point, and even ejects the thumb drive, so I can just pull it out of the machine.
There is an oddity in creating TrueCrypt volumes on Linux, at least for me, wherein I must be the administrator. I'm not sure why this is, and was upset about it at first, until I realized it's just an extra layer of security, as all my scripts, even when mounted, and thus exposed, are thus owned by root, and can't be affected by anyone but the super user. To edit them, in Vim - my nerdy preference - I just 'sudo vim scriptname.mel' and use it as normal. In fact, lately I've been in the same 8-10 scripts all the time, building up a large tool for my job, so I loaded them all into Vim, and saved out a session (:mks sessionname). That lets me from the shell type 'vim -S sessionname' to load everything back up where I was (focus, cursor positions, everything back where I left off with all files in tabs), and I added a function to .bashrc called 'mellib' that does that for me. My entire world of script management is a few short words that do everything for me, and keep it all locked up, and secure. I've been meaning to write up a tutorial on all this stuff myself for Linux folks who want to be really secure. I'm still a novice, having only switched to Linux late last year, but I think I'm at least on the high end of beginnerhood. - diggcamr, on 10/11/2007, -0/+4In terms of the post by "DrFriendly," speaking as a health law attorney I can say that numerous clients (mainly hospitals) use enterprise versions of PGP to secure protected health information. I know I'm sounding like a salesman here (and I assure you I have zero affiliation with the vendors I'm mentioning), but the ability to use "Keys" instead of simply pass-phrases for security needs has simply been a Godsend (my personal favorite feature is to have your "Key(s)" on secure "tokens" such as the Aladdin eToken Pro); a feature that both the commercial and open source versions of PGP really have cornered the market on.
Personally, I have about 80% of my client hospitals utilizing PGP Desktop 9.6.1 with enterprise wide policies being managed via a PGP Universal Server. No, PHI could of course leak out but I can say that my home PC, work PC, and notebooks utilize whole disk encryption (protecting against loss or theft of the drive) and NetShare (protecting data at the file level); thus, all information is encrypted *twice*.
As far as TrueCrypt is concerned, I actually use it in conjunction with PGP because I don't really like to put all my eggs in one basket when it comes to protecting the privacy of both my corporate clients as well as the individual patients who, ultimately, are my *real* clients. In particular, there are a series of TrueCrypt volumes I use for storing various private data (this is layered on top of an already fully encrypted drive via PGP whole disk encryption).
In closing, I must say that if you're in med school right now (I did a combined JD/MD so I feel your pain), I can't tell you how refreshing it is to see someone concerned enough to truly protect the private health information of their patients. It disturbs me to no end when clients/hospitals/physician practices ask me, "what is the cheapest and easiest way to legally be in compliance?" Of course the real question should be, "Teach me what the legal requirement is so that I understand how to build a system that exponentially *exceeds* the statutory requirement." - nonsecu, on 10/11/2007, -0/+4One very important (and useful) aspect of TrueCrypt that the article did not mention is that Truecrypt containers are "rsyncable".
That is to say, because of the internal structure of a truecrypt file, if you upload one with rsync, and then mount it, make changes, unmount it and then upload it again, rsync _will not_ resend the entire file again, as it normally does with files encrypted with gpg, etc. Truecrypt only changes the portions of the file that require changing (based on your activity) which means that rsync can efficiently upload the truecrypt file.
I created an 80 GB truecrypt container locally, and every week or so I unmount it, transfer it to my http://www.rsync.net (offsite backup) account (with rsync) and then remount it. I use the --partial and --inplace options, and it works like a charm. Generally transfers 2-3 GB each time, depending on how much work I did that week ... - daftman, on 10/11/2007, -1/+4Err no ...
http://en.wikipedia.org/wiki/Digital_rights_management
DRM is about copyrights, not security. - gfixler, on 10/11/2007, -0/+3Good info. You're in a similar situation to me. I think it's been about 7 months for me now, and I, too, use TC to encrypt my old email at work. It always bugged me how all my old files in Outlook could be seen by anyone who logged in as me, or simply if I left the office. There's nothing incriminating in there, but it's just creepy to me to have people read my personal stuff. I also got hacked through VNC last year, and someone was poking through my XP system right under my nose for a few months, via an exploit about which I was unaware, so now important things are tightly locked up, and I can worry about it less. The world is getting more hackers every day, and personal info is the new diamonds.
- Coopjust, on 10/11/2007, -0/+3I've been wanting to use TrueCrypt for a while, but there's been something holding me back: backup.
I use an Acronis TrueImage BootCD to backup my data monthly (the whole HD) of my computer. Unfortunately, I don't know if it will correctly copy a TrueImage partition.
Can anyone shed light on my question? I'd appreciate it! - glitch47, on 10/11/2007, -0/+3
i agree. i've been reluctant to use encrypted .DMGs because what if I'm stranded and I can't find a mac? I travel a lot to countries where Apple's market share is tiny or nonexistent, so this is very realistic possibility. when you have encrypted data you want to be able to access it at a hotel business center should the need arise... - MasterQ, on 10/11/2007, -0/+3Are you talking about putting the partition backup file in a truecrypt volume, or vice-versa? A truecrypt volume is just like any other file, so it would be fine to be backed up like your other files, and as long as your partition backup file can be moved like any other file it will be fine inside a truecrypt volume.
Think of a truecrypt volume as simply a usb flash drive that you "plug in" (mount) using software instead of physically plugging it in. Thats the best way I can describe it. I have already taken my truecrypt volumes from computer to computer without problems. As long as you have the right password it will work on any computer. - superspud, on 10/11/2007, -3/+6GawtMilk
Because the key was posted all over the net, it means that users of the systems (Windows, Linux et al) are no longer at the mercy of the software companies or Big Media - before the key was discovered, your media would only play on their terms, now you can control your media better. - schestowitz, on 10/11/2007, -12/+15This is awesome.
"In the near future the developers of TrueCrypt are planning to extend its features:
* the MAC OS version, ..."
By "portable", they can't brag full cross-platform-ity just yet, but at least it's something you can control, unlike closed-source DRM and undocumented binary rubbish. - Smegzor, on 10/11/2007, -0/+3I've been using Truecrypt for 9 months now and I have all my client data in their own TC files, also my email is in a TC'ed partition.
Its great, especially since I can mount a TC file that resides on my file server making it a virtual drive on any of my PC's on my LAN. Awesome!
I also use TC files to store copies of client drives that are virused to Hell. Mainly so that nothing can accidentally infect my pc.
I get my passwords from here https://www.grc.com/passwords.htm and manage them with this http://passwordsafe.sourceforge.net - DrFriendly, on 10/11/2007, -0/+3Also remember to turn off your Page-file in Windows. Windows doesn't play nice with RAM permissions, so it sometimes pages data from truecript allocated memory, eventhough truecrypt tells it not to.
I also believe they recommend to use a non-journaling filesystem, because the headers might be stored somewhere unencrypted if you do (this also goes for storing your volume in a file, and storing that file on a journaling filesystem).
I'm a med-student and I'm terrified of confidential information getting out if my laptop gets stolen. Truecrypt's a real relief. I don't know what the hospital uses to secure data, but they should be using truecrypt. - FyberOptic, on 10/11/2007, -0/+2@ MasterQ
Unfortunately it's not quite as simple to just change some code and compile it. Despite OSX's unix-based core, which allows for the porting of some command-line-based Linux utilities and daemons, creating GUI-based apps is another story entirely. You have to know the Mac and how to develop for it, as well as having one to test stuff on. Most developers simply don't, and Apple doesn't help that by attempting to lock it all down to their hardware. In the case of Truecrypt, you're not only talking about creating a GUI for it, but also a kernel-level system driver capable of emulating a hard disk. That's certainly no easy task.
So despite the bluntness of my original comment, people have to realize that porting apps isn't always the fairly trivial matter they might believe, and certainly isn't due to simple laziness on the developer's part. Apple is as much to blame as anyone for not making it an easier task. - MasterQ, on 10/11/2007, -0/+2The encryption/decryption is done on-the-fly as the data is being written/read to/from the volume. There is no partial encryption or caching of unencrypted files. The only way for someone to get to the files is if they were able to access the volume while you have it mounted. If that isn't possible then you are safe. Hope that helps.
- ablez3, on 10/11/2007, -5/+7what kinda sick porn are you all watching
that needs TrueCrypt..... - ETOliver, on 10/11/2007, -0/+2Mr coopjust,
You mentioned "Unfortunately, I don't know if it will correctly copy a TrueImage partition." TrueCrypt has a file mode which "uses" the space you specify to create a single file named whatever you want. TrueCrypt "mounts" this file as a drive and you can transfer files into the "file" which appears to TrueCrypt as a logical drive. To the operating system that TrueCrypt runs on, it will appear as a single file that does not change in file size. Copy and Paste. I assume you use this TrueImage software widget to backup your sensitive data. Good. I imagine that TrueImage will just back the TrueCrypt "file" just as any other file. Indeed. Encrypt on, Brother! *EDIT* Dang! Not quick enough. I tried though! I tried! */* - MasterQ, on 10/11/2007, -1/+3I don't agree with everything you said, but you are somewhat right. Large companies support Mac OS X, but most open source developers as well as smaller companies develop for Linux and Windows, or just Windows. Granted, i'm guessing it shouldnt be that hard to change the source to run on OS X. But then again, its an open-community program. If you want the OS X version so bad quit complaining and make it yourself.
- pyrix86, on 10/11/2007, -1/+3Been using it for years to keep my porn secure. Top stuff :p
- Wailord, on 10/11/2007, -25/+27Truly portable; where's the OS X version?
- gfixler, on 10/11/2007, -1/+3I'm not sure what problem you've had with Ubuntu. I've been using Truecrypt since late last year on Dapper and Edgy, and it just installed, and worked. Do you have a non-standard setup there?
- daftman, on 10/11/2007, -2/+4@GawtMilk
There are more things that can be DRM beside media. Don't live in the delusion that DRM refers to only digital media like music and movies.
DRM is a big word and it also include things like WGA (Windows Genuine Advantage) - cquinnd, on 10/11/2007, -0/+2gfixler, I have the same problem, along with the clash in his and Leo's conversational styles, that sometimes causes them to drift off-topic before they have a chance to finish a point.
Fortunately, one of the things Steve Gibson does right is have his staff provide transcripts (in html, text, and pdf versions) for each episode. So you can read about the issues and filter out most of the
noise from the signal.
http://www.grc.com/SecurityNow.htm - tolerant, on 10/11/2007, -0/+1I have been using encfs (http://arg0.net/encfs) for some time and it is great. While providing similar capabilities, it is based on the FUSE (http://fuse.sourceforge.net/) userspace filesystem.
- AUniqueName, on 10/11/2007, -0/+1It would be great if Truecrypt reliably supported 8+GB containers in Ubuntu Linux 7.04. I tried formatting a 10GB container with ext3 in Ubuntu Linux 7.04 and linux completely freezes up (as in mouse freezes, can't CTRL ALT Backspace to kill X and can't switch to the terminals with CTRL ALT F1 through F6 to get to a console) during the formatting every single time I try to format the container.
- GawtMilk, on 10/11/2007, -11/+12"unlike closed-source DRM"
Most of Vista's DRM capabilities became unnecessary when the HD-DVD key was put on Digg (it can also play Blu-Ray Discs, for example). Linux and OSX are now "DRM'd" just like Windows. You are aware of that, right? The "Vista DRM" was just the *ability* to play HDCP-enabled media, including HD-DVDs. So I really don't see what you're bitching about, considering the HD-DVD key is the most digged story ever.
Vista DRM = numerous keys written into the operating system.
HD-DVD key "leak" = one of the keys written into "Vista DRM".
Just felt like clearing it up. If you continue to post about "evil Vista DRM", you'll seem a bit ignorant. - pyrix86, on 10/11/2007, -2/+3Still, it doesn't help either product or developer to ignore a growing section of the market - 20% of all US notebook sales were macs. Sorry, but you CANT deny that. And before you shoot me down for being a fanboy, of the seven computers in my house (three of them in my room), exactly 0 are macs.
- FyberOptic, on 10/11/2007, -0/+1@ MasterQ
A Mac might be a good consideration for a developer, considering they can dual-boot into XP/Vista these days too, but their price tags have always been what holds most users off. I personally wouldn't/couldn't ever get one; the marketshare I'd be developing for simply isn't big enough to warrant it.
But hey, if John C Dvorak's prediction comes true, and Steve Jobs eventually gives in and licences the Vista core to run underneath the OSX interface, then this won't even be a problem anymore. According to security researchers, Apple's about 5-7 years behind where Microsoft is today in terms of security practices, so when ***** hits the fan, who knows what they'll do. It'd sure make things a lot easier for everyone else if it all used the same base. It's never been the core of 2000/XP/Vista that was insecure, anyway; mostly the applications running on top of it. And heck, even on Windows, Apple's own products have been at fault. That Myspace worm was caused by yet another Quicktime vulnerability, after all.
But anyway, I digress. My original point is, if Apple would just give it up on the hardware front (arguably the only thing keeping them in business for years) and allow OSX to be legally run on any PC hardware, more developers would run it in virtual machines and such to develop for it.
@ pyrix86
Not sure where you got your data, but the most recent from a couple weeks ago shows that they just barely broke 10% this year. Or around 7% depending on which data you look at. That's still not very much in the grand scheme of things. If you had multiple vendors of Apple laptops, Apple's own number would be significantly lower, much like how the PC laptop market is so split among brands. It's just because that's the only place all Apple fans can buy their hardware that it ends up being so 'high', relatively speaking. -
Show 51 - 78 of 78 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is