C
CoMa
TrueCrypt
http://www.truecrypt.org/
Free open-source disk encryption software for
Windows XP/2000/2003 and Linux
Main Features:
--It can create a virtual encrypted disk within a file and mount
it as a real disk.
--It can encrypt an entire hard disk partition or a device,
such as USB memory stick, floppy disk, etc.
--Provides two levels of plausible deniability, in case an adversary
forces you to reveal the password:
1) Hidden volume (more information may be found here).
2) No TrueCrypt volume can be identified (TrueCrypt volumes cannot
be distinguished from random data).
--Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5,
Serpent (256-bit key), Triple DES, and Twofish (256-bit key).
Supports cascading (e.g., AES-Twofish-Serpent).
--Based on Encryption for the Masses (E4M) 2.02a,
which was conceived in 1997.
V e r s i o n H i s t o r y
4.0
November 1, 2005
New features:
TrueCrypt volumes can now be mounted on Linux. The Linux version of
TrueCrypt is available at http://www.truecrypt.org/downloads.php
It is now possible to write to outer volume without risking that a hidden
volume within it will get damaged (overwritten):
When mounting an outer volume, the user can now enter two passwords: One
for the outer volume, and the other for a hidden volume within it, which
he/she wants to protect. In this mode, TrueCrypt does not actually mount
the hidden volume. It only decrypts its header and retrieves information
about the size of the hidden volume (from the decrypted header). Then, the
outer volume is mounted and any attempt to save data to the area of the
hidden volume will be rejected by the driver (until the outer volume is
dismounted). For further details, please see the section ‘Protection of
Hidden Volumes against Damage’ in the documentation.
Support for the x86-64 (64-bit) platform
TrueCrypt now runs on Windows XP x64 Edition (64-bit) and Windows Server
2003 x64.
Support for big-endian hardware platforms (PowerPC, SPARC, Motorola, etc.)
Full support for keyfiles. Keyfiles provide protection against keystroke
loggers and may strengthen protection against brute force attacks. Keyfile
is a file whose content is combined with a password. Until correct keyfile
is provided, no volume that uses the keyfile can be mounted. Any number of,
and any kind of files (for example, .mp3, .jpg, .exe, .avi) may be used as
TrueCrypt keyfiles. TrueCrypt never modifies the keyfile contents.
Therefore, it is possible to use, for example, five files in your large mp3
collection as TrueCrypt keyfiles (and inspection of the files will not
reveal that they are used as keyfiles). TrueCrypt can also generate a file
with random content, which can be used as a keyfile. For more information
on keyfiles, see the chapter Keyfiles in the documentation.
Support for language packs (localizations). Language packs may be
downloaded at: http://www.truecrypt.org/localizations.php
Whirlpool hash algorithm added.
The size of the output of this hash algorithm is 512 bits. It was designed
by Vincent Rijmen (co-author of the AES encryption algorithm) and Paulo S.
L. M. Barreto. The first version of Whirlpool was published in November
2000. The second version, now called Whirlpool-T, was selected for the
NESSIE (“New European Schemes for Signatures, Integrity and Encryption")
portfolio of cryptographic primitives (a project organized by the European
Union, similar to the AES contest). TrueCrypt uses the third (final)
version of Whirlpool, which was adopted by the International Organization
for Standardization (ISO) and the IEC in the ISO/IEC 10118-3:2004
international standard.
Auto-Dismount facility, which can be set to dismount a volume after no data
has been written/read to/from it for specified number minutes. It can also
be set to dismount all mounted TrueCrypt volumes when:
- user logs off
- entering power saving mode
- screen saver is launched
Auto-dismount can be configured and activated in the Preferences (select
Settings -> Preferences)
TrueCrypt settings are not saved to the Windows registry file. Instead,
they are stored in XML files in the folder where application data are saved
on the system (for example, in C:\Documents and
Settings\YourUserName\Application Data\TrueCrypt). In traveller mode, the
configuration XML files are saved to the folder from which you run the file
TrueCrypt.exe.
Note: When you install this version of TrueCrypt, all TrueCrypt settings
that were stored by previous versions in the registry file will be
automatically removed.
Tray icon. Right-clicking the tray icon opens a popup menu with the most
used functions. Left-clicking the tray icon opens the main TrueCrypt window
and puts it into the foreground.
Optionally, TrueCrypt can now continue running in the background after its
main window is closed. This is referred to as TrueCrypt Background Task.
When the main TrueCrypt window is closed, the TrueCrypt Background Task
handles the following tasks/functions:
1) Hot keys
2) Auto-dismount
3) Notifications (e.g., when damage to hidden volume is prevented)
4) Tray icon
For more information, see the chapter TrueCrypt Background Task in the
documentation.
When a mounted volume is right-clicked in the drive list (in the main
TrueCrypt window), a context menu is opened. From this menu, the user can
select functions such as ‘Repair Filesystem’ or ‘Check Filesystem’
(front-end to the ‘chkdsk’ tool).
Containers stored on a locally mapped network drive can now be mounted.
Container stored on a remote server can be mounted via UNC path (e.g.,
\\server\share\volume).
Option to display password (typed in input field)
‘Favorite Volumes’ facility, which is useful if you often work with more
than one TrueCrypt volume at a time and you need each of them to be mounted
as the same drive letter every time. For more information, see the chapter
‘Main Program Window’, section ‘Program Menu’, subsection ‘Volumes -> Save
Currently Mounted Volumes as Favorite’ in the documentation.
Functions ‘Backup Volume Header’ and ‘Restore Volume Header’ added to the
Tools menu. Both the standard volume header and the hidden volume header
area are always backed up (copied to the backup file) even if there is no
hidden volume within the volume (to preserve plausible deniability of
hidden volumes).
Note: If you do not have enough free space to backup all files, we highly
recommend that you at least use this facility to backup the volume header,
which contains the master key (size of the backup file will be 1024 bytes).
If the volume header is damaged, the volume is, in most cases, impossible
to mount.
System-wide hot keys (which can be used, for example, to dismount all
TrueCrypt volumes, etc.)
Users can now set actions to perform upon log on to Windows. The actions
can be any of the following:
- Start TrueCrypt
- Mount all device-hosted TrueCrypt volumes
- Mount favorite volumes
These actions can be enabled in the Preferences (select Settings ->
Preferences).
Title bar of the password prompt dialog window now displays path to volume
being mounted
When the 'Never save history' option is enabled, TrueCrypt clears the
registry entries created by the Windows file selector for TrueCrypt.
Therefore, the Windows file selector will not remember the path of the last
mounted container after you exit TrueCrypt. Note that even when this option
is enabled, the file selector will still remember the path, but only until
you exit TrueCrypt.
Set Header Key Derivation Algorithm' added to the Volumes menu. It allows
the user to re-encrypt a volume header with a header key derived using a
different PRF function (e.g., instead of HMAC-SHA-1 you could use
HMAC-Whirlpool). Note: Volume header contains master encryption key with
which volume is encrypted. Therefore, data stored on the volume will not be
lost after this function is used.
Number of bytes read/written from/to a volume since it was mounted is
displayed in the Volume Properties window.
Preserving container timestamps can now disabled in the Preferences
(Settings -> Preferences).
Command line usage:
if ’/silent’ is specified, interaction with user (prompts, error messages,
warnings, etc.) is suppressed.
If '/m timestamp' is specified, volume/keyfile timestamps are not
preserved.
’/keyfile’ may be used to specify a keyfile or a keyfile search path.
’/auto favorites’ may be used to mount favorite volumes.
’/auto’ is implicit if ’/quit’ and ’/volume’ are specified.
If ’/q preferences’ is specified, TrueCrypt loads/saves settings.
Auto-Mount Devices keeps prompting for a password until a volume is
successfully mounted or until cancelled. Warning is displayed after each
unsuccessful mount.
If the Shift key is down when clicking 'Auto-Mount Devices' and if there
are cached passwords, then password prompt will be bypassed (mounting will
be attempted only with cached passwords).
It is now possible to run multiple instances of the TrueCrypt application
simultaneously.
Improvements:
Mounting of fragmented file-hosted volumes (containers) takes significantly
less time.
New SHA-1 routines by Brian Gladman, which are approx. three times faster
than the original ones (speeds up mounting).
Enhancements to the random number generator:
Hash function output is XORed into the pool (in E4M and the previous
versions of TrueCrypt the values produced by a hash function replaced the
original values in the pool).
Input to hash function will always be the entire pool.
Position of the pool cursor does not change when the FastPoll function is
applied. This ensures that mouse coordinates are always evenly distributed
in the pool (significant particularly when moving the mouse
uninterruptedly).
Event delta/absolute time will be added modulo 2 32 to the pool at the same
position as the event data. (In the previous versions, event delta times
were added separately modulo 2 32 to the pool. Delta times provide only a
small amount of entropy, particularly when moving the mouse
uninterruptedly.)
For more information see the chapter Technical Details, section Random
Number Generator in the documentation.
Important: That we made these enhancements to the random number generator
does NOT mean that volumes created using previous versions of TrueCrypt are
insecure.
File-hosted volumes are pre-allocated before they are formatted. Therefore,
containers are created faster and less fragmented.
When TrueCrypt re-encrypts a volume header (for example, when changing a
password), the original volume header is first overwritten 35 times with
random data to prevent adversaries from using techniques such as magnetic
force microscopy to recover the overwritten header.
Traveller disk can be created when TrueCrypt is running in traveller mode.
TrueCrypt warns if automatic mounting of new volumes is disabled in Windows
and informs the user how to enable this functionality.
Other minor improvements
Bug fixes:
Hidden volume password can now be changed on all types of removable media
(e.g., all types of USB memory sticks).
When changing a password and an error occurs during the creation of a new
volume header, the header will not be written and the error will be
reported.
FAT file system created by TrueCrypt will have the same properties as FAT
file system created by Windows.
Drive list will be updated whenever drive letter assignments change.
If an error occurs, TrueCrypt returns exit code 1, otherwise it returns 0
(command line usage).
Password specified on command line (/p ) now works with ‘/a devices’ as
well (command line usage).
Other minor bug fixes
Miscellaneous:
Size of the random number generator pool increased from 256 to 320 bytes
The command line option ‘/quiet’ has been renamed to ‘/quit’
The Serpent routines written in assembly have been replaced with routines
written in C, so that the whole source code is more portable.
Released under TrueCrypt License 2.0
/CoMa
http://www.truecrypt.org/
Free open-source disk encryption software for
Windows XP/2000/2003 and Linux
Main Features:
--It can create a virtual encrypted disk within a file and mount
it as a real disk.
--It can encrypt an entire hard disk partition or a device,
such as USB memory stick, floppy disk, etc.
--Provides two levels of plausible deniability, in case an adversary
forces you to reveal the password:
1) Hidden volume (more information may be found here).
2) No TrueCrypt volume can be identified (TrueCrypt volumes cannot
be distinguished from random data).
--Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5,
Serpent (256-bit key), Triple DES, and Twofish (256-bit key).
Supports cascading (e.g., AES-Twofish-Serpent).
--Based on Encryption for the Masses (E4M) 2.02a,
which was conceived in 1997.
V e r s i o n H i s t o r y
4.0
November 1, 2005
New features:
TrueCrypt volumes can now be mounted on Linux. The Linux version of
TrueCrypt is available at http://www.truecrypt.org/downloads.php
It is now possible to write to outer volume without risking that a hidden
volume within it will get damaged (overwritten):
When mounting an outer volume, the user can now enter two passwords: One
for the outer volume, and the other for a hidden volume within it, which
he/she wants to protect. In this mode, TrueCrypt does not actually mount
the hidden volume. It only decrypts its header and retrieves information
about the size of the hidden volume (from the decrypted header). Then, the
outer volume is mounted and any attempt to save data to the area of the
hidden volume will be rejected by the driver (until the outer volume is
dismounted). For further details, please see the section ‘Protection of
Hidden Volumes against Damage’ in the documentation.
Support for the x86-64 (64-bit) platform
TrueCrypt now runs on Windows XP x64 Edition (64-bit) and Windows Server
2003 x64.
Support for big-endian hardware platforms (PowerPC, SPARC, Motorola, etc.)
Full support for keyfiles. Keyfiles provide protection against keystroke
loggers and may strengthen protection against brute force attacks. Keyfile
is a file whose content is combined with a password. Until correct keyfile
is provided, no volume that uses the keyfile can be mounted. Any number of,
and any kind of files (for example, .mp3, .jpg, .exe, .avi) may be used as
TrueCrypt keyfiles. TrueCrypt never modifies the keyfile contents.
Therefore, it is possible to use, for example, five files in your large mp3
collection as TrueCrypt keyfiles (and inspection of the files will not
reveal that they are used as keyfiles). TrueCrypt can also generate a file
with random content, which can be used as a keyfile. For more information
on keyfiles, see the chapter Keyfiles in the documentation.
Support for language packs (localizations). Language packs may be
downloaded at: http://www.truecrypt.org/localizations.php
Whirlpool hash algorithm added.
The size of the output of this hash algorithm is 512 bits. It was designed
by Vincent Rijmen (co-author of the AES encryption algorithm) and Paulo S.
L. M. Barreto. The first version of Whirlpool was published in November
2000. The second version, now called Whirlpool-T, was selected for the
NESSIE (“New European Schemes for Signatures, Integrity and Encryption")
portfolio of cryptographic primitives (a project organized by the European
Union, similar to the AES contest). TrueCrypt uses the third (final)
version of Whirlpool, which was adopted by the International Organization
for Standardization (ISO) and the IEC in the ISO/IEC 10118-3:2004
international standard.
Auto-Dismount facility, which can be set to dismount a volume after no data
has been written/read to/from it for specified number minutes. It can also
be set to dismount all mounted TrueCrypt volumes when:
- user logs off
- entering power saving mode
- screen saver is launched
Auto-dismount can be configured and activated in the Preferences (select
Settings -> Preferences)
TrueCrypt settings are not saved to the Windows registry file. Instead,
they are stored in XML files in the folder where application data are saved
on the system (for example, in C:\Documents and
Settings\YourUserName\Application Data\TrueCrypt). In traveller mode, the
configuration XML files are saved to the folder from which you run the file
TrueCrypt.exe.
Note: When you install this version of TrueCrypt, all TrueCrypt settings
that were stored by previous versions in the registry file will be
automatically removed.
Tray icon. Right-clicking the tray icon opens a popup menu with the most
used functions. Left-clicking the tray icon opens the main TrueCrypt window
and puts it into the foreground.
Optionally, TrueCrypt can now continue running in the background after its
main window is closed. This is referred to as TrueCrypt Background Task.
When the main TrueCrypt window is closed, the TrueCrypt Background Task
handles the following tasks/functions:
1) Hot keys
2) Auto-dismount
3) Notifications (e.g., when damage to hidden volume is prevented)
4) Tray icon
For more information, see the chapter TrueCrypt Background Task in the
documentation.
When a mounted volume is right-clicked in the drive list (in the main
TrueCrypt window), a context menu is opened. From this menu, the user can
select functions such as ‘Repair Filesystem’ or ‘Check Filesystem’
(front-end to the ‘chkdsk’ tool).
Containers stored on a locally mapped network drive can now be mounted.
Container stored on a remote server can be mounted via UNC path (e.g.,
\\server\share\volume).
Option to display password (typed in input field)
‘Favorite Volumes’ facility, which is useful if you often work with more
than one TrueCrypt volume at a time and you need each of them to be mounted
as the same drive letter every time. For more information, see the chapter
‘Main Program Window’, section ‘Program Menu’, subsection ‘Volumes -> Save
Currently Mounted Volumes as Favorite’ in the documentation.
Functions ‘Backup Volume Header’ and ‘Restore Volume Header’ added to the
Tools menu. Both the standard volume header and the hidden volume header
area are always backed up (copied to the backup file) even if there is no
hidden volume within the volume (to preserve plausible deniability of
hidden volumes).
Note: If you do not have enough free space to backup all files, we highly
recommend that you at least use this facility to backup the volume header,
which contains the master key (size of the backup file will be 1024 bytes).
If the volume header is damaged, the volume is, in most cases, impossible
to mount.
System-wide hot keys (which can be used, for example, to dismount all
TrueCrypt volumes, etc.)
Users can now set actions to perform upon log on to Windows. The actions
can be any of the following:
- Start TrueCrypt
- Mount all device-hosted TrueCrypt volumes
- Mount favorite volumes
These actions can be enabled in the Preferences (select Settings ->
Preferences).
Title bar of the password prompt dialog window now displays path to volume
being mounted
When the 'Never save history' option is enabled, TrueCrypt clears the
registry entries created by the Windows file selector for TrueCrypt.
Therefore, the Windows file selector will not remember the path of the last
mounted container after you exit TrueCrypt. Note that even when this option
is enabled, the file selector will still remember the path, but only until
you exit TrueCrypt.
Set Header Key Derivation Algorithm' added to the Volumes menu. It allows
the user to re-encrypt a volume header with a header key derived using a
different PRF function (e.g., instead of HMAC-SHA-1 you could use
HMAC-Whirlpool). Note: Volume header contains master encryption key with
which volume is encrypted. Therefore, data stored on the volume will not be
lost after this function is used.
Number of bytes read/written from/to a volume since it was mounted is
displayed in the Volume Properties window.
Preserving container timestamps can now disabled in the Preferences
(Settings -> Preferences).
Command line usage:
if ’/silent’ is specified, interaction with user (prompts, error messages,
warnings, etc.) is suppressed.
If '/m timestamp' is specified, volume/keyfile timestamps are not
preserved.
’/keyfile’ may be used to specify a keyfile or a keyfile search path.
’/auto favorites’ may be used to mount favorite volumes.
’/auto’ is implicit if ’/quit’ and ’/volume’ are specified.
If ’/q preferences’ is specified, TrueCrypt loads/saves settings.
Auto-Mount Devices keeps prompting for a password until a volume is
successfully mounted or until cancelled. Warning is displayed after each
unsuccessful mount.
If the Shift key is down when clicking 'Auto-Mount Devices' and if there
are cached passwords, then password prompt will be bypassed (mounting will
be attempted only with cached passwords).
It is now possible to run multiple instances of the TrueCrypt application
simultaneously.
Improvements:
Mounting of fragmented file-hosted volumes (containers) takes significantly
less time.
New SHA-1 routines by Brian Gladman, which are approx. three times faster
than the original ones (speeds up mounting).
Enhancements to the random number generator:
Hash function output is XORed into the pool (in E4M and the previous
versions of TrueCrypt the values produced by a hash function replaced the
original values in the pool).
Input to hash function will always be the entire pool.
Position of the pool cursor does not change when the FastPoll function is
applied. This ensures that mouse coordinates are always evenly distributed
in the pool (significant particularly when moving the mouse
uninterruptedly).
Event delta/absolute time will be added modulo 2 32 to the pool at the same
position as the event data. (In the previous versions, event delta times
were added separately modulo 2 32 to the pool. Delta times provide only a
small amount of entropy, particularly when moving the mouse
uninterruptedly.)
For more information see the chapter Technical Details, section Random
Number Generator in the documentation.
Important: That we made these enhancements to the random number generator
does NOT mean that volumes created using previous versions of TrueCrypt are
insecure.
File-hosted volumes are pre-allocated before they are formatted. Therefore,
containers are created faster and less fragmented.
When TrueCrypt re-encrypts a volume header (for example, when changing a
password), the original volume header is first overwritten 35 times with
random data to prevent adversaries from using techniques such as magnetic
force microscopy to recover the overwritten header.
Traveller disk can be created when TrueCrypt is running in traveller mode.
TrueCrypt warns if automatic mounting of new volumes is disabled in Windows
and informs the user how to enable this functionality.
Other minor improvements
Bug fixes:
Hidden volume password can now be changed on all types of removable media
(e.g., all types of USB memory sticks).
When changing a password and an error occurs during the creation of a new
volume header, the header will not be written and the error will be
reported.
FAT file system created by TrueCrypt will have the same properties as FAT
file system created by Windows.
Drive list will be updated whenever drive letter assignments change.
If an error occurs, TrueCrypt returns exit code 1, otherwise it returns 0
(command line usage).
Password specified on command line (/p ) now works with ‘/a devices’ as
well (command line usage).
Other minor bug fixes
Miscellaneous:
Size of the random number generator pool increased from 256 to 320 bytes
The command line option ‘/quiet’ has been renamed to ‘/quit’
The Serpent routines written in assembly have been replaced with routines
written in C, so that the whole source code is more portable.
Released under TrueCrypt License 2.0
/CoMa