TrueCrypt

from Wikipedia, the free encyclopedia
TrueCrypt
Basic data

developer TrueCrypt Foundation
Publishing year February 2, 2004
Current  version 7.1a (last full version, February 7, 2012);
7.2 (decryption only, May 28, 2014);
for the circumstances, see the announcement of the termination of the project
operating system Windows , Mac OS X , Linux
programming language C , C ++ , assembler
category Full disk encryption
License TrueCrypt License ( Memento from December 28, 2012 in the web archive archive.today ) ( Freeware , proprietary)
German speaking Yes
www.truecrypt.org ( Memento from December 24, 2013 in the web archive archive.today )

TrueCrypt is a software for data encryption, especially for the complete or partial encryption of hard disks and removable media . The program runs under Windows from version 2000 up to version Windows 10 , under macOS from version 10.4 and under Linux using dm-crypt .

According to a message dated May 28, 2014 on the official website, the development of TrueCrypt was stopped in May 2014. Instructions for switching to BitLocker are provided on the website . There is also a warning that the use of TrueCrypt is unsafe, as TrueCrypt could contain unsolved security holes. On the other hand, Jacob Appelbaum and Laura Poitras stated at the Chaos Communication Congress in December 2014, "Truecrypt was classified as almost insurmountable before the development team surprisingly gave up work on it". The computer magazine c't recommended to continue to use the previous version TrueCrypt 7.1a for the time being.

VeraCrypt , which split off from TrueCrypt in June 2013 , is still under development and fixes some of the problems found during the TrueCrypt audit . In September 2015, a security researcher discovered a security hole in TrueCrypt that was fixed by the VeraCrypt spin-off.

Functions

Algorithms

TrueCrypt offers the encryption algorithms AES , Twofish and Serpent . In addition to using a single algorithm, there is also the option of cascading multiple algorithms .

Partition or container encryption

TrueCrypt knows three ways of working with encrypted data:

  1. An entire device (such as a hard drive ) is encrypted. This leads to operating systems seeing the encrypted device as not initialized and Partitioning may be advisable as long as the device is not mounted . This partition encryption is faster than the method described below, but existing data is overwritten during the encryption (except for the encryption of the system disk).
  2. An existing partition is encrypted. Only a complete system partition can be encrypted without losing the data that existed before the encryption. In the case of other partitions or external drives, the data existing before the encryption will be deleted and should be backed up externally beforehand.
  3. TrueCrypt knows so-called container files. Containers are particularly suitable for creating a private, encrypted area for sensitive data on an otherwise unencrypted partition. TrueCrypt manages a file system within a container. TrueCrypt mounts this file for reading and writing . A new virtual drive is created for this under Windows . Under Mac OS X and Linux, the container can be mounted in any directory . Access to the drive / directory does not differ from access to other counterparts not created by TrueCrypt. The TrueCrypt driver does the encryption and decryption in the background ( English on the fly ). If they are not integrated , containers can be treated like normal files, for example burned onto a DVD.

Concept of credible deniability

A safety feature of TrueCrypt is the concept of credible deniability ( English plausible deniability ), which is the ability to consciously lanes to avoid hidden data. This should make it impossible to prove the existence of encrypted data. TrueCrypt offers a special function for this: Hidden containers (hidden volumes) can be hidden within the free storage space of another encrypted volume. If you z. For example, if you are forced to give out the password for the volume, you only give out the password for the outer volume; the hidden volume encrypted with a different password remains undetected. An attacker sees only unimportant alibi data, the confidential data is encrypted and hidden in the free storage space of the encrypted volume. However, it should be noted that traces can remain on the physical data carrier, in the operating system or within the programs used, which could reveal the existence of the hidden volume to an attacker. In August 2016, a bug was found in the TrueCrypt source code that made it possible to prove the existence of a hidden container (hidden volume). Mounir Idrassi, the developer of VeraCrypt , confirmed this bug. A bug was fixed in Veracrypt version 1.18a , but users have to update their container data .

Portable mode

From version 3.1, TrueCrypt also supports a so-called "Portable Mode", which means that the program no longer has to be installed (see also Portable Software ). This allows z. B. can be started from USB sticks . For this mode, however, administrator rights are required on the Windows operating systems because, as in the installed version, a device driver must be loaded for ( transparent ) encryption and decryption when starting TrueCrypt .

Alternatively, it can be started under a Windows-based live system such as Windows PE or Bart PE . Since these systems do not write to the hard disk by themselves, but only act in the main memory , a high level of security is guaranteed.

Encryption of system partitions

From version 5.0, TrueCrypt also supports the "Full System Encryption" or "Whole Disk Encryption" (also known as Pre-Boot Authentication ) complete encryption of Windows system partitions or the entire hard disk on which a system partition is located. Windows XP, Windows Vista, Windows 7 and Windows Server 2003 are currently supported, each in the 32- or 64-bit versions. If the entire system partition is encrypted, a special TrueCrypt boot loader appears before the operating system is started and prompts you to enter a password. From version 6.1 onwards, this request can also be suppressed or replaced with your own text. Since the bootloader is stored unencrypted on the hard drive, the principle of credible deniability does not apply here. Instead, however, a hidden operating system can be stored within a TrueCrypt partition.

An advantage of encrypting the system partition is that temporary , swap and hibernation files are encrypted and stored on the partition. However, from version 7.0 for Windows Vista, Windows 7 and Windows 8 systems, this is also possible without system encryption. TrueCrypt uses Microsoft Windows own encryption mechanisms to store these files securely.

It is possible to encrypt existing system partitions and hard disks while Windows is running, and to interrupt this process and continue it at a later point in time. It is also possible to reverse the encryption while Windows is running. Partitions that have not yet been fully encrypted or decrypted cannot be mounted by another system. It is therefore advisable not to interrupt the process unnecessarily.

At the beginning of the encryption process of a system partition or hard disk, TrueCrypt creates an ISO image for a system-specific rescue CD, which enables the defective header or the boot loader to be restored in an emergency. The CD cannot restore the partition data. The ISO image must then be burned to CD; TrueCrypt only starts the encryption after the error-free readability of the rescue CD has been checked. Administrators can bypass this otherwise mandatory verification using virtual drives or a command line option in order to collect images from several computers centrally and only burn them when necessary.

Functionality with Solid State Drives (SSD)

Due to their high throughput, especially for randomly distributed read and write operations, solid-state drives (SSD) are ideal as carrier media for encrypted container files and partitions. Due to the way SSDs work, which is fundamentally different from those of conventional hard drives (HDD), it has not yet been conclusively clarified what effects SSD-specific functions such as the ATA TRIM command or the wear leveling implemented in the controllers of SSDs will have in conjunction with the use of TrueCrypt on the performance and longevity of SSDs. At least when using encrypted system partitions, TrueCrypt forwards the TRIM command to the SSD. This applies to all partitions that are protected by system encryption, but not when encrypting conventional partitions and containers. By passing on the TRIM command, an attacker can determine how much data is actually stored on the SSD. In the case of hidden operating systems, the TRIM command is not passed to ensure credible deniability.

When encrypting entire SSD drives or entire partitions, it may be advisable to leave part of the storage space of the SSD unused (unpartitioned) in order to give the SSD controller the opportunity to use the free blocks for wear leveling and so on increase the longevity of the SSD. This is not necessary for system partitions without a hidden operating system (see above).

The performance when reading encrypted SSDs has been improved through the support of read-ahead buffering under Windows from version 6.2.

Attack scenario

Since July 2009 a boot kit has been in circulation for the then common Windows versions with x86 architecture (Windows 2000 to Windows 7). The program changes the master boot record of the encrypted hard disk and is loaded first when the computer starts. This allows it to spy on the entry of the password for the TrueCrypt pre-boot authentication. Only systems with BIOS are affected , systems with EFI are not. Administrator rights or physical access to the hardware are required for an infection. The program should not be detectable by virus scanners.

Another attack scenario, which can also bypass other encryption systems such as BitLocker , requires that the computer used for decryption has a FireWire connection and that the attacker can physically access it. TrueCrypt in particular writes two key values ​​from the header of the container file into the main memory after the virtual hard disk has been mounted. Subsequent decryption of files in the container takes place with these keys. Even if the PC is locked, the contents of the main memory can now be copied via a Firewire connection. This memory image can then be searched for the two key values ​​using software. The header of the container file can then be replaced and a modified TrueCrypt version generated that uses the previously extracted key for decryption. Memory images created by Windows itself can also be used for such an attack, but their creation can easily be prevented.

So-called cold start attacks also work according to the same principle , in which access to the main memory is still possible under certain conditions and within a narrow time window after switching off a computer.

safety

The TrueCrypt for Windows installation program (and all projects based on it) is insecure, it is prone to DLL hijacking .

License

TrueCrypt is based on Encryption for the Masses (E4M), the development of which was discontinued in 2000. At the beginning of 2004 the program was further developed as TrueCrypt. A disadvantage of this gradual development is the inconsistent license. The source code of the program is open, but individual program parts have different and partly author-specific licenses, which are then summarized in the TrueCrypt Collective License , which has neither been certified by the OSI nor recognized as free by the Free Software Foundation and is GPL- incompatible. There is currently no prospect of standardizing the license, as this would require the consent of all authors involved. After checking the license in version 1.3, Debian refrained from recognizing it as DFSG- compliant due to possible legal problems with the license . The Fedora Project also advises against using the software for the same reasons. License version 3.0 only allows distribution in unchanged form for the complete program. However, parts of the software or the source code can be used and used in your own projects if the license and author are specified in the program or project and your own project does not have a similar-sounding name. According to c't, the “tricky license” also excludes “a lot of usage scenarios” in this application case.

Version 7.2, apparently the last version of TrueCrypt, was delivered with version 3.1 of the TrueCrypt license. There references to trademarks of the TrueCrypt Foundation and all references to contact options have been removed.

history

The main developer of TrueCrypt was considered unknown for a long time. However, research by journalist Evan Ratliff has shown that TrueCrypt has its origins in the software "E4M", which was programmed by Paul Le Roux . Early screenshots of the program from 2001 show a clear relationship to today's TrueCrypt or its spin-offs.

In spring 2005, the TrueCrypt programmers were looking for helpers to port to other operating systems besides Windows.

Different versions for Linux are available from version 4.0. From version 4.2 it is also possible to create encrypted partitions under Linux , before that it was only possible to use partitions created under Windows. From version 5.0, TrueCrypt is also available for macOS 10.4 and 10.5. From version 6.0, Linux and Mac OS X also offer the option of creating hidden containers (hidden volumes) ; Furthermore, in version 6.0 the performance on multi-core processors has been significantly improved through parallelization.

Version 6.1 supports the connection of cryptographic tokens and smart cards via the cryptography standard PKCS # 11.

Version 6.2 is intended to improve the speed of Truecrypt through improved use of read-ahead buffers, especially when using solid state disks (SSD).

Version 6.3 has expanded support to include Windows 7 and Mac OS X Snow Leopard .

With version 7.0 support for hardware accelerated AES was introduced. If the system is configured accordingly, this option is activated by default, but can be deactivated as an option.

Software audit

As a result of the global surveillance and espionage affair , there have been increased efforts to improve the reliability of TrueCrypt and to provide trustworthy binary files. For this purpose, more than 60,000 dollars were raised through several crowdfunding campaigns, with which, among other things, external security companies were commissioned to audit the source code . The cryptography expert Bruce Schneier also agreed to support this. A non-profit organization called the Open Crypto Audit Project , based in North Carolina, was established to manage the donation income . A first contract to check the Windows software and the bootloader was signed with iSEC partners ; the audit should start in January 2014. Another goal of the project was to make the TrueCrypt license compatible with established open source licenses such as the GNU General Public License . The audit report was published in April 2015. The authors found four errors, of which they classified two as serious and one as easy. The fourth fault was not classified.

In October 2013 it could be proven that the binary files offered for download on the TrueCrypt website can actually be reproduced from the published source text and are therefore free of additional backdoors not contained in the publicly accessible source text.

In April 2014 the results of a commercial partial assessment of the software were published, whereby the bootloader and the Windows kernel driver were examined - a full analysis of the actual TrueCrypt software is still pending, with phase 2. The report's authors found eleven errors, none of which they classified as serious, four as moderate, four as mild and three in the lowest category “informational”. No evidence of a back door was found.

In 2015, the Fraunhofer Institute for Secure Information Technology (SIT) examined TrueCrypt for security gaps on behalf of the Federal Office for Information Security (BSI) , as parts of the encryption code are used for classified information . The study found that "TrueCrypt is still suitable for encrypting data on data carriers".

On December 16, 2019, golem.de reported that the Federal Office for Information Security (BSI) had already examined TrueCrypt in detail in 2010 and had discovered numerous security gaps. Hanno Böck in golem.de classified errors in the area of ​​correct overwriting of key material as particularly problematic , which are listed in large numbers in the BSI analysis and many of which are also included in the current Veracrypt version. However, "none of the weak points mentioned in the report (...) are extremely critical" and the encryption itself remains "comparatively solid and secure". The results were not published by the BSI, but only made available to the public in December 2019 as part of an inquiry citing the Freedom of Information Act .

Announcement of the termination of the project

On May 28, 2014, the previous website of the project was replaced by a warning that the development of TrueCrypt had been discontinued. TrueCrypt is not secure because it could contain unresolved security holes. A recommendation was also published to use BitLocker as an alternative, as well as instructions on how data encrypted with TrueCrypt could be migrated to BitLocker.

This information was no longer offered on the own domain, but by forwarding truecrypt.org to SourceForge . Only a new version 7.2 with limited functions was offered on Sourceforge, which warns of security gaps when used. This version is used to decrypt data encrypted with TrueCrypt in order to migrate them to other encryption solutions. The errors found in the previous assessment, however, were not eliminated. The last TrueCrypt version with full functionality is version 7.1a.

While initially speculated about a possible defacement of the TrueCrypt website and warned against using the new version, such a scenario was classified as unlikely shortly afterwards: The new program files had the correct official electronic signature of the manufacturer. In addition, no back door or the like was found in the source code , and according to initial reports, the executable program offered for download was actually created from the offered source code. However, there was and still is speculation as to whether the authors of TrueCrypt received a National Security Letter and therefore discontinued the project. The developers of TrueCrypt recommended switching to the encryption programs already integrated in the respective operating systems. The computer magazine c't advised that users should “keep their hands off the new version [7.2] for the time being”; instead, there is nothing against continuing to use TrueCrypt 7.1a for the time being.

Formerly planned features in future releases

For later versions of the program, a TrueCrypt API for controlling the software by other programs and raw encryption for CD and DVD volumes were provided. In addition, options for creating volumes from the command line should be added to the Windows version; these were already available in the versions for Linux and Mac OS X.

TrueCrypt based or compatible projects

tcplay

The tcplay project was founded in 2011 . The software is compatible with TrueCrypt, but in contrast to this it comes under a BSD license recognized as a free open source license . tcplay is part of Debian , DragonFly BSD and Fedora, among others .

VeraCrypt

VeraCrypt is a spin-off from TrueCrypt and is partially compatible with it. VeraCrypt is available under the Apache license and the TrueCrypt 3.0 license.

GostCrypt

GostCrypt is a spin-off from TrueCrypt. It does not use AES for encryption, but a GOST cipher.

Web links

Individual evidence

  1. a b sourceforge.net ( Memento from December 28, 2012 in the web archive archive.today )
  2. ^ A b c Dan Goodin: "TrueCrypt is not secure," official SourceForge page abruptly warns. In: arstechnica.com. May 28, 2014, accessed October 24, 2014 .
  3. truecrypt.sourceforge.net
  4. 31C3: The attacks on encryption by NSA and GCHQ. In: Heise online . December 29, 2014, accessed January 2, 2015 .
  5. ^ A b c Jürgen Schmidt: Farewell to TrueCrypt . In: c't 14/2014, p. 20 (PDF).
  6. idrassi: Why is this more secure than TrueCrypt? October 15, 2014, accessed September 29, 2015 .
  7. https://www.heise.de/security/meldung/VeraCrypt-entledigt-sich-alter-Sicherheitsluecken-2832494.html .
  8. TrueCrypt Foundation: Hidden Volume ( Memento from October 15, 2013 in the web archive archive.today ) , article with further information on truecrypt.org, 2006, English
  9. A. Czeskis, DJ St. Hilaire u. a .: Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications (PDF; 272 kB) In: Proceedings of 3rd USENIX Workshop on Hot Topics in Security, July 29, 2008 November 2009.
  10. Veracrypt and Truecrypt: Hidden volumes are not hidden - Golem.de . ( golem.de [accessed on January 10, 2017]).
  11. VeraCrypt. In: CodePlex. Retrieved January 10, 2017 .
  12. VeraCrypt. In: CodePlex. Retrieved January 10, 2017 .
  13. TrueCrypt Foundation: Features ( Memento from April 16, 2013 in the web archive archive.today ) , overview of the properties of the program version
  14. TrueCrypt Foundation: System Encryption ( Memento from September 13, 2012 in the web archive archive.today ) , documentation
  15. TrueCrypt Foundation: Plausible Deniability ( Memento from April 16, 2013 in the web archive archive.today )
  16. TrueCrypt Foundation: TrueCrypt Rescue Disk ( Memento from April 16, 2013 in the web archive archive.today ) , documentation
  17. Media Addicted: SSDs and TrueCrypt: Durability and Performance Issues
  18. truecrypt.org ( Memento from April 15, 2013 in the web archive archive.today )
  19. Uli Ries, Daniel Bachfeld: Bootkit leverages hard drive encryption. In: Heise online. July 30, 2009. Retrieved July 30, 2009 .
  20. Christian Klaß: Quickly decrypt Truecrypt and Bitlocker hard drives. In: Golem.de . March 30, 2010, accessed October 23, 2014 .
  21. Joshua Long: Mac FileVault 2's full disk encryption can be bypassed in less than 40 minutes. In: nakedsecurity.sophos.com. Sophos , February 2, 2012, accessed October 23, 2014 .
  22. Annika Kremer: Passware : Via FireWire against FileVault and TrueCrypt ( Memento from October 23, 2014 in the web archive archive.today ), gulli.com , February 3, 201.
  23. ^ A b c Michael Weissbacher: PlaidCTF Writeup: Fun with Firewire. In: mweissbacher.com. May 17, 2011, accessed October 23, 2014 .
  24. ↑ Hibernation file reveals TrueCrypt key? In: www.heise.de. c't , September 18, 2014, accessed October 23, 2014 .
  25. FullDisclosure: Executable installers are vulnerable ^ WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
  26. Comment on the license on Debian-Legal
  27. ^ Fedora Project: ForbiddenItems
  28. Paul Le Roux: The Truecrypt inventor, a drug lord and contract killer. In: Golem.de. Retrieved April 5, 2016 .
  29. ^ Project: TrueCrypt: Summary. (No longer available online.) In: SourceForge. April 8, 2005, archived from the original on April 8, 2005 ; accessed on January 2, 2015 .
  30. TrueCrypt Foundation: Security Tokens & Smart Cards ( Memento from April 16, 2013 in the web archive archive.today )
  31. Julius Stiebert: Truecrypt 6.2 published. golem.de, May 12, 2009, accessed on February 28, 2015 .
  32. truecrypt.org ( Memento from September 14, 2012 in the web archive archive.today )
  33. ^ Matthew Green: An Update in TrueCrypt , accessed January 14, 2014.
  34. See Heise Online from October 19, 2013: The way to a more reliable TrueCrypt .
  35. Security audit . OpenCryptoAudit website
  36. ^ Matthew Green: Another update on the Truecrypt audit. blog.cryptographyengineering.com, February 18, 2015, accessed March 17, 2015 .
  37. See Heise online from October 28, 2013: TrueCrypt encryption software: One less doubt , last viewed on January 14, 2014.
  38. PC world: TrueCrypt has no secret back door
  39. Open Crypto Audit Project TrueCrypt: publicly available analysis of the TrueCrypt audit , accessed on April 15, 2014.
  40. BSI publishes security study on TrueCrypt
  41. Hanno Böck: BSI hides Truecrypt security problems . In: golem.de from December 16, 2019
  42. Hanno Böck: BSI withholds Truecrypt security problems (p. 3 of the article)
  43. Stefan Wehrmeyer: Investigations into the encryption program TrueCrypt on FragDenStaat.de from December 13, 2019 (download option of investigation reports )
  44. PC world: Truecrypt is supposedly insecure - development stopped
  45. truecrypt.org ( Memento from December 24, 2013 in the web archive archive.today )
  46. Jürgen Schmidt: Truecrypt is insecure - and now? In: heise Security . May 30, 2014, accessed October 24, 2014 .
  47. ^ Brian Krebs: True Goodbye: 'Using TrueCrypt Is Not Secure'. In: krebsonsecurity.com. May 14, 2014, accessed October 24, 2014 .
  48. ^ TrueCrypt Foundation: Future ( memento from October 15, 2013 in the web archive archive.today ) , planned changes; Website offline (August 4, 2014)
  49. tc-play. github.com, accessed February 28, 2015 .
  50. Debian - Package Search Results - tcplay. packages.debian.org, accessed February 28, 2015 .
  51. leaf.dragonflybsd.org
  52. bugzilla.redhat.com
  53. https://veracrypt.codeplex.com/license
  54. https://www.gostcrypt.org/gostcrypt.php