
Replace TrueCrypt – Candidate alternatives - chmars
https://tails.boum.org/blueprint/replace_truecrypt/
======
x1798DE
I've said this before in a few places, and it's (semi-) relevant here, but I
really think people need to relax about replacing TrueCrypt. Despite the
"security concerns" expressed in the TrueCrypt page, _which were clearly a
joke_ , there's no reason to think TrueCrypt has any significant
vulnerabilities at this time, and the second phase of the audit will take
place as scheduled. The last time TrueCrypt was updated was _two years ago_ \-
it's stable software that doesn't need constant tweaking, so the developers
bowing out is not a problem.

Chances are, someone will either fork TrueCrypt (version 3.1 of the TrueCrypt
license seems to make this a legitimate possiblity) or create a replacement,
possibly using the same container format. TrueCrypt is pretty much _just as
good_ as it was before this happened. Give it a couple of months before you
start switching over to some other solution (which is likely to be less
"battle-hardened" than the incredibly popular TrueCrypt anyway, and thus
somewhat more likely to be insecure). There's no rush.

~~~
loteck
> _which were clearly a joke_

There's a lot of information flying around so I may have missed something. Why
is the official page, which states that there are security concerns, "clearly"
a joke?

~~~
x1798DE
Most people took TC recommending Bitlocker as a joke (myself included),
because it's a closed-source proprietary encryption method made by Microsoft,
which is the ethic that TrueCrypt has represented in the decade that it
existed, but even if that's a bit too subtle humor, if you look at the options
they give for encryption on other platforms [1], you can see that it's
obviously not a serious security-based recommendation.

For Linux, they recommend: > _Use any integrated support for encryption.
Search available installation packages for words encryption and crypt, install
any of the packages found and follow its documentation._

Does that seem serious to you?

For Mac OSX, here is the configuration they recommend for creating an
encrypted volume:
[http://truecrypt.sourceforge.net/OSXNewImage.png](http://truecrypt.sourceforge.net/OSXNewImage.png)

Note where under Encryption they've selected "None".

1\.
[http://truecrypt.sourceforge.net/OtherPlatforms.html](http://truecrypt.sourceforge.net/OtherPlatforms.html)

------
breakall
The Grugq wrote a post [1] discussing TrueCrypt alternatives back in October
of last year. It also mentions tc-play and cryptsetup, but additionally
mentions tomb [2], which looks very interesting to me.

But while I once wrote for _my mom_ a document with step-by-step instructions
on how to create and use a TrueCrypt volume to keep some work documents
secured, I don't see any alternative in either post that is going to be as
accessible to normal folks (like her) as TrueCrypt.

[1] [http://grugq.tumblr.com/post/60464139008/alternative-
truecry...](http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-
implementations) [2]
[http://www.dyne.org/software/tomb/](http://www.dyne.org/software/tomb/)

~~~
dobbsbob
No reason you can't write a script that automates cryptsetup/luks, or a UI for
PySkein or Java Skein, or the plenty of Keccak implementations.

------
y-satellite
A lot of discussions of TrueCrypt replacements I've read today miss a major
point, which is that users of the Windows version are now left with no
reliable, up-to-date software with an equivalent feature set and security
guarantees. I know we tend to be *nix-heavy here, but some of us used
TrueCrypt because it was the best solution for Windows, not because it was
cross-platform.

~~~
Spooky23
If you need full disk encryption, how is appropriately configured BitLocker
any less reliable, or offering fewer "security guarantees" than TrueCrypt?

The knee jerk reaction here is "omg, prism, Microsoft!". But the reality is
that you have no idea who the TrueCrypt people are and their level of
trustworthiness --- for all you know they work for NSA or FSB!

If you are a windows user, use the manual and use BitLocker for FDE and EFS
for folder and files.

~~~
y-satellite
The most obvious difference is that the TrueCrypt code has had at least the
first stage of a formal security audit done, which uncovered no evidence of
backdoors. With BitLocker being closed source and no public audits being done,
you don't have the same guarantees. BitLocker may be perfectly secure, but I
feel I'm justified in saying that its status is much more uncertain.

~~~
acqq
The most aspects of TC were never publicly audited. People were using it on
blind faith only: betting that _if_ somebody had cared to audit he'd publish
his findings too.

You can have the same assumption for BitLocker.

~~~
kaoD
You can't audit BitLocker, its source is not available. That's a _huge_
difference.

~~~
acqq
Microsoft has special licensing models where the sources for OS _are_
available. _Somebody_ looks at that, at least comparable to that how
_somebody_ was expected to detect the bug in OpenSSL, or to review TrueCrypt
and nobody did until recently, because, well let _somebody_ else care.

So as far as I understand, it is possible to audit Microsoft's crypto code
too. I can imagine the audit of crypto code wouldn't find anything. The real
problem is:

[http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf](http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf)

"Crypto won't save you either"

"Crypto Summary:

Number of attacks that broke the crypto: 0

Number of attacks that bypassed the crypto: All the rest

\- No matter how strong the crypto was, or how large the keys were, the
attackers walked around it"

------
massysett
None of these replace TrueCrypt. One thing that made TrueCrypt interesting was
that you could use the same volume on Windows, Mac, and Linux. Items listed in
the article are Linux only.

------
eliteraspberrie
I'll mention my theory of what happened with TrueCrypt here, because it's
relevant to a search for alternatives.

I believe TrueCrypt was started as a student project, and was no longer worth
the effort to the developer(s). For a student or young developer interesting
in cryptography, the reward is in the work itself, and in other people using
the software. A decade later, though, with less free time, it's much less fun.
At that point, a developer could either commercialize their work, or abandon
it. TrueCrypt had very little chance of commercial success, since full-disk
encryption comes with all new operating systems, so it's been abandoned.

My conclusion is that only for-pay (open-source or not) FDE software can be a
viable alternative to TrueCrypt, anything else will eventually be abandoned
too. Consider that every project mentioned on this page is based on dm-crypt,
part of the Linux kernel, which is supported financially by Intel, HP, and so
on. That is a viable, long-term solution, and probably the only one.

But if we want a diversity of cryptography software, we are going to have to
start paying for it.

~~~
ultramancool
I disagree.

It's entirely possible to have a good free (as in beer and freedom) full disk
encryption tool. In fact, we have several which are in quite wide use today.
See: dm-crypt, loop-aes, luks, tcplay, encfs, ecryptfs, etc (okay, some of
these aren't FDE tools in and of themselves, but parts of a system which can
be used for FDE). Anyone who uses FDE on Linux is surely using one or two of
these.

It's really just a matter of someone being motivated enough to develop one for
Windows. The entire reason for TrueCrypt's popularity over Bitlocker was that
it was open source software. All this means is that one developer got sick and
tired of it, which is completely understandable, but it can absolutely not be
extrapolated to say that all have.

DiskCryptor is currently looking like the next big viable alternative for an
open source Windows FDE tool. I'm hoping we see some EFI support though, so I
can finally get off BIOS mode.

In my opinion, the best method is to gather a few skilled Windows driver
developers to craft a driver based around existing technology, like FreeOTFE,
which supports dm-crypt images.

It'll be interesting to see what happens, I certainly think the demand and
interest is high enough that we can get some good people on the case.
Hopefully some who won't select a ridiculous license.

~~~
eliteraspberrie
There is only one free-as-in-beer FDE project that has survived the last
decade (loop-AES), out of dozens. The one other survivor (dm-crypt) is backed
by serious money (the Linux Foundation). It's safe to assume the odds won't
get better in the next decade.

That is, unless we support freely-licensed encryption software, financially,
rather than just use it.

~~~
ultramancool
Nonsense. ecryptfs has been around almost that long even. And regardless, the
maintenance for proprietary FDE products is not much better. Many go in and
out of cycle, obsolescence is just a part of software, but there's been 1 or
more good encryption options available for a long time.

~~~
eliteraspberrie
Development of eCryptfs was financed by IBM.

~~~
dustinkirkland
And both current maintainers of eCryptfs work for Canonical.

------
bni
I have been using cryptmount for years, and I can highly recommend it. It is a
friendlier, more easy to use interface to the crypto functionality that exists
in the linux kernel (dm-crypt)

------
CWuestefeld
Wikipedia has a page comparing OTFE (on-the-fly-encryption) products [1].

It compares them on features such as operating system, Hidden containers,,
Pre-boot authentication, Single sign-on, Custom authentication, Multiple keys,
Passphrase strengthening, Hardware acceleration, TPM, Filesystems, Two-factor
authentication

[1]
[http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_s...](http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software)

------
JamesTGibson
The only good alternative I have found is documented on this thread:
[http://www.wilderssecurity.com/threads/tutorial-windows-
syst...](http://www.wilderssecurity.com/threads/tutorial-windows-system-drive-
encryption-using-diskcryptor-truecrypt-alternative.364446/) and there is a
video that demonstrates it being used so people can see it in action before
they try it.

------
tachion
Has no one noticed there are alternative implementations already, like BSD-
licensed tcplay implementation in DragonFlyBSD?

~~~
bmelton
You do realize that is the very first recommended candidate in the article,
right?

~~~
tachion
I do, as you can see in my comment, but no one else (here in the comments)
seems to notice that fact, that this particular implementation is fully open
source alternative available since 2011...

~~~
bmelton
Apologies then. I don't think it's that people are unaware of alternatives at
large, rather, that tcplay is a limited option at best.

If you're using Linux, or DragonFly, or even Tails, then sure, it should work
fine (which is likely why it's being considered as a replacement in Tails),
but it doesn't have stated support for OS X, Windows, etc.

TrueCrypt, on the other hand (despite whatever else ails it) is supported on
all of the above.

