TrueCrypt

From Hidden Wiki
Jump to navigation Jump to search

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication).

On 28 May 2014, the TrueCrypt website announced that the project was no longer maintained and recommended users to find alternative solutions. Though development of TrueCrypt has ceased, an independent audit of TrueCrypt (published in March 2015) has concluded that no significant flaws are present.[1]

Alternatives include two freeware projects based on the TrueCrypt code, VeraCrypt and CipherShed, as well as numerous other commercial and open-source products.


Install and use

Linux

If you use Ubuntu Linux 64bit

Download 'truecrypt-7.0a-linux-x64.tar.gz' file


Unzip 'truecrypt-7.0a-linux-x64.tar.gz' file


If 'truecrypt-7.0a-setup-x64' file is located at your home directory, type below command in terminal to install. 

./truecrypt-7.0a-setup-x64


Type below command in terminal to start TrueCrypt 

truecrypt


http://linuxandfriends.com/how-to-truecrypt-setup-on-ubuntu-linux/


macOS

Download and install 'TrueCrypt 7.1a Mac OS X.dmg' file.


Windows

Download 'TrueCrypt Setup 7.1a.exe' file and install


Encryption scheme

Algorithms

Individual ciphers supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent.[2] The cryptographic hash functions available for use in TrueCrypt are RIPEMD-160, SHA-512, and Whirlpool.[3]

Modes of operation

TrueCrypt currently uses the XTS mode of operation.[4] Prior to this, TrueCrypt used LRW mode in versions 4.1 through 4.3a, and CBC mode in versions 4.0 and earlier.[5] XTS mode is thought to be more secure than LRW mode, which in turn is more secure than CBC mode.[6]

Although new volumes can only be created in XTS mode, TrueCrypt is backward compatible with older volumes using LRW mode and CBC mode.[5] Later versions produce a security warning when mounting CBC mode volumes and recommend that they be replaced with new volumes in XTS mode.

Keys

The header key and the secondary header key (XTS mode) are generated using PBKDF2 with a 512-bit salt and 1000 or 2000 iterations, depending on the underlying hash function used.[7]

Plausible deniability

TrueCrypt supports a concept called plausible deniability,[8] by allowing a single "hidden volume" to be created within another volume.[9] In addition, the Windows versions of TrueCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.[10]

The TrueCrypt documentation lists many ways in which TrueCrypt's hidden volume deniability features may be compromised (e.g. by third party software which may leak information through temporary files, thumbnails, etc., to unencrypted disks) and possible ways to avoid this.[11] In a paper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The study suggested the addition of a hidden operating system functionality; this feature was added in TrueCrypt 6.0. When a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks.[10] The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released.[12]

There was a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks.[13]

Identifying TrueCrypt volumes

When analyzed, TrueCrypt volumes appear to have no header and contain random data.[14] TrueCrypt volumes have sizes that are multiples of 512 due to the block size of the cipher mode[4] and key data is either 512 bytes stored separately in the case of system encryption or two 128kB headers for non-system containers.[15] Forensics tools may use these properties of file size, apparent lack of a header, and randomness tests to attempt to identify TrueCrypt volumes.[16] Although these features give reason to suspect a file to be a TrueCrypt volume, there are, however, some programs which exist for the purpose of securely erasing files by employing a method of overwriting file contents, and free disk space, with purely random data (i.e. "shred" & "scrub"[17]), thereby creating reasonable doubt to counter pointed accusations declaring a file, made of statistically random data, to be a TrueCrypt file.[8][18]

If a system drive, or a partition on it, has been encrypted with TrueCrypt, then only the data on that partition is deniable. When the TrueCrypt boot loader replaces the normal boot loader, an offline analysis of the drive can positively determine that a TrueCrypt boot loader is present and so lead to the logical inference that a TrueCrypt partition is also present. Even though there are features to obfuscate its purpose (i.e. displaying a BIOS-like message to misdirect an observer such as, "Non-system disk" or "disk error"), these reduce the functionality of the TrueCrypt boot loader and do not hide the content of the TrueCrypt boot loader from offline analysis.[19] Here again, the use of a hidden operating system is the suggested method for retaining deniability.[10]


Security concerns

TrueCrypt is vulnerable to various known attacks which are also present in other software-based disk encryption software such as BitLocker. To prevent those, the documentation distributed with TrueCrypt requires users to follow various security precautions.[20] Some of those attacks are detailed below.

Encryption keys stored in memory

TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt.[21]

Physical security

TrueCrypt documentation states that TrueCrypt is unable to secure data on a computer if an attacker physically accessed it and TrueCrypt is used on the compromised computer by the user again (this does not apply to a common case of a stolen, lost, or confiscated computer).[22] The attacker having physical access to a computer can, for example, install a hardware/software keylogger, a bus-mastering device capturing memory, or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. Attacks such as this are often called "evil maid attacks".[23]

Malware

TrueCrypt documentation states that TrueCrypt cannot secure data on a computer if it has any kind of malware installed. Malware may log keystrokes, thus exposing passwords to an attacker.[24]

The "Stoned" bootkit

The "Stoned" bootkit, an MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009,[25][26] has been shown capable of tampering TrueCrypt's MBR, effectively bypassing TrueCrypt's full volume encryption.[27][28][29][30][31] Potentially every hard disk encryption software is affected by this kind of attack if the encryption software does not rely on hardware-based encryption technologies like TPM, or if the attack is made with administrative privileges while the encrypted operating system is running.[32][33]

Two types of attack scenarios exist in which it is possible to maliciously take advantage of this bootkit: in the first one, the user is required to launch the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to hardware keyloggers, a malicious person needs physical access to the user's TrueCrypt-encrypted hard disk: in this context this is needed to modify the user's TrueCrypt MBR with that of the Stoned bootkit and then place the hard disk back on the unknowing user's PC, so that when the user boots the PC and types his/her TrueCrypt password on boot, the "Stoned" bootkit intercepts it thereafter because, from that moment on, the Stoned bootkit is loaded before TrueCrypt's MBR in the boot sequence. The first type of attack can be prevented as usual by good security practices, e.g. avoid running non-trusted executables with administrative privileges. The second one can be successfully neutralized by the user if he/she suspects that the encrypted hard disk might have been physically available to someone he/she does not trust, by booting the encrypted operating system with TrueCrypt's Rescue Disk instead of booting it directly from the hard disk. With the rescue disk, the user can restore TrueCrypt's MBR to the hard disk.[34]

Trusted Platform Module

The FAQ section of the TrueCrypt website states that the Trusted Platform Module (TPM) cannot be relied upon for security, because if the attacker has physical or administrative access to the computer and you use it afterwards, the computer could have been modified by the attacker e.g. a malicious component—such as a hardware keystroke logger—could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, TrueCrypt will not support the TPM.[33]

Security audits

In 2013 a graduate student at Concordia University published a detailed online report, in which he states that he has confirmed the integrity of the distributed Windows binaries of version 7.1a.[35]

A crowdfunding campaign attempting to conduct an independent security audit of TrueCrypt was successfully funded in October 2013. A non-profit organization called the Open Crypto Audit Project (OCAP) was formed, calling itself "a community-driven global initiative which grew out of the first comprehensive public audit and cryptanalysis of the widely used encryption software TrueCrypt".[36] The organization established contact with TrueCrypt developers, who welcomed the audit.[37][38] Phase I of the audit was successfully completed on 14 April 2014, finding "no evidence of backdoors or malicious code". Matthew D. Green, one of the auditors, added "I think it's good that we didn't find anything super critical."[39]

One day after TrueCrypt's end of life announcement, OCAP confirmed that the audit would continue as planned, with Phase II expected to begin in June 2014 and wrap up by the end of September.[40][41] The Phase II audit was delayed, but was completed 2 April 2015 by NCC Cryptography Services. This audit "found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances."[42][43][44] The French National Agency for the Security of Information Systems (ANSSI) stated that while TrueCrypt 6.0 and 7.1a have previously attained ANSSI certification, migration to an alternate certified product is recommended as a precautionary measure.[45]

According to Gibson Research Corporation, Steven Barnhart wrote to an email address for a TrueCrypt Foundation member he had used in the past and received several replies from "David". According to Barnhart, the main points of the email messages were that the TrueCrypt Foundation was "happy with the audit, it didn't spark anything", and that the reason for the announcement was that "there is no longer interest [in maintaining the project]."[46]

According to a study released 29 September 2015, TrueCrypt includes two vulnerabilities in the driver that TrueCrypt installs on Windows systems allowing an attacker arbitrary code execution and privilege escalation via DLL hijacking.[47] In January 2016, the vulnerability was fixed in VeraCrypt,[48] but it remains unpatched in TrueCrypt's unmaintained installers.

Legal cases

Operation Satyagraha

In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the help of the FBI, who used dictionary attacks against Dantas' disks for over 12 months, but were still unable to decrypt them.[49][50]

United States v. John Doe

In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives.[51][52] The court's ruling noted that FBI forensic examiners were unable to get past TrueCrypt's encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe's Fifth Amendment right to remain silent legally prevented the Government from making him or her do so.[53][54]

David Miranda

Template:Further information On 18 August 2013 David Miranda, partner of journalist Glenn Greenwald, was detained at London's Heathrow Airport by Metropolitan Police while en route to Rio de Janeiro from Berlin. He was carrying with him an external hard drive said to be containing sensitive documents pertaining to the 2013 global surveillance disclosures sparked by Edward Snowden. Contents of the drive were encrypted by TrueCrypt, which authorities said "renders the material extremely difficult to access."[55] Detective Superintendent Caroline Goode stated the hard drive contained around 60 gigabytes of data, "of which only 20 have been accessed to date." She further stated the process to decode the material was complex and "so far only 75 documents have been reconstructed since the property was initially received."[55]

Guardian contributor Naomi Colvin concluded the statements were misleading, stating that it was possible Goode was not even referring to any actual encrypted material, but rather deleted files reconstructed from unencrypted, unallocated space on the hard drive, or even plaintext documents from Miranda's personal effects.[56] Glenn Greenwald supported this assessment in an interview with Democracy Now!, mentioning that the UK government filed an affidavit asking the court to allow them to retain possession of Miranda's belongings. The grounds for the request were that they could not break the encryption, and were only able to access 75 of the documents that he was carrying, which Greenwald said "most of which were probably ones related to his school work and personal use."[57]

James DeSilva

In February 2014, an Arizona Department of Real Estate IT department employee, James DeSilva, was arrested on charges of sexual exploitation of a minor through the sharing of explicit images over the Internet. His computer, encrypted with TrueCrypt, was seized, and DeSilva refused to reveal the password. Forensics detectives from the Maricopa County Sheriff's Office were unable to gain access to his stored files.[58]

Lauri Love

In October 2013, British–Finnish activist Lauri Love was arrested by the National Crime Agency (NCA) on charges of hacking into a US department or agency computer and one count of conspiring to do the same.[59][60][61] The government confiscated all of his electronics and demanded he provide them with the necessary keys to decrypt the devices. Love refused. On 10 May 2016 a District Judge (Magistrate's Court) rejected a request by the NCA that Love be forced to turn over his encryption keys or passwords to TrueCrypt files on an SD card and hard drives that were among the confiscated property.[62]


References

  1. Template:Cite web
  2. Template:Cite web
  3. Template:Cite web
  4. 4.0 4.1 Template:Cite web
  5. 5.0 5.1 Template:Cite web
  6. Template:Cite web
  7. Template:Cite web
  8. 8.0 8.1 Template:Cite web
  9. Template:Cite web
  10. 10.0 10.1 10.2 Template:Cite web
  11. Template:Cite web
  12. Template:Cite conference
  13. Schneier, UW Team Show Flaw In TrueCrypt Deniability. Accessed on: 12 June 2012
  14. Piccinelli, Mario, and Paolo Gubian. "Detecting Hidden Encrypted Volume Files via Statistical Analysis." International Journal of Cyber-Security and Digital Forensics (IJCSDF) 3.1 (2014): 30-37.
  15. Template:Cite web
  16. Template:Cite web
  17. Template:Cite web
  18. Template:Cite web
  19. TrueCrypt FAQ - see question I use pre-boot authentication. Can I prevent a person (adversary) that is watching me start my computer from knowing that I use TrueCrypt?
  20. Template:Cite web
  21. Template:Cite web
  22. Template:Cite web
  23. Template:Cite web
  24. Template:Cite web
  25. Template:Cite web
  26. Template:Cite web
  27. Template:Cite web
  28. Template:Cite news
  29. Template:Cite web
  30. Template:Cite news
  31. Template:Cite news
  32. Template:Cite web
  33. 33.0 33.1 Template:Cite web
  34. Template:Cite web
  35. Template:Cite web
  36. Template:Cite web
  37. Template:Cite web
  38. Template:Cite web
  39. Template:Citation
  40. Template:Citation
  41. Template:Citation
  42. Template:Cite web
  43. Template:Cite web
  44. Template:Cite web
  45. Template:Cite web
  46. Template:Cite web
  47. http://www.pcworld.com/article/2987439/encryption/newly-found-truecrypt-flaw-allows-full-system-compromise.html
  48. CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
  49. Template:Cite web
  50. Template:Citation
  51. Template:Citation
  52. Template:Citation
  53. Template:Cite court
  54. United States v. John Doe Template:Webarchive
  55. 55.0 55.1 Template:Citation
  56. Template:Cite web
  57. Template:Cite AV media
  58. Template:Citation
  59. Template:Cite web
  60. Template:Cite web
  61. Template:Cite web
  62. Template:Cite web

External links

Archives

Retrieved from "http://hiddenwep33eg4w225lcdwcez4iefacwpiia6cwg7pfmcz4hvijzbgid.onion/index.php?title=TrueCrypt&oldid=12559"