TrueCrypt


TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the whole storage device.
On 28 May 2014, the TrueCrypt website announced that the project [|was no longer maintained] and recommended users find alternative solutions.
Though development of TrueCrypt has ceased, an independent audit of TrueCrypt published in March 2015 concluded that no significant flaws were present. Two projects forked from TrueCrypt: VeraCrypt and CipherShed.

History

TrueCrypt was initially released as version 1.0 in February 2004, based on E4M. Several versions and many additional minor releases have been made since then, with the most current version being 7.1a.

E4M and SecurStar dispute

Original release of TrueCrypt was made by anonymous developers called "the TrueCrypt Team". Shortly after version 1.0 was released in 2004, the TrueCrypt Team reported receiving email from Wilfried Hafner, manager of SecurStar, a computer security company. According to the TrueCrypt Team, Hafner claimed in the email that the acknowledged author of E4M, developer Paul Le Roux, had stolen the source code from SecurStar as an employee. It was further stated that Le Roux illegally distributed E4M, and authored an illegal license permitting anyone to base derivative work on the code and distribute it freely. Hafner alleges all versions of E4M always belonged only to SecurStar, and Le Roux did not have any right to release it under such a license.
This led the TrueCrypt Team to immediately stop developing and distributing TrueCrypt, which they announced online through usenet. TrueCrypt Team member David Tesařík stated that Le Roux informed the team that there was a legal dispute between himself and SecurStar, and that he received legal advisement not to comment on any issues of the case. Tesařík concluded that should the TrueCrypt Team continue distributing TrueCrypt, Le Roux may ultimately be held liable and be forced to pay consequent damages to SecurStar. To continue in good faith, he said, the team would need to verify the validity of the E4M license. However, because of Le Roux's need to remain silent on the matter, he was unable to confirm or deny its legitimacy, keeping TrueCrypt development in limbo.
Thereafter, would-be visitors reported trouble accessing the TrueCrypt website, and third-party mirrors appeared online making the source code and installer continually available, outside of official sanction by the TrueCrypt Team.
In the FAQ section of its website, SecurStar maintains its claims of ownership over both E4M and Scramdisk, another free encryption program. The company states that with those products, SecurStar "had a long tradition of open source software", but that "competitors had nothing better to do but to steal our source code", causing the company to make its products closed-source, forcing potential customers to place a substantial order and sign a non-disclosure agreement before being allowed to review the code for security.
Le Roux himself has denied developing TrueCrypt in a court hearing in March 2016, in which he also confirmed he had written E4M.

Version 2.0

Months later on 7 June 2004, TrueCrypt 2.0 was released. The new version contained a different digital signature from that of the original TrueCrypt Team, with the developers now being referred to as "the TrueCrypt Foundation." The software license was also changed to the open source GNU General Public License. However, given the wide range of components with differing licenses making up the software, and the contested nature of the legality of the program's release, a few weeks later on 21 June, version 2.1 was released under the original E4M license to avoid potential problems relating to the GPL license.
Version 2.1a of the software was released on 1 October 2004 on truecrypt.sourceforge.net sub-domain. By May 2005, the original TrueCrypt website returned and truecrypt.sourceforge.net redirected visitors to truecrypt.org.

End of life announcement

On 28 May 2014, the TrueCrypt official website, truecrypt.org, began redirecting visitors to truecrypt.sourceforge.net with a HTTP 301 "Moved Permanently" status, which warned that the software may contain unfixed security issues, and that development of TrueCrypt was ended in May 2014, following Windows XP's end of support. The message noted that more recent versions of Windows have built-in support for disk encryption using BitLocker, and that Linux and OS X had similar built-in solutions, which the message states renders TrueCrypt unnecessary. The page recommends any data encrypted by TrueCrypt be migrated to other encryption setups and offered instructions on moving to BitLocker. The SourceForge project page for the software at sourceforge.net/truecrypt was updated to display the same initial message, and the status was changed to "inactive". The page also announced a new software version, 7.2, which only allows decryption.
Initially, the authenticity of the announcement and new software was questioned. Multiple theories attempting to explain the reason behind the announcement arose throughout the tech community.
Shortly after the end of life announcement of TrueCrypt, Gibson Research Corporation posted an announcement titled "Yes... TrueCrypt is still safe to use" and a Final Release Repository to host the last official non-crippled version 7.1a of TrueCrypt. They no longer host the final release repository as of 2022.
Truecrypt.org has been excluded from the Internet Archive Wayback Machine. The exclusion policy says they will exclude pages at the site owner's request.

Operating systems

TrueCrypt supports Windows, OS X, and Linux operating systems. Both 32-bit and 64-bit versions of these operating systems are supported, except for Windows IA-64 and Mac OS X 10.6 Snow Leopard. The version for Windows 7, Windows Vista, and Windows XP can encrypt the boot partition or entire boot drive.

Independent implementations

There is an independent, compatible implementation, tcplay, for DragonFly BSD and Linux.
The Dm-crypt module included in default Linux kernel supports a TrueCrypt target called "tcw" since Linux version 3.13.

Encryption scheme

Algorithms

Individual ciphers supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. The cryptographic hash functions available for use in TrueCrypt are RIPEMD-160, SHA-512, and Whirlpool. Early versions of TrueCrypt until 2007 also supported the block ciphers Blowfish, CAST-128, TDEA and IDEA; but these were deprecated due to having relatively lower 64-bit security and patent licensing issues.
The practical security provided by TrueCrypt depends altogether on the applied encyption algorithms and their different weaknesses. TrueCrypt by itself offers no extra protection against a weak trusted algorithm.

Modes of operation

TrueCrypt currently uses the XTS mode of operation. Prior to this, TrueCrypt used LRW mode in versions 4.1 through 4.3a, and CBC mode in versions 4.0 and earlier. XTS mode is thought to be more secure than LRW mode, which in turn is more secure than CBC mode.
Although new volumes can only be created in XTS mode, TrueCrypt is backward compatible with older volumes using LRW mode and CBC mode. Later versions produce a security warning when mounting CBC mode volumes and recommend that they be replaced with new volumes in XTS mode.

Keys

The header key and the secondary header key are generated using PBKDF2 with a 512-bit salt and 1000 or 2000 iterations, depending on the underlying hash function used.

Plausible deniability

TrueCrypt supports a concept called plausible deniability, by allowing a single "hidden volume" to be created within another volume. In addition, the Windows versions of TrueCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.
The TrueCrypt documentation lists many ways in which TrueCrypt's hidden volume deniability features may be compromised and possible ways to avoid this. In a paper published in 2008 and focused on the then latest version and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The study suggested the addition of a hidden operating system functionality; this feature was added in TrueCrypt 6.0. When a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks. The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released.
There was a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks.

Identifying TrueCrypt volumes

When analyzed, TrueCrypt volumes appear to have no header and contain random data. TrueCrypt volumes have sizes that are multiples of 512 due to the block size of the cipher mode and key data is either 512 bytes stored separately in the case of system encryption or two 128 kB headers for non-system containers. Forensics tools may use these properties of file size, apparent lack of a header, and randomness tests to attempt to identify TrueCrypt volumes. Although these features give reason to suspect a file to be a TrueCrypt volume, there are, however, some programs which exist for the purpose of securely erasing files by employing a method of overwriting file contents, and free disk space, with purely random data, thereby creating reasonable doubt to counter pointed accusations declaring a file, made of statistically random data, to be a TrueCrypt file.
If a system drive, or a partition on it, has been encrypted with TrueCrypt, then only the data on that partition is deniable. When the TrueCrypt boot loader replaces the normal boot loader, an offline analysis of the drive can positively determine that a TrueCrypt boot loader is present and so lead to the logical inference that a TrueCrypt partition is also present. Even though there are features to obfuscate its purpose, these reduce the functionality of the TrueCrypt boot loader and do not hide the content of the TrueCrypt boot loader from offline analysis. Here again, the use of a hidden operating system is the suggested method for retaining deniability.