There has been much wild speculation recently about the sudden and apparently suspicious demise of TrueCrypt, including some interesting conspiracy theories. The closure of the project was all the more unexpected because an initial audit of the code has recently been completed (“iSEC Completes TrueCrypt Audit“) culminating in a report (iSec TrueCrypt Audit Report) which gave it a clean bill of health in most of the major areas in which it was examined – no backdoors, no dodgy code, just a few minor weaknesses and a certain untidiness about the code organisation, readability, and version control. This is no more than is to be expected from non-commercial volunteer developers. The audit has been funded by Indiegogo and FundFill campaigns which in the case of Indiegogo has raised over double the target amount, $46,420 of the $25,000 goal, showing the keen interest in the user and business community in establishing TrueCrypt’s status.
The Open Crypto Audit Project has stated: “We are continuing forward with formal cryptanalysis of TrueCrypt 7.1 as committed, and hope to deliver a final audit report in a few months“. If all goes well the report will reassure the software community that the application can be trusted. That outcome would mean that the last-released full version, 7.1a, could be regarded as safe and fit for purpose. The most recent version, 7.2, currently available at the TrueCrypt site, will only decrypt volumes, pending their transference to another product or system – for full-disk encryption, the developers are recommending BitLocker, unfortunately only available on high-end versions of Windows (Windows 7 Ultimate and Enterprise, Windows 8.1 Pro and Enterprise).
At the moment, the TrueCrypt site redirects to its SourceForge project page, with the heading: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”.
Security professionals seem now to be coming to a consensus that there is nothing wrong with TrueCrypt; it appears never to have been broken, and is well on the way to becoming thoroughly evaluated. It has even effectively been endorsed by Edward Snowden, who seems confident about its use by himself, Glenn Greenwald, Laura Poitras, and others. The problem for users is really what it always has been; can you depend on it in a business context, or is it suitable only for personal and private use?
The answer to this comes down to assurance of the product. For software to be accredited for business and government use, it has to go through a formal assurance procedure to show that it meets the criteria specified for those uses. To illustrate this, consider its complementary partner, insurance. Insurance is making sure that if your hotel accidentally burns down, you can obtain financial compensation to support building a new one. Assurance is convincing the insurance company, before it will underwrite your policy, that you have done what it specifies as necessary to prevent a fire, or combat it if one does break out. This would include independent certification that you have installed fire extinguishers, that you have proper fire exits in the right places, that you have used non-flammable furnishings, and so on. Software assurance provides validation that the product meets certain criteria and standards. In the case of TrueCrypt, it is believed to have been taken informally through FIPS and equivalent compliance procedures, but it has no formal certification.
What of the conspiracy theories? The nervousness of security experts over TrueCrypt’s withdrawal (see e.g. Graham Cluley, The Register[1], The Register[2], Bruce Schneier), leading to advice to discontinue its use, promptly led to speculation that the NSA is involved in some way. Perhaps they have become concerned about its increasing use and their inability to crack it, and have therefore discouraged the developers, or threatened them with sanctions, so that they have felt obliged to desist. Or maybe the team has been approached by the NSA to engineer a back door into it and have terminated the project rather than agree. There is even a superb theory based on the first letters of the termination notice above:
Using TrueCrypt is not secure as it may contain unfixed security issues
Taking the first letter of each word results in: UTINSAIMCUSI, or uti NSA im cu si. It looks a little like Latin, so using Google Translate for Latin to English, you get: “If I wish to use the NSA”. Could this be an intimation that the NSA has subverted TrueCrypt? Er – probably not. Coincidences like this pop up all the time (see “No Coincidence – Statistics and the Outrageously Unlikely“, New Scientist).
Others, like security consultant Philip Le Riche, take the more sensible view that the secretive team has probably simply become tired of the work and responsibility involved, including the audit, after years spent on it for little reward, and just want to move on to other projects (see Leo Notenboom, and Steve Gibson [here, and here]). Faced with providing full support for Windows 8, and developing the ability to encrypt Windows system partitions/drives on UEFI-based computers, they may have balked at the prospect of the work involved. Le Riche, Notenboom, Gibson, and others tend towards the view that TrueCrypt itself is probably uncompromised.
Is TrueCrypt Safe to Use
As far as I can make out, there is no evidence to suggest that version 7.1a of TrueCrypt is unsafe to use in its basic form, save that whole-drive encryption may not be fully secure because of potential weaknesses during the boot process. As I said above, quite the opposite is true; what we know suggests that it has never been broken.
I make no secret of the fact that I consider TrueCrypt to be a brilliant piece of work which is as secure as anything available, and likely to be unbreakable. If you were a security agency with a long reach, what would you do to try to reduce the general use of a security encryption tool that resisted all your efforts to compromise it? Precisely; you would endeavour to discredit it publicly, so that people believe it is unsafe and stop using it; and encourage the use of products which you could subvert more easily.
I have examined the TrueCrypt manual and various referenced papers, all of which strongly suggest that great care has been put into both making sure the program is as secure as possible, and warning of the circumstances in which it may be weak. I admit that I am not a cryptography expert, but I have never seen any evidence to suggest that TrueCrypt volumes have been decrypted without the key. If there were, it would certainly have leaked by now.
Weaknesses during the boot process can be avoided by simply not encrypting the system partition, but instead encrypting another partition or volume on which you keep all your data (say DATA (D:)). The standard system folders, i.e. Documents, Music, Pictures, Videos, can all readily be redirected to new folders on the separate partition, which can be mounted after system start by TrueCrypt, when given the correct passphrase. This also provides a measure of “plausible deniability”, in that you can boot the system for border control or law enforcement so that it will come up apparently normally, and superficial examination will not reveal the presence of the DATA partition, which does not appear in the File Manager when dismounted. E-mail folders and Office files can also be redirected to the data partition without much difficulty.
This configuration of separate system and data partitions has several other advantages, including ease of backup of both the data and the system, and easy re-installation of Windows if necessary without having to move data files. I will cover all this in a later series of articles.
In the end, it comes down to how much you trust the mysterious authors of the software (who seem originally to be Czech, with USA connections). In this case, rightly or wrongly, my gut feeling is that I can trust them, and I will continue to use the program with enthusiasm.
I strongly believe that TrueCrypt will eventually be found to be sound, but I admit no responsibility if it does turn out to be fatally flawed and the NSA reads all your secrets! As always, the final decision is yours. And always remember – just because you’re not paranoid, it doesn’t mean they’re not out to get you!
If I encrypt the entire Data partition (D:) and have lots of Data stored in it and at a later stage decided to De-Crypt the Data partition , how it can be done.?
If I back-Up all the data , then delete the Data partition and re-create the partition ; will it be OK to have a De-Crypted Data partition?
Hi Raju,
I’m going to cover this in a later article, but yes, you can decrypt D: again; the processes for encryption and decryption go like this, in outline.
1) You need an external drive, ideally, or another partition, with sufficient space on it for all your data, i.e. Documents, Music, etc. On that drive, create an encrypted TrueCrypt volume big enough to take all the data. Then mount it as a drive, let’s say Z: . Make a folder on it called YourName. Now copy the Documents, Music etc. folders to that folder, plus any other folders that you have previously redirected to the D: drive, such as Downloads. During the copying process, the files and folders will all be encrypted. This copy will take a long time, obviously, if you have a lot of data; in my case it took nearly two hours to transfer and encrypt 148 GB. (Actually the encryption process is very fast; it’s just the copying that takes the time). Now you have an encrypted backup of your data. It’s still a good idea to have another independent unencrypted backup, ideally also on an external drive.
2) Now redirect the folders on D: back to their original locations on C:, using their Properties Location tab and choosing Restore Default, but do not let Windows try to move the data back as well. Once all the redirections are restored back to the C: drive, the D: drive is essentially independent of Windows, and can be reconfigured without Windows or TrueCrypt objecting.
2) Now dismount D:, which can be done using diskmgmt.msc and then selecting Change Drive Letter and Paths for the D: partition, to remove the D: assignation, so that the partition is unassigned. Use TrueCrypt to convert the partition into an encrypted partition, but let TrueCrypt format the partition rather than trying to encrypt the data in place, otherwise the process may throw up some errors. In TrueCrypt you will need to identify the partition from its volume description and label, since the D won’t be there any more. Once TrueCrypt has created its partition, mount it as D:, giving the passphrase. Now move all the folders back from Z: to D:. Again, this will take a long time, but only has to be done once. The folders are moving from one encrypted partition to another, so will stay encrypted.
3) Once all the folders are back in place, under a folder structure like D:\Yourname\Documents, D:\Yourname\Music, etc., you can redirect Documents, Music etc. back from the C: drive to the D: drive. Now the PC should behave normally; you should not notice any change in responsiveness. The only difference is that when you start up, if you have chosen to Auto-Mount the D: drive on login, you will have to give the passphrase at that stage. (Of course, you need to set TrueCrypt to autostart at login). I don’t do that; once the system has booted up, I right-click the TrueCrypt icon in the system tray, select Auto-Mount Devices, then give the passphrase, then D: becomes active.
4) To go back to using a decrypted D: drive, make sure the drive is backed up, either encrypted or unencrypted; dismount it from TrueCrypt, then use Windows Disk Management to format the raw partition and assign the D drive letter to it. Now either mount the Z: drive and just copy back to D:, when the folders will be automatically decrypted, or copy back the unencrypted folders from your other backup.
5) Before you try this, you must have a good current independent backup of your files and folders. If you have any doubts about the process, don’t do it. It is possible to get your system into a mess which is very difficult to disentangle. I will try to produce an illustrated guide soon. If you can try the process out in Windows running in VirtualBox, where making a mess won’t do any harm, do that first.
The article states that a secure implementation using TrueCrypt is to use it to encrypt the DATA partition of a filesystem.
But what happens if the laptop is subjected to an Evil Maid attack, where a keylogger is installed on it. The keylogger would then record/mail the TrueCrypt passphrase and the data would be compromised.
Surely the only solution is full disk encryption – where the system won’t even boot up until the passphrase is entered.