Misplaced Pages

TrueCrypt: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 15:01, 30 September 2010 editIntgr (talk | contribs)Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers32,254 edits Physical security: Rephrase physical security (hopefully for the better)← Previous edit Revision as of 17:02, 1 October 2010 edit undoLogicKey (talk | contribs)34 edits This article describes TrueCrypt. The malware is not TrueCrypt. Anybody could create a malware and use a related article on Misplaced Pages to spread it. The list of malware is virtually unlimited.Next edit →
Line 52: Line 52:


TrueCrypt cannot secure data on a computer if an attacker has physically tampered with the hardware and TrueCrypt is used on the compromised computer by the user again (this does not apply to a common case of a stolen or lost computer).<ref>{{cite web | url = http://www.truecrypt.org/docs/?s=physical-security | title = TrueCrypt documentation - Physical security | publisher = truecrypt.org }}</ref> The attacker having physical access to a computer can, for example, install a hardware/software ], a ] device capturing ], or install any other malicious ] or ], allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. TrueCrypt cannot secure data on a computer if an attacker has physically tampered with the hardware and TrueCrypt is used on the compromised computer by the user again (this does not apply to a common case of a stolen or lost computer).<ref>{{cite web | url = http://www.truecrypt.org/docs/?s=physical-security | title = TrueCrypt documentation - Physical security | publisher = truecrypt.org }}</ref> The attacker having physical access to a computer can, for example, install a hardware/software ], a ] device capturing ], or install any other malicious ] or ], allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system.

==== The "Stoned" bootkit ====
The ], an ] ] presented by Austrian software developer at the ] Technical Security Conference USA 2009<ref>{{cite web | url = http://www.blackhat.com/presentations/bh-usa-09/KLEISSNER/BHUSA09-Kleissner-StonedBootkit-PAPER.pdf | title = Stoned bootkit White Paper | publisher = Peter Kleissner | work = Black Hat Technical Security Conference USA 2009 | format = PDF | accessdate = 2009-08-05 }}</ref><ref>{{cite web | url = http://www.blackhat.com/presentations/bh-usa-09/KLEISSNER/BHUSA09-Kleissner-StonedBootkit-SLIDES.pdf | title = Stoned bootkit Presentation Slides | publisher = Peter Kleissner | work = Black Hat Technical Security Conference USA 2009 | format = PDF | accessdate = 2009-08-05 }}</ref>, has been shown capable of tampering TrueCrypt's MBR effectively bypassing TrueCrypt's ].<ref>{{cite web | url = http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption--/news/113884 | title = Bootkit bypasses hard disk encryption | publisher = Heise Media UK Ltd. | work = The H-Security (H-Online.com) | accessdate = 2009-08-05 }}</ref><ref>{{cite web | url = http://simonhunt.wordpress.com/2009/08/04/truecrypt-vs-peter-kleissner-or-stoned-bootkit-revisited | title = TrueCrypt vs Peter Kleissner, Or Stoned BootKit Revisited.. | publisher = Simon Hunt | accessdate = 2009-08-05 }}</ref> (but potentially every ] encryption software is affected too if it does not rely on hardware-based encryption technologies like ], or—even if it does—if this type of attack is made with administrative privileges while the encrypted operating system is running<ref>{{cite web | url = http://www.stoned-vienna.com/downloads/TrueCrypt%20Foundation%20Mail%2018.%20Juli%202009.tif | title = Stoned bootkit attacking TrueCrypt's full volume encryption | publisher = TrueCrypt Foundation mail in response to Peter Kleissner on 18/07/2009 | accessdate = 2009-08-05 }}</ref><ref>{{cite web | url = http://www.truecrypt.org/faq#tpm | title = "Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?" | publisher = TrueCrypt Foundation | work = TrueCrypt FAQ | accessdate = 2009-08-05 }}</ref>).

Two types of attack scenarios exist in which it is possible to maliciously take advantage of this bootkit, currently written for Win32 platforms only: in the first one, the user is required to ] the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to ]s, a malicious person needs physical access to the user's TrueCrypt-encrypted hard disk: in this context this is needed to modify the user's TrueCrypt MBR with the Stoned's one and then place the hard disk back on the unknowing user's PC, so that when the user boots the PC and types his/her TrueCrypt password on boot, the "Stoned" bootkit intercepts it thereafter because, from that moment on, the Stoned bootkit is loaded before TrueCrypt's MBR in the boot sequence. The first type of attack can be prevented as usual by good security practices, i.e. avoid running non-trusted ]s with administrative privileges. The second one can be successfully neutralized, by the user if he/she suspects that the encrypted hard disk might have been physically available to someone he/she doesn't trust, by booting the encrypted operating system with TrueCrypt's Rescue Disk instead of booting it directly from the hard disk and restoring boot loader in MBR.<ref>{{cite web | url = http://peterkleissner.com/?p=11 | title = TrueCrypt Foundation is a joke to the security industry, pro Microsoft | publisher = Peter Kleissner | work = Peter Kleissner post and expert comments about Stoned bootkit | accessdate = 2009-08-05 }}</ref>


== Operation Satyagraha == == Operation Satyagraha ==

Revision as of 17:02, 1 October 2010

TrueCrypt
File:TrueCrypt Logo.png
TrueCrypt on Windows
Developer(s)TrueCrypt Foundation
Stable release7.0a / September 6, 2010 (2010-09-06)
Written inC, C++, Assembly
Operating systemCross-platform - Windows, Mac OS, Linux
Available in30 languages
(although most are incomplete translations)
TypeDisk encryption software
LicenseSource available (TrueCrypt License)
Websitewww.truecrypt.org

TrueCrypt is a software application used for on-the-fly encryption (OTFE). It is distributed without cost and the source code is available. It can create a virtual encrypted disk within a file or encrypt a partition or (under MS Windows except Windows 2000) the entire storage device (pre-boot authentication).

Operating systems

TrueCrypt supports Microsoft Windows, Mac OS X and Linux operating systems (using FUSE). Both 32-bit and 64-bit versions of these operating systems are supported, except for Windows IA-64 (not supported) and Mac OS X 10.6 Snow Leopard (runs as a 32-bit process). The version for Windows 7, Windows Vista or Windows XP can encrypt the boot partition or entire boot drive.

Cryptographic algorithms

Individual algorithms supported by TrueCrypt are AES, Serpent and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. The cryptographic hash functions used by TrueCrypt are RIPEMD-160, SHA-512 and Whirlpool.

Modes of operation

TrueCrypt currently uses the XTS mode of operation. Prior to this, TrueCrypt used LRW mode in versions 4.1 through 4.3a, and CBC mode in versions 4.0 and earlier. XTS mode is thought to be more secure than LRW mode, which in turn is more secure than CBC mode.

Although new volumes can only be created in XTS mode, TrueCrypt is backward compatible with older volumes using LRW mode and CBC mode. Later versions produce a security warning when mounting CBC mode volumes and recommend that they be replaced with new volumes in XTS mode.

Performance

TrueCrypt supports both pipelined read/write operations (only under Microsoft Windows) and parallelized encryption/decryption to improve performance, though using TrueCrypt on a drive will still decrease performance when compared to using a disk directly due to the encryption overhead.

The performance impact of disk encryption is especially noticeable on operations which would normally use Direct Memory Access (DMA), as all data must pass through the CPU for decryption, rather than being copied directly from disk to RAM.

Security concerns

TrueCrypt is vulnerable to various known attacks. To prevent them, the documentation distributed with TrueCrypt requires users to follow various security precautions. Some of those attacks are also detailed below in this section.

Plausible deniability

TrueCrypt supports a concept called plausible deniability, by allowing a single "hidden volume" to be created within another volume. In addition, the Windows versions of TrueCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.

The TrueCrypt documentation lists many ways in which TrueCrypt's hidden volume deniability features may be compromised (e.g. by third party software which may leak information through temporary files, thumbnails, etc., to unencrypted disks) and possible ways to avoid this. In a paper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The study suggested using hidden operating system feature functionality, which was added in TrueCrypt 6.0 and not reviewed (when a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks). The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released.

Identifying TrueCrypt volumes

TrueCrypt volumes do not contain known file headers and their content is indistinguishable from random data, so while it is theoretically impossible to prove that certain files are TrueCrypt volumes, their presence can provide reasonable suspicion (probable cause) that they contain encrypted data. TrueCrypt volume files have file sizes that are evenly divisible by 512 and their content passes chi-square randomness tests. These features give reason to suspect a file to be a TrueCrypt volume.

If system drive or a partition on it has been encrypted then the above paragraph applies to the contents of that drive/partition. However the boot loader is replaced with a TrueCrypt one to allow a password to be entered and the decryption to begin. By default this clearly states that it is the TrueCrypt boot loader when run. It may be customized to display a BIOS-like message (such as "operating system missing"), although this reduces the functionality of the boot loader and still results in a flicker of the hard-drive light when return is pressed (as the entered password is checked). In either case, offline analysis of the drive can be used to determine that a TrueCrypt boot loader is present.

Passwords stored in memory

TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method (which would apply in particular to a notebook computer stolen while in power-on, suspended, or screen-locked mode) has been successfully used to attack a file system protected by TrueCrypt.

Physical security

TrueCrypt cannot secure data on a computer if an attacker has physically tampered with the hardware and TrueCrypt is used on the compromised computer by the user again (this does not apply to a common case of a stolen or lost computer). The attacker having physical access to a computer can, for example, install a hardware/software keylogger, a bus-mastering device capturing memory, or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system.

Operation Satyagraha

Evidence arising from "Operation Satyagraha" suggests that as of 2010, the FBI cannot exploit dictionary-based attacks against TrueCrypt archives which have been protected with sufficiently long passwords. After the Brazilian National Institute of Criminology (INC) had tried for five months (without success) to obtain access to Truecrypt-protected disks owned by banker Daniel Dantas, they enlisted the help of the FBI. The FBI used dictionary attacks against Dantas' disks for over 12 months, but were unable to decrypt them.

Licensing

The TrueCrypt License has not been officially approved by the Open Source Initiative and is not considered "free" by several major Linux distributions (Arch Linux, Debian, Ubuntu, Fedora, openSUSE, Gentoo), mainly because of distribution and copyright-liability reasons.

TrueCrypt 6.3a (released Nov 2009) comes under TrueCrypt License Version 2.8 which was changed in some places from the 2.5 license, but TrueCrypt is still not included in any of the major Linux distributions.

Developers/Owners identities

The TrueCrypt developers use the aliases "ennead" and "syncon", but later replaced all references to these aliases on their website with "The TrueCrypt Foundation" in 2010

The domain name "truecrypt.org" was originally registered to a false address ("NAVAS Station, ANTARCTICA"), and was later concealed behind a Network Solutions private registration.

The TrueCrypt trademark was registered in the Czech Republic under name of "David Tesařík".

In February 2010, the TrueCrypt website published a contact address in Nevada, USA for the TrueCrypt Foundation, a non-profit organization. The domain name truecrypt.org and the TrueCrypt trademarks (US and international/WIPO) were subsequently registered to the TrueCrypt Developers Association, LC, also registered in Nevada.

Planned features

According to the TrueCrypt website the following features are planned for future releases:

  • Hardware-accelerated AES (Intel Westmere processors, optional) was added in version 7.0, but benchmarks and verifications are outstanding
  • Command line options for volume creation (already implemented in Linux and Mac OS X versions)
  • 'Raw' CD/DVD volumes

Version history

This section is in list format but may read better as prose. You can help by converting this section, if appropriate. Editing help is available. (June 2010)

TrueCrypt is based on Encryption for the Masses (E4M), an open source on-the-fly encryption program first released in 1997. However, E4M was discontinued in 2000 as the author, Paul Le Roux, began working on commercial encryption software.

Version Release Date Significant Changes
1.0 February 2, 2004 Initial release. Featured support for Windows 98, ME, 2000 and XP. Added plausible deniability for containers (although due to its simplistic nature, the practical value of the "plausible deniability" offered in this version is debatable), and various bugfixes and improvements over E4M.
1.0a February 3, 2004 Removed support for Windows 98 and ME because the author of the Windows 9x driver for E4M (the ScramDisk driver) gave no permission that would allow his code to be used in projects derived from E4M.
2.0 June 7, 2004 Added AES algorithm. Release made under the GNU General Public License, and signed as the TrueCrypt Foundation – previous versions were signed by TrueCrypt Team.
2.1 June 21, 2004 New release due to licencing issues relating to the GNU General Public License. This release was made under original E4M license.. Added RIPEMD-160, size of a volume was no longer limited to 2048 GB, ability to create NTFS volumes.
2.1a October 1, 2004 Removed IDEA encryption algorithm. Version released on SourceForge.net, which became the official TrueCrypt domain. The official TrueCrypt domain moved back to truecrypt.org again at the beginning of May 2005, and the SourceForge website redirects to there.
3.0 December 10, 2004 Added hidden volume support for containers. Added the Serpent and Twofish algorithms, along with cascaded cipher support.
3.1 January 22, 2005 Added portable "Traveller mode", along with new volume mounting options such as being able to mount as "read only".
4.0 November 1, 2005 Added support for Linux, x86-64, Big Endian machines, keyfiles, hot keys, ability to protect hidden volumes against corruption when their outer volumes are mounted, favorite volumes, the Whirlpool hash algorithm and language packs.
4.1 November 25, 2005 Added LRW mode, which is more secure than CBC mode for on-the-fly storage encryption. LRW mode also neutralized an exploit that could (under certain circumstances) be used to compromise the plausible deniability of a TrueCrypt volume by allowing it to be distinguished from random data.
4.2 April 17, 2006 Added various features to the Linux version, such as the ability to create volumes, change passwords and keyfiles, generate keyfiles and backup/restore volume headers. In the Windows version, it introduced support for dynamic (sparse file) volumes.
4.3 March 19, 2007 Added support for Windows Vista, support for file systems using sector sizes other than 512 bytes. This release phased out support of 64-bit block ciphers, disallowing creation of new containers using the Blowfish, CAST-128 or Triple DES algorithms.
5.0 February 5, 2008 Introduced XTS mode of operation, which is more secure than LRW mode. Added Mac OS X support, Linux GUI and Windows system disk encryption with pre-boot authentication, ability of creation of hidden volumes within NTFS volumes, but removed the ability to create hidden volumes on Linux, use the tool on a non-gui console and the ability to create encrypted partitions from the text mode. Encrypting the system volume for Windows 2000 is no longer supported. Encrypting containers and non-system volumes is still supported, however., pipelining, SHA-512.
5.1 March 10, 2008 Added support for hibernation on Windows computers where the system partition is encrypted, the ability to mount a partition in Windows that is within the key scope of system encryption without pre-boot authentication, and added command line options for creating new volumes in Linux and Mac OS X. This version also reduced the minimum memory requirements for the TrueCrypt Boot Loader (AES) from 42 KB to 27 KB in Windows and included significant improvements in AES encryption/decryption performance. Changed to assembly implementation of AES .
6.0 July 4, 2008 Parallelized encryption/decryption on multi-core processors (or multi-processor systems). Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors. Ability to create and run an encrypted hidden operating system whose existence is impossible to prove. Volume format updated to allow for a built-in backup, which allows recovery of containers with minor damage to their headers. Ability to create hidden volumes under Mac OS X and Linux.
6.0a July 8, 2008 On systems where certain inappropriately designed chipset drivers were installed, it was impossible to encrypt the system partition/drive. This will no longer occur. Other minor bug fixes.
6.1 October 31, 2008 Ability to encrypt a non-system partition without losing existing data on the partition (in place encryption) on Windows Vista and Windows 2008. Added support for security tokens and smart cards (two-factor authentication), though only to store keyfiles (without encryption). TrueCrypt boot loader now customizable. Pre-boot passwords can be used to mount non-system volumes. Linux and Mac OS X versions can now mount an encrypted Windows system partition.
6.1a December 1, 2008 Minor improvements, bug fixes, and security enhancements.
6.2 May 11, 2009 The I/O pipeline of the Windows version now uses read-ahead buffering to improve read performance, especially on solid-state drives.
6.2a June 15, 2009 Improved file container creation speed on systems that have issues with write block sizes greater than 64 KB. The 'Device not ready' error will no longer occur when the process of decrypting a system partition/drive is finished. Other minor improvements and bug fixes.
6.3 October 21, 2009 Full support for Windows 7 and Mac OS X 10.6 Snow Leopard. 'System Favorite Volumes' that allow regular TrueCrypt volumes to be mounted before system and application services start and before users start logging on.
6.3a November 23, 2009 "Minor" unspecified improvements and bug fixes.
7.0 July 19, 2010 Hardware-accelerated AES. Encryption of hibernation files on Windows Vista and later. Automounting of volumes.
7.0a September 6, 2010

See also

References and notes

  1. ^ "Supported Operating Systems". TrueCrypt Foundation. Retrieved 2010-08-13.
  2. "Operating Systems Supported for System Encryption". TrueCrypt Foundation. Retrieved 2010-08-13.
  3. ^ "TrueCrypt version history". TrueCrypt Foundation. Retrieved 2009-10-01.
  4. ^ Fruhwirth, Clemens (2005-07-18). "New Methods in Hard Disk Encryption" (PDF). Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology. Retrieved 2007-03-10.
  5. Pipelining support only under Windows as for ver 6.3a
  6. Security Requirements and Precautions
  7. http://www.truecrypt.org/docs/?s=plausible-deniability
  8. http://www.truecrypt.org/docs/?s=hidden-volume
  9. http://www.truecrypt.org/docs/hidden-operating-system
  10. http://www.truecrypt.org/docs/?s=hidden-volume-precautions
  11. http://www.truecrypt.org/docs/?s=hidden-operating-system
  12. Alexei Czeskis, David J. St. Hilaire, Karl Koscher, Steven D. Gribble, Tadayoshi Kohno, Bruce Schneier (2008-07-18). "Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications" (PDF). 3rd USENIX Workshop on Hot Topics in Security. {{cite conference}}: Unknown parameter |booktitle= ignored (|book-title= suggested) (help)CS1 maint: multiple names: authors list (link)
  13. http://www.freeotfe.org/docs/Main/plausible_deniability.htm#level_3_heading_2
  14. http://www.forensicinnovations.com/blog/?p=7
  15. Alex Halderman; et al. "Lest We Remember: Cold Boot Attacks on Encryption Keys". {{cite web}}: Explicit use of et al. in: |author= (help)
  16. "TrueCrypt documentation - Physical security". truecrypt.org.
  17. ^ J. Leyden (2010). "Brazilian banker's crypto baffles FBI". The Register. Retrieved 2010-08-13.
  18. Arch Linux Truecrypt PKGBUILD Accessed on: September 27, 2010
  19. Debian Bug report logs - #364034. Accessed on: January 12, 2009.
  20. Bug #109701 in Ubuntu. Accessed on: April 20, 2009
  21. TrueCrypt licensing concern Accessed on: April 20, 2009
  22. non-OSI compliant packages in the openSUSE Build Service. Accessed on: April 20, 2009
  23. Gentoo bug 241650. Accessed on: April 20, 2009
  24. Tom Calloway of Red Hat about TrueCrypt licensing concern Accessed on July 10, 2009
  25. http://sourceforge.net/projects/truecrypt/?showfeed=project_info
  26. webreportr.com domain information for TrueCrypt
  27. http://www.who.is/website-information/truecrypt.org/ who.is WHOIS
  28. Network Solutions WHOIS
  29. Intellectual Property Digital Library; search trademarks directory for IRN/925625
  30. Features to be implemented in future versions
  31. Plausible Deniability
  32. The authors of Scramdisk and E4M exchanged some code – the author of Scramdisk provided a driver for Windows 9x, and the author of E4M provided a driver for Windows NT, enabling cross-platform versions of both programs.
  33. "TrueCrypt User's Guide" (PDF). TrueCrypt Version 3.1a. TrueCrypt Foundation. 2005-02-07. p. 44. Archived from the original (PDF) on 2007-03-27. Retrieved 2007-05-01.
  34. "Version History Part 1". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2008-06-04.

External links

Cryptography
General
Mathematics
Categories: