How to encrypt truecrypt system drive. System Drive Encryption with TrueCrypt. Why you should not trust closed-source encryption programs
Researchers at Princeton University have discovered a way to circumvent encryption of hard drives, using the ability of memory modules to store information for a short period of time even after the power is cut.
Foreword
Since you need to have a key to access an encrypted hard drive, and it, of course, is stored in RAM - all that is needed is to get physical access to the PC for several minutes. After rebooting from the external hard drive or from USB Flash, a complete memory dump is made and within a few minutes the access key is removed from it.
In this way, it is possible to obtain the encryption keys (and full access to the hard drive) used by BitLocker, FileVault, and dm-crypt in Windows Vista, Mac OS X, and Linux, as well as TrueCrypt, a popular free encryption system for hard drives.
The importance of this work lies in the fact that there is not a single simple method of protection against this hacking method, except for turning off the power for a sufficient time to completely erase the data.
A visual demonstration of the process is presented in video clip.
annotation
Contrary to popular belief, DRAM, which is used in most modern computers, stores data even after turning off the power for several seconds or minutes, moreover, this happens at room temperature and even if the microcircuit is removed from the motherboard. This time is quite enough to remove a complete dump of RAM. We will show that this phenomenon allows an attacker who has physical access to the system to bypass the functions of the OS in protecting data about cryptographic keys. We will show how a reboot can be used to launch successful attacks on well-known hard drive encryption systems without using any specialized devices or materials. We will experimentally determine the degree and probability of retaining the residual magnetization and show that the time for which the data can be taken can be significantly increased using simple techniques. New methods will also be proposed for finding cryptographic keys in memory dumps and fixing errors related to bit loss. We will also talk about several ways to reduce these risks, but we do not know a simple solution.
Introduction
Most experts assume that data from the computer’s RAM is erased almost instantly after a power outage, or they believe that it is extremely difficult to extract residual data without using special equipment. We show that these assumptions are incorrect. Normal DRAM memory loses data gradually over several seconds, even at normal temperatures, and even if the memory chip is removed from the motherboard, the data will be stored in it for minutes or even hours, provided that the chip is stored at low temperatures. Residual data can be restored using simple methods that require short-term physical access to the computer.
We will show a series of attacks that, using the effects of remanence DRAM, will allow us to restore encryption keys stored in memory. This poses a real threat to laptop users who rely on hard drive encryption systems. Indeed, if an attacker steals a laptop, at that moment when the encrypted drive is connected, he will be able to conduct one of our attacks to access the contents, even if the laptop itself is locked or in sleep mode. We will demonstrate this by successfully attacking several popular encryption systems, such as BitLocker, TrueCrypt, and FileVault. These attacks must also succeed with other encryption systems.
Although we focused on hard drive encryption systems, in the case of physical access to an attacker’s computer, any important information stored in RAM may become an object of attack. Many other security systems are likely to be vulnerable. For example, we found that Mac OS X leaves passwords from accounts in memory, from where we were able to extract them, and we also attacked to obtain the RSA private keys of the Apache web server.
Some representatives of the information security and semiconductor physics communities already knew about the effect of the residual magnetization of DRAM, there was very little information about this. As a result, many who design, develop or use security systems are simply unfamiliar with this phenomenon and how easily it can be used by an attacker. As far as we know, this is the first detailed work studying the consequences of these phenomena for information security.
Attacks on encrypted drives
Hard drive encryption is a well-known method of protection against data theft. Many believe that encryption systems of hard drives will protect their data, even if the attacker gained physical access to the computer (actually for this they are needed, approx. Ed.). California law passed in 2002 obliges you to disclose possible disclosures of personal data only if the data has not been encrypted, as Data encryption is considered to be a sufficient protective measure. Although the law does not describe any specific technical solutions, many experts recommend using encryption systems for hard drives or partitions, which will be considered sufficient measures for protection. The results of our study showed that the belief in disk encryption is unfounded. An attacker, not of the highest qualification, can bypass many widely used encryption systems if the laptop with the data is stolen while it was turned on or in sleep mode. And the data on the laptop can be read even when it is on an encrypted drive, so the use of hard drive encryption systems is not a sufficient measure.
We used several types of attacks on well-known hard drive encryption systems. Most of the time was spent installing encrypted disks and checking the correctness of the detected encryption keys. Obtaining an image of RAM and searching for keys took only a few minutes and were fully automated. There is reason to believe that most hard drive encryption systems are susceptible to such attacks.
Bitlocker
BitLocker is a system that is included with some versions of Windows Vista. It functions as a driver working between the file system and the hard disk driver, encrypting and decrypting selected sectors on demand. The keys used for encryption are in RAM until the encrypted disk is muted.
To encrypt each sector of the hard drive, BitLocker uses the same key pair created by the AES algorithm: the sector encryption key and the encryption key operating in the encrypted block blocking mode (CBC). These two keys, in turn, are encrypted with the master key. To encrypt a sector, a binary plaintext addition procedure is performed with the session key created by encrypting the sector offset byte of the sector encryption key. Then, the received data is processed by two mixing functions that use Microsoft's Elephant algorithm. These keyless functions are used to increase the number of changes in all bits of the cipher and, accordingly, increase the uncertainty of the encrypted sector data. At the last stage, the data is encrypted by the AES algorithm in CBC mode, using the corresponding encryption key. The initialization vector is determined by encrypting the sector offset byte using the encryption key used in CBC mode.
We have implemented a fully automated demo attack called BitUnlocker. It uses an external USB disk with Linux OS and a modified bootloader based on SYSLINUX and a FUSE driver that allows you to connect encrypted BitLocker drives to Linux. On a test computer running Windows Vista, power was turned off, a USB hard drive was connected, and it was loading from it. After that, BitUnlocker automatically dumped the RAM to an external drive, using the keyfind program, searched for possible keys, tried all suitable options (pairs of sector encryption key and CBC mode key), and if successful, connected an encrypted disk. As soon as a disk was connected, it became possible to work with it like with any other disk. On a modern laptop with 2 gigabytes of RAM, the process took about 25 minutes.
It is noteworthy that this attack was made possible without reverse engineering of any software. The Microsoft documentation describes the BitLocker system sufficiently to understand the role of the sector encryption key and the CBC mode key and create your own program that implements the whole process.
The main difference between BitLocker and other programs of this class is the way keys are stored when the encrypted drive is disconnected. By default, in basic mode, BitLocker protects the master key only with the TPM module, which exists on many modern PCs. This method, which seems to be widely used, is especially vulnerable to our attack, because it allows you to get encryption keys, even if the computer has been turned off for a long time, because when the PC boots up, the keys are automatically loaded into RAM (until login windows) without entering any authentication data.
Apparently, Microsoft experts are familiar with this problem and therefore recommend setting BitLocker in an improved mode where keys are protected, not only using TPM, but also with a password or key on an external USB drive. But, even in this mode, the system is vulnerable if an attacker gains physical access to the PC at the moment when he is working (he can even be locked or in sleep mode (states are simply turned off or hibernate in this case are considered not subject to this attack).
Filevault
Apple's FileVault system has been partially explored and reverse engineered. On Mac OS X 10.4, FileVault uses a 128-bit AES key in CBC mode. When a user password is entered, the header is decrypted containing the AES key and the second key K2, used to calculate initialization vectors. The initialization vector for the I-th block of the disk is calculated as HMAC-SHA1 K2 (I).
We used our EFI program to obtain RAM images to receive data from a Macintosh computer (based on an Intel processor) with a mapped drive encrypted by FileVault. After that, keyfind automatically found AES FileVault keys automatically.
Without an initialization vector, but with the AES key obtained, it becomes possible to decrypt 4080 of 4096 bytes of each disk block (everything except the first AES block). We made sure that the initialization vector is also in the dump. Assuming that the data did not manage to be distorted, the attacker can determine the vector by alternately trying all the 160-bit lines in the dump and checking if they can form possible plaintext when they are binary added to the decrypted first part of the block. Together, using programs such as vilefault, AES keys and the initialization vector allow you to completely decrypt the encrypted disk.
In the process of researching FileVault, we found that Mac OS X 10.4 and 10.5 leave multiple copies of the user's password in memory, where they are vulnerable to this attack. Account passwords are often used to protect keys, which in turn can be used to protect key phrases of encrypted FileVault drives.
TrueCrypt
TrueCrypt is a popular open source encryption system running on Windows, MacOS, and Linux. It supports many algorithms, including AES, Serpent and Twofish. In the 4th version, all algorithms worked in LRW mode; in the current 5th version, they use XTS mode. TrueCrypt stores the encryption key and tweak key in the section header on each disk, which is encrypted with another key obtained from the password entered by the user.
We tested TrueCrypt 4.3a and 5.0a running on Linux. We connected a drive encrypted using a 256-bit AES key, then turned off the power and used our own software to dump the memory to load. In both cases, keyfind detected a 256-bit intact encryption key. Also, in the case of TrueCrypt 5.0.a, keyfind was able to restore the tweak XTS mode key.
To decrypt drives created by TrueCrypt 4, you need a tweak LRW mode key. We found that the system stores it in four words before the key schedule of the AES key. In our dump, the LRW key was not distorted. (In case of errors, we could still recover the key).
Dm-crypt
The Linux kernel, starting with version 2.6, includes built-in support for dm-crypt, a disk encryption subsystem. Dm-crypt uses many algorithms and modes, but, by default, it uses a 128-bit AES cipher in CBC mode with initialization vectors created not based on key information.
We tested the created dm-crypt partition using the LUKS (Linux Unified Key Setup) cryptsetup utility branch and the 2.6.20 kernel. The drive was encrypted using AES in CBC mode. We briefly turned off the power and, using a modified PXE bootloader, made a memory dump. The keyfind program detected the correct 128-bit AES key, which was restored without any errors. After its recovery, the attacker can decrypt and connect the encrypted dm-crypt partition, modifying the cryptsetup utility so that it perceives the keys in the required format.
Ways of protection and their limitations
Implementing protection against attacks on random access memory is not trivial, because the cryptographic keys used must be stored somewhere. We suggest focusing on destroying or hiding the keys before the attacker can gain physical access to the PC, preventing the software from dumping RAM, physically protecting the RAM chips and possibly reducing the data storage time in RAM.
Memory overwrite
First of all, you should avoid storing keys in RAM whenever possible. You must overwrite key information if it is no longer in use, and prevent data from being copied to swap files. The memory must be cleared in advance by the means of the OS or additional libraries. Naturally, these measures will not protect the keys that are currently used, since they must be stored in memory, for example, keys such as those used for encrypted disks or on secure web servers.
Also, RAM should be cleared during the boot process. Some PCs can be configured to clear RAM on boot with a Power-on Self-Test (POST) request before loading the OS. If an attacker cannot prevent the execution of this request, then on this PC he will not be able to dump a memory with important information. But, he still has the opportunity to pull out the RAM chips and insert them into another PC with the necessary BIOS settings.
Limit downloads from the network or from removable media
Many of our attacks were implemented using network boot or removable media. The PC must be configured to require an administrator password to boot from these sources. But, it should be noted that even if the system is configured to boot only from the main hard drive, the attacker can change the hard drive itself, or in many cases, reset the computer's NVRAM to roll back to the initial BIOS settings.
Safe sleep mode
The results of the study showed that a simple lock on the PC desktop (i.e. the OS continues to work, but in order to start interacting with it requires a password) does not protect the contents of RAM. Hibernation is not effective even if the PC is blocked when returning from hibernation, because an attacker can activate the return from hibernation, then restart the laptop and make a memory dump. The hibernate mode (the contents of the RAM is copied to the hard drive) will also not help, except in cases where key information is used on alienated media to restore normal functioning.
In most hard drive encryption systems, users can protect themselves by turning off the PC. (The Bitlocker system in the basic mode of operation of the TPM module remains vulnerable, since the disk will be connected automatically when the PC is turned on). The contents of the memory can be stored for a short period after a shutdown, so it is recommended to watch your workstation for another couple of minutes. Despite its effectiveness, this measure is extremely inconvenient due to the long loading of workstations.
The transition to sleep mode can be secured in the following ways: require a password or some other secret in order to “wake up” the workstation and encrypt the contents of the memory with a key derived from this password. The password must be strong, as an attacker can dump the memory and then try to guess the password by brute force. If encryption of the entire memory is not possible, it is necessary to encrypt only those areas that contain key information. Some systems can be configured to go into this type of protected sleep mode, although this is usually not the default setting.
Refusal of preliminary calculations
Our research has shown that using preliminary computations to speed up cryptographic operations makes key information more vulnerable. Preliminary calculations lead to the fact that redundant information about key data appears in the memory, which allows an attacker to recover keys even in the event of errors. For example, as described in Section 5, information on the iterative keys of the AES and DES algorithms is extremely redundant and useful for the attacker.
Failure to do precomputations will reduce performance because potentially complex calculations will have to be repeated. But, for example, you can cache the previously calculated values \u200b\u200bfor a certain period of time and erase the received data if they are not used during this interval. This approach is a compromise between security and system performance.
Key extension
Another way to prevent key recovery is to change the key information stored in memory in such a way as to complicate key recovery due to various errors. This method was considered in theory, where a disclosure-resistant function was shown whose input remains hidden even if almost all the output has been detected, which is very similar to the operation of unidirectional functions.
In practice, imagine that we have a 256-bit AES key K, which is not currently in use, but will be needed later. We cannot rewrite it, but we want to make it resistant to recovery attempts. One way to achieve this is to select a large B-bit data region, fill it with random data R, and then store in memory the result of the next conversion K + H (R) (binary summation, approx.ed.), Where H is a hash function, for example SHA-256.
Now imagine that the electricity was turned off, this will lead to the fact that d bits in this area will be changed. If the hash function is persistent, when trying to recover the K key, the attacker can only rely on him to be able to guess which bits of area B were changed from about half that could change. If the d bits were changed, the attacker would have to search for a region of size (B / 2 + d) / d to find the correct R values \u200b\u200band after that recover the key K. If region B is large, such a search can be very long, even if d is relatively small.
Theoretically, in this way you can store all the keys, calculating each key only when we need it, and deleting it when we do not need it. Thus, using the method described above, we can store the keys in memory.
Physical protection
Some of our attacks relied on physical access to memory chips. Such attacks can be prevented by physical memory protection. For example, the memory modules are located in a closed PC case, or are filled with epoxy glue to prevent attempts to remove them or access them. Also, memory mashing can be implemented as a response to low temperatures or attempts to open the case. This method will require the installation of sensors with an independent power system. Many of these methods are associated with equipment that is protected from unauthorized interference (for example, the IBM 4758 coprocessor) and can greatly increase the cost of a workstation. On the other hand, using memory soldered to the motherboard will be much cheaper.
Architecture change
You can change the architecture of the PC. What is impossible for already used PCs, but it will make it possible to secure new ones.
The first approach is to design DRAM modules so that they erase all data faster. This can be difficult, since the goal of erasing data as quickly as possible is contrary to another goal, so that the data does not disappear between periods of memory update.
Another approach is to add equipment for storing key information, which would guarantee that it erases all information from its stores at startup, restart and shutdown. Thus, we will get a reliable place to store several keys, although the vulnerability associated with their preliminary calculations will remain.
Other experts suggested an architecture in which the contents of the memory will be constantly encrypted. If, in addition to this, it is possible to erase the keys during a reboot and a power outage, then this method will provide sufficient protection against the attacks we described.
Trusted Computing
Equipment corresponding to the concept of "trusted computing", for example, in the form of TPM modules is already used in some PCs. Despite its usefulness in protecting against certain attacks, in its current form, such equipment does not help prevent the attacks we described.
Used TPM modules do not implement full encryption. Instead, they oversee the boot process to decide whether it is safe to load the key into RAM or not. If the software needs to use a key, then the following technology can be implemented: the key, in a usable form, will not be stored in RAM until the boot process proceeds according to the expected scenario. But, as soon as the key is in RAM - it immediately becomes the target for our attacks. TPM modules can prevent a key from being loaded into memory, but they do not prevent it from being read from memory.
conclusions
Contrary to popular belief, DRAM modules in the off state store data for a relatively long time. Our experiments showed that this phenomenon allows you to implement a whole class of attacks that allow you to obtain important data, such as encryption keys from RAM, despite attempts by the OS to protect its contents. The attacks described by us are realizable in practice, and our examples of attacks on popular encryption systems prove this.
But other types of software are also vulnerable. Digital Rights Management (DRM) systems often use symmetric keys stored in memory and can also be obtained using the methods described. As we have shown, SSL-enabled web servers are also vulnerable because they store in private the private keys needed to create SSL sessions. Our ways of finding key information are likely to be effective in finding passwords, account numbers, and any other important information stored in RAM.
There seems to be no easy way to fix the vulnerabilities found. Changing the software will most likely not be effective; hardware changes will help, but the time and resource costs will be great; The technology of "trusted computing" in its current form is also not very effective, since it cannot protect keys in memory.
In our opinion, laptops, which are often located in public places and operate in modes vulnerable to these attacks, are most exposed to this risk. The presence of such risks shows that disk encryption protects important data to a lesser extent than is commonly believed.
As a result, you may have to consider DRAM memory as an untrusted component of a modern PC, and avoid processing sensitive confidential information in it. But at the moment this is impractical, until the architecture of modern PCs has changed to allow the software to store keys in a safe place.
Hello readers of the blog of the ComService company (Naberezhnye Chelny). In this article, we will continue to study the systems built into Windows designed to increase the security of our data. Today it is a Bitlocker drive encryption system. Data encryption is necessary so that other people do not use your information. How she gets to them is another question.
Encryption is the process of converting data so that only the right people can access it. To gain access, they usually use keys or passwords.
Encryption of the entire disk allows you to exclude access to data when you connect your hard disk to another computer. Another operating system may be installed on the attacker's system to bypass protection, but this will not help if you use BitLocker.
BitLocker technology came with the release of the Windows Vista operating system and has been enhanced in. Bitlocker is available in Maximum and Enterprise versions as well as in Pro. Owners of other versions will have to look.
Article structure
1. How BitLocker Drive Encryption Works
Without going into details it looks like this. The system encrypts the entire disk and gives you the keys to it. If you encrypt the system drive, it will not boot without your key. The same as the keys to the apartment. You have them, you will get into it. Lost, you need to use the spare (recovery code (issued during encryption)) and change the lock (do encryption again with other keys)
For reliable protection, it is desirable to have a trusted TPM (Trusted Platform Module) in the computer. If it is and its version 1.2 or higher, then it will control the process and you will have more powerful methods of protection. If it is not, then it will be possible to use only the key on the USB-drive.
BitLocker works as follows. Each sector of the disk is encrypted separately using a key (full-volume encryption key, FVEK). The AES algorithm with 128 bit key and diffuser is used. The key can be changed to 256 bit in group security policies.
When encryption is complete, see the following picture
Close the window and check if the startup key and recovery key are in reliable places.
3. Flash Drive Encryption - BitLocker To Go
Why do I need to pause encryption? So that BitLocker does not lock your disk and does not resort to the recovery procedure. System parameters (and the contents of the boot partition) during encryption are fixed for additional protection. When you change them, a computer lock may occur.
If you select BitLocker Management, you can save or print the recovery key and duplicate the startup key.
If one of the keys (startup key or recovery key) is lost, you can restore them here.
Drive Encryption Management
The following functions are available to manage flash drive encryption settings
You can change the password to unlock. You can only delete the password if you use a smart card to unlock it. You can also save or print the recovery key and enable the unlocking of the disk for this automatically.
5. Restore disk access
Restoring access to the system drive
If the flash drive with the key is outside the access zone, then the recovery key comes into play. When you boot your computer, you will see approximately the following picture
To restore access and boot Windows, press Enter
We will see a screen asking you to enter a recovery key
After entering the last digit, provided that the recovery key is correct, the operating system will automatically boot.
Restoring access to removable drives
To restore access to information on a USB flash drive or click Forgot password?
Select Enter recovery key
and enter this scary 48-digit code. Click Next
If the recovery key is suitable, the disk will be unlocked.
A link appears to Manage BitLocker, where you can change the password to unlock the drive.
Conclusion
In this article, we learned how to protect our information by encrypting it using the built-in BitLocker tool. It is disappointing that this technology is only available in older or advanced versions of Windows. It also became clear why this hidden and bootable partition of 100 MB in size was created when setting up a disk using Windows.
Perhaps I will use flash drive encryption or. But, this is unlikely as there are good substitutes in the form of cloud storage services such as, and the like.
Thank you for sharing the article on social networks. Good luck to you!
Windows 10 and earlier versions of Windows provide file encryption using BitLocker technology. Just configure it once, and you can be sure that no one will get access to your files and will not be able to run your programs, even if they get physical access to the drive of your laptop or computer.
How to enable BitLocker encryption? First of all, you need to activate security policies:
1. Press Win + R and run the gpedit.msc command.
2. Go to “Administrative Templates”\u003e “Windows Components” “BitLocker Drive Encryption”\u003e “Operating System Drives”.
3. Double-click on “This policy setting allows you to configure additional authentication at startup” and select the “Enabled” option.
Now you can proceed directly to encryption:
1. Go to Explorer\u003e My Computer and select the drive you want to encrypt.
2. Right-click the drive icon and select Enable BitLocker.
3. A dialog box opens with options for accessing encrypted data. Follow his instructions and restart your computer. The drive will be encrypted. The encryption process can be long, its duration depends on the amount of encrypted data.
In the process of setting up encryption, you will need to create a key or password to decrypt the data. The password must use letters of different registers and numbers. When the drive is installed on your computer, data is encrypted and decrypted automatically, but if you remove the encrypted drive from it and connect it to another device, you will need a key to access the files.
Key recovery data can be stored on a USB flash drive, in a Microsoft account, in a text file or on a printed sheet of paper. Keep in mind that this is not the key itself, but only information that will help restore it. The key can be obtained only after entering the username and password from the Microsoft account, which complicates the encryption crack.
If you have encrypted the system logical drive, you will have to enter the password when the device starts cold or after it reboots.
To prevent unauthorized access to the system and data, Windows 7/10 provides the ability to set a password, including a graphic one, however, this method of protection cannot be considered reliable. The password for the local account can easily be reset by third-party utilities, and most importantly, nothing prevents you from accessing the file system by booting from any LiveCD with a built-in file manager.
To protect your data for real, you need to use encryption. The built-in BitLocker function will do for this, but it’s better to use third-party programs. For a long time, TrueCrypt was the most preferable application for data encryption, however, in 2014 its developers curtailed the project, saying that the program is not more secure. Soon, however, work on it was resumed, but by a new team, and the project itself received a new name. So VeraCrypt was born.
In fact, VeraCrypt is an improved version of TrueCrypt, and it is this program that we propose to use to protect your information. In the above example, we use VeraCrypt "to the maximum", encrypting with it the entire hard disk with system and user partitions. This encryption method has certain risks - there is a fraction of the probability, albeit very small, that the system will not be able to boot, so we recommend resorting to it only when you really need it.
Installation and basic configuration of VeraCrypt
The installation procedure for VeraCrypt is no different from installing other programs, with one exception. At the very beginning, you will be asked to choose between installation modes Install or Extract.
In the first case, the program will be implemented in the OS, which will allow you to connect encrypted containers and encrypt the system partition itself. Extract mode simply unpacks VeraCrypt executable files, allowing you to use it as a portable application. Some functions, including disk encryption with Windows 7/10, become inaccessible.
Immediately after starting, go to the menu Settings - Language, since by default the program is installed in English.
Disk encryption
Despite the apparent complexity of the task, everything is very simple. Select the option “Encrypt system partition / disk” in the “System” menu.
In the wizard window that opens, select “Normal” as the method (this is enough), the encryption area is the entire disk.
Upon completion of the search for hidden sectors (the procedure may take a long time), indicate the number of operating systems and ...
encryption algorithm (everything is better left by default here).
Note: if during the search for hidden sectors Windows stops responding, restart the PC forcibly and next time skip this step by selecting "No".
Create and enter a password in the fields.
Randomly moving the mouse, generate a key and click "Next".
At this stage, the program will offer to create a VRD - recovery disc and write it to a flash or optical medium.
When the screen prompts you to perform a pre-test of system encryption, click Test.
A computer restart is required. After turning on the PC, the VeraCrypt bootloader screen appears. Here you will need to enter an invented password and PIM - the number of iterations of encryption. If you have not entered PIM anywhere before, just press enter, the value of the option will be set by default.
After a few minutes, Windows will boot in normal mode, but at the same time, the Pretest Completed window will appear on the desktop - preliminary testing has been completed. This means that you can start encryption. Click the Encrypt button and confirm the action.
The encryption procedure will start. It can take a long time, it all depends on the size of the disk and its fullness with data, so be patient and wait.
Note: if there is an encrypted EFI partition on the disk, which is typical for the latest PC versions, at the beginning of the encryption you may receive a notification “It looks like Windows is not installed on the disk ...”. This means that encrypting such a disk using VeraCrypt will fail.
After all the contents of the disk are encrypted, the VeraCrypt bootloader window will appear every time you turn on the computer and each time you will need to enter a password, you cannot access the encrypted data in any other way. With disk decryption, everything is much simpler. All you need to do is start the program, select the option “Permanently decrypt the system partition / disk” in the “System” menu and follow the instructions of the wizard.
Open source has been popular for 10 years due to its independence from major vendors. The creators of the program are not publicly known. Among the most famous users of the program are Edward Snowden and security expert Bruce Schneier. The utility allows you to turn a flash drive or hard drive into a secure encrypted storage in which confidential information is hidden from prying eyes.
Mysterious developers of the utility announced the closure of the project on Wednesday May 28, explaining that using TrueCrypt is unsafe. “ATTENTION: Using TrueCrypt is not safe, because the program may contain unresolved vulnerabilities ”- such a message can be seen on the product page on the SourceForge portal. The following is another appeal: “You must transfer all data encrypted in TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
Independent security expert Graham Cluley quite logically commented on the situation: “It is time to find an alternative solution for encrypting files and hard drives.”
It's not a joke!
It was initially speculated that the program’s site was hacked by cybercriminals, but now it’s becoming clear that this is not a hoax. SourceForge website now offers an updated version of TrueCrypt (which has a digital signature of developers), during the installation of which it is proposed to switch to BitLocker or another alternative tool.
Matthew Green, a professor of cryptography at Johns Hopkinas University, said: “It is very unlikely that an unknown hacker identified TrueCrypt developers, stole their digital signature and hacked their site.”
What to use now?
The site and the pop-up notification in the program itself contain instructions on transferring files encrypted by TrueCrypt to Microsoft's BitLocker service, which comes with Microsoft Vista Ultimate / Enterprise, Windows 7 Ultimate / Enterprise and Windows 8 Pro / Enterprise. TrueCrypt 7.2 allows you to decrypt files, but does not allow you to create new encrypted partitions.
The most obvious alternative to the program is BitLocker, but there are other options. Schneier shared that he is returning to Symantec’s PGPDisk. ($ 110 per user license) uses the well-known and proven PGP encryption method.
There are other free alternatives for Windows, such as DiskCryptor. A computer security researcher known as The Grugq last year made up a whole that is still relevant today.
Johannes Ulrich, scientific director of the SANS Institute of Technology, Mac OS X users recommends paying attention to FileVault 2, which is built into OS X 10.7 (Lion) and later operating systems of this family. FileVault uses XTS-AES 128-bit encryption, which is used by the US National Security Agency (NSA). According to Ulrich, Linux users should adhere to the Linux integrated system Unified Key Setup (LUKS). If you use Ubuntu, the installer of this OS already allows you to enable full disk encryption from the very beginning.
However, users will need other portable media encryption applications that are used on computers with different operating systems. Ulrich said that in this case comes to mind.
The German company Steganos offers to use the old version of its encryption utility Steganos Safe (the current version is currently 15, and it is proposed to use the 14 version), which is distributed free of charge.
Unknown vulnerabilities
The fact that TrueCrypt may have security vulnerabilities raises serious concerns, especially considering that the audit of the program did not reveal such problems. Users of the program accumulated $ 70,000 to conduct an audit after rumors that the US National Security Agency could decode significant amounts of encrypted data. The first phase of the study, which analyzed the TrueCrypt bootloader, was conducted last month. An audit revealed no backdoors or intentional vulnerabilities. The next phase of the study, in which the used cryptography methods were to be tested, was planned for this summer.
Green was one of the experts involved in the audit. He said that he did not have any preliminary information that the developers plan to close the project. Green said: “The last thing I heard from TrueCrypt developers:“ We look forward to the results of phase 2 tests. Thank you for your efforts! ” It should be noted that the audit will continue as planned, despite the termination of the TrueCrypt project.
Perhaps the creators of the program decided to suspend development, because the utility is obsolete. Development stopped on May 5, 2014, i.e. after the official termination of support for Windows XP. SoundForge mentions: “Windows 8/7 / Vista and later systems have built-in tools for encrypting disks and virtual disk images.” Thus, data encryption is built into many operating systems, and developers could find the program no longer needed.
To add fuel to the fire, we note that on May 19 TrueCrypt was removed from the secure Tails system (Snowden's favorite system). The reason is not completely clear, but obviously you should not use the program, said Kluly.
Cluley also wrote: “Whether it’s cheating, hacking, or the logical end of the TrueCrypt life cycle, it becomes clear that conscious users will not feel comfortable trusting their data to the program after the fiasco.”
Found a typo? Highlight and press Ctrl + Enter
