TrueCrypt 5.0 is out

After a long 9 months wait, TrueCrypt 5.0 was released yesterday. This major version upgrade (up from 4.3a) is mainly justified by the inclusion of a new feature which allows an entire system drive or partition helding a Windows OS (XP/2003/Vista) to be encrypted with a pre-boot authentication interface, as most commercial full disk encryption software do. But there are other important improvements in this new version, like the new GNU/Linux GUI (older versions only had a command line interface and third party front-ends) and the MacOS X port. How many multi-OS FDE tools are out there? Not many I guess.

I would like to introduce anyone who didn’t know about this open source software. TrueCrypt is a tool which can easily encrypt hard drive, flash (USB, memory cards…) and other storage media. It was programmed with Windows in mind, and it’s not focused on being a commercial FDE software competition. These products shine on their own thanks to their centralized administration console to control many computers, and their data rescue tools for recovering encrypted files which password was lost or data from an employee who left the company.
There are two main operational modes: file container based and partition/drive based. There is no recommended mode, as it depends on the storage media where encrypted data is being saved. File based containers are ideal if mobility is the main concern (it is a simple file at all which can be copied, moved…), whereas drive/partition containers have an important speed edge. The final decision has to be made having in mind the main use of the encrypted data.
This storage space can be encrypted using three different symmetric key algorithms (AES, Serpent or Twofish) or a combination of those two/three with a cascade. These algorithms are patent free so they should be unsuspicious of having some extra backdoor code (paranoid people can look through TrueCrypt source code and compile it instead of using precompiled binaries). TrueCrypt maps decrypted data on a drive letter or a mountable mapper device (depending on the OS).
There are other interesting features that I would like share with you. Hidden volumes are useful to protect data within an inner container which is decrypted using a different password than the normal contanier. This is useful in case of a coercion scenario. Last but not least, you can complement the encryption password by using a second authentication factor, a keyfile. This keyfile provides the encrypted data owner with an additional security layer (something you have in addition to something you know), making keyloggers useless for intruders. If you decide to use keyfiles, it’s extremely important to have it properly stored in a removable memory device and kept away from the computer where the data is, when not in use.
I highly recommend our readers to have a look at this fine software that will protect our most sensitive data from undesired eyes. It can be intimidating at first due to the high amount of advanced options available, but it isn’t necessary to learn them all. Most important features are quickly learnt thanks to its complete tutorial and documentation.

Álvaro Ramón
S21sec labs

Deja un comentario