Find Out if Your Email Is Compromised Toms Hardware

Discontinued source-available deejay encryption utility

TrueCrypt

TrueCrypt on Windows (discontinued)
Developer(due south)	TrueCrypt Foundation
Initial release	Feb 2004; xviii years ago  (2004-02) [1]
Terminal release	7.2 / May 28, 2014; vii years agone  (2014-05-28) [ii] (Discontinued)
Written in	C, C++, Assembly[3]
Operating organisation	Windows, macOS, Linux[3]
Size	3.thirty MB
Available in	38 languages[iv]
Listing of languages English, Arabic, Basque, Belarusian, Bulgarian, Burmese, Catalan, Chinese (Simplified), Chinese (Hong Kong), Chinese (Taiwan), Czech, Danish, Dutch, Estonian, Finnish, French, Georgian, German, Greek, Hungarian, Indonesian, Italian, Japanese, Korean, Latvian, Norwegian (Nynorsk), Farsi, Smoothen, Portuguese (Brazil), Russian, Slovak, Slovenian, Spanish, Swedish, Turkish, Ukrainian, Uzbek (Cyrillic), Vietnamese
Type	Disk encryption software
License	TrueCrypt License iii.i (source-bachelor freeware)
Website	truecrypt.sourceforge.net

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-kick authentication).

On 28 May 2014, the TrueCrypt website announced that the project was no longer maintained and recommended users find culling solutions. Though development of TrueCrypt has ceased, an independent audit of TrueCrypt (published in March 2015) has concluded that no significant flaws are present.^[5] Two projects forked from TrueCrypt: VeraCrypt (agile) and CipherShed^[6] (abandoned).

History [edit]

TrueCrypt was initially released equally version one.0 in February 2004, based on E4M (Encryption for the Masses). Several versions and many additional minor releases accept been made since then, with the near current version existence 7.1a.^[1]

E4M and SecurStar dispute [edit]

Original release of TrueCrypt was made by bearding developers called "the TrueCrypt Team".^[7] Shortly subsequently version 1.0 was released in 2004, the TrueCrypt Squad reported receiving email from Wilfried Hafner, director of SecurStar, a computer security visitor.^[8] According to the TrueCrypt Team, Hafner claimed in the email that the acknowledged author of E4M, programmer Paul Le Roux, had stolen the source code from SecurStar every bit an employee.^[8] Information technology was farther stated that Le Roux illegally distributed E4M, and authored an illegal license permitting anyone to base derivative work on the lawmaking and distribute information technology freely. Hafner alleges all versions of E4M e'er belonged merely to SecurStar, and Le Roux did not take whatever right to release it under such a license.^[eight]

This led the TrueCrypt Team to immediately terminate developing and distributing TrueCrypt, which they announced online through usenet.^[8] TrueCrypt Team member David Tesařík stated that Le Roux informed the team that at that place was a legal dispute betwixt himself and SecurStar, and that he received legal advisement non to annotate on whatever issues of the case. Tesařík concluded that should the TrueCrypt Squad continue distributing TrueCrypt, Le Roux may ultimately exist held liable and exist forced to pay consistent damages to SecurStar. To continue in proficient faith, he said, the team would need to verify the validity of the E4M license. However, because of Le Roux'southward need to remain silent on the matter, he was unable to confirm or deny its legitimacy, keeping TrueCrypt development in limbo.^{[viii] [9]}

Thereafter, would-be visitors reported trouble accessing the TrueCrypt website, and tertiary-party mirrors appeared online making the source code and installer continually available, outside of official sanction by the TrueCrypt Squad.^{[10] [xi]}

In the FAQ department of its website, SecurStar maintains its claims of ownership over both E4M and Scramdisk, another free encryption plan. The company states that with those products, SecurStar "had a long tradition of open source software", but that "competitors had nothing better to do merely to steal our source code", causing the company to make its products closed-source, forcing potential customers to place a substantial society and sign a non-disclosure agreement earlier existence allowed to review the code for security.^[12]

Le Roux himself has denied developing TrueCrypt in a court hearing in March 2016, in which he likewise confirmed he had written E4M.^[thirteen]

Version 2.0 [edit]

Months later on 7 June 2004, TrueCrypt 2.0 was released.^[1] The new version independent a different digital signature from that of the original TrueCrypt Team, with the developers now being referred to equally "the TrueCrypt Foundation." The software license was likewise changed to the open up source GNU General Public License (GPL). However, given the wide range of components with differing licenses making up the software, and the contested nature of the legality of the program's release, a few weeks later on 21 June, version 2.1 was released under the original E4M license to avoid potential issues relating to the GPL license.^{[ane] [14]}

Version 2.1a of the software was released on ane October 2004 on truecrypt.sourceforge.net sub-domain.^[i] Past May 2005, the original TrueCrypt website returned and truecrypt.sourceforge.net redirected visitors to truecrypt.org.

End of life announcement [edit]

On 28 May 2014, the TrueCrypt official website, truecrypt.org, began redirecting visitors to truecrypt.sourceforge.net with a HTTP 301 "Moved Permanently" condition, which warned that the software may contain unfixed security issues, and that development of TrueCrypt was ended in May 2014, post-obit Windows XP's end of support. The bulletin noted that more recent versions of Windows have born support for deejay encryption using BitLocker, and that Linux and OS X had like born solutions, which the message states renders TrueCrypt unnecessary. The page recommends any data encrypted by TrueCrypt be migrated to other encryption setups and offered instructions on moving to BitLocker. The SourceForge project folio for the software at sourceforge.net/truecrypt was updated to display the aforementioned initial message, and the status was changed to "inactive."^[xv] The page also appear a new software version, vii.2, which only allows decryption.

Initially, the authenticity of the proclamation and new software was questioned.^{[xvi] [17] [18]} Multiple theories attempting to explain the reason behind the declaration arose throughout the tech community.^{[19] [3]}

Presently after the cease of life annunciation of TrueCrypt, Gibson Inquiry Corporation posted an announcement titled "Yes... TrueCrypt is still safety to use" and a Last Release Repository to host the final official non-crippled version seven.1a of TrueCrypt.^[3] They no longer practise as of 2022.

Truecrypt.org has been excluded from the Cyberspace Archive Wayback Machine.^[20] Their exclusion policy says they exclude pages at site owner request.^[21]

Operating systems [edit]

TrueCrypt supports Windows, OS X and Linux operating systems.^[22] Both 32-bit and 64-fleck versions of these operating systems are supported, except for Windows IA-64 (not supported) and Mac Os X 10.half dozen Snow Leopard (runs as a 32-bit procedure).^[22] The version for Windows 7, Windows Vista, and Windows XP tin encrypt the boot sectionalization or entire kick bulldoze.^[23]

Independent implementations [edit]

There is an independent, compatible^{[24] [25]} implementation, tcplay, for DragonFly BSD^[24] and Linux.^{[25] [26]}

The Dm-catacomb module included in default Linux kernel supports a TrueCrypt target called "tcw" since Linux version 3.xiii.^{[27] [28] [29]}

Encryption scheme [edit]

Algorithms [edit]

Private ciphers supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, v different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Ophidian-AES, Serpent-Twofish-AES and Twofish-Serpent.^[30] The cryptographic hash functions available for employ in TrueCrypt are RIPEMD-160, SHA-512, and Whirlpool.^[31]

Modes of operation [edit]

TrueCrypt currently uses the XTS style of performance.^[32] Prior to this, TrueCrypt used LRW mode in versions 4.1 through iv.3a, and CBC mode in versions iv.0 and earlier.^[i] XTS mode is thought to exist more secure than LRW mode, which in plough is more than secure than CBC mode.^[33]

Although new volumes can just exist created in XTS mode, TrueCrypt is backward uniform with older volumes using LRW mode and CBC mode.^[1] Later versions produce a security alarm when mounting CBC mode volumes and recommend that they exist replaced with new volumes in XTS mode.

Keys [edit]

The header key and the secondary header key (XTS mode) are generated using PBKDF2 with a 512-scrap salt and thousand or 2000 iterations, depending on the underlying hash office used.^[34]

Plausible deniability [edit]

TrueCrypt supports a concept chosen plausible deniability,^[35] past assuasive a unmarried "hidden book" to be created within another volume.^[36] In addition, the Windows versions of TrueCrypt accept the ability to create and run a hidden encrypted operating system whose existence may be denied.^[37]

The TrueCrypt documentation lists many ways in which TrueCrypt'south subconscious volume deniability features may be compromised (e.g. by third-party software which may leak information through temporary files, thumbnails, etc., to unencrypted disks) and possible ways to avoid this.^[38] In a newspaper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The report suggested the addition of a subconscious operating organization functionality; this characteristic was added in TrueCrypt 6.0. When a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and not-hidden TrueCrypt volumes read-only to foreclose data leaks.^[37] The security of TrueCrypt's implementation of this feature was non evaluated because the first version of TrueCrypt with this option had only recently been released.^[39]

At that place was a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks.^[40]

Identifying TrueCrypt volumes [edit]

When analyzed, TrueCrypt volumes appear to have no header and contain random data.^[41] TrueCrypt volumes accept sizes that are multiples of 512 due to the block size of the cipher manner^[32] and key data is either 512 bytes stored separately in the example of system encryption or two 128 kB headers for non-system containers.^[42] Forensics tools may use these properties of file size, apparent lack of a header, and randomness tests to endeavor to identify TrueCrypt volumes.^[43] Although these features give reason to suspect a file to exist a TrueCrypt volume, there are, however, some programs which exist for the purpose of securely erasing files by employing a method of overwriting file contents, and free deejay space, with purely random data (i.eastward. "shred" & "scrub"^[44]), thereby creating reasonable doubt to counter pointed accusations declaring a file, made of statistically random data, to exist a TrueCrypt file.^{[35] [45]}

If a system bulldoze, or a partition on it, has been encrypted with TrueCrypt, so only the information on that partition is deniable. When the TrueCrypt boot loader replaces the normal boot loader, an offline analysis of the drive tin can positively determine that a TrueCrypt boot loader is present and so atomic number 82 to the logical inference that a TrueCrypt partition is also present. Even though at that place are features to obfuscate its purpose (i.due east. displaying a BIOS-like message to misdirect an observer such as, "Not-system deejay" or "disk error"), these reduce the functionality of the TrueCrypt boot loader and do not hide the content of the TrueCrypt kick loader from offline analysis.^[46] Here again, the apply of a hidden operating organization is the suggested method for retaining deniability.^[37]

Functioning [edit]

TrueCrypt supports parallelized^{[47] : 63} encryption for multi-core systems and, under Microsoft Windows, pipelined read/write operations (a form of asynchronous processing)^{[47] : 63} to reduce the performance hit of encryption and decryption. On newer processors supporting the AES-NI educational activity fix, TrueCrypt supports hardware-accelerated AES to further improve performance.^{[47] : 64} The performance impact of disk encryption is especially noticeable on operations which would unremarkably utilize directly retentiveness access (DMA), every bit all information must pass through the CPU for decryption, rather than being copied directly from deejay to RAM.

In a test carried out past Tom's Hardware, although TrueCrypt is slower compared to an unencrypted deejay, the overhead of existent-time encryption was establish to be similar regardless of whether mid-range or land-of-the-fine art hardware is in utilize, and this bear upon was "quite adequate".^[48] In another article the performance price was found to be unnoticeable when working with "popular desktop applications in a reasonable style", only information technology was noted that "power users volition complain".^[49]

Incompatibility with FlexNet Publisher and SafeCast [edit]

Installing third-party software which uses FlexNet Publisher or SafeCast (which are used for preventing software piracy on products by Adobe such as Adobe Photoshop) can damage the TrueCrypt bootloader on Windows partitions/drives encrypted past TrueCrypt and render the drive unbootable.^[50] This is caused by the inappropriate blueprint of FlexNet Publisher writing to the starting time bulldoze rail and overwriting whatsoever non-Windows bootloader exists there.^[51]

Security concerns [edit]

TrueCrypt is vulnerable to diverse known attacks which are also present in other disk encryption software releases such as BitLocker. To prevent those, the documentation distributed with TrueCrypt requires users to follow diverse security precautions.^[52] Some of those attacks are detailed below.

Encryption keys stored in memory [edit]

TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if in that location is some degradation in the retention contents, various algorithms can intelligently recover the keys. This method, known as a common cold boot assault (which would apply in detail to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt.^[53]

Physical security [edit]

TrueCrypt documentation states that TrueCrypt is unable to secure data on a figurer if an assailant physically accessed information technology and TrueCrypt is used on the compromised computer by the user once more (this does not use to a common case of a stolen, lost, or confiscated computer).^[54] The attacker having physical admission to a calculator can, for example, install a hardware/software keylogger, a jitney-mastering device capturing retention, or install any other malicious hardware or software, allowing the assailant to capture unencrypted information (including encryption keys and passwords), or to decrypt encrypted information using captured passwords or encryption keys. Therefore, physical security is a bones premise of a secure system. Attacks such as this are frequently chosen "evil maid attacks".^[55]

Malware [edit]

TrueCrypt documentation states that TrueCrypt cannot secure data on a computer if it has any kind of malware installed. Malware may log keystrokes, thus exposing passwords to an attacker.^[56]

The "Stoned" bootkit [edit]

The "Stoned" bootkit, an MBR rootkit presented past Austrian software developer Peter Kleissner at the Black Lid Technical Security Conference USA 2009,^{[57] [58]} has been shown capable of tampering TrueCrypt's MBR, effectively bypassing TrueCrypt's total volume encryption.^{[59] [sixty] [61] [62] [63]} Potentially every hard disk drive encryption software is affected by this kind of attack if the encryption software does not rely on hardware-based encryption technologies like TPM, or if the attack is made with authoritative privileges while the encrypted operating system is running.^{[64] [65]}

2 types of set on scenarios exist in which information technology is possible to maliciously take advantage of this bootkit: in the first i, the user is required to launch the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to hardware keyloggers, a malicious person needs concrete access to the user's TrueCrypt-encrypted hard disk: in this context this is needed to alter the user's TrueCrypt MBR with that of the Stoned bootkit and so place the difficult disk back on the unknowing user'south PC, so that when the user boots the PC and types his/her TrueCrypt password on boot, the "Stoned" bootkit intercepts information technology thereafter because, from that moment on, the Stoned bootkit is loaded before TrueCrypt'due south MBR in the kick sequence. The first blazon of attack can be prevented as usual by skilful security practices, due east.g. avert running not-trusted executables with authoritative privileges. The 2nd one tin can be successfully neutralized by the user if he/she suspects that the encrypted hd might have been physically available to someone he/she does not trust, past booting the encrypted operating system with TrueCrypt's Rescue Disk instead of booting information technology directly from the hard disk. With the rescue deejay, the user can restore TrueCrypt's MBR to the hard deejay.^[66]

Trusted Platform Module [edit]

The FAQ section of the TrueCrypt website states that the Trusted Platform Module (TPM) cannot be relied upon for security, because if the assailant has physical or administrative access to the figurer and you apply it subsequently, the computer could have been modified by the attacker due east.g. a malicious component—such as a hardware keystroke logger—could take been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, TrueCrypt volition not support the TPM.^[65]

Security audits [edit]

In 2013 a graduate student at Concordia University published a detailed online report, in which he states that he has confirmed the integrity of the distributed Windows binaries of version 7.1a.^[67]

A crowdfunding entrada attempting to conduct an contained security audit of TrueCrypt was successfully funded in Oct 2013. A not-profit organization called the Open Crypto Audit Project (OCAP) was formed, calling itself "a customs-driven global initiative which grew out of the showtime comprehensive public audit and cryptanalysis of the widely used encryption software TrueCrypt".^[68] The organization established contact with TrueCrypt developers, who welcomed the audit.^{[69] [70]} Phase I of the audit was successfully completed on xiv Apr 2014, finding "no evidence of backdoors or malicious code". Matthew D. Green, ane of the auditors, added "I retrieve it's good that we didn't find annihilation super critical."^[71]

One mean solar day after TrueCrypt's end of life announcement, OCAP confirmed that the inspect would continue as planned, with Phase II expected to begin in June 2014 and wrap upwardly by the end of September.^{[72] [73]} The Phase 2 audit was delayed, but was completed 2 April 2015 past NCC Cryptography Services. This inspect "found no bear witness of deliberate backdoors, or any severe blueprint flaws that volition make the software insecure in most instances."^{[74] [75] [76]} The French National Bureau for the Security of Information Systems (ANSSI) stated that while TrueCrypt half dozen.0 and 7.1a have previously attained ANSSI certification, migration to an alternating certified product is recommended every bit a precautionary measure out.^[77]

According to Gibson Research Corporation, Steven Barnhart wrote to an e-mail accost for a TrueCrypt Foundation member he had used in the past and received several replies from "David". According to Barnhart, the chief points of the email letters were that the TrueCrypt Foundation was "happy with the audit, it didn't spark anything", and that the reason for the annunciation was that "in that location is no longer interest [in maintaining the project]."^[78]

Co-ordinate to a report released 29 September 2015, TrueCrypt includes two vulnerabilities in the driver that TrueCrypt installs on Windows systems allowing an aggressor arbitrary code execution and privilege escalation via DLL hijacking.^[79] In Jan 2016, the vulnerability was fixed in VeraCrypt,^[eighty] but it remains unpatched in TrueCrypt's unmaintained installers.

Legal cases [edit]

Performance Satyagraha [edit]

In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the aid of the FBI, who used dictionary attacks against Dantas' disks for over 12 months, only were still unable to decrypt them.^{[81] [82]}

United states of america 5. John Doe [edit]

In 2012 the United States 11th Excursion Court of Appeals ruled that a John Doe TrueCrypt user could not exist compelled to decrypt several of his hard drives.^{[83] [84]} The court'due south ruling noted that FBI forensic examiners were unable to become by TrueCrypt's encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe'due south Fifth Amendment right to remain silent legally prevented the Government from making him or her do and then.^{[85] [86]}

David Miranda [edit]

On xviii August 2013 David Miranda, partner of journalist Glenn Greenwald, was detained at London'due south Heathrow Airport by Metropolitan Police while en road to Rio de Janeiro from Berlin. He was carrying with him an external hard bulldoze said to exist containing sensitive documents pertaining to the 2013 global surveillance disclosures sparked by Edward Snowden. Contents of the drive were encrypted by TrueCrypt, which authorities said "renders the cloth extremely difficult to access."^[87] Detective Superintendent Caroline Goode stated the hard drive independent around 60 gigabytes of data, "of which simply twenty accept been accessed to engagement." She further stated the process to decode the fabric was circuitous and "so far merely 75 documents have been reconstructed since the holding was initially received."^[87]

Guardian contributor Naomi Colvin ended the statements were misleading, stating that it was possible Goode was not even referring to whatsoever actual encrypted material, but rather deleted files reconstructed from unencrypted, unallocated infinite on the hard drive, or even plaintext documents from Miranda'south personal effects.^[88] Glenn Greenwald supported this assessment in an interview with Democracy Now!, mentioning that the UK regime filed an affirmation asking the court to allow them to retain possession of Miranda'south belongings. The grounds for the request were that they could not break the encryption, and were simply able to admission 75 of the documents that he was carrying, which Greenwald said "most of which were probably ones related to his schoolhouse work and personal use."^[89]

James DeSilva [edit]

In February 2014, an Arizona Section of Existent Estate IT department employee, James DeSilva, was arrested on charges of sexual exploitation of a modest through the sharing of explicit images over the Internet. His estimator, encrypted with TrueCrypt, was seized, and DeSilva refused to reveal the countersign. Forensics detectives from the Maricopa County Sheriff'southward Office were unable to gain access to his stored files.^[90]

Lauri Dearest [edit]

In October 2013, British–Finnish activist Lauri Dear was arrested by the National Criminal offense Agency (NCA) on charges of hacking into a US department or bureau estimator and ane count of conspiring to do the same.^{[91] [92] [93]} The regime confiscated all of his electronics and demanded he provide them with the necessary keys to decrypt the devices. Love refused. On 10 May 2016 a District Estimate (Magistrate'southward Courtroom) rejected a request by the NCA that Love exist forced to plow over his encryption keys or passwords to TrueCrypt files on an SD card and hard drives that were among the confiscated property.^[94]

Druking [edit]

In the special prosecutor investigation for Druking in South Korea, the special prosecutor decrypted some of the files encrypted by TrueCrypt by guessing the passphrase.^{[95] [96]}

The special prosecutor said the hidden volumes were especially difficult to deal with. He decrypted some of encrypted files by trying words and phrases the druking grouping had used elsewhere as parts of the passphrase in society to make educated guesses.^{[97] [98] [99] [100]}

License and source model [edit]

TrueCrypt was released equally source-available, under the "TrueCrypt License," which is unique to the TrueCrypt software.^{[101] [102]} Equally of version seven.1a (the last full version of the software, released Feb 2012), the TrueCrypt License was version 3.0. Information technology is non part of the panoply of widely used open source licenses. The Free Software Foundation (FSF) states that it is non a free software license.^[103]

Discussion of the licensing terms on the Open Source Initiative (OSI)'s license-talk over mailing list in October 2013 suggests that the TrueCrypt License has made progress towards compliance with the Open Source Definition but would not yet pass if proposed for certification as Open Source software.^{[104] [105]} Co-ordinate to current OSI president Simon Phipps:

...it is not at all appropriate for [TrueCrypt] to draw itself as "open source." This use of the term "open source" to describe something nether a license that's non only unapproved by OSI but known to be subject to issues is unacceptable. ... Equally OSI managing director and open up source expert Karl Fogel said, "The platonic solution is not to take them remove the words 'open source' from their cocky-description, but rather for their software to be nether an OSI-approved open source license."^[104]

Equally a result of its questionable status with regard to copyright restrictions and other potential legal bug,^[106] major Linux distributions do non consider the TrueCrypt License free: TrueCrypt is not included with Debian,^[107] Ubuntu,^[108] Fedora,^[109] or openSUSE.^[110]

Cease of life and license version 3.1 [edit]

28 May 2014 declaration of discontinuation of TrueCrypt besides came with a new version 7.ii of the software. Amid the many changes to the source lawmaking from the previous release were changes to the TrueCrypt License — including removal of specific language that required attribution of TrueCrypt as well as a link to the official website to exist included on whatever derivative products — forming a license version 3.i.^[111]

Cryptographer Matthew Dark-green, who had help raise funds for TrueCrypt's audit noted a connection between TrueCrypt's refusal to change the license and their departure-time warning. "They set the whole thing on fire, and now possibly nobody is going to trust information technology considering they'll recollect there'southward some big evil vulnerability in the code."^[112]

On 16 June 2014, the only declared TrueCrypt developer nevertheless answering email replied to a message by Matthew Green asking for permission to utilise the TrueCrypt trademark for a fork released under a standard open source license. Permission was denied, which led to the two known forks beingness named VeraCrypt and CipherShed likewise every bit a re-implementation named tc-play rather than TrueCrypt.^{[113] [114]}

Trademarks [edit]

In 2007 a US trademark for TrueCrypt was registered under the name of Ondrej Tesarik with a company name TrueCrypt Developers Clan ^[115] and a trademark on the "key" logo was registered nether the name of David Tesarik with a company name TrueCrypt Developers Association.^[116]

In 2009 the company name TrueCrypt Foundation was registered in the US by a person named David Tesarik.^[117] The TrueCrypt Foundation non-profit system last filed tax returns in 2010,^[118] and the company was dissolved in 2014.^{[ commendation needed ]}

See also [edit]

• Comparing of deejay encryption software

References [edit]

1. ^ ^{a b c d eastward f g} "Version History". TrueCrypt Foundation. Archived from the original on 8 January 2013. Retrieved one October 2009.
2. ^ "TrueCrypt".
3. ^ ^{a b c d} Gibson, Steve (5 June 2014), TrueCrypt, the concluding release, archive, Gibson Research Corporation, retrieved 1 August 2014
4. ^ "Language Packs". truecrypt.org. TrueCrypt Foundation. Archived from the original on five Dec 2012.
5. ^ "Open Crypto Inspect Project" (PDF).
6. ^ https://github.com/CipherShed/CipherShed/tree/master/src
7. ^ "Version Information". TrueCrypt User'south Guide, version 1.0. TrueCrypt Team. 2 February 2004. Retrieved 28 May 2014. ^{[ dead link ]} Alt URL
8. ^ ^{a b c d e} TrueCrypt Team (3 Feb 2004). "P. Le Roux (author of E4M) accused by W.Hafner (SecurStar)". Newsgroup: alt.security.scramdisk. Usenet: a7b8b26d77f67aa7c5cc3f55b84c3975@news.teranews.com. Retrieved 28 May 2014.
9. ^ David T. (7 February 2004). "Summary of electric current TrueCrypt situation...?". Newsgroup: alt.security.scramdisk. Usenet: 30e9930aece70b0f63435ecd85a67736@news.teranews.com. Retrieved 28 May 2014.
10. ^ Carsten Krueger (seven February 2004). "Truecrypt for David T. from Truecrypt-Squad". Newsgroup: alt.security.scramdisk. Usenet: 76va20di0jami8nspk743kuddgj6etabhh@4ax.com. Retrieved 28 May 2014.
11. ^ Andraia Matrix (half-dozen February 2004). "Unofficial TrueCrypt Site". Newsgroup: alt.security.scramdisk. Usenet: 76va20di0jami8nspk743kuddgj6etabhh@4ax.com. Retrieved 28 May 2014.
12. ^ "Is the source code of your software bachelor?". Drivecrypt FAQ. SecurStar. Archived from the original on 2 June 2014. Retrieved 28 May 2014.
13. ^ Ratliff, Evan (29 Apr 2016). "The Next Big Deal". Retrieved 1 May 2016.
14. ^ "Version History" (PDF). TrueCrypt User'southward Guide, version 3.1a. TrueCrypt Foundation. 7 February 2005. Archived (PDF) from the original on xxx Dec 2008. Retrieved ii March 2017.
15. ^ tc-foundation (28 May 2014). "TrueCrypt projection folio". SourceForge. Archived from the original on 30 May 2014. Retrieved 30 May 2014.
16. ^ Goodin, Dan (28 May 2014), ""TrueCrypt is not secure," official SourceForge folio abruptly warns", Ars Technica, Condé Nast, retrieved 28 May 2014
17. ^ O'Neill, Patrick (28 May 2014). "TrueCrypt, encryption tool used past Snowden, shuts downwardly due to declared 'security problems'". The Daily Dot . Retrieved 28 May 2014.
18. ^ McAllister, Neil (28 May 2014), TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'Information technology'southward non secure' , The Register, retrieved 29 May 2014
19. ^ Goodin, Dan (29 May 2014), "Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above?", Ars Technica, Condé Nasta, retrieved 29 May 2014
20. ^ https://web.annal.org/spider web/2014/truecrypt.org
21. ^ Wayback Car General Data Internet Archive
22. ^ ^{a b} "Supported Operating Systems". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
23. ^ "Operating Systems Supported for System Encryption". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on eight January 2013. Retrieved 24 May 2014.
24. ^ ^{a b} "DragonFly On-Line Manual Pages". DragonFly BSD Projection. Retrieved 17 July 2011.
25. ^ ^{a b} "README". tc-play. Retrieved fourteen March 2014.
26. ^ "Fedora Review Request: tcplay - Utility to create/open/map TrueCrypt-compatible volumes". FEDORA. Retrieved 25 Jan 2012.
27. ^ "index : kernel/git/stable/linux-stable.git - path: root/drivers/md/dm-catacomb.c". Kernel.org cgit. xx Jan 2014. Line 241. Retrieved 13 June 2014.
28. ^ "dm-catacomb: Linux kernel device-mapper crypto target - IV generators". cryptsetup. eleven January 2014. Retrieved 10 June 2014.
29. ^ "[dm-devel] [PATCH ii/2] dm-catacomb: Add TCW IV mode for old CBC TCRYPT containers". redhat.com. Retrieved 17 June 2014.
30. ^ "Encryption Algorithms". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
31. ^ "Hash Algorithms". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 25 May 2014. Retrieved 24 May 2014.
32. ^ ^{a b} "Modes of Performance". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on four September 2013. Retrieved 24 May 2014.
33. ^ Fruhwirth, Clemens (18 July 2005). "New Methods in Hard Disk Encryption" (PDF). Constitute for Estimator Languages, Theory and Logic Group, Vienna University of Technology. Retrieved 10 March 2007.
34. ^ "Header Primal Derivation, Salt, and Iteration Count". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
35. ^ ^{a b} "Plausible Deniability". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 26 February 2008. Retrieved 24 May 2014.
36. ^ "Hidden Volume". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 24 May 2014.
37. ^ ^{a b c} "Hidden Operating Organization". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 16 April 2013. Retrieved 24 May 2014.
38. ^ "Security Requirements for Hidden Volumes". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 17 September 2012. Retrieved 24 May 2014.
39. ^ Alexei Czeskis; David J. St. Hilaire; Karl Koscher; Steven D. Gribble; Tadayoshi Kohno; Bruce Schneier (18 July 2008). "Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling Bone and Applications" (PDF). 3rd USENIX Workshop on Hot Topics in Security. Archived from the original (PDF) on 27 December 2008.
40. ^ Schneier, UW Team Show Flaw In TrueCrypt Deniability. Accessed on: 12 June 2012
41. ^ Piccinelli, Mario, and Paolo Gubian. "Detecting Hidden Encrypted Volume Files via Statistical Analysis." International Journal of Cyber-Security and Digital Forensics (IJCSDF) iii.1 (2014): 30-37.
42. ^ "TrueCrypt Volume Format Specification". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 19 June 2013. Retrieved 24 May 2014.
43. ^ "Archive". Archived from the original on 7 May 2014. Retrieved 2 March 2017.
44. ^ "diskscrub - disk overwrite utility - Google Project Hosting". Retrieved xvi July 2014.
45. ^ "Plausible Deniability". FreeOTFE. Archived from the original on 24 Jan 2013.
46. ^ TrueCrypt FAQ - see question I use pre-boot hallmark. Can I prevent a person (adversary) that is watching me commencement my figurer from knowing that I use TrueCrypt?
47. ^ ^{a b c} "TrueCrypt User Guide" (PDF) (7.1a ed.). TrueCrypt Foundation. 7 February 2012.
48. ^ Schmid, Patrick; Roos, Achim (28 April 2010). "Conclusion". System Encryption: BitLocker And TrueCrypt Compared. Tom's Hardware. Retrieved 24 May 2014.
49. ^ Schmid, Patrick; Roos, Achim (28 April 2010). "Conclusion". Protect Your Data With Encryption. Tom's Hardware. Retrieved 24 May 2014.
50. ^ "Freeze when yous reboot a Windows organisation that has TrueCrypt Disk Encryption software and Adobe applications installed". Adobe Artistic Suite Help. Adobe Systems. 16 November 2009. Retrieved 24 May 2014.
51. ^ "Incompatibilities". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on sixteen April 2013. Retrieved 24 May 2014.
52. ^ "Security Requirements and Precautions". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 16 April 2013. Retrieved 24 May 2014.
53. ^ Alex Halderman; et al. "Lest We Remember: Cold Boot Attacks on Encryption Keys".
54. ^ "Physical Security". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 13 September 2012. Retrieved 24 May 2014.
55. ^ Schneier, Bruce (23 October 2009). ""Evil Maid" Attacks on Encrypted Hard Drives". Schneier on Security. Retrieved 24 May 2014.
56. ^ "Malware". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 13 September 2012. Retrieved 24 May 2014.
57. ^ "Stoned bootkit White Paper" (PDF). Black Hat Technical Security Conference USA 2009. Peter Kleissner. Retrieved 5 Baronial 2009.
58. ^ "Stoned bootkit Presentation Slides" (PDF). Black Hat Technical Security Conference Usa 2009. Peter Kleissner. Retrieved 5 Baronial 2009.
59. ^ "Bootkit bypasses hd encryption". The H-Security (H-Online.com). Heise Media UK Ltd. Archived from the original on 1 August 2009. Retrieved 5 August 2009.
60. ^ David M Williams (vii September 2009). "The dark side of open source software is Stoned". iTWire.
61. ^ Chase, Simon (four August 2009). "TrueCrypt vs Peter Kleissner, Or Stoned BootKit Revisited." Simon Hunt. Retrieved 24 May 2014.
62. ^ Uli Ries (xxx July 2009). "Bootkit hebelt Festplattenverschlüsselung aus" (in High german). Heise Online.
63. ^ "Windows-Hacking: TrueCrypt Verschlüsselung umgangen" (in German). Gulli News. 30 July 2009.
64. ^ "Stoned bootkit attacking TrueCrypt'south full volume encryption". TrueCrypt Foundation post in response to Peter Kleissner on 18 July 2009. Retrieved 5 Baronial 2009.
65. ^ ^{a b} "Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?". TrueCrypt FAQ. TrueCrypt Foundation. Archived from the original on 16 April 2013. Retrieved 24 Baronial 2011.
66. ^ Kleissner, Peter (21 July 2009). "TrueCrypt Foundation is a joke to the security manufacture, pro Microsoft". Peter Kleissner. Archived from the original on xviii August 2010. Retrieved 5 August 2009.
67. ^ Xavier de Carné de Carnavalet (2013). "How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries".
68. ^ "Welcome to the Open Crypto Audit Project". Open Crypto Audit Projection. Archived from the original on 31 May 2014. Retrieved 31 May 2014.
69. ^ "The TrueCrypt Inspect Project". Indiegogo. Retrieved 2 November 2013.
70. ^ "TrueCrypt Audit Endorsed by Development Team". Threatpost. Retrieved two November 2013.
71. ^ Farivar, Cyrus (14 April 2014), "TrueCrypt audit finds "no evidence of backdoors" or malicious code", Ars Technica, Condé Nast, retrieved 24 May 2014
72. ^ Goodin, Dan (30 May 2014), "TrueCrypt security audit presses on, despite developers jumping ship", Ars Technica, Condé Nast, retrieved 31 May 2014
73. ^ Doctorow, Cory (29 May 2014), Mysterious proclamation from Truecrypt declares the project insecure and expressionless, Boing Boing, retrieved 31 May 2014
74. ^ Greenish, Matthew (ii April 2015). "Truecrypt study". A Few Thoughts on Cryptographic Engineering . Retrieved 4 April 2015.
75. ^ Green, Matthew (xviii February 2015). "Some other update on the Truecrypt audit". A Few Thoughts on Cryptographic Applied science . Retrieved 22 February 2015.
76. ^ "Truecrypt Phase 2 Audit Appear". Cryptography Services. NCC Group. eighteen Feb 2015. Retrieved 22 February 2015.
77. ^ "Possible abandon de TrueCrypt par ses développeurs". ssi.gouv.fr. Agence nationale de la sécurité des systèmes d'information. 2 June 2014. Retrieved 21 June 2014.
78. ^ Gibson, Steve (thirty May 2014). "Then the TrueCrypt developers were heard from!". TrueCrypt Latest Release Repository. Gibson Research Corporation. Archived from the original on 30 May 2014. Retrieved 30 May 2014.
79. ^ "Newly found TrueCrypt flaw allows full arrangement compromise".
80. ^ CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
81. ^ Leyden, John (28 June 2010). "Brazilian banker's crypto baffles FBI". The Register. Retrieved 13 August 2010.
82. ^ Dunn, John E. (30 June 2010), FBI hackers neglect to crack TrueCrypt, TechWorld, retrieved 30 May 2014
83. ^ Palazzolo, Joe (23 February 2012), Court: 5th Subpoena Protects Suspects from Having to Decrypt Hard Drives, The Wall Street Journal, retrieved 24 May 2014
84. ^ Kravets, David (24 February 2012), Forcing Defendant to Decrypt Hard Drive Is Unconstitutional, Appeals Court Rules, Wired, retrieved 24 May 2014
85. ^ United states of america 5. John Doe , eleven–12268 & 11–15421 (11th Cir. 23 February 2012).
86. ^ United States v. John Doe Archived 15 January 2013 at the Wayback Auto
87. ^ ^{a b} Hosenball, Marker (30 August 2013), Britain asked N.Y. Times to destroy Snowden material, Reuters, archived from the original on 30 May 2014, retrieved 30 May 2014
88. ^ Colvin, Naomi (31 August 2013). "#Miranda: Where is the U.k. Government getting its numbers from?". Extraordinary Popular Delusions. Auerfeld.com. Archived from the original on 30 May 2014. Retrieved 30 May 2014.
89. ^ Greenwald, Glenn (6 September 2013). Greenwald: UK's Detention of My Partner Was Incredibly Menacing Bid to Stop NSA Reports (Video) (News circulate). New York: Democracy Now!. Event occurs at 5:12. Retrieved 30 May 2014.
90. ^ Stern, Ray (4 February 2014), 'Truthful Crypt' Encryption Software Stumps MCSO Detectives in Child-Porn Instance, Phoenix New Times, archived from the original on thirty May 2014, retrieved xxx May 2014
91. ^ Halliday, Josh (29 October 2013). "Briton Lauri Dearest faces hacking charges in United states of america". The Guardian . Retrieved 13 May 2016.
92. ^ "Briton Lauri Love faces new Us hacking charges". BBC News Online. BBC. 27 February 2014. Retrieved 13 May 2016.
93. ^ "Hacker Charged with Breaching Multiple Authorities Computers and Stealing Thousands of Employee and Financial Records". fbi.gov. Alexandria, VA: U.Due south. Department of Justice. 24 July 2014. Retrieved fifteen May 2016.
94. ^ Masnick, Mike (ten May 2016). "Judge Rejects Attempt To Force Lauri Beloved To Decrypt His Computers, Despite Never Charging Him With A Crime". Techdirt. Floor64. Retrieved 13 May 2016.
95. ^ [일문일답] '드루킹 특검' 종료…"수사 종료 자체 판단…외압 없었다", NewsPim, 2018.08.27., http://newspim.com/news/view/20180827000369
96. ^ 특검 "김경수, 킹크랩 개발·운영 허락…댓글 8800만건 조작 관여", Maeil Business Newspaper, 2018.08.27., http://news.mk.co.kr/newsRead.php?year=2018&no=538301
97. ^ "드루킹 일당이 걸어둔 암호 풀어라"…특검, 전문가 총동원, Yonhap, 2018/07/18, http://www.yonhapnews.co.kr/bulletin/2018/07/18/0200000000AKR20180718142500004.HTML
98. ^ ＂드루킹 댓글조작 ane/iii 암호…FBI도 못 푸는 트루크립트 사용＂, OBS Gyeongin TV, 2018.07.xix, http://voda.donga.com/3/all/39/1394189/1
99. ^ "Elevation 10 countersign cracking techniques, http://www.alphr.com/features/371158/elevation-x-password-bully-techniques
100. ^ 'FBI도 못 푼다'는 암호 풀자 드루킹 측근들 태도가 변했다, Chosun Broadcasting Visitor, 2018.07.18, http://news.tvchosun.com/site/data/html_dir/2018/07/18/2018071890102.html
101. ^ TrueCrypt License. Accessed on: 21 May 2012 Archived xxx May 2012 at archive.today
102. ^ TrueCrypt Collective License. Accessed on: 4 June 2014
103. ^ Various Licenses and Comments about Them Free Software Foundation
104. ^ ^{a b} Phipps, Simon (xv November 2013), TrueCrypt or simulated? Would-be open up source projection must clean up its act, InfoWorld, retrieved xx May 2014
105. ^ Fontana, Richard (October 2013). "TrueCrypt license (not OSI-approved; seeking history, context)". Archived from the original on 29 October 2013. Retrieved 26 October 2013.
106. ^ Tom Callaway of Red Chapeau well-nigh TrueCrypt licensing concern Accessed on ten July 2009
107. ^ Debian Bug report logs - #364034. Accessed on: 12 January 2009.
108. ^ Bug #109701 in Ubuntu. Accessed on: twenty April 2009
109. ^ TrueCrypt licensing concern Accessed on: 20 April 2009
110. ^ non-OSI compliant packages in the openSUSE Build Service. Accessed on: 20 Apr 2009
111. ^ "truecrypt-archive/License-v3.1.txt at master · DrWhax/truecrypt-archive". GitHub. 28 March 2014. Retrieved 23 July 2018.
112. ^ "TrueCrypt Goes the Way of Lavabit as Developers Shut information technology Down Without Warning". Ibtimes.co.great britain. 29 May 2014. Retrieved 1 June 2014.
113. ^ Green, Matthew D. (xvi June 2014). "Here is the note..." Archived from the original (Twitter) on 22 June 2014. Retrieved 22 June 2014.
114. ^ Goodin, Dan (19 June 2014), "Following TrueCrypt'southward bombshell advisory, developer says fork is "impossible"", Ars Technica, Condé Nast, retrieved 22 June 2014
115. ^ "Trademark Electronic Search System (TESS)". tmsearch.uspto.gov . Retrieved 31 August 2017. (search trademark directory for "TrueCrypt")
116. ^ "77165797 - Markeninformation USPTO - via tmdb". Tmdb.de . Retrieved 31 August 2017.
117. ^ "Entity Details - Secretary of Country, Nevada". Nvsos.gov. 19 August 2009. Retrieved 31 August 2017.
118. ^ "Truecrypt Foundation" (PDF). CitizenAudit.org . Retrieved 31 August 2017. (search database for "TrueCrypt")

External links [edit]

• Official website
• Open up Crypto Audit Project (OCAP) – non-turn a profit organization promoting an audit of TrueCrypt
• IsTrueCryptAuditedYet.com – website for the audit
• Veracrypt – official fork website

Archives [edit]

• Past versions on FileHippo
• Past versions on GitHub
• By versions on truecrypt.ch
• Concluding version on Gibson Research Corporation website
• Partial mirror of the original TrueCrypt 7.1a online manual

Share this post