[dm-crypt] truecrypt - what's the real story behind it?

[dm-crypt] truecrypt - what's the real story behind it?

[U.Mutlu]

Hi,
the cryptsetup tool supports besides plain and luks, also loopaes and truecrypt.
I now compiled truecrypt-7.1a, and it looks not bad.
I wonder why some people say truecrypt is no more secure.
Which part or method of truecrypt is allegedly broken? Can't be fixed?
And: is full truecrypt functionality integrated in cryptsetup tool? I mean the 
create-options below.

Here's a manually done "create"-session with the available options:

# truecrypt -c

Volume type:
  1) Normal
  2) Hidden
Select [1]: 1
Enter file or device path for new volume: /home/testuser/truecrypt-tests/enc.tcf
Enter volume size (sizeK/size[M]/sizeG): : 250M

Encryption algorithm:
  1) AES
  2) Serpent
  3) Twofish
  4) AES-Twofish
  5) AES-Twofish-Serpent
  6) Serpent-AES
  7) Serpent-Twofish-AES
  8) Twofish-Serpent
Select [1]: 3

Hash algorithm:
  1) RIPEMD-160
  2) SHA-512
  3) Whirlpool
Select [1]: 1

Filesystem:
  1) None
  2) FAT
  3) Linux Ext2
  4) Linux Ext3
  5) Linux Ext4
Select [2]: 3

-- 
cu
Uenal

Re: [dm-crypt] truecrypt - what's the real story behind it?

[Milan Broz]

On 02/08/2015 10:45 AM, U.Mutlu wrote:
> Hi,
> the cryptsetup tool supports besides plain and luks, also loopaes and truecrypt.
> I now compiled truecrypt-7.1a, and it looks not bad.

Please see the https://ciphershed.org project which tries to continue with development.

> I wonder why some people say truecrypt is no more secure.
> Which part or method of truecrypt is allegedly broken? Can't be fixed?

There is no publicly known serious problem there. But there are license and other
non-technical problems. You will get more info on devel list of project above.

> And: is full truecrypt functionality integrated in cryptsetup tool? I mean the 
> create-options below.

There is full support for mapping existing containers (with some exceptions,
see man page).

There is intentionally no new container creation support in cryptsetup and
I am not planning to add it.
We will better invest time to improving LUKS.

You can use tcplay or older version of truecrypt for that (or ciphershed when
released).

Milan

Re: [dm-crypt] truecrypt - what's the real story behind it?

[U.Mutlu]

Milan Broz wrote, On 02/08/2015 11:03 AM:
> On 02/08/2015 10:45 AM, U.Mutlu wrote:
>> Hi,
>> the cryptsetup tool supports besides plain and luks, also loopaes and truecrypt.
>> I now compiled truecrypt-7.1a, and it looks not bad.
>
> Please see the https://ciphershed.org project which tries to continue with development.
>
>> I wonder why some people say truecrypt is no more secure.
>> Which part or method of truecrypt is allegedly broken? Can't be fixed?
>
> There is no publicly known serious problem there. But there are license and other
> non-technical problems. You will get more info on devel list of project above.

Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the 
authors to abondon truecrypt developement, or was there maybe a mole among the 
devs?... conspiracy mode off  :-)

The License.txt of truecrypt-7.1a says:
"You may modify This Product (thus forming Your Product), derive new works
from This Product or portions thereof (thus forming Your Product),
include This Product or portions thereof in another product (thus forming
Your Product, unless defined otherwise in Chapter I), and You may use
(for non-commercial and/or commercial purposes), copy, and/or distribute
Your Product."

>> And: is full truecrypt functionality integrated in cryptsetup tool? I mean the
>> create-options below.
>
> There is full support for mapping existing containers (with some exceptions,
> see man page).
>
> There is intentionally no new container creation support in cryptsetup and
> I am not planning to add it.
> We will better invest time to improving LUKS.

The advantage of truecrypt, as I see it, is that it is a multiplatform 
solution; works even under the Windows cr*p (btw. what's the status of 
"Microsoft Linux"? :-), they really shouldn't have dropped their Xenix;
I had the pleasure to work on it for about 2 years at the end of the 
1980ies... As time goes by...

> You can use tcplay or older version of truecrypt for that (or ciphershed when
> released).

Thx, as said truecrypt-7.1a works fine here, but a maintained package
is of course better, so I think I'll check the ciphershed release.
And thx for the link to their project site; I didn't know of them.
There I found also this link with some info about truecrypt's future:
https://forum.truecrypt.ch/

>
> Milan

-- 
cu
Uenal

Re: [dm-crypt] truecrypt - what's the real story behind it?

[Heinz Diehl]

On 08.02.2015, U.Mutlu wrote: 

> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the
> authors to abondon truecrypt developement, or was there maybe a mole among
> the devs?... conspiracy mode off  :-)

Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC development
was rather financial ones.
 
> The advantage of truecrypt, as I see it, is that it is a multiplatform
> solution; works even under the Windows cr*p

If you use Wind*ws as your platform, you'll most likely have a lot more serious
security problems than a simple "how reliable is TC"... ;-)

Re: [dm-crypt] truecrypt - what's the real story behind it?

[Alex Elsayed]

Heinz Diehl wrote:

> On 08.02.2015, U.Mutlu wrote:
> 
>> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the
>> authors to abondon truecrypt developement, or was there maybe a mole
>> among
>> the devs?... conspiracy mode off  :-)
> 
> Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC
> development was rather financial ones.
>  
>> The advantage of truecrypt, as I see it, is that it is a multiplatform
>> solution; works even under the Windows cr*p
> 
> If you use Wind*ws as your platform, you'll most likely have a lot more
> serious security problems than a simple "how reliable is TC"... ;-)

Also, while IIRC it doesn't support encrypted rootfs, there _is_ FreeOTFE 
for opening LUKS volumes on Windows.

Re: [dm-crypt] truecrypt - what's the real story behind it?

[Alex Elsayed]

Alex Elsayed wrote:

> Heinz Diehl wrote:
> 
>> On 08.02.2015, U.Mutlu wrote:
>> 
>>> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of
>>> the authors to abondon truecrypt developement, or was there maybe a mole
>>> among
>>> the devs?... conspiracy mode off  :-)
>> 
>> Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC
>> development was rather financial ones.
>>  
>>> The advantage of truecrypt, as I see it, is that it is a multiplatform
>>> solution; works even under the Windows cr*p
>> 
>> If you use Wind*ws as your platform, you'll most likely have a lot more
>> serious security problems than a simple "how reliable is TC"... ;-)
> 
> Also, while IIRC it doesn't support encrypted rootfs, there _is_ FreeOTFE
> for opening LUKS volumes on Windows.

Correction; it seems FreeOTFE died while I wasn't looking. This seems to be 
the replacement: https://en.wikipedia.org/wiki/DoxBox

Re: [dm-crypt] truecrypt - what's the real story behind it?

[U.Mutlu]

Heinz Diehl wrote, On 02/08/2015 01:02 PM:
> On 08.02.2015, U.Mutlu wrote:
>
>> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the
>> authors to abondon truecrypt developement, or was there maybe a mole among
>> the devs?... conspiracy mode off  :-)
>
> Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC development
> was rather financial ones.
>
>> The advantage of truecrypt, as I see it, is that it is a multiplatform
>> solution; works even under the Windows cr*p
>
> If you use Wind*ws as your platform, you'll most likely have a lot more serious
> security problems than a simple "how reliable is TC"... ;-)

That's true, of course, but I was thinking of the mass of the other users
ie. a million (or billion) fruit-flies can't be wrong... :-)

-- 
cu
Uenal

Re: [dm-crypt] truecrypt - what's the real story behind it?

[Sven Eschenberg]

On Sun, February 8, 2015 11:03, Milan Broz wrote:
> On 02/08/2015 10:45 AM, U.Mutlu wrote:
>> Hi,
>> the cryptsetup tool supports besides plain and luks, also loopaes and
>> truecrypt.
>> I now compiled truecrypt-7.1a, and it looks not bad.
>
> Please see the https://ciphershed.org project which tries to continue with
> development.
>
>> I wonder why some people say truecrypt is no more secure.
>> Which part or method of truecrypt is allegedly broken? Can't be fixed?
>
> There is no publicly known serious problem there. But there are license
> and other
> non-technical problems. You will get more info on devel list of project
> above.

AFAIK the preset for number of rounds (iterations) in key derivation is
rather low with truecrypt. A good key and/or keyfile with entropy should
fix that though.

>
>> And: is full truecrypt functionality integrated in cryptsetup tool? I
>> mean the
>> create-options below.
>
> There is full support for mapping existing containers (with some
> exceptions,
> see man page).
>
> There is intentionally no new container creation support in cryptsetup and
> I am not planning to add it.
> We will better invest time to improving LUKS.

I agree, sooner or later we will have LUKSv2 ;-).

>
> You can use tcplay or older version of truecrypt for that (or ciphershed
> when
> released).
>
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

-Sven

Re: [dm-crypt] truecrypt - what's the real story behind it?

[Sven Eschenberg]

On Sun, February 8, 2015 13:09, Alex Elsayed wrote:
> Heinz Diehl wrote:
>
>> On 08.02.2015, U.Mutlu wrote:
>>
>>> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of
>>> the
>>> authors to abondon truecrypt developement, or was there maybe a mole
>>> among
>>> the devs?... conspiracy mode off  :-)
>>
>> Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC
>> development was rather financial ones.
>>
>>> The advantage of truecrypt, as I see it, is that it is a multiplatform
>>> solution; works even under the Windows cr*p
>>
>> If you use Wind*ws as your platform, you'll most likely have a lot more
>> serious security problems than a simple "how reliable is TC"... ;-)
>
> Also, while IIRC it doesn't support encrypted rootfs, there _is_ FreeOTFE
> for opening LUKS volumes on Windows.

Not for -plain64 and/or GPT though. DoxBox is trying to fix these (and
some further) things, after Sarah Dean disappeared alltogether and
FreeOTFE is no longer maintained.