yon Leveron blog

John's musings on the Interknot cowpath

Archive for the 'Security – Crypto' Category

TrueCrypt 7.0a launched

Posted by John on 6th September 2010

via http://www.truecrypt.org/docs/?s=version-history and new download @ http://www.truecrypt.org/downloads

7.0a

September 6, 2010

Improvements:

  • Workaround for a bug in some custom (non-Microsoft) drivers for storage device controllers that caused a system crash when initiating hibernation on TrueCrypt-encrypted operating systems.  (Windows 7/Vista/2008/2008R2)
  • Other minor improvements  (Windows, Mac OS X, and Linux)

Bug fixes:

  • Minor bug fixes  (Windows, Mac OS X, and Linux)

7.0


July 19, 2010

New features:

  • Hardware-accelerated AES (for more information, see the chapter Hardware Acceleration).Note: If you want to disable hardware acceleration, select Settings > Performance and disable the option ‘Accelerate AES encryption/decryption by using the AES instructions of the processor‘.
  • A volume can now be configured to be automatically mounted whenever its host device gets connected to the computer (provided that the correct password and/or keyfiles are supplied).  (Windows)Note: For example, if you have a TrueCrypt container on a USB flash drive and you want to configure TrueCrypt to mount it automatically whenever you insert the USB flash drive into the USB port, follow these steps: 1. Mount the volume. 2. Right-click the mounted volume in the drive list in the main TrueCrypt window and select ‘Add to Favorites‘. 3. The Favorites Organizer window should appear. In it, enable the option ‘Mount selected volume when its host device gets connected‘ and click OK.Also note that TrueCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > ‘System Encryption‘) and the volume uses the same password as the system partition/drive. The same applies to cached non-system volume passwords.
  • Partition/device-hosted volumes can now be created on drives that use a sector size of 4096, 2048, or 1024 bytes (Windows, Linux).  Note: Previously only file-hosted volumes were supported on such drives.
  • Favorite Volumes Organizer (Favorites > ‘Organize Favorite Volumes‘ or ‘Organize System Favorite Volumes‘), which allows you to set various options for each favorite volume. For example, any of them can be mounted upon logon, as read-only or removable medium, can be assigned a special label (which is shown within the user interface instead of the volume path), excluded from hotkey mount, etc. The order in which favorite volumes are displayed in the Favorites Organizer window can be changed and it is the order in which the volumes are mounted (e.g. when Windows starts or by pressing the ‘Mount Favorite Volumes‘ hotkey). For more information, see the chapters Favorite Volumes and System Favorite Volumes.  (Windows)
  • The Favorites menu now contains a list of your non-system favorite volumes. When you select a volume from the list, you are asked for its password (and/or keyfiles) (unless it is cached) and if it is correct, the volume is mounted. (Windows)

Security improvements:

  • In response to our public complaint regarding the missing API for encryption of Windows hibernation files, Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions of Windows (for more information, see the section TrueCrypt 5.1a in this version history). Starting with this version 7.0, TrueCrypt uses this API to encrypt hibernation and crash dump files in a safe documented way. (Windows 7/Vista/2008/2008R2)Note: As Windows XP and Windows 2003 do not provide any API for encryption of hibernation files, TrueCrypt has to modify undocumented components of Windows XP/2003 in order to allow users to encrypt hibernation files. Therefore, TrueCrypt cannot guarantee that Windows XP/2003 hibernation files will always be encrypted. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend that you upgrade to Windows Vista or later and to TrueCrypt 7.0 or later. For more information, see the section Hibernation File.

Improvements:

  • Many minor improvements.  (Windows, Mac OS X, and Linux)

Bug fixes:

  • Minor bug fixes.  (Windows, Mac OS X, and Linux)

Removed features:

  • TrueCrypt no longer supports device-hosted volumes located on floppy disks. Note: You can still create file-hosted TrueCrypt volumes on floppy disks.

6.3a

November 23, 2009

Improvements and bug fixes:

  • Minor improvements and bug fixes.  (Windows, Mac OS X, and Linux)

6.3

October 21, 2009

Improvements, bug fixes:

  • Full support for Windows 7.
  • Full support for Mac OS X 10.6 Snow Leopard.
  • The ability to configure selected volumes as ‘system favorite volumes’. This is useful, for example, when you have volumes that need to be mounted before system and application services start and before users start logging on. It is also useful when there are network-shared folders located on a TrueCrypt volume and you need to ensure that the network shares will be restored by the system each time it is restarted. For more information, see the chapter System Favorite Volumes.  (Windows)

Improvements and bug fixes:

  • ‘Favorite’ volumes residing within partitions or dynamic volumes will no longer be affected by changes in disk device numbers, which may occur, e.g., when a drive is removed or added. Note: If you use a favorite volume list saved by TrueCrypt 6.2a or earlier and you want to take advantage of this improvement, you need to resave the list using TrueCrypt 6.3.  (Windows)
  • Many other minor improvements and bug fixes.  (Windows, Mac OS X, and Linux)

6.2a

June 15, 2009

Improvements and bug fixes:

  • Improved file container creation speed on systems having issues with write block sizes greater than 64 KB.  (Windows)
  • The ‘Device not ready’ error will no longer occur when the process of decryption of a system partition/drive is finished.  (Windows)
  • Other minor improvements and bug fixes.  (Windows, Mac OS X, and Linux)

6.2

May 11, 2009

New features:

  • The I/O pipeline now uses read-ahead buffering, which improves read performance especially on solid-state drives, typically by 30-50%.  (Windows)

Improvements, bug fixes, and security enhancements:

  • The boot loader now supports motherboards with BIOSes that reserve large amounts of base memory (typically for onboard RAID controllers). Note: In order to be able to take advantage of this improvement under Windows Vista, you will have to install Service Pack 1 or higher first. Service Pack 1 for Windows Vista resolved an issue causing a shortage of free base memory during system boot.  (Windows Vista/XP/2008/2003)
  • Mounting using the ‘Auto-Mount Devices‘ feature may take significantly less time as partitions containing unencrypted filesystems are now skipped.  (Windows)
  • When volumes that are mounted as read-only or removable are saved as favorite volumes, they are mounted as read-only and/or removable when ‘Mount Favorite Volumes‘ is used.
  • When a multiple-pass wipe algorithm is selected when performing in-place encryption of a non-system volume, the header areas will be wiped before the encrypted headers are written to the disk. Note: On an existing volume, you can perform such an operation by changing its password and/or keyfiles.  (Windows Vista/2008)
  • Many other minor improvements, bug fixes and security enhancements.  (Windows, Mac OS X, and Linux)

6.1a

December 1, 2008

Improvements, bug fixes, and security enhancements:

  • Minor improvements, bug fixes, and security enhancements.  (Windows, Mac OS X, and Linux)

6.1

October 31, 2008

New features:

  • Ability to encrypt a non-system partition without losing existing data on the partition. (Windows Vista/2008)Note: To encrypt a non-system partition in place, click ‘Create Volume‘ > ‘Encrypt a non-system partition‘ > ‘Standard volume‘ > ‘Select Device‘ > ‘Encrypt partition in place‘ and then follow the instructions in the wizard. Please note that this is not supported on Windows XP/2000/2003 as these versions of Windows do not natively support shrinking of a filesystem (the filesystem needs to be shrunk to make space for the volume header and backup header).
  • Support for security tokens and smart cards (for more information, see section Security Tokens and Smart Cards in chapter Keyfiles).
  • The TrueCrypt boot loader can be prevented from displaying any texts (by selecting Settings > System Encryption and enabling the option ‘Do not show any texts in the pre-boot authentication screen’).
  • The TrueCrypt boot loader can now display a custom message (select Settings > System Encryption and enter the message in the corresponding field) either without any other texts or along with the standard TrueCrypt boot loader texts.
  • Pre-boot authentication passwords can now be cached in the driver memory, which allows them to be used for mounting of non-system TrueCrypt volumes (select Settings > System Encryption and enable the option ‘Cache pre-boot authentication password‘).
  • Linux and Mac OS X versions: The ability to mount a Windows system partition encrypted by TrueCrypt and to mount a partition located on a Windows system drive that is fully encrypted by a Windows version of TrueCrypt.

Improvements:

  • Protection against memory corruption caused by bugs in certain versions of some BIOSes, which prevented the TrueCrypt boot loader from working properly. (Windows Vista/XP/2008/2003)
  • During the process of creation of a hidden operating system, TrueCrypt now securely erases the entire content of the partition where the original system resides after the hidden system has been created. The user is then prompted to install a new system on the partition and encrypt it using TrueCrypt (thus the decoy system is created).Note: Although we are not aware of any security issues (connected with decoy systems) affecting the previous versions of TrueCrypt, we have implemented this change to prevent any such undiscovered security issues (if there are any). Otherwise, in the future, a vulnerability might be discovered that could allow an attacker to find out that the TrueCrypt wizard was used in the hidden-system-creation mode (which might indicate the existence of a hidden operating system on the computer) e.g. by analyzing files, such as log files created by Windows, on the partition where the original system (of which the hidden system is a clone) resides. In addition, due to this change, it is no longer required that the paging file is disabled and hibernation prevented when creating a hidden operating system.
  • Many other improvements.  (Windows, Mac OS X, and Linux)

Bug fixes:

  • Many minor bug fixes and security improvements.  (Windows, Mac OS X, and Linux)

6.0a

July 8, 2008

Resolved incompatibilities / bug fixes:

  • On systems where certain inappropriately designed chipset drivers were installed, it was impossible to encrypt the system partition/drive. This will no longer occur.
    (Windows Vista/XP/2008/2003)
  • Other minor bug fixes.  (Windows, Mac OS X, and Linux)

6.0

July 4, 2008

New features:

  • Parallelized encryption/decryption on multi-core processors (or multi-processor systems). Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors.For example, if your computer has a quad-core processor, encryption and decryption will be four times faster than on a single-core processor with equivalent specifications (likewise, it will be twice faster on dual-core processors, etc.)[View benchmark results]
  • Ability to create and run an encrypted hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed).  For more information, see the section Hidden Operating System.   (Windows Vista/XP/2008/2003)For security reasons, when a hidden operating system is running, TrueCrypt ensures that all local unencrypted filesystems and non-hidden TrueCrypt volumes are read-only. (Data is allowed to be written to filesystems within hidden TrueCrypt volumes.)Note: We recommend that hidden volumes are mounted only when a hidden operating system is running. For more information, see the subsection Security Requirements and Precautions Pertaining to Hidden Volumes.
  • On Windows Vista and Windows 2008, it is now possible to encrypt an entire system drive even if it contains extended/logical partitions. (Note that on Windows XP you can encrypt an entire system drive too, but it must contain only primary partitions.)
  • New volume format that increases reliability, performance and expandability:
    • Each volume created by this or later versions of TrueCrypt will contain an embedded backup header (located at the end of the volume). Note that it is impossible to mount a volume when its header is damaged (the header contains an encrypted master key). Therefore, embedded backup headers significantly reduce this risk. Also note that a backup header is not a copy of the original volume header because it is encrypted with a different header key derived using a different salt. For more information, see the subsection Tools > Restore Volume Header.Note: If the user fails to supply the correct password (and/or keyfiles) twice in a row when trying to mount a volume, TrueCrypt will automatically try to mount the volume using the embedded backup header (in addition to trying to mount it using the primary header) each subsequent time that the user attempts to mount the volume (until he or she clicks Cancel). If TrueCrypt fails to decrypt the primary header but it successfully decrypts the embedded backup header at the same time, the volume is mounted and the user is warned that the volume header is damaged (and informed as to how to repair it).
    • The size of the volume header area has been increased to 128 KB. This will allow implementation of new features and improvements in future versions and ensures that performance will not be impaired when a TrueCrypt volume is stored on a file system or device that uses a sector size greater than 512 bytes (the start of the data area will always be aligned with the start of a host-filesystem/physical sector).

    For more information about the new volume format, see the section TrueCrypt Volume Format Specification.

    Note: Volumes created by previous versions of TrueCrypt can be mounted using this version of TrueCrypt.

  • Parallelized header key derivation on multi-core processors (one algorithm per core/thread). As a result, mounting is several times faster on multi-core processors.  (Windows)
  • Ability to create hidden volumes under Mac OS X and Linux.
  • On Linux, TrueCrypt now uses native kernel cryptographic services (by default) for volumes encrypted in XTS mode. This increases read/write speed in most cases. However, the FUSE driver must still be used when the volume is encrypted in a deprecated mode of operation (LRW or CBC), or when mounting an outer volume with hidden-volume protection, or when using an old version of the Linux kernel that does not support XTS mode.

Improvements:

  • Up to 20% faster resuming from hibernation when the system partition/drive is encrypted. (Windows Vista/XP/2008/2003)
  • Many other improvements.  (Windows, Mac OS X, and Linux)

Removed features:

  • Encrypted system partitions/drives can no longer be permanently decrypted using the TrueCrypt Boot Loader (however, it is still possible using the TrueCrypt Rescue Disk). (Windows Vista/XP/2008/2003)Note: This was done in order to reduce the memory requirements for the TrueCrypt Boot Loader, which was necessary to enable the implementation of support for hidden operating systems.

Bug fixes:

  • When Windows XP was installed on a FAT16 or FAT32 partition (as opposed to an NTFS partition) and the user attempted to encrypt the system partition (or system drive), the system encryption pretest failed. This will no longer occur.
  • Many other minor bug fixes and security improvements (preventing e.g. denial-of-service attacks). (Windows, Mac OS X, and Linux)

5.1a

March 17, 2008

Improvements:

  • Faster booting when the system partition/drive is encrypted (typically by 10%).   (Windows Vista/XP/2008/2003)
  • Other minor improvements.  (Windows, Mac OS X, and Linux)

Resolved incompatibilities:

  • On computers with certain hardware configurations, resuming from hibernation failed when the system partition was encrypted. Note: If you encountered this problem, the content of RAM may have been saved unencrypted to the hibernation file. You can erase such data, for example, by decrypting the system partition/drive (select System > Permanently Decrypt System Partition/Drive) and then encrypting it again.  (Windows Vista/XP/2008/2003)Remark: As Microsoft does not provide any API for handling hibernation, non-Microsoft developers of disk encryption software are forced to modify undocumented components of Windows in order to allow users to encrypt hibernation files. Therefore, no disk encryption software (except for Microsoft’s BitLocker) can guarantee that hibernation files will always be encrypted. At anytime, Microsoft can arbitrarily modify components of Windows (using the auto-update feature of Windows) that are not publicly documented or accessible via a public API. Any such change, or the use of an untypical or custom storage device driver, may cause any non-Microsoft disk encryption software to fail to encrypt the hibernation file. We plan to file a complaint with Microsoft (and if rejected, with the European Commission) about this issue, also due to the fact that Microsoft’s disk encryption software, BitLocker, is not disadvantaged by this.[Update 2008-04-02: Although we have not filed any complaint with Microsoft yet, we were contacted (on March 27) by Scott Field, a lead Architect in the Windows Client Operating System Division at Microsoft, who stated that he would like to investigate our requirements and look at possible solutions. We responded on March 31 providing details of the issues and suggested solutions.][Update 2009-05-10: Since April 2008, we have been working with Microsoft to explore possible ways to solve this issue. We have private access to a draft version of a document specifying the future API, which should allow us to solve the issue on Windows Vista and later versions of Windows. Note: We have been asked not to disclose the content of the document to any third parties, so please do not ask us to send you a copy of the document.]

    [Update 2010-07-19: Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions of Windows. Since version 7.0, TrueCrypt has used this API and therefore has been able to safely encrypt hibernation files under Windows Vista and later versions of Windows. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend that you upgrade to Windows Vista or later and to TrueCrypt 7.0 or later.]

  • Workaround for a bug in the BIOS of some Apple computers that prevented users from entering pre-boot authentication passwords and controlling the TrueCrypt Boot Loader.   (Windows Vista/XP/2008/2003)

Bug fixes:

  • When the system partition/drive is decrypted under Windows, the original partition table will not be restored. Note: This issue affected users who repartitioned an encrypted system drive and then decrypted it under Windows.   (Windows Vista/XP/2008/2003)
  • Other minor bug fixes.  (Windows, Mac OS X, and Linux)

5.1

March 10, 2008

New features:

  • Support for hibernation on computers where the system partition is encrypted (previous versions of TrueCrypt prevented the system from hibernating when the system partition was encrypted). (Windows Vista/XP/2008/2003)
  • Ability to mount a partition that is within the key scope of system encryption without pre-boot authentication (for example, a partition located on the encrypted system drive of another operating system that is not running).   (Windows Vista/XP/2008/2003)Note: This can be useful e.g. when there is a need to back up or repair an operating system encrypted by TrueCrypt (from within another operating system).
  • Command line options for creating new volumes.  (Linux and Mac OS X)

Improvements:

  • Increased speed of AES encryption/decryption (depending on the hardware platform, by 30-140%).    (Windows)
  • Faster booting when the system partition/drive is encrypted.   (Windows Vista/XP/2008/2003)
  • When the system partition/drive is encrypted, the TrueCrypt Boot Loader is now stored in a compressed form and is, therefore, smaller. If a non-cascade encryption algorithm is used (i.e., AES, Serpent, or Twofish), the TrueCrypt Boot Loader is now small enough so that a backup of the TrueCrypt Boot Loader can be (and is) stored in the first drive track. Whenever the TrueCrypt Boot Loader is damaged, its backup copy is run automatically instead.As a result of this improvement, the following problem will no longer occur: Certain inappropriately designed activation software (used for activation of some third-party software) writes data to the first drive track, thus damaging the TrueCrypt Boot Loader. The affected users had to use the TrueCrypt Rescue Disk to repair the TrueCrypt Boot Loader. This will no longer be necessary after upgrading to this version of TrueCrypt (provided that the system partition/drive is encrypted using a non-cascade encryption algorithm, i.e., AES, Serpent, or Twofish).Note: If your system partition/drive is currently encrypted using a non-cascade encryption algorithm (i.e., AES, Serpent, or Twofish), a backup copy of the TrueCrypt Boot Loader will be automatically stored in the first drive track when you upgrade to this version of TrueCrypt.
  • The minimum memory requirements for the TrueCrypt Boot Loader (AES) have been reduced from 42 KB to 27 KB (twenty-seven kilobytes). This allows users to encrypt system partitions/drives on computers where the BIOS reserves a large amount of memory (provided that the AES encryption algorithm is used).  (Windows Vista/XP/2008/2003)
  • Many other minor improvements.  (Windows, Mac OS X, and Linux)

Resolved incompatibilities:

  • On some computers, when performing the system encryption pretest, Windows failed to display the log-on screen. This will no longer occur.   (Windows Vista/XP/2008/2003)

Bug fixes:

  • On some systems, drive letters were not correctly assigned to newly mounted non-system volumes. This will no longer occur.  (Windows)
  • Many other minor bug fixes.  (Windows, Mac OS X, and Linux)

5.0a

February 12, 2008

Improvements:

  • The memory requirements for the TrueCrypt Boot Loader have been reduced by 18 KB (eighteen kilobytes). As a result of this improvement, the following problem will no longer occur on most of the affected computers: The memory requirements of the TrueCrypt Boot Loader 5.0 prevented users of some computers from encrypting system partitions/drives (when performing the system encryption pretest, the TrueCrypt Boot Loader displayed the following error message: Insufficient memory for encryption).

Bug fixes:

  • On computers equipped with certain brands of audio cards, when performing the system encryption pretest or when the system partition/drive is encrypted, the sound card drivers failed to load. This will no longer occur.   (Windows Vista/XP/2003)
  • It is possible to access mounted TrueCrypt volumes over a network.   (Windows)
  • TrueCrypt Rescue Disks created by the previous version could not be booted on some computers. This will no longer occur.  (Windows Vista/XP/2003)Note: If your TrueCrypt Rescue Disk created by TrueCrypt 5.0 cannot be booted on your computer, please upgrade to this version of TrueCrypt and then create a new TrueCrypt Rescue Disk (select ‘System‘ > ‘Create Rescue Disk‘).
  • Many other minor bug fixes.  (Windows, Mac OS X, and Linux)

5.0

February 5, 2008

New features:

  • Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption.   (Windows Vista/XP/2003)
  • Pipelined operations increasing read/write speed by up to 100%   (Windows)
  • Mac OS X version
  • Graphical user interface for the Linux version of TrueCrypt
  • The TrueCrypt Volume Creation Wizard now allows creation of hidden volumes within NTFS volumes.  (Windows Vista/XP/2003/2008)
  • XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation).Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.
  • SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select ‘Volumes‘ > ‘Set Header Key Derivation Algorithm‘.


Improvements, bug fixes, and security enhancements:

  • The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).
  • Many other minor improvements, bug fixes, and security enhancements.  (Windows and Linux)If you are using an older version of TrueCrypt, it is strongly recommended that you upgrade to this version.

What was new in older versions >>

—————-
Now playing: Pink Floyd – Wish You Were Here – Shine On You Crazy Diamond (Part I-V)
via FoxyTunes

Technorati FavoritesShare

Tags:
Posted in Security - Crypto | No Comments »

Ever wonder what a bot net looks like?

Posted by John on 27th August 2010

Here you go :)   Hits from around the world, in a few minutes time, all using the exact same browser version.

Yes, obviously there’s a new vulnerability in the package they were trying to reach.  It’s how the Borg – make more Borg ! (click pic to open full size)

bot net display

That url has now been added to the “deny” statements, which’ll drop further messages from an attacker at that IP  into the bit-bucket for a week, at least for my domain . . .
—————-
Now playing: john lee hooker – 1 bourbon, 1 scotch, 1 beer
via FoxyTunes

Technorati FavoritesShare

Tags: ,
Posted in Security - Crypto, Tech | No Comments »

HTTPS everywhere : good stuff !

Posted by John on 25th July 2010

(and of course, your humble site here supports SSL as well :) )

HTTPS Everywhere

HTTPS Everywhere is in Beta!

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Encrypt the Web: Install HTTPS Everywhere

The plugin currently works for:

  • Google Search
  • Wikipedia
  • Twitter
  • Facebook
  • most of Amazon
  • GMX
  • WordPress.com blogs
  • The New York Times
  • The Washington Post
  • Paypal
  • EFF
  • Tor
  • Ixquick

(and many other sites)

Note that some of those sites still include a lot of content from third party domains that is not available over HTTPS. As always, if the browser’s lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis. However, the effort required to monitor your browsing should still be usefully increased.

Answers to common questions may be on the frequently asked questions page.

You can help us test forthcoming rulesets and features by installing the development branch of the extension.

Send feedback on this project to the https-everywhere AT eff.org mailing list. You can also subscribe.

(more info at their site, linked from the pictures above, and what not!)

—————-
Now playing: Modettes – Paint It Black
via FoxyTunes

Technorati FavoritesShare

Tags: , ,
Posted in General, Security - Crypto | No Comments »

TrueCrypt 7.0 released today

Posted by John on 19th July 2010

via http://www.truecrypt.org/docs/?s=version-history

download @ http://www.truecrypt.org/downloads

Version History >  Part 1 External Link



TrueCrypt – Free Open-Source Disk Encryption Software




7.0

July 19, 2010

New features:

  • Hardware-accelerated AES (for more information, see the chapter Hardware Acceleration).

    Note: If you want to disable hardware acceleration, select Settings > Performance and disable the option ‘Accelerate AES encryption/decryption by using the AES instructions of the processor‘.

  • A volume can now be configured to be automatically mounted whenever its host device gets connected to the computer (provided that the correct password and/or keyfiles are supplied).  (Windows)

    Note: For example, if you have a TrueCrypt container on a USB flash drive and you want to configure TrueCrypt to mount it automatically whenever you insert the USB flash drive into the USB port, follow these steps: 1. Mount the volume. 2. Right-click the mounted volume in the drive list in the main TrueCrypt window and select ‘Add to Favorites‘. 3. The Favorites Organizer window should appear. In it, enable the option ‘Mount selected volume when its host device gets connected‘ and click OK.

    Also note that TrueCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > ‘System Encryption‘) and the volume uses the same password as the system partition/drive. The same applies to cached non-system volume passwords.

  • Partition/device-hosted volumes can now be created on drives that use a sector size of 4096, 2048, or 1024 bytes (Windows, Linux).  Note: Previously only file-hosted volumes were supported on such drives.
  • Favorite Volumes Organizer (Favorites > ‘Organize Favorite Volumes‘ or ‘Organize System Favorite Volumes‘), which allows you to set various options for each favorite volume. For example, any of them can be mounted upon logon, as read-only or removable medium, can be assigned a special label (which is shown within the user interface instead of the volume path), excluded from hotkey mount, etc. The order in which favorite volumes are displayed in the Favorites Organizer window can be changed and it is the order in which the volumes are mounted (e.g. when Windows starts or by pressing the ‘Mount Favorite Volumes‘ hotkey). For more information, see the chapters Favorite Volumes and System Favorite Volumes.  (Windows)
  • The Favorites menu now contains a list of your non-system favorite volumes. When you select a volume from the list, you are asked for its password (and/or keyfiles) (unless it is cached) and if it is correct, the volume is mounted. (Windows)


Security improvements:

  • In response to our public complaint regarding the missing API for encryption of Windows hibernation files, Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions of Windows (for more information, see the section TrueCrypt 5.1a in this version history). Starting with this version 7.0, TrueCrypt uses this API to encrypt hibernation and crash dump files in a safe documented way. (Windows 7/Vista/2008/2008R2)

    Note: As Windows XP and Windows 2003 do not provide any API for encryption of hibernation files, TrueCrypt has to modify undocumented components of Windows XP/2003 in order to allow users to encrypt hibernation files. Therefore, TrueCrypt cannot guarantee that Windows XP/2003 hibernation files will always be encrypted. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend that you upgrade to Windows Vista or later and to TrueCrypt 7.0 or later. For more information, see the section Hibernation File.

Improvements:

  • Many minor improvements.  (Windows, Mac OS X, and Linux)

Bug fixes:

  • Minor bug fixes.  (Windows, Mac OS X, and Linux)

Removed features:

  • TrueCrypt no longer supports device-hosted volumes located on floppy disks. Note: You can still create file-hosted TrueCrypt volumes on floppy disks.

Technorati FavoritesShare

Tags: , ,
Posted in General, Security - Crypto, Tech | No Comments »

System Encryption: BitLocker And TrueCrypt Compared

Posted by John on 6th May 2010

System Encryption: BitLocker And TrueCrypt Compared

2:00 AM – April 28, 2010 by Patrick Schmid and Achim Roos
Table of contents
  • 1 – A Bit-Locking And Cryptography Exercise
  • 2 – BitLocker On Windows 7 Ultimate x64
  • 3 – TrueCrypt 6.3a On Windows 7 Ultimate x64
  • 4 – TrueCrypt, Continued
  • 5 – Test Setup And Settings
  • 6 – Benchmark Results: Archiving Tools
  • 7 – Benchmark Results: PCMark Vantage
  • 8 – Benchmark Results: SYSmark 2007 Preview
  • 9 – Conclusion

Now that Intel offers hardware-based AES acceleration in a number of its mainstream processors, it’s time to take a look at two of the most popular system encryption tools, BitLocker and TruCrypt, both of which are able to harness the hardware feature.

Microsoft has been shipping BitLocker drive encryption tool with Windows Vista and Windows 7 operating systems, but it’s only available on the two highest-end editions, Enterprise and Ultimate. Fortunately, there is a powerful alternative to BitLocker for everyone else. TrueCrypt is open source and offers even more flexibility. We decided to compare the features and performance of both solutions.

We published a comprehensive article on TrueCrypt 6.1 just over a year ago. That story looked at the process of how to encrypt a Windows system partition, and we ran benchmarks, in addition to battery runtime tests on a notebook. The conclusion was promising: TrueCrypt 6 lets you encrypt and password-protect your entire system on the fly with only minor performance and battery life penalties.

By now, there’s really no need to rehash the merits of encrypting user data, especially for the folks who handle sensitive information. Losing information to a failed drive is one thing, and it can typically be addressed, even if it’s an expensive proposition (then again, you already know you should be running regular backups, right?). But data falling into the wrong hands can be an even more dire problem for businesses.

This time around, we wanted to double-check our findings with TrueCrypt against Microsoft’s value-added BitLocker. Does it make sense to pay up for a higher-end Windows version to get this extra functionality, or will TrueCrypt do the exact same thing at no cost? Another reason to revisit encryption solutions is the availability of AES new instructions (AES-NI) in Intel’s Core i5 mainstream dual-core processors (Clarkdale) and the top-end, six-core Core i7 (Gulftown). Can BitLocker and TrueCrypt truly showcase the benefits of hardware-based AES acceleration? Let’s find out.

(catch the full article @ http://www.tomshardware.com/reviews/bitlocker-truecrypt-encryption,2587.html)

—————-
Now playing: Strontium 90 – 3 O’Clock Shot – Live
via FoxyTunes

Technorati FavoritesShare

Tags: , , , ,
Posted in General, Security - Crypto, Tech | No Comments »

Nice Rsync backup option . . .

Posted by John on 21st March 2010

Based upon the statements on their page at http://www.rsync.net/ they have a company philosophy that is awfully hard to argue with.

True tech support by fellow engineers, options on single or multiple site data, urging you to encrypt before transmission, and especially the canary.

Very, very nice.  And a ton of options, for the less technical all the way to API writers.

rsync logoThe EFF would approve I bet !

—————-
Now playing: Generation X – Ready Steady Go
via FoxyTunes

Technorati FavoritesShare

Tags: , , , ,
Posted in Security - Crypto, Tech | 1 Comment »

remote port forwarding

Posted by John on 8th March 2010

This is an interesting VPN concept, perhaps to allow you to run a home https web server, but to make your content available to users stuck behind the Great Firewall, etc.

https://blog.perfect-privacy.com/2009/06/30/perfect-privacy-remote-port-forwarding/

Though from long work in the security arena, keep in mind that “no solution is 100%” . . .

great firewall of china

—————-
Now playing: Godsmack – Whatever
via FoxyTunes

Technorati FavoritesShare

Posted in Security - Crypto, Tech | No Comments »

some new intel 32nm chips to support hardware AES acceleration

Posted by John on 3rd February 2010

(this next bit can affect everything from certain web transactions, to VoIP, to full disk encryption . . .)

AES-NI Performance Analyzed; Limited To 32nm Core i5 CPUs

2:00 AM – 02/02/2010 by Patrick Schmid and Achim Roos

Security is an important topic these days. However, it’s typically only recognized as important by professionals. If security were to suddenly turn into a mainstream selling point, though, then perhaps it’d make more sense for companies like Intel to promote it.

The Advanced Encryption Standard (AES) has already been adopted by the United States government—including the NSA—along with many other institutions. Intel’s 32nm Clarkdale-based CPUs (only the Core i5-600-series, so far) now promise significant performance benefits for AES encryption and decryption via new instructions. Today we’re looking at the real-world benefits of Intel’s AES-NI functionality, comparing a dual-core Core i5-661 with AES New Instructions (AES-NI) to a quad-core Core i7-870, which lacks the new encryption acceleration capability.

Encryption is used much more intensively than you might suspect. Consider Internet sites that hold you sensitive personal information, or utilize sensitive data for transactions. They all use protocols like Transport Layer Security (TLS) or Secure Sockets Layer (SSL). VoIP, instant messaging, and email may also be protected with these protocols. Virtual Private Networks (VPNs) and electronic payments are other popular encryption applications.

However, TLS and SSL are cryptographic protocols for secure communication, while AES is a general-purpose encryption standard. It can be used to encrypt individual files, data containers, archive files, entire drives (including thumb drives), and even multi-drive volumes. AES can be implemented in software, and there are products based on hardware acceleration as well, since encryption/decryption represent a rather significant workload. Solutions like TrueCrypt or Microsoft’s BitLocker, which is part of Windows Vista and Windows 7 Ultimate, are capable of encrypting entire partitions on the fly.

(for the rest of the first page, and all the other pages, hit up Tom’s)

—————-
Now playing: Men At Work – Crazy
via FoxyTunes

Technorati FavoritesShare

Tags: , , , ,
Posted in Security - Crypto, Tech | No Comments »

More cross platform crypto – javascript hashing functions

Posted by John on 31st January 2010

Technorati FavoritesShare

Tags: , , , ,
Posted in Security - Crypto | No Comments »

Javascript for advanced functions

Posted by John on 30th January 2010

Pretty nifty use in javascript : http://point-at-infinity.org/jsaes/

Also nice : http://point-at-infinity.org/ssss/ and http://point-at-infinity.org/seccure/ (also both crypto related . . .)

Edgan Allen Poe - cryptoN.B.  I was sorely tempted to post an image relating to the futility of trying to contain crypto / ideas that was penned on flesh, in an image titled “howto-export-crypto-system-from-usa.jpg” (!)

But I resisted, as I try to keep this site friendly even to the most prudish families, etc.
—————-
Now playing: System of a Down – BYOB (Bring your own Bombs)
via FoxyTunes

Technorati FavoritesShare

Tags: , ,
Posted in Security - Crypto | No Comments »