TrueCrypt – Free Open-Source Disk Encryption Software
7.0
July 19, 2010
New features:
Hardware-accelerated AES (for more information, see the chapter Hardware Acceleration).
Note: If you want to disable hardware acceleration, select Settings > Performance and disable the option ‘Accelerate AES encryption/decryption by using the AES instructions of the processor‘.
A volume can now be configured to be automatically mounted whenever its host device gets connected to the computer (provided that the correct password and/or keyfiles are supplied). (Windows)
Note: For example, if you have a TrueCrypt container on a USB flash drive and you want to configure TrueCrypt to mount it automatically whenever you insert the USB flash drive into the USB port, follow these steps: 1. Mount the volume. 2. Right-click the mounted volume in the drive list in the main TrueCrypt window and select ‘Add to Favorites‘. 3. The Favorites Organizer window should appear. In it, enable the option ‘Mount selected volume when its host device gets connected‘ and click OK.
Also note that TrueCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > ‘System Encryption‘) and the volume uses the same password as the system partition/drive. The same applies to cached non-system volume passwords.
Partition/device-hosted volumes can now be created on drives that use a sector size of 4096, 2048, or 1024 bytes (Windows, Linux). Note: Previously only file-hosted volumes were supported on such drives.
Favorite Volumes Organizer (Favorites > ‘Organize Favorite Volumes‘ or ‘Organize System Favorite Volumes‘), which allows you to set various options for each favorite volume. For example, any of them can be mounted upon logon, as read-only or removable medium, can be assigned a special label (which is shown within the user interface instead of the volume path), excluded from hotkey mount, etc. The order in which favorite volumes are displayed in the Favorites Organizer window can be changed and it is the order in which the volumes are mounted (e.g. when Windows starts or by pressing the ‘Mount Favorite Volumes‘ hotkey). For more information, see the chapters Favorite Volumes and System Favorite Volumes. (Windows)
The Favorites menu now contains a list of your non-system favorite volumes. When you select a volume from the list, you are asked for its password (and/or keyfiles) (unless it is cached) and if it is correct, the volume is mounted. (Windows)
Security improvements:
In response to our public complaint regarding the missing API for encryption of Windows hibernation files, Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions of Windows (for more information, see the section TrueCrypt 5.1a in this version history). Starting with this version 7.0, TrueCrypt uses this API to encrypt hibernation and crash dump files in a safe documented way. (Windows 7/Vista/2008/2008R2)
Note: As Windows XP and Windows 2003 do not provide any API for encryption of hibernation files, TrueCrypt has to modify undocumented components of Windows XP/2003 in order to allow users to encrypt hibernation files. Therefore, TrueCrypt cannot guarantee that Windows XP/2003 hibernation files will always be encrypted. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend that you upgrade to Windows Vista or later and to TrueCrypt 7.0 or later. For more information, see the section Hibernation File.
Improvements:
Many minor improvements. (Windows, Mac OS X, and Linux)
Bug fixes:
Minor bug fixes. (Windows, Mac OS X, and Linux)
Removed features:
TrueCrypt no longer supports device-hosted volumes located on floppy disks. Note: You can still create file-hosted TrueCrypt volumes on floppy disks.
System Encryption: BitLocker And TrueCrypt Compared
2:00 AM – April 28, 2010 by Patrick Schmid and Achim Roos
Table of contents
1 – A Bit-Locking And Cryptography Exercise
2 – BitLocker On Windows 7 Ultimate x64
3 – TrueCrypt 6.3a On Windows 7 Ultimate x64
4 – TrueCrypt, Continued
5 – Test Setup And Settings
6 – Benchmark Results: Archiving Tools
7 – Benchmark Results: PCMark Vantage
8 – Benchmark Results: SYSmark 2007 Preview
9 – Conclusion
Now that Intel offers hardware-based AES acceleration in a number of its mainstream processors, it’s time to take a look at two of the most popular system encryption tools, BitLocker and TruCrypt, both of which are able to harness the hardware feature.
Microsoft has been shipping BitLocker drive encryption tool with Windows Vista and Windows 7 operating systems, but it’s only available on the two highest-end editions, Enterprise and Ultimate. Fortunately, there is a powerful alternative to BitLocker for everyone else. TrueCrypt is open source and offers even more flexibility. We decided to compare the features and performance of both solutions.
We published a comprehensive article on TrueCrypt 6.1 just over a year ago. That story looked at the process of how to encrypt a Windows system partition, and we ran benchmarks, in addition to battery runtime tests on a notebook. The conclusion was promising: TrueCrypt 6 lets you encrypt and password-protect your entire system on the fly with only minor performance and battery life penalties.
By now, there’s really no need to rehash the merits of encrypting user data, especially for the folks who handle sensitive information. Losing information to a failed drive is one thing, and it can typically be addressed, even if it’s an expensive proposition (then again, you already know you should be running regular backups, right?). But data falling into the wrong hands can be an even more dire problem for businesses.
This time around, we wanted to double-check our findings with TrueCrypt against Microsoft’s value-added BitLocker. Does it make sense to pay up for a higher-end Windows version to get this extra functionality, or will TrueCrypt do the exact same thing at no cost? Another reason to revisit encryption solutions is the availability of AES new instructions (AES-NI) in Intel’s Core i5 mainstream dual-core processors (Clarkdale) and the top-end, six-core Core i7 (Gulftown). Can BitLocker and TrueCrypt truly showcase the benefits of hardware-based AES acceleration? Let’s find out.
2:00 AM – March 10, 2010 by Patrick Schmid and Achim Roos
1 – To Compress And Serve: File Archiving And Compression Utilities Compared
2 – Features For Archiving
3 – 7-Zip 9.1 Beta And FreeArc 0.60
4 – WinRAR 3.92 Beta 1 And WinZip 14
5 – Test Setup And Software Settings
6 – Proprietary Formats: Compression Rate, Size, And Duration
7 – ZIP Format: Compression Rate And Size
8 – Results Summary
9 – Conclusion
Data compression is a subject that most of us typically take for granted. But in fact, it surrounds us: every installation package for a new piece of software and many file formats, such as JPEG for photos and various video and audio formats, depend on heavy compression to conserve storage space or transmission time and cost.
Users touch file compression first-hand when they need to work under certain restrictions when handling files. For example, having only one file to work with instead of many is often important for instance messenger- and FTP-based transfers. And getting a high compression ratio to fit data onto a fixed medium can be a critical factor as well.
But don’t forget that compression and decompression also take time, and the processing muscle required to make these processes worth waiting on can be substantial, especially when you start factoring in encryption as well. We’ve received a lot of feedback from our readers in response to the compression tools tested in our processor and platform benchmarks. So, today we’re looking at four different compression utilities: 7-Zip, FreeArc, WinRAR, and WinZip, comparing compression ratios and processing time. Which utility turns out to be the best?
There are plenty of software options available for storing, compressing, and archiving data in different ways. These tools no longer simply reduce file size and merge your input files into a single, manageable archive. They also support automatic downsizing of images, virus-checking, content-checking to avoid unnecessary compression of files that already are compressed, splitting, encrypting, and more.
Regardless of the value-added functionality your favorite tool includes, a comparison of compression programs typically comes down to performance and effectiveness (at least, when you ask enthusiasts). It’s important to realize a high compression ratio, ideally across as many file types as possible, and quick processing time is desirable, too. Most tools are capable of handling at least the popular ZIP format, and sometimes also RAR and/or LZH. Some tools claim to be more efficient or offer more flexibility. However, which format offers the best overall value when considering compression and processing time? Do all tools provide similar performance on common containers, such as ZIP?
We can’t possibly test all available compression tools, so we decided to focus on some of the most popular ones, based on your feedback in past stories. WinRAR and WinZip dominate the field, almost without question. 7-Zip and FreeArc were our additional choices. Let’s have a look at what these can do for you.
Security is an important topic these days. However, it’s typically only recognized as important by professionals. If security were to suddenly turn into a mainstream selling point, though, then perhaps it’d make more sense for companies like Intel to promote it.
The Advanced Encryption Standard (AES) has already been adopted by the United States government—including the NSA—along with many other institutions. Intel’s 32nm Clarkdale-based CPUs (only the Core i5-600-series, so far) now promise significant performance benefits for AES encryption and decryption via new instructions. Today we’re looking at the real-world benefits of Intel’s AES-NI functionality, comparing a dual-core Core i5-661 with AES New Instructions (AES-NI) to a quad-core Core i7-870, which lacks the new encryption acceleration capability.
Encryption is used much more intensively than you might suspect. Consider Internet sites that hold you sensitive personal information, or utilize sensitive data for transactions. They all use protocols like Transport Layer Security (TLS) or Secure Sockets Layer (SSL). VoIP, instant messaging, and email may also be protected with these protocols. Virtual Private Networks (VPNs) and electronic payments are other popular encryption applications.
However, TLS and SSL are cryptographic protocols for secure communication, while AES is a general-purpose encryption standard. It can be used to encrypt individual files, data containers, archive files, entire drives (including thumb drives), and even multi-drive volumes. AES can be implemented in software, and there are products based on hardware acceleration as well, since encryption/decryption represent a rather significant workload. Solutions like TrueCrypt or Microsoft’s BitLocker, which is part of Windows Vista and Windows 7 Ultimate, are capable of encrypting entire partitions on the fly.
(for the rest of the first page, and all the other pages, hit up Tom’s)
$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected
DECEMBER 17, 2009
By SIOBHAN GORMAN, YOCHI J. DREAZEN and AUGUST COLE
WASHINGTON — Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.
U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.
The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington’s growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.
The Obama administration has come to rely heavily on the unmanned drones because they allow the U.S. to safely monitor and stalk insurgent targets in areas where sending American troops would be either politically untenable or too risky.
The stolen video feeds also indicate that U.S. adversaries continue to find simple ways of counteracting sophisticated American military technologies.
U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.
In the summer 2009 incident, the military found “days and days and hours and hours of proof” that the feeds were being intercepted and shared with multiple extremist groups, the person said. “It is part of their kit now.”
A senior defense official said that James Clapper, the Pentagon’s intelligence chief, assessed the Iraq intercepts at the direction of Defense Secretary Robert Gates and concluded they represented a shortcoming to the security of the drone network.
“There did appear to be a vulnerability,” the defense official said. “There’s been no harm done to troops or missions compromised as a result of it, but there’s an issue that we can take care of and we’re doing so.”
Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn’t yet clear if the problem had been completely resolved.
U.S. Air Force U.S. enemies in Iraq and Afghanistan have used off-the-shelf programs to intercept video feeds from Predator unmanned aircraft.
Some of the most detailed evidence of intercepted feeds has been discovered in Iraq, but adversaries have also intercepted drone video feeds in Afghanistan, according to people briefed on the matter. These intercept techniques could be employed in other locations where the U.S. is using pilotless planes, such as Pakistan, Yemen and Somalia, they said.
The Pentagon is deploying record numbers of drones to Afghanistan as part of the Obama administration’s troop surge there. Lt. Gen. David Deptula, who oversees the Air Force’s unmanned aviation program, said some of the drones would employ a sophisticated new camera system called “Gorgon Stare,” which allows a single aerial vehicle to transmit back at least 10 separate video feeds simultaneously.
Gen. Deptula, speaking to reporters Wednesday, said there were inherent risks to using drones since they are remotely controlled and need to send and receive video and other data over great distances. “Those kinds of things are subject to listening and exploitation,” he said, adding the military was trying to solve the problems by better encrypting the drones’ feeds.
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.
Last December, U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant, according to a person familiar with reports on the matter. “There was evidence this was not a one-time deal,” this person said. The U.S. accuses Iran of providing weapons, money and training to Shiite fighters in Iraq, a charge that Tehran has long denied.
The militants use programs such as SkyGrabber, from Russian company SkySoftware. Andrew Solonikov, one of the software’s developers, said he was unaware that his software could be used to intercept drone feeds. “It was developed to intercept music, photos, video, programs and other content that other users download from the Internet — no military data or other commercial data, only free legal content,” he said by email from Russia.
Officials stepped up efforts to prevent insurgents from intercepting video feeds after the July incident. The difficulty, officials said, is that adding encryption to a network that is more than a decade old involves more than placing a new piece of equipment on individual drones. Instead, many components of the network linking the drones to their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes. Additional concerns remain about the vulnerability of the communications signals to electronic jamming, though there’s no evidence that has occurred, said people familiar with reports on the matter.
Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren’t readily compatible, said people familiar with the matter.
In an email, a spokeswoman said that for security reasons, the company couldn’t comment on “specific data link capabilities and limitations.”
Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator’s price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies.
“There’s a balance between pragmatics and sophistication,” said Mike Wynne, Air Force Secretary from 2005 to 2008.
The Air Force has staked its future on unmanned aerial vehicles. Drones account for 36% of the planes in the service’s proposed 2010 budget.
Today, the Air Force is buying hundreds of Reaper drones, a newer model, whose video feeds could be intercepted in much the same way as with the Predators, according to people familiar with the matter. A Reaper costs between $10 million and $12 million each and is faster and better armed than the Predator. General Atomics expects the Air Force to buy as many as 375 Reapers.
Yes, security lapses like this are unfortunately all too common. It is easy to see why there’s a need for hardware based encryption here. How much would it really cost to add an ASIC with something at least of the level of 256 bit Twofish, or AES, etc. While the tactical value of the drone video may decay pretty quickly, perhaps we don’t want any random folks reviewing an entire day’s video feed in, say, 10 years.
It’s high time that folks consider any public venue to be “compromisable”, whether wireless, or wired (copper, fiber, etc.) If many business require the use of strong crypto (often via VPN) from your laptop back to the company office before you can even browse to an intranet https-secured site, perhaps this should be a clue for standards in other places, too.
The ability to configure selected volumes as ‘system favorite volumes’. This is useful, for example, when you have volumes that need to be mounted before system and application services start and before users start logging on. It is also useful when there are network-shared folders located on a TrueCrypt volume and you need to ensure that the network shares will be restored by the system each time it is restarted. For more information, see the chapter ‘Main Program Window‘, section ‘Program Menu‘, subsection ‘Volumes -> Save Currently Mounted Volumes as Favorite‘ in the documentation. (Windows)
Improvements and bug fixes:
‘Favorite’ volumes residing within partitions or dynamic volumes will no longer be affected by changes in disk device numbers, which may occur, e.g., when a drive is removed or added. (Windows)
Many other minor improvements and bug fixes. (Windows, Mac OS X, and Linux)
Or at least, how to try. One of the home machine’s primary partitions, when backed up with Acronis and no compression or encryption, was 24.4 gig in size. Using 7zip, and making a nice solid archive, I ended up at 8.58 gig, spread out in (177, yep) 49.9 meg chunks to meet the 50 meg upload file size limit.
More experimentation, you actually can use a client such as Gladinet to push a backup over to Skydrive. You can use the “conserve bandwidth” option while actually using your computer, and crank it up before you leave
(edit – there’s been an upgrade to Gladinet, it’s actually even improved a bit more – was a good investment it seems)
windows live skydrive 25 gig free
I’m pretty confident in leaving things out there in public, as long as I got to choose the passphrase. I’ve verified that 7 zip really does care if one character is off in a 200 char password, and it does use AES-256. Luckily, my data doesn’t consist of anything important enough to expend that sort of resources in attempting to decode.
Reasonably good passwords / phrases can be generated by things such as https://www.grc.com/passwords.htm – as well, 7zip does have the option to encrypt the file headers as well. I remember a business case where someone thought that an old Winzip file was encrypted with their super-secret password (likely their dog’s name) and didn’t realize that anyone, without any password at all could read the name, size, etc. of each file within the archive. Oops, that caused him some issues with their employees.
More pith – 7zip can use the “63 random printable ASCII characters” portion of Steve Gibson’s GRC password page, which is significant, bits-of-entropy wise, because
1;s[&Exv3[-?=c*zX;sgdkHn.J’Y;CWC$.y9ScB*xl’+e9′(G$^Uk\A@loZdiPM is a little harder to try to brute-force than
82FCB457CDB17D9E08F7A1A62BB798046373F9D89EF4DDDAC47224385F7D489 – while both may be 63 characters long in this case, the second string is not quite as “strong”.
Since you put up with the tech, ending with a nice random song lyric for you : Bloodhound Gang, “I’m the root of all that’s evil, yeah, but you can call me Cookie . . .”
