Week 3 Post – Truecrypt Drive & File Encryption

Having used open source Truecrypt for years to encrypt a few files, some may remember when the developers abandoned the project in 2014, due to a potential security problem.  As reported by the Krebs on Security blog:  “The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

On Extreme Tech, Joel Hruska reported that security researcher “James Forshaw found two critical bugs in the program that could compromise an end-user’s machine. While neither allowed an attacker backdoor access, the Register reports that both could have been used to install spyware to the host machine or record keystrokes. Either of these could’ve been sufficient to allow an attacker to capture the drive’s encryption key, depending on how good the end-users security practices were.”

Hruska continues that “We’ll never know why TrueCrypt’s authors left the project. Clearly these bugs, while significant, can still be fixed without compromising the system. Equally clearly, VeraCrypt was able to solve them in short order, once Forshaw drew attention to them.

After reading about these concerns, I switched to Veracrypt, which has the same interface look and feel that Truecrypt had, and even allows one to access existing Truecrypt containers or volumes that you may have.  It is still freely available as open source software.  Veracrypt’s home page can be found at:

https://veracrypt.codeplex.com/

 

References

Krebs on Security. (n.d.). Retrieved April 03, 2016, from http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
Hruska, J. (2015, September 30). Critical TrueCrypt security bugs finally found | ExtremeTech. Retrieved April 03, 2016, from http://www.extremetech.com/computing/215285-critical-truecrypt-security-bugs-finally-found