Thursday, 12 February 2009

TrueCrypt - The Best Open Source Security App (in my view)

During the week I was advising a group of techies about free anti-virus applications and free network vulnerability scanning applications and tools. I was asked, "What is the best free security application I have used to date?  Without any hesitation I replied TrueCrypt.

TrueCrypt is an example of an Open Source application at its best.  In TrueCrypt we have a multi-platform application of real commercial quality, providing seamless “on-the-fly” encryption; encrypting folders (mounted as volumes), disk partitions and entire hard disks to rigorous industry best practice standards. Yet TrueCrypt is completely free for anyone to download and use, local country laws permitting of course.
Main TrueCrypt Window
TrueCrypt is less than 3Mb download and is compatible with just about any version of Microsoft Windows, including the 64-bit versions and Vista, as well as Mac OS X, and Linux distributions. Taking well under a minute to install, TrueCrypt doesn’t even require a system reboot and is quickly ready to go, TrueCrypt's speed of usage and low background encryption overheads is testament to years of good open source code development and coding.
To download TrueCrypt, including the open source code visit - http://www.truecrypt.org/downloads.php
I have never had any problems installing and using the latest versions of TrueCrypt, however before installing and deploying any application which is going to provide an encryption function on your system, I strongly advise to backup all your important files and data on your system first.
TrueCrypt Volume Creation Wizard
The TrueCrypt “Create Volume Creation" encryption wizard and detailed tutorial guides, even allows non-techies to protect their valuable information in just minutes.  For the encryption geeks like me, there’s a whole raft of encryption and hash algorithms options to play with, such as AES, Twofish and Serpent on the encryption side, and SHA-512, Whilepool and RIPEMD-160 on the hashing side.
TrueCrypt Volume Creation Wizard – encryption algorithms
To secure an encrypted volume, TrueCrypt gives the options of either using a “Key File” (a text file holding the full encryption key), using a password, or using a combination of a “Key File” and a password, which controls and restricts access to the encrypted volume(s). 

For the best level of protection I personally would go with using a password and a Key File, storing the Key File on a USB flash drive, but don’t leave the USB flash drive in the system, keep it on your person (i.e. keychain). In doing this provides strong two-factor access control, which means you need to physically have the USB Flash drive (hardware token), and you need to know the password.. However I would say just using a good strength password is sufficient security for the average home user.  Also it's very important to make sure you create a “Rescue Disk” and store it somewhere safe, just in case.
TrueCrypt has been developed for over 6 years by a community of clever folk (http://www.truecrypt.org), with "V6.1a" being the latest version of TrueCrypt at the time of writing. I salute and heartily thank the community behind giving the world TrueCrypt, and least let us not forget those boffins who designed and have allowed their encryption algorithms to become open source as well, and therefore used by TrueCrypt.  I recommend TrueCrypt to the business community and home users everywhere, but hey, just make sure you don’t break your country’s encryption strength laws when using it! ;)
If you use TrueCrypt, especially in a commercial capacity, please do the decent thing and make a donation (http://www.truecrypt.org/donations/). Donating will encourage further development of TrueCrypt and encourage the development of other Open Source security tools.
If anyone else reading this has any favourite “must have” free security applications or tools, please let me know, as I’m thinking about compiling a top ten list.

5 comments:

Anonymous said...

I'm also a fan of TrueCrypt. The other open source security app I use all the time and would recommend is KeePass.

Anonymous said...

It's a fantastic bit of software. I just wish the Gov would notice this and sponsor it though some CESG testing to gain CCTM.

Andyholic said...

Since govenements naturally aren't interested in strong encryption in private hands without any backdoor for the "good guys", they will never sponsor this project.

If they everr start to give funds... then only if the wanted backdoor is installed by the developers.

Truecrypt is a real milestone in the protection of private data in an otherwise more and more unsecure world for personal data. Thanks from Germany and keep up the good work!

Anonymous said...

Regarding Government

I encrypted a 115gb hard drive using 3 encryption methods combinations
I have had top brains who work at encryption for Telefonica Spain offer an opinion>

Diego Ochoa offers his opinion>
There is not a single government agency in the world that would be able to crack a drive encryped with this software providing the following conditions are applicable.

*1 You should create 64char randomly generated pass key on seperate usb disk. Do not attempt to use standard word number passwords as they can be cracked in a jiffy using brute force
2*use at least 3 file based hashes which are required for call at the time of encrypting the drive and store them along in a seperate usb drive (2 seperate usb drives 1 for pass and one for hashes

As long as the hacker cant get a keylogger or surveillance intelligence onto your system then we confirm that the drive if encrypted with a e tier encty bluefish plus X plus Y is without unbreakable.


Regarding an intelligence agency, if they want the information on a drive, if they know you have the key they methods would not be to try and hack it, they would use other methods to make you access the system.

Anonymous said...

Normally I do not read post on blogs, but I would like to say that this write-up very pressured me to check out and do it!
Your writing taste has been amazed me. Thank you, very nice article.
Here is my web site :: Mary