Data-encryption alternatives to TrueCrypt

Topic

New Reply

	TOP STORY Data-encryption alternatives to TrueCrypt
	By Lincoln Spector It seems as if everyone who kept sensitive files secure did it with TrueCrypt. Edward Snowden depended on it. So did I. But now that the popular disk-encryption app is effectively dead — at least for the foreseeable future — it’s time to look for a replacement.

---

The full text of this column is posted at windowssecrets.com/top-story/data-encryption-alternatives-to-truecrypt/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Of course you can pull files off a whole-disk-encrypted volume that won’t boot: see page 35 of the User Guide. The degree to which True Crypt is extremely well-designed is one reason why I plan to continue using it until such time as some real vulnerability may surface (which I don’t expect to happen any time soon) or I find that it does not support something that I need.

In that latter vein, does anyone happen to have the last content of http://www.truecrypt.org/docs/?s=sys-encryption-supported-os indicating whether it eventually was found to support Win 8/8.1 whole-disk encryption (rather than just happens to work there in the absence of Secure Boot and, possibly, GPT)? When True Crypt evaporated they appear to have removed their content from archive.org.

(Incidentally, for anyone interested in continuing to use True Crypt I just verified that the last full Windows version – 7.1a – that can be downloaded from FileHippo at http://www.filehippo.com/download_truecrypt/download/2e1268b2905fedae4789e261d9edebee/ is bit-for-bit identical with the one I got a couple of years ago.)

Edit:

To answer my own question above, the consensus appears to be that TrueCrypt whole-disk encryption works fine with Win 8/8.1 as long as you’re using an MBR-style disk. Non-system-partition encryption may work on GPT-style disks. File containers should work fine.

https://www.grc.com/misc/truecrypt/truecrypt.htm provides the best analysis I’ve yet seen about TrueCrypt’s current security and where it may go from here (plus a bunch of 7.1a downloads for those still interested in acquiring it).

Reply | Quote

I agree that Steve Gibson’s commentary on the current Truecrypt situation at https://www.grc.com/misc/truecrypt/truecrypt.htm is excellent, much better than the panicky, “Run for the hills!” approach that Windows Secrets gave us last week. The gist is that there is no reason to believe Truecrypt has suddenly become less secure, and that it will probably developed soon, perhaps this summer, into a new product with a new name.

Reply | Quote

I am astonished by this unsubstantiated comment in the article: “TrueCrypt, like many other public encryption applications, can be cracked with some effort and the right tools.” According to Steve Gibson, the final release of Truecrypt has passed all security audits thus far with the final audit results to be announced later this summer. Thus it still works and remains safe to use. I am unaware of any successful cracks of Truecrypt, but I’m not omniscient. If others are aware of successful Truecrypt cracks, I’d like to know about them.

Reply | Quote

Another excellent virtual-partition encryption program similar to Cryptainer LE is Safehouse Explorer (http://www.safehousesoftware.com). But in contrast to Cryptainer LE, the free version of Safehouse, which uses a 256-bit Twofish encryption, lets you create a virtual partition up to 2 Terabytes in size, and works flawlessly on Windows 8.1. The professional version of Safehouse uses 448-bit AES, Blowfish and other encryption methods. Both versions let you create multiple virtual partitions on either your C: drive or on a removable drive. Using its “secure move” and “secure delete” features will remove all traces of unencrypted files that you move to a Safehouse vault or delete.

I discovered Safehouse after losing my flash drive which contained backups of 15 years of programming work as well as much personal info. Now on my flash drive I have a 4 Gb encrypted virtual partition that opens up as a regular Windows partition when I enter my password. Then I use FreeFileSync to synchronize my Dropbox, Google Drive, OneDrive and other folders. The whole process takes less than a minute. Works great!

Reply | Quote

I have used the free version of Safehouse Explorer and find the user interface convenient and intuitive, and the features better than Cryptainer LE.

But in searching the net, I can’t find any review from sources I know to be reputable. Why? Is there some hidden flaw or security risk that makes it inferior to, for example, Cryptainer. and causes Lincoln Specter and other pundits to ignore it? Until I see it blessed by an expert that I trust, I’m reluctant to depend on it.

Reply | Quote

I too have come across Safehouse but I am concerned it is no longer maintained or supported. The product has not been updated since Nov 2012 and the website is copyright 2012. The company blog by the chief architect has not been updated since 2009 and a recent email to him failed with “not known”. An email to the support team of 2 weeks ago has not been responded to. Incidentally, I have similar concerns with Cryptainer, though I have used this successfully in the past. Can anyone shed any light on the robustness of either Safehouse or Cryptainer?

Reply | Quote

See https://truecrypt.ch/ for continuing cupport for TrueCrypt.

Reply | Quote

Re: DiskCryptor “But make sure it’s one that has its own built-in encryption to secure your files.”
I’m not sure if I agree with that statement, or perhaps I didn’t understand this part of your article. My intent for encryption was to backup my system partition to a flash drive. TrueCrypt was not suitable for me because of flash’s 4k file limit. I then chanced upon DiskCryptor which fit my needs perfectly. Once you have used DiskCryptor for the flash (and I presume on any partition) you can drop files into it and they will be encrypted, after you have mounted the flash or partition volume.

By using Todo (sector-by-sector not needed, encryption not needed), configured for flash, I just tell it to backup to my flash drive. What’s really nice is that all I have to do is mount the flash drive and I can see my whole system and transfer a file out, for instance, if I need that backup copy.

Reply | Quote

I would never trust bitlocker. Microsoft and all the major tech companies are in bed with the NSA. If you trust bitlocker…I have a bridge I would like to sell you.:lol

Reply | Quote

Another excellent program for virtual disk encryption is Steganos Safe. It has been around for a long time and is continuously updated: https://www.steganos.com/us/products/data-security/safe/features/

Reply | Quote

Hello, why didn’t you include FreeOTFE in your report? Its very similar to Truecrypt and Open-source. Although its not in active development anymore it provides almost all the functions of Truecrypt. The only drawback is that its drivers are unsigned and therefore using it in Windows 64bit systems requires the boot configuration option “Testsigning” (Bcdedit.exe -set TESTSIGNING ON). It also supports
portable mode. I’m very satisfied using it as an alternative to Truecrypt in Windows 8.1 (32bit and 64bit).
Download link: http://sourceforge.net/projects/freeotfe.mirror/
regards Hans

Reply | Quote

According to the Windows Secrets article, Truecrypt is less reliable than it used to be because it’s no longer in active development and because we shouldn’t rely on open source to vet a program. I’m not sure that quite makes perfect sense, but if it is true, then why recommend FreeOTFE, since it has the same two weaknesses as Truecrypt?

Reply | Quote

I’m puzzled why the article recommended encryption applications (DiskCryptor, Cryptainer LE) without any claim that they are more secure than Truecrypt, that their developers are trustworthy and not in cahoots with the U.S. government, and that the programs are free of back doors. Why are they better? No answer.

I was also disappointed with the preamble suggesting that we do not want serious encryption, merely something that is moderately difficult to break, like locking the front door. That is a terrible approach to take. For example, we now know that the NSA has snooped around the world to support certain American corporations, so any non-U.S. company competing with an American company (e.g. Airbus, Saab, Samsung, or a million smaller companies) needs serious encryption that is hardened against the NSA — merely “good enough” will not do. Suggesting that Microsoft’s Bitlocker will do in corporate environments is ridiculous, Microsoft having been revealed to cooperate with the NSA.

The two recent articles on Truecrypt and its alternatives do not seem to be up to the high standards that Windows Secrets used to maintain.

Reply | Quote

Concerning Bitlocker, I do not travel internationally with electronic devices. Although I’m confident Microsoft and Intel have built backdoors into both Bitlocker and TPM, government intrusion is pretty low on my personal risk list. My primary risks are domestic theft or loss. For those risks, I think Bitlocker and TPM provide adequate protection. I remain disturbed about current issues surrounding Truecrypt and would prefer a secure, open-source solution.

Reply | Quote

I’ve used Jetico’s Bestcrypt for years. Never a problem, been completely reliable. They have encryption software for both container encryption and volume encryption. You also get a utility to safely shred files, and to sanitize the swap file. Yes, the container encryption software costs $59, but if you really need this sort of thing being penny-wise and pound-foolish is really…well, foolish.

Reply | Quote

I was very disapointed , it was a good software. But now I found Rohos Mini drive. On USB drive you can create an encrypted section, which may be enlarged anytime. You can hide your personal files and folders, protect your user profile in Skype and Google chrome. So, all the passwords and web-history become hidden. It is a freeware!

Reply | Quote

My security needs are rather simple (I think). Is there a program that will allow me to password protect say, my documents folder or files within? Using win 8.1. Looking for something that when others are using my computer can’t check out personal info.

Reply | Quote

You could look at AxCrypt.

BATcher

Plethora means a lot to me.

Reply | Quote