Based on the sum of the evidence that’s now filtered in, and in the consensus view of experts, the primary cause of the TrueCrypt crisis of the last few days was developer fatigue. After 10 years of thankless work developing the open source disk encryption tool, faced with the need to do major extending and refactoring of the codebase to support new technical requirements and demands from security auditors, the anonymous author or authors decided to throw in the towel. The way they did it tells of more complex motives, and has supplied ample fuel to the conspiracy theorists of the world. But importantly, there is no evidence that these events were motivated by any known security flaw or trust deficiency in TrueCrypt or in its build or distribution process, or by any act of coercion. And in spite of the apparently deliberate reputational damage committed by the developers, unless and until demonstrated otherwise, TrueCrypt is in fact still secure, and this story is far from over.
Encryption
Encryption and cryptographic security techniques.
Something Rotten Has Occurred in TrueCrypt Land
An extremely significant event affecting TrueCrypt has occurred. It is not yet clear whether it is legitimate or a hoax, and if legitimate, what it means. The truecrypt.org web site has been redirected to a sourceforge landing page advising that development has ended and warning, ambiguously, that the program either is not secure or may not be secure in the future. The messaging proceeds to push users onto BitLocker or other native disk encryption programs. A newly built, apparently legitimately signed, but crippled set of installers numbered version 7.2 are offered. No one is sure exactly what has happened, whether this is a defacement or the real deal, and if it is real, how to interpret it. The matter is still unfolding and being debated.
CyanogenMod Breaks New Ground on Mobile Privacy
While Google, Microsoft, Apple and Facebook are busy bending knee to their government handlers and/or telling marketing departments what color underwear you have on, the incredibly smart and capable developers of the CyanogenMod aftermarket Android distribution are cooking up compelling and even potentially disruptive mobile privacy technologies.
TrueCrypt Container Sizing for Optical Media
One of the most consistently referenced articles here is my procedure for preparing and burning encrypted CDs with TrueCrypt. It ranks highly on Google for “truecrypt cd” and “truecrypt dvd”, so those referred are often searching for the best TrueCrypt container size to use with optical media. However, while I made a size recommendation for CD-R’s explicit in the original article, I only mentioned DVD-R’s in passing, enough to match the keyword but not to convey the actual answer people are looking for. Allow me to correct that omission now.
TrueCrypt 7.1a Released
A minor update to the TrueCrypt free open-source disk encryption tool arrived today, version 7.1a, some five months since the release of the previous stable version. I have upgraded several systems to the new version without issue, including two laptops with pre-boot authentication and full disk encryption, and a media server where I use TrueCrypt to create and work with encrypted file-container volumes as part of my backup process.
A Look at the Performance Impact of Hardware-Accelerated AES
In 2010, semiconductor manufacturers began migrating the algorithmically intensive portions of the AES cipher on-die in the form of the AES-NI instruction set. Many cryptographic APIs and applications have enabled support for this new technology, and none hesitate to tout the promise of major performance improvements. Intel demonstrates 3x to 10x acceleration versus pure software implementations, while the authors of TrueCrypt set the expectation of 4x to 8x speed gains. Can these performance boosts be recognized in practice, and how much of these gains can be captured in present day, real world scenarios?
TrueCrypt 7.1 Released
Sparse remarks in the changelog for today’s updated release of the TrueCrypt free open-source disk encryption tool, version 7.1, the first new release in nearly a year. Primarily it looks like they have added support for Mac OS X 10.7 Lion. I venture the usual assessment that this update may safely be viewed as optional for users already running at least TrueCrypt 7.0, the most recent major release, absent those experiencing any specific issues.
TrueCrypt 7.0a Released
A minor bugfix update to the TrueCrypt disk encryption tool, version 7.0a, was released yesterday. The release notes cite minor bugfixes only, so this update may be viewed as optional for users already running at least TrueCrypt 7.0, the most recent major release, absent those experiencing any specific issues.
TrueCrypt 7.0 Released, Supports Hardware-Accelerated AES
A major, feature-rich update to the TrueCrypt disk encryption tool hit the wire yesterday, notably adding support for Intel’s on-die AES-NI instruction set in Westmere class processors and newer. The authors claim a juicy 4 to 8 times performance leap for hardware-accelerated AES over a pure software implementation.
TrueCrypt 6.3a Released
A minor maintenance update to disk encryption tool TrueCrypt was released yesterday. The release notes cite bugfixes only, so this update may be viewed as optional for users already running at least TrueCrypt 6.1a, the last “highly recommended” maintenance update, absent those experiencing any specific issues.