Edit: for those who don't know what plausibly deniable encryption is: TrueCrypt allows you to setup (and later give out, gun-to-your-head scenario) a secondary password that will open a secondary, non-sensitive container. It is mathematically impossible to tell whether an encrypted archive has 1 or 2 passwords.
That's how you circumvent this problem.
Very big. 1000 iterations was fine at 2004 standards but NOT by today's standards at all. Generally, VeraCrypt is just ons big security improvement. They are committed and that's what we need to see. I know there is also the TrueCryptNext project but I feel like VeraCrypt is already the successor to TrueCrypt. No need for shit like CipherShed or https://truecrypt.ch when we have Mounir putting in countless hours to VC. Glad it is getting a code audit finally.
The encryption is not, in any way, outdated. Hell, you can use 3 different modern-day ciphers with it, or use Serpent instead of AES, which you'll find some cryptographers advocating as a better cipher because it's slightly slower. The encryption would become outdated when the cipher you used became broken or someone publicly found a vulnerability in Truecrypt's cryptosystem, which has been audited before.
Their own site is essentially an indication that the developer has either been compromised in some way, or simply stopped developing it, imho. You can download it from plenty other places like https://truecrypt.ch/ and there are plenty of sites to verify you got the correct copy, like this or this.
If I see another product of equivalent or better utility I'd recommend it instead, but so far, not.
DiskCryptor and Truecrypt 7.1a will both do full disk encryption. I have heard that Diskcryptor allows for key files or otherwise can be made to need a usb stick for a disk encryption boot, but I have never used it so I don't know for sure, or how it works. Truecrypt can NOT use anything except a password for whole disk encryption, so I know for sure it doesn't do what you want. I would look into the documentation on Diskcryptor.
There are forks, like this.
The original devs "claimed" that TC is not secure, so I guess for many people that would cause enough of a doubt to not trust it.
Also, users need to trust devs of a fork, and we have no idea who they are (not that we knew original devs).
I personally don't see any reasons not to use 7.1a, if I needed encryption.
Yikes, I wouldn't download software from a website that doesn't support TLS. The best link I know of is https://truecrypt.ch/downloads/ . Bonus because it has PGP sigs and links to independent hashes.
Well, TC 7.2 allows you to only decrypt your TC volumes, all encrypting functions have been stripped from it. If you want to continue using TC, you can download 7.1a binaries from TCNext site.
As for TC forks, CipherShed is now in pre-alpha testing stage.
Encrypt your hard disks and storage mediums. TrueCrypt is not dead (new group taking over). The audit of TrueCrypt has been successful for phase 1, and it is still ongoing. I use it to encrypt my devices at the disk layer so you can't even boot the OS, let alone retrieve any data, without my lengthy key:
Also, use PGP when communicating with others:
http://www.reddit.com/r/DarkNetMarkets/comments/1qdzl8/guide_pgp_4_n00bz/
We know from Mr. Snowden the incredible depth that the NSA spying has. They literally can store EVERYTHING people are doing on the internet. The data centers are so incredibly vast it's mind-boggling. They store everything from your Google searches, to IM conversations, to FB posts, to even the facial meta data of you and your friends faces from your pictures on FB. Wonder why FB is so good at facial recognition when you upload pics? It's best to minimize use of these services, if use them at all.
-IT dude and programmer
Nice, thanks. So this, as opposed to the version above, is ready to be used right now without any possible problems I'd guess? And I've done some googling, does anyone know anything about this project https://truecrypt.ch ?
This site has a bunch of info and links to other mirrors too, so it looks like a good starting point.
Like Natanael says, verify the SHA256 hashes against multiple sources.
Try Truecrypt. The developers stopped, claiming security holes, but a recent audit found no flaws. EDIT: They did find a few flaws, but none that would compromise the encryption in a major way.
If you're using Linux or Cygwin (or Mac?), you can install OpenSSL, which is a very large and widely used crypto package.
To use it, you can type
openssl aes-256-cbc -a -salt -in ABC -out ABC.enc
Where ABC is the name of the folder you want to encrypt. It will ask you for a password, and again to confirm. You can then delete the original folder.
To decrypt it, use
openssl aes-256-cbc -d -a -in ABC.enc -out ABC
again, where ABC is the name of the folder.
If you want to shorten these, paste the following at the bottom of your .bashrc file:
function sslenc { openssl aes-256-cbc -a -salt -in $1 -out $1.enc }
function ssldec { openssl aes-256-cbc -d -a -in $1 -out $(basename $1 .enc) }
you can then use then use the commands
sslenc ABC
and
ssldec ABC.enc
to encrypt and decrypt a file or folder named ABC or ABC.enc, respectively.
They'd need not only your gpg private key but also the password, so if the password is good and random, you're still OK, although you wouldn't want to use that gpg key any more.
Most people have a Tails USB stick with persistence enabled, which is just an encrypted partition that you can access (or leave disabled) when you boot to Tails from the USB stick.
Barring that, you could also just use any usb stick and enable LUKS encryption if you're primarily using Linux, or stick a TrueCrypt (7.1a) file container on there as well as the portable TrueCrypt binary for Windows and Linux.
Whatever option you use, you still need a good password. That means generating 20+ random characters and just taking the effort to commit them to memory. Practice typing them over and over and you'll have it memorized pretty quickly.
I think the best option is to have a Tails USB stick. That way, you not only have your information but also a portable safe (ok, probably safe) computer you can use anywhere there is access to a computer.
You may also want to look into the KeePass (or KeePassX) password manager to store your information more neatly.
Your best bet - along the lines of not having to make anything yourself - would to be to keep that database file encrypted in a TrueCrypt container on mega.co.nz, then use Google's Inactive Account Manager to automatically email those people an email containing the decryption keys/password to the container or whatever else.
The best way to make an encrypted partition that can be accessed on any operating system is still Truecrypt. You can download the latest working version here.
It's simple to make a large container file in your EXFAT partition, and open it with Truecrypt on any computer you use.
If you are willing to front the money, Jetico BestCrypt Volume Encryption -- otherwise, TrueCrypt 7.1a, until a stable version of CipherShed is released.
Google "Group Policy": there are all kinds of restrictions you can set there that improve security, but it's not something to go mucking about with -- you need a good reference.
But really, if your roommate can Google and is reasonably smart, don't let him have physical control of your laptop. Physical control and it's all over.
Though you can make it harder on him by:
You're probably better off keeping your laptop physically locked somewhere your roommate won't want to break into.
my pleasure.
if you want to use truecrypt, don't google it, get it from here. if you google it, you'll run into the flurry of controversy and craziness that has happened the past month. suffice it to say, truecrypt is fine to use, dont believe the google results. in short, the guys who created it went crazy.
easy to use PGP can be found here
TrueCrypt 7.1a - Cross-platform encryption software.
Filezilla - An FTP client
qBittorrent - An open source ad-free alternative to µtorrent.
It's all too possible in this day and age I'm afraid. Luckily, the Source code was released, and to our luck, people like you and me invested a lot of their time into TC. So now, it looks like there may be an arms race of sorts going on in an attempt to get a viable replacement soon. An audit of the code is underway for version 7.1a. Hopefully the code is viable AND safe. If not, I suspect the community will take steps to ensure it is safe. I believe that there is too much energy vested into TC for people to just let it die.
you're doing pretty good. I bought myself a mycelium entropy that generates the key without a PC.
you should really care about the version of bitaddress you download. don't do it over public internet. the version might be compromised.
I have an old IBM-labtop with windows xp (!) - it doesn't even have a build-in wifi and will never be connected to the internet. bitaddress is fine in that environment.
If you store some keys on flashdrives you might consider to encrypt and hide your files with truecrypt (edward snowden uses this tool, the nsa doesn't like it). somehow their website was taken down but it's still living in switzerland: https://truecrypt.ch/
I suppose you want to use windows. Stop wanting to use windows as soon as you can. In the meantime use https://truecrypt.ch/
> All those people who endorse proprietary security and privacy software > All those people that buy apple products > All those people are wrong
Oh yes, it's a little tough to find, sorry about that ... https://truecrypt.ch/downloads/
Make sure that the one and only TrueCrypt that you use is 7.1a. That's the one that was audited and that's the one that's stumped the FBI multiple times. BTW, you mentioned crossplatform and as much as I love LUKS, TrueCrypt is the only crossplatorm (Windows/Mac/Linux) full encryption program that I know of.
I don't recommend any of them. None of them has been audited or is developed/has been endorsed by anyone I explicitly trust. And tbh, what's a recommendation by some random person on reddit really worth when it comes to something as sensitive as file encryption. :P
Those are the ones I think are most promising:
https://truecrypt.ch https://ciphershed.org/ VeraCrypt
I don't know if all of them are compatible to old tc volumes. VeraCrypt is, I don't know about the other ones.
A security audit of the TrueCrypt code was completed earlier this year and nothing was found. That's not to say that there are no vulnerabilities, but it should still be safe to use. Another group has taken over hosting and will (maybe) continue development.
Well it's complicated. Theoretically there would be no direct harm in legalizing the posession of what's already out there but in practice doing that would also cause a rise in production. But I do agree that no body should be sent to jail for what they happen to have on their harddrive and luckily for countries where such laws exist there's encryption.
^TrueCrypt ^does ^not ^contain ^any ^security ^holes ^and ^infact ^it ^was ^too ^good ^for ^NSA ^to ^crack ^so ^they ^took ^it ^down ^with ^a ^bullshit ^excuse ^about ^it ^not ^being ^safe ^while ^suggesting ^BitLocker ^which ^they ^have ^backdoored ^as ^an ^alternative, ^lol. ^So ^basically ^if ^you ^want ^NSA ^approved ^encryption ^software ^that ^you ^know ^even ^they ^can't ^crack ^use ^TrueCrypt
For me the best encryption system for drives is TrueCrypt, you can download it using Torrent, just click on the name or here. Never trust bitlocker, may have a backdoor. TC is for windows, mac and linux and is your best choice, most don't use it because its not user friendly, but if you want to be secure there are few choices. (I tested on your OS it works like a charm)
Btw there is a manual when you install truecrypt, this software can encrypt your drives with your files on it, and you can configure Hot Keys for decrypt your drive using your pass, and encrypt again. Example: Configure ctrl+alt+m to mount your drive ( using a pass) and ctrl+alt+e to automatically dismount it.
Download TrueCrypt here: https://truecrypt.ch/downloads/
There's no reason to encrypt the drive if you're going to return it - the encryption suggestion is only for a drive that you will be using for backup in the future. For the unwanted drive, just run a wipe on it and you're good. Formatting before wiping is also unnecessary.