TrueCrypt 6.3

4.7 out of 5 stars 4.7 (274 votes)

(October 21, 2009)

Windows 2000/Vista/XP / Open Source / 13,110 downloads

TrueCrypt can create a virtual encrypted disk within a file and mount it as a real disk, or an entire hard disk partition or a device, such as USB memory stick, floppy disk, etc. This software provides two levels of security: a hidden volume (more information may be found here), and a volume cannot be identified (no part of the volume can be distinguished from random data). It utilizes the following encryption algorithms: AES (256-bit key), Blowfish (448-bit key), CAST5 (128-bit key), Serpent (256-bit key), Triple DES, and Twofish (256-bit key), and also supports cascading (e.g., AES-Serpent-Twofish). It is based on Encryption for the Masses (E4M) 2.02a, conceived in 1997.

  • Publisher

    TrueCrypt Foundation

  • Homepage

    TrueCrypt

  • Latest Changes

    - Full support for Windows 7

    - Full support for Mac OS X 10.6 Snow Leopard

    - The ability to configure selected volumes as 'system favorite volumes'

    - 'Favorite' volumes residing within partitions or dynamic volumes will no longer be affected by changes in disk device numbers, which may occur, e.g., when a drive is removed or added. (Windows)

    - Many other minor improvements and bug fixes. (Windows, Mac OS X, and Linux)

Reviews

Discussions

Reviews of TrueCrypt

  1. 5 out of 5 stars
    dhry

    Reviewing 6.3 (Oct 22, 2009)

    "Evil Maid" attack. Cracked me up *8-)

    "Housekeeping!" (looks left) (looks right) (tiptoes into room with feather duster in one hand and USB thumbdrive in the other)

  2. 5 out of 5 stars
    Diam0nd

    Reviewing 6.3 (Oct 22, 2009)

    Developers, cut the crap, give us TPD support!!!

    http://theinvisiblething...es-after-truecrypt.html

  3. 5 out of 5 stars
    ghammer

    Reviewing 6.3 (Oct 21, 2009)

    This is a great app and I'll rate it so.
    But, history shows an 'a' release shortly after any new version.

    I'll wait on upgrading for 10 days or so.

  4. 5 out of 5 stars
    Prospero424

    Reviewing 6.3 (Oct 21, 2009)

    No, faulting TrueCrypt for being "vulnerable" to a keylogger or hardware attack IS foolish. It was never designed nor has anyone in authority ever claimed that this sort of encryption is immune to a keylogger attack simply because that's not the sort of attack that it's designed to thwart.

    Let me put this perfectly clearly: if you can boot into a software environment (doesn't even have to be an OS) that accepts input - be it from the network or from physical I/O ports on the machine - you are vulnerable to a keylogger attack. Period.

    The purpose of encrypted volumes is to disallow access to those who might STEAL your laptop or those who might try to access your data if you misplace your laptop, not those that have repeated physical access to it. For those that have repeated access, all it does is make data theft more difficult.

    In fact, this sort of attack ("evil maid"/"janitor" attack) is EXACTLY why even security amateurs know that it's best to put your laptop in your room safe if you're at a hotel if you're going to leave it in your room. And this is why you never leave your laptop on your desk when you go home if you work in an office.

    The rule is "treat your laptop as if it were a stack of cash". Because it's every bit as valuable and vulnerable to someone who knows what they're doing. That idiom remains true regardless of whether or not your hard drives are encrypted.

    Edit: now, there are ways to mitigate this vulnerability. Anyone worried about such attacks should ALWAYS implement some sort of multi-factor authentication. Requiring a strong password and, say, a USB key with a long, random authentication key on it BOTH required to boot into a volume is one way. Biometrics, although less reliable and less consistent, is another. But you will never be 100% safe from this sort of attack.

    My only complaint about this new version of TrueCrypt is that it won't even install on the Windows 7 RC. Bummer. No big deal, though; the last version seems to work fine for me with some very light tweaking.

  5. 3 out of 5 stars
    mjm01010101

    Reviewing 6.3 (Oct 21, 2009)

    uh, bull? The entire point of encryption is to remove the risks of physical access to data. That is the *point* that apes have used said encryption. Are you telling me SSL isn't secure because physical access isn't possible? Well it is, you can record SSL to your hearts content and the theory goes that no amount of reasonable processing power can break said encryption.

    If Truecrypt is fallible by physical location to the attacker, then truecrypt is fallible. Perhaps it needs to show a picture of a maid when it detects a third party boot, or it needs to shut itself down,or at the least advise users to remove all possibility for booting from removeable devices, but this is pretty bad.

    Go about your business then! Nothing to see here!

Write a Review View All Reviews

Discuss TrueCrypt

Post a Discussion