Strengthening TrueCrypt: Enhancing Data Security
TrueCrypt is free, open-source disk encryption software. However, I discovered some important considerations that everyone should be aware of to prevent sensitive data from being exposed. This does not mean that TrueCrypt isn’t safe; rather, I will show you how to make it stronger against various attacks.
First of all, TrueCrypt encourages you to use AES (Advanced Encryption Standard) as it is the first on the list (default) and the fastest when you benchmark all available algorithms. Here are some steps to enhance TrueCrypt’s security:
- Choose Stronger Algorithms: While AES is fast and secure, consider using a combination of encryption algorithms (such as AES, Twofish, and Serpent) to provide an additional layer of security.
- Use Complex Passwords: Ensure your passwords are long and complex, combining letters, numbers, and special characters to make them harder to crack.
- Enable Keyfiles: In addition to your password, use keyfiles to add an extra layer of protection. A keyfile is a file that TrueCrypt uses to generate the encryption key.
- Regularly Update Software: Keep TrueCrypt and your operating system up to date to protect against newly discovered vulnerabilities.
- Physical Security: Ensure the physical security of your devices. No encryption can protect your data if someone has direct access to your hardware.
By following these steps, you can significantly enhance the security of your data when using TrueCrypt.
Therefore I thought of sharing this information that I recently found while surfing the net .If you ever use AES as your encryption algorithm then be aware that your container can be attacked by Truetrack and Hashcat.
What if you use a combination of three algorithms will it be safer option?
Only if you use strong password for example “I1WBDQpFp8@”:ve’nOq&b@+2WPL9v7″ then you can be sure that your data is safe and the reason for that is because hashkill can brute force any type of algorithm including combination of three algorithms !
What If I use a strong combination of algorithm (Serpent-Twofish-AES) and strong password am I safe ?
Well if you have caching password enabled on your True-crypt settings !! then you are not if someone gets access to your computer physically.
The reason is people like lostpassword and elcomsoft can use fire-wire ports to retrieve your cached keys by doing the following:
- Analyzing the hibernation file (if the PC being analyzed is turned off);
- Analyzing a memory dump file *
- Performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).
Quote by Steve Gibson:
“The TrueCrypt development team’s deliberately alarming and unexpected “goodbye and you’d better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we’re on our own.”
Downloads:
TrueCrypt v7.1 Setup Downloads
- TrueCrypt Setup 7.1a.exe (32/64-bit Windows)
MD5:7a23ac83a0856c352025a6f7c9cc1526
- TrueCrypt 7.1a Mac OS X.dmg
MD5:89affdc42966ae5739f673ba5fb4b7c5
- Truecrypt-7.1a-linux-x64.tar.gz
MD5:bb355096348383987447151eecd6dc0e
- Truecrypt-7.1a-linux-x86.tar.gz
MD5:09355fb2e43cf51697a15421816899be
- Truecrypt-7.1a-linux-console-x64.tar.gz
MD5:eb71d8108afec84d4dc72c523b57763a
- Truecrypt-7.1a-linux-console-x86.tar.gz
MD5:218d80bbe69cb63dba124efb62600e0f
User Guide
- TrueCrypt User Guide.pdf
MD5:60b1ea96c0dcb7238da39844f0c11910
Source Code
- TrueCrypt 7.1a Source.zip
- MD5:
3ca3617ab193af91e25685015dc5e560
- TrueCrypt 7.1a Source.tar.gz
- MD5:
102d9652681db11c813610882332ae48
Conclusion:
- Don’t use AES to encrypt your disk as its the easiest to brute-force.
- Always use a combination of three algorithms with SHA-512.
- Using keyfile by its own without a password is not secure.
- Disable Fire-wire port.
- Use Hidden volumes if possible.
- Use a very strong password and do not share it use keepass to store it.
- Do not cache your True-crypt password and make sure its cleared on dismount or exit on settings.
- On creating a container uncheck the checkbox for “Show” in the last dialog and to wiggle with the mouse at least for 45 seconds.
- Truecrypt was fully audited check updates here final report can be seen here. A good security analysis of TrueCrypt 7.0a can be found here.
- To know more about encryption please read this document.
- VeraCrypt is Truecrypt fork that enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. Veracrypt audit can be found here and I strongly recommend to shift from Truecrypt to Veracrypt.