TrueCrypt is a software application used for real-time on-the-fly encryption. It can create a virtual encrypted disk within a file or a device-hosted encrypted volume on either an individual partition or an entire storage device. It supports Microsoft Windows, Mac OS X and Linux and encrypted volumes can be made portable. The version for Windows Vista or XP can encrypt the boot partition or entire boot drive and has the ability to create and run a hidden encrypted operating system whose existence is deniable. TrueCrypt is distributed under the TrueCrypt Collective License.
The individual algorithms supported by TrueCrypt are AES, Serpent and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. The cryptographic hash functions used by TrueCrypt are RIPEMD-160, SHA-512 and Whirlpool.
TrueCrypt currently uses the XTS mode of operation. Prior to this TrueCrypt used LRW which is less secure though more secure than CBC mode (when used with predictable initialization vectors) used by versions 4.0 and earlier.
Although new volumes can only be created in XTS mode, older LRW and CBC legacy TrueCrypt volumes can still be mounted.
TrueCrypt supports both pipelined and parallelized read and write operations and utilizes an assembly implementation of AES which almost doubles performance compared to the previous implementation of this algorithm, which was coded exclusively in C.
Using TrueCrypt on a drive may decrease performance due to the encryption overhead, but there have been reports that in some scenarios, encrypting a drive with TrueCrypt 5.0 or later may increase drive performance slightly due to pipelining affecting the way read and write operations are performed.
TrueCrypt's hidden volume deniability features may be unintentionally compromised by third party software which may leak information through temporary files, thumbnails, etc, to unencrypted disks. In a recent study, Windows Vista, Microsoft Word and Google Desktop were evaluated and found to have this weakness. In response to this, the study recommends using the hidden operating system feature now available in TrueCrypt versions 6.0 and later. However, the security of this feature was not evaluated because it had not yet been released at the time.
There is a software named TCHunt, available in beta, that can detect volumes created by any version of TrueCrypt since 1.0.
The TrueCrypt Collective License is considered "non-free" (based on the Debian Free Software Guidelines) because its license has an "advertise-me" clause (similar to the type that caused the XFree86/X.Org split) that requires TrueCrypt to be named in any derivative work.
According to the TrueCrypt website the following features are planned for future releases:
TrueCrypt is based on Encryption for the Masses (E4M), a popular open source on-the-fly encryption (OTFE) program first released in 1997. However, E4M was discontinued in 2000 as the author, Paul Le Roux, began working on commercial OTFE software.
|Version||Release Date||Significant Changes|
|1.0||February 2, 2004||Initial release. Featured support for Windows 98, ME, 2000 and XP. Added plausible deniability for containers (although due to its simplistic nature, the practical value of the "plausible deniability" offered in this version is debatable ), and various bugfixes and improvements over E4M.|
|1.0a||February 3, 2004||Removed support for Windows 98 and ME because the author of the Windows 9x driver for E4M (the ScramDisk driver) gave no permission that would allow his code to be used in projects derived from E4M.|
|2.0||June 7, 2004||Added AES algorithm. Release made under the GNU General Public License, and signed as the TrueCrypt Foundation – previous versions were signed by TrueCrypt Team.|
|2.1||June 21, 2004||New release due to licencing issues relating to the GNU General Public License. This release was made under original E4M license.|
|2.1a||October 1, 2004||Removed IDEA encryption algorithm. Version released on SourceForge.net, which became the official TrueCrypt domain. The official TrueCrypt domain moved back to truecrypt.org again at the beginning of May 2005, and the SourceForge website redirects to there.|
|3.0||December 10, 2004||Added hidden volume support for containers. Added the Serpent and Twofish algorithms, along with cascaded cipher support.|
|3.1||January 22, 2005||Added portable "Traveller mode", along with new volume mounting options such as being able to mount as "read only".|
|4.0||November 1, 2005||Added support for Linux, x86-64, Big Endian machines, Keyfiles (two-factor authentication), the Whirlpool hash algorithm and language packs.|
|4.1||November 25, 2005||Added LRW mode, which is more secure than CBC mode for on-the-fly storage encryption. LRW mode also neutralized an exploit that could (under certain circumstances) be used to compromise the plausible deniability of a TrueCrypt volume by allowing it to be distinguished from random data.|
|4.2||April 17, 2006||Added various features to the Linux version, such as the ability to create volumes, change passwords and keyfiles, generate keyfiles and backup/restore volume headers. In the Windows version, it introduced support for dynamic (sparse file) volumes.|
|4.3||March 19, 2007||Added support for Windows Vista, support for file systems using sector sizes other than 512 bytes. This release phased out support of 64-bit block ciphers, disallowing creation of new containers using the Blowfish, CAST-128 or Triple DES algorithms.|
|5.0||February 5, 2008||Introduced XTS mode of operation. Added Mac OS X support, Linux graphical interface and Windows system disk encryption with pre-boot authentication, ability of creation of hidden volumes within NTFS volumes, but removed the ability to create hidden volumes on Linux, use the tool on a non-gui console and the ability to create encrypted partitions from the text mode. Encrypting the system volume for Windows 2000 is no longer supported. Encrypting containers and non-system volumes is still supported, however.|
|5.1||March 10, 2008||Added support for hibernation on Windows computers where the system partition is encrypted, the ability to mount a partition in Windows that is within the key scope of system encryption without pre-boot authentication, and added command line options for creating new volumes in Linux and Mac OS X. This version also reduced the minimum memory requirements for the TrueCrypt Boot Loader (AES) from 42 KB to 27 KB in Windows and included significant improvements in AES encryption/decryption performance.|
|6.0||July 4, 2008||Parallelized encryption/decryption on multi-core processors (or multi-processor systems). Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors. Ability to create and run an encrypted hidden operating system whose existence is impossible to prove. Ability to create hidden volumes under Mac OS X and Linux.|
|6.1||October 31, 2008||Ability to encrypt a non-system partition without losing existing data on the partition (in place encryption) on Windows Vista and Windows 2008. Added support for security tokens and smart cards. TrueCrypt bootloader now customizable. Pre-boot passwords can now mount non-system volumes. Linux and Mac OS X versions can now mount an encrypted Windows encrypted system drive.|
|6.1a||December 1, 2008||Minor improvements, bug fixes, and security enhancements.|