TrueCrypt
From The Black OP Security Wiki
Main Page >> Tutorial Directory >> TrueCrypt
|
|
Contents |
How To Install Truecrypt
If you have problems with this tutorial - feel free to check out our Support Forums
How To Use The Programmes
Windows : Encrypted Hidden File Containers / devices
Mac OS X : Encrypted Hidden File Containers / Devices
Linux : Encrypted Hidden File Containers / Devices
How It Works
FAQ
Q. Can I trust TrueCrypt?
A. Probably.
TrueCrypt is open source, so it is unlikely that anything compromising
is snuck inside of the program. If you want to be extra safe you should
install it from source.
Q. Is there anything about the background of TrueCrypt that I should know?
A. Yes. For one, no one knows who made TrueCrypt or who is developing it, they keep
their identities secret. I can see reasons for them to do this, but it
is interesting, most security style programs like this have roots in
university programs and are managed by academics. Also, recently people
have reported that if they question TrueCrypt on the TrueCrypt forums,
they are banned / removed. This is horrible 'customer support', but
says nothing about the actual security of TrueCrypt. You should also
know that because the authors of TrueCrypt keep their identities
secret, TrueCrypt has never had a professional encryption
implementation testing institution certify it. It has had some
professional cryptographers back it up though, and also has had some
professional cryptographers criticize it (mostly they are critical of
its plausible deniability, which is often called not that strong). In
general, I think TrueCrypt is probably trustable, and I think it will
provide you with a proper implementation of the encryption algorithms
it uses. I use it myself, and suggest it to people.
Q.Is TrueCrypt plausible deniability really all that it is cracked up to be?
A. TrueCrypt plausible deniability uses steganography, and also a principle of encryption that says encrypted data can not be differentiated from random data. Steganography is generally breakable, meaning usually it is possible to find out data has data hidden inside of it. I think TrueCrypts steganography is better than most, and that properly implemented it will be very difficult to tell that you have a hidden volume. I do think it is possible for this to be determined though, especially through side channel attacks. Even if the adversary can tell you have a hidden volume, you will get major advantages by using one, especially against a jury. Also, keep in mind that most adversaries are not that skillful, even ones you would expect to be. And anyways, it will cost them more money than it would if you didn't use plausible deniability. So although TrueCrypt plausible deniability is not perfect, it is still very good and you should use it.
