So long TrueCrypt, what now?

I imagine most people are aware that TrueCrypt shut down mysteriously yesterday, which is funny as I just wrote about them in my previous blog entry about lessons learned from HeartBleed.  There is a lot of speculation right now, and as fun as that is, we don’t know the story yet and may never fully know it. FOSS projects explode for a lot of reasons and we can’t discount government involvement either. From a practical perspective all we can do is move on and adapt.  TC was easy to use, had a friendly GUI, FOSS, and Windows compatible. As for TC replacements with most of these features, lets look at the contenders.

1.  7zip. This is my current favorite for a dumb-down GUI for making encrypted files. No, it won’t make an encrypted volume, but  you can simply create a .7z file with 256-AES encryption and be done with it. I find most people have this installed on their system and IT departments trust it, so there’s very little worrying about the recipient being unable to open the file.  No need to have someone setup a complex gpg setup, exchange keys, etc.  Just pick a nice long passphrase and make sure its at least 15 characters.  The big limit here is no full disk encryption.

2. DiskCryptor. Claims to do full disk encryption. I have yet to test this but it seems to have a decent reputation.

3. AxCrypt.  128-bit AES, very easy to use. Windows only.  Requires admin rights to install/run.  I’ve run this a few times, typically TC was easier and better, but now it seems like a very nice option for Windows users.

4. gpg4win. Looks like someone wrote a Windows front-end for gpg.  I’d love to see everyone migrate to a key-based system like gpg/pgp.

5. FreeOTFE. Can create virtual encrypted disks like TC did.

What I wouldn’t use is Bitlocker, which is what the TC site recommends.  Not only do you need the Enterprise or Ultimate version of Windows for it to work, but it sends your private key to Microsoft for file restore.  Sending your private key to a third-party doesn’t seem very secure to me.  Nor would I continue to use an old version of TC considering the TC devs, or whoever shut down the project, claims its insecure.

If you know of anymore alternatives, please post them in the comments section.

10 Responses

  1. Mr. Goose May 29, 2014 / 9:48 am

    Zulucrpyt would seem an interesting contender for penguinistas. Creates and opens both LUKS and Truecrypt volumes. It is still in its early stages and has some annoying shortcomings. But it is maturing rapidly.

    https://code.google.com/p/zulucrypt/

    • the Z man May 29, 2014 / 11:59 am

      Thanks, this looks nice!

  2. spf May 29, 2014 / 10:30 am

    I’m not sure why you include 7zip in the list… ok you can protect a file or a bunch of files, but it has no option to make a “drive” from a 7z file. I mean the main feature of TC is that you can save files from any software (Word for example) straight into the container. You also can put an run a program into the container (thunderbird with every files and folders related to your emails).
    I don’t see how you can achieve this kind of behavior with 7z !?!

  3. Paul E. Jones May 29, 2014 / 10:31 am

    TrueCrypt is an excellent tool for encrypting drives or creating encrypted files that can be mounted as drives.

    An alternative that only provides file encryption is AES Crypt (http://www.aescrypt.com). It provides 256-bit AES encryption and there are versions for Windows, Linux, and Mac. Plus, it’s all open source. In fact, binaries are not even offered on Linux: one just builds from the source code.

  4. psypher May 29, 2014 / 10:35 am

    How about you actually read that link regarding the bitlocker private key? Uploading the key is only 1 of several options. It’s not required. You can store the key on your domain or on a USB or even a printed hard copy.

  5. Herp Derpington May 29, 2014 / 11:32 am

    Are you suggesting that a luser should rely on microslop for security?

  6. Lupus Yonderboy May 29, 2014 / 1:23 pm

    PGP Desktop

  7. AJ May 29, 2014 / 7:53 pm

    Note: 256-bit AES is less secure than 128-bit AES, per Bruce Schneier. The key “stretching” to create 256-bit actually loses some of the “margin” in AES. Its not insecure, its just less secure.

Comments are closed.