Second, they’re much easier to use than dedicated encryption programs. First, almost everybody already uses at least one archive program to unzip file downloads. (There’s an academic paper, On the security of the WinRAR encryption feature, but unfortunately it’s at Springer and I don’t fancy paying £29.95 to read it.)Īrchive programs such as WinZip, 7-Zip and WinRAR are not as secure as dedicated encryption programs, but many more people use them to protect files. Both are theoretically impervious to brute force attacks, and reasonably secure from targeted attacks. For example, WinRAR added 128-bit AES encryption while the open source 7-Zip used 256-bit AES encryption. Zip files were relatively easy to crack, but eventually, some archiving programs introduced strong encryption systems. The zipped files were, in effect, encrypted, and if you added a password, then it would be hard for someone else to read them. They also allowed several different files to be combined into a single download. There are dozens of ways to do this, including AxCrypt, CipherShed, PGP (Pretty Good Privacy) via GNU Privacy Guard (GnuPG has a more accessible graphical interface), and your old archiving program.īack in the 1980s, most people started to use file compression programs like PK-Zip, which made files smaller and thus saved disk space. But you’re only using it to protect a few files in Windows. If you were using all TrueCrypt’s features, then replacing it might be a challenge. It could interfere with the UEFI Secure Boot system, leaving these PCs unable to start. However, Windows 8 and Windows 10 preview users should not use TrueCrypt, VeraCrypt and similar products to encrypt their whole hard drive. (Cryptsetup installs on a LUKS or Linux Unified Key Setup partition.) This feature can be replaced by Microsoft’s BitLocker in Windows and Apple’s FileVault in Mac OS X, plus Cryptsetup in Linux, perhaps. TrueCrypt could also encrypt whole hard drives. (For this idea to work, you have to give up something worth encrypting, not cat videos.) If government agents forced you to hand over your password, they would get the fairly valuable data but not all of it. For example, you could have some fairly valuable data in a container while hiding much more valuable data. Off-hand, I can’t think of another free way of doing this, though for Windows 7/8 users, Rohos Mini Drive will create a hidden encrypted partition on a thumbdrive.Īnother important feature was TrueCrypt’s ability to create “hidden volumes”. TrueCrypt also let you create a container file on a USB thumbdrive and plug it into a Windows PC, Mac or Linux box. This made it handy for dispersed groups of developers with different hardware. TrueCrypt’s main appeal was that its encrypted “virtual drives” (container files) were cross-platform, and could be used with Microsoft Windows, Mac OS X and Linux. On the other hand, you don’t seem to be using any of the functions that made TrueCrypt popular, so you could easily switch now. I’m not sure this is allowed by TrueCypt’s license, but the original programmers would probably have to reveal their identities to bring a lawsuit.Īt the moment, VeraCrypt has some momentum, but we don’t know which of the forks will find widespread support. Some other developers are continuing TrueCrypt’s development under different names. If you were starting from scratch, I wouldn’t recommend it, but I think you can continue to use it until you find a good replacement. There doesn’t appear to be an urgent need for anyone to stop using TrueCrypt. The audit identified some glitches, but the Windows code is sound. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” On 2 April, Matthew Green, research professor at Johns Hopkins University, reported that “based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software. However, the TrueCrypt code has now been audited by the independent NCC Group, using crowdsourced funds. Even today, nobody outside TrueCrypt knows what happened. This came just after Edward Snowden’s revelations, so there was a lot of speculation about backdoors, US government pressure, and so on. The unknown developers decided to quit, and changed their home page to say: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” The page then explained how to switch to Microsoft’s BitLocker. TrueCrypt was the most popular encryption program for Windows PCs but, as you know, it closed down last year under very odd circumstances.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |