Concerned About The Demise Of Truecrypt? Try This Freebie Instead.

toggle-button

If someone hacks into your computer, or steals it, they can read all of the files stored on it.  Chances are, most of them are totally harmless.  After all, if someone gets to see your family photos or your general documents, it's rarely a problem.  But most people have a handful of confidential files that they'd rather remained private.  Personal documents, perhaps, or financial information, or business dealings, or intimate photos.  

If you have such files on your computer, encrypting them will give you the peace of mind of knowing that, if they were to fall into the wrong hands, chances are they would not be readable.  And yes, I'm well aware that the NSA may be able to break just about every encryption product out there, but it's very unlikely that the type of information you're protecting needs to be safe from the prying eyes of the world's intelligence agencies.  For most people, knowing that the casual hacker or thief can't access your data should be perfectly sufficient.

Until recently, Truecrypt was the freeware encryption product of choice.  It was free, easy to use, and did everything we needed.  Which generally means that it allowed you to create a virtual drive to store all your private files, which only became accessible when you supply the password.  Without the password, the virtual drive is merely a file of gibberish.  Easy to backup, store and transport, which is great, but impossible to make sense of.

For reasons that no one is quite sure of, the developers of Truecrypt recently shut up shop.  It's no longer possible to download the product, except in a form that merely lets you access previously-encrypted files.  So whether you're new to encryption, or you need something in place of Truecrypt, you'll need other software to consider.

I've recently been looking at Cryptainer, from a company called Cypherix.  It works in a very similar way to TC, in that it creates an encrypted container file which, on entering the password, becomes a virtual encrypted drive that you can access through Windows as you would with any other removable device.  The program costs money, but the "LE" version, which lets you create encrypted containers of up to 100 MB, is free.  And if you need more, you can always create more than one container.

If you want to try it, head to http://www.cypherix.com/cryptainer_le_download_center.htm for the 7 MB download.  It runs on Windows XP and above, and is malware- and virus-free according to Web of Trust and VirusTotal.  And if you're still using Truecrypt, it'll happily coexist with that program while you make up your mind on which one to use into the future.

 

 

 

Please rate this article: 

Your rating: None
2.1875
Average: 2.2 (16 votes)

Comments

There is another freeware application, Veracrypt, which is available on Softpedia (reputable site)
Interestingly it looks exactly the same as TrueCrypt

I wouldnt use it, for two reasons
1)Still only on version 1.0, I dont risk any of my data to recently written software
2)There is no evidence that a lot of the code isnt taken directly from TrueCrypt, and so is jut an imitation product. Hard to say

However, is an alternative available

Diskcrypt may be a sufficient alternative, but only if you need to encrypt disk drives. For those people who still want to use truecrypt, it IS still available as a discontinued version. There is version 7.1a and more information in this site. https://www.grc.com/misc/truecrypt/truecrypt.htm

I hope someone does full review on these programs with recommendations as I think we need it urgently. I am not the one to do it as I have only used them rarely. Some points in no order I think are important. There are advantages to open and closed source. Open source is good because we can see if there is a backdoor, I suspect, however, it is simpler to crack if you have the source. DiskCryptor encrypted data with AES-256 while AxCrypt only 128-bit key. Currently, that is not a problem but based on current trends AES-128 will be broken by 2031. There is a 50/50 chance that it will be cracked before that. Some programs like Cryptainer here would not be suitable for many as they have big files, for example, a terabyte hard-drive full of torrent movies or SMB accounting data which are now Gigabyte files. If I lost my laptop with our company's CRM data, I would be in big trouble. Lastly, two functions, I really liked on one such program it put the encrypted files on a special drive which is hidden so someone who was not that good in computers examining the disk would not see them. The other one was if someone put a gun in your head and demanded the password, it had a special password and all they would see was a large data file. You could then say it was a damaged CRM data file from work that I tried to fix.
I don't think that encryption is harder to crack if you have the source. The whole point of *good* encryption is that everyone knows how it works, but everyone also knows that we don't have enough computational power to crack it. You also need to give some though to what you encrypt. A terabyte of movies isn't worth encrypting, frankly. It would take ages, and the risk from not keeping them encrypted is pretty small. As you say, though, the CRM data is another matter entirely. Although it's interesting that you say you'd be in trouble if you lost the laptop. The whole point of encryption is that it gives you the peace of mind to not care whether or not you lose the laptop. If your chosen encryption product doesn't give you that, then you're using the wrong one. Sadly, there are very few reliable free encryption systems for Windows (unless you're a fan of Microsoft's EFS or BitLocker, which I'm not. And BitLocker isn't in the home versions of Windows anyway). In the past I've used a paid-for product called BestCrypt, from Jetico, and I note that they're currently offering a discount for former TrueCrypt users. But it's still around $30 a copy.
I agree with almost all you say except. I am sure it is easier to crack it if you have the source, as you know, exactly what it is doing. And I also agree that it is only a small risk of a terabyte of such movies in countries like Australia and the US, but it's not zero. For example, I remember a case in the US where a woman's hard drive was seized and used in evidence against her in court. Now what about people that travel say to the Gulf States? Do they want to take a risk? What if you did encrypt a file? In many systems, it is fair obvious what the items are? What are you going to do in court if a policeman states to the judge well we cannot read it, but it is clear it is ..... Also what does happen in some countries where readers here live is that the courts/police/customs/tax demand you unencrypt it? There there are criminals too. That why I like the hidden and special password I spoke about, it is hard to find, and if they do find it, well you can say it is an old work related data file.
>> I am sure it is easier to crack it if you have the source, >> as you know, exactly what it is doing. No. Not the case. Everyone knows the source/algorithm behind encryption algorithms such as DES, RSA, AES, Blowfish etc. Everyone knows precisely how the work, and thus why they are secure. Everyone also knows that cracking them is, theoretically, very easy. You just need to throw *vast* amounts of mathematical computing power at them, for many years. Which is beyond the scope of pretty much everyone. That's why they are secure. Consider, on the other hand, a closed-source algorithm. No one except the makers know how it works. So how do we know that the algorithm isn't weak (either deliberately or inadvertently)? Here's an example of why open-source encryption works. Imagine 2 prime numbers, say 7 and 5. Multiply them together and you get 35. By the laws of maths, given 35, there's only 1 pair of prime numbers which can be multiplied to produce that answer. With 35, it's pretty easy to solve with a computer. Now imagine that, instead of 35, I give you a number that's a thousand digits long and ask you to find the 2 prime factors. That's the point. Everyone understands the problem. Everyone knows the maths behind it. Everyone knows that there are no shortcuts or back doors. And everyone knows how difficult it is to solve.
This is partially true. What you have shown is that a good algorithm in an open-source program is better than a weak algorithm in a closed source but if both are equal in strength, the closed source has the advantage that the attempted cracker does not know what it is doing. For example, in one project, I was associated with, what we did was encrypted the files with an inital layer using a weak system that we wrote, this hid many of the files characteristics before we encrypted this file with a strong commercial software package. A closed one can do this, an open one source cannot use a the first layer. There are other tricks you can use too.
AxCrypt has been around for quite a while and gets good reviews.
Yes, I wrote about it here a while ago, in a comparison with TrueCrypt. Guess I need to update that!

IMO, DiskCryptor the is the best free open-source option so far. In fact, it is an enhanced fork of TrueCrypt. Hopefully, it won't face the same problems and conspiracy theories its bigger brother had. It's a great piece of free software and a good alternative to former TC users.

I dispute that most people have a requirement for only small files. Many would have movies and pictures too. My advise would be use an old copy of Truecrypt which are available on the net. Make sure though you get a verified copy using a hash from a few sites.

The trouble with Crypto programs are/is what happens to its development when the author dies in a wreck, retires, or goes out of biz?

Or what happens when Windows puts "poodle-poop" (made up DLL) in the OS and your non-open source crypto program cannot deal with "poodle-poop"? Oops. Broken.

OpenSource is the only way to go. It can never die that way. My 2 cents.

You're quite right about crypto needing to be open source, but for the wrong reason! The best encryption algorithms are those which, despite their precise details being known, still can't be cracked. Only open source can provide this.