This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Reviews

Encrypt volumes through a cross-platform GUI with TrueCrypt 5.0

By Luigi Paiella on March 14, 2008 (9:00:00 AM)

Share    Print    Comments   

Last month the TrueCrypt Foundation released TrueCrypt 5.0, which finally introduces a Linux GUI for the cross-platform encryption application. TrueCrypt 5.0's numerous other enhancements include a Mac OS X port, XTS operation mode, the ability to encrypt a system partition or drive under Windows, and the addition of the SHA-512 hash algorithm.

The binary downloads for Linux used to be tailored specifically to each different Linux distribution version, but are now reduced to just two: openSUSE (x86) and Ubuntu (x86). The new TrueCrypt design is no longer affected by upgrades and updates to the Linux kernel. That's good news for users of other distributions as well, who must still manually compile TrueCrypt from source, but won't need to do so after every kernel change.

Installation on Kubuntu 7.10 went flawlessly, but the process doesn't create an item in the KDE menu. It's surprising that a version meant to enhance usability skips that simple step in one of the most-used Linux desktop environments. Similarly, the .tc file extension seems not to be linked to TrueCrypt. Both things happen on Windows by default.

TrueCrypt can create a hidden encrypted volume inside a standard encrypted one. As it's impossible to know if a hidden volume exists (hidden volume data cannot be distinguished from the random data normally filling the free space of a standard encrypted volume), this option helps you in situations in which you may be forced to reveal your password. See also Plausible Deniability in the TrueCrypt documentation.

Once you issue the truecrypt command through a console or by typing Alt-F2, both the main window and a tray icon show up. Creating encrypted volumes is simple. Press the Create Volume button to start the TrueCrypt Volume Wizard, and choose the options presented in the different steps: simple or hidden volume, partition or file container, encryption algorithm type (AES is the default) and hash algorithm (RIPEMD-160 by default), password (for which more than 20 characters is recommended), eventual filesystem options, and format.

TrueCrypt for Linux can encrypt an entire hard disk partition (or entire disk) or a file-hosted volume. Such virtual volumes are stored as a standard file, belonging to any filesystem, but host an independent encrypted virtual disk device.

To access existing volumes, choose one of the free "slots" in the main window (slots correspond to the available unit drive letters on Windows and predefined mounting points in Linux), select the file or partition containing your encrypted volume, and press the Mount button. You'll be prompted for the volume password; insert the standard or the hidden volume password depending on which volume you want to mount. If the volume password is correct, you'll be prompted for the root password.

Since version 4.3a, TrueCrypt no longer supports the set-euid root mode of execution and requires you to enter the administrator password through the sudo command. Although this is helpful from a security point of view, it makes using TrueCrypt on a multiuser workstation difficult. By editing the sudoers file with visudo, you can allow users belonging to a specific group (let's call it, for example, "truecrypt") to execute TrueCrypt with administrative privileges but without knowing the root password. Just insert the following row:

%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt

This method works equally well with the older command-line version. Your mounted volume will then be available in the position /media/truecryptX, where X is the number of the slot you chose at the beginning, unless you specified an existing mount point in the Mount Options page.

Although TrueCrypt 5.0 can open volumes encrypted through 64-bit block-encryption algorithms such as Blowfish, CAST-128, and Triple DES, it doesn't let you create new volumes with algorithms that are weaker than 128-bit block-encryption algorithms such as AES, Serpent, and Twofish.

The speed difference between accessing an on-the-fly encrypted volume and an unencrypted one is evident and particularly noticeable when copying large files on older computers. On an Athlon 1200 system the time required to complete a copy was almost doubled. Nonetheless, even on a so slow computer, you can still watch decrypted-on-the-fly, fullscreen, compressed videos without particular issues.

Once a volume is mounted, you can add it to your favorites. TrueCrypt keeps the volume position and mount point in a Favorites menu so that next time you'll need to provide only the correct password. In addition, you'll be able to mount, dismount, and open your favorite volumes in Konqueror simply through the tray icon's right-click menu.

If you create an encrypted partition or volume on a removable drive, you can access it from a different computer or different operating system (Windows, Mac OS X, and Linux). Of course, you need to be sure that the second operating system supports the filesystems used by the first. TrueCrypt also has a Traveler mode (available for Windows) to automatically start TrueCrypt or mount a specified TrueCrypt volume when the 'traveler disk' is inserted in Windows, without the need of installing the software.

You can still run TrueCrypt's command-line mode in version 5.0 through the -t switch, which needs to be specified as the first option. Unfortunately, the syntax has not been kept consistent with previous versions, and you need to answer more questions, such as what the eventual keyfile and hidden volume will be, before being able to mount your volume. Furthermore, when version 5.0 was first released, trying to use TrueCrypt in a pure console environment, even with the -t option, ended the program with the following error: "Error: Unable to initialize gtk, is DISPLAY set properly?" This was particularly annoying if you had no access to a graphical interface. Luckily, TrueCrypt Foundation corrected that problem one week later with the release of TrueCrypt 5.0a, which lets you use the console version of the utility properly.

The TrueCrypt Web site provides comprehensive documentation (which is almost entirely replicated in a PDF file included in every installation package), a FAQ page, and a forum with a dedicated Linux section. Solutions for distribution-specific issues usually can be found elsewhere on the Web.

TrueCrypt's new GUI proves more effective than the previous command-line version, because the tray icon speeds up the most frequent actions, especially if you automate TrueCrypt startup at login by adding a link into KDE Autostart folder (add the --background-task option to have it iconised by default).

Although TrueCrypt's license is open source but not GPL-compatible, version 5.0a is one of the simplest and safest cross-platform encryption utilities available.

Share    Print    Comments   

Comments

on Encrypt volumes through a cross-platform GUI with TrueCrypt 5.0

Note: Comments are owned by the poster. We are not responsible for their content.

Encrypt volumes through a cross-platform GUI with TrueCrypt 5.0

Posted by: on March 14, 2008 10:20 AM
Its stable program but has a encoder programs. Thanks you.



<a href="http://www.prefabrik.tv">Pre-Fab Prefabrik Production</a>

#

Encrypt volumes through a cross-platform GUI with TrueCrypt 5.0

Posted by: Anonymous [ip: 69.31.47.221] on March 14, 2008 01:08 PM
Truecrypt is a nice encryption app for openSuse and Ubuntu. For Debian and other Debian-based distributions, unless you're a guru, you may be out of luck. I tried compiling it for Etch. It failed. Found that I needed to update wxWidgets iirc. So I googled a bit and found how to do that. Updating wxWidgets broke Konserve (and who knows what else, I haven't figured out what else yet). Tried compiling again, and there was some error related to my 64 bit cpu (AMD). Out of range bounds or something similar iirc. Tried googling for this error and I either couldn't find anything or the procedure to fix it was too complicated for me to follow. So no TrueCrypt for me!



Is it that hard to provide a deb package for Debian? From what I recall reading on distro share, Debian and Debian based distros (compatible to Debian) have a far greater user base than non-compatible to Debian, Ubuntu.

#

Re: Encrypt volumes through a cross-platform GUI with TrueCrypt 5.0

Posted by: Anonymous [ip: 72.222.185.57] on March 17, 2008 04:45 PM
If you are running Debian Etch, go to the TrueCrypts forums (I believe you need an account) and search the Linux groups for Etch.

They give you some simple steps to install the program (well, relatively simple). I did this last week and it works fine.

#

TrueCrypt 5.0 license nightmare

Posted by: Anonymous [ip: 71.211.11.223] on March 14, 2008 03:38 PM
The source license for this package is pretty unweildly. In addition to 5 individual dude licenses embedded in the 4400 word hodgepodge, the main license contains language like this:

5. IF YOU ARE NOT SURE WHETHER YOU UNDERSTAND ALL PARTS OF THIS LICENSE OR IF
YOU ARE NOT SURE WHETHER YOU CAN COMPLY WITH ALL TERMS OF THIS LICENSE, YOU
MUST NOT USE, COPY, MODIFY, CREATE DERIVATIVE WORKS OF, NOR (RE)DISTRIBUTE THIS
PRODUCT, NOR ANY PORTION(S) OF IT. YOU SHOULD CONSULT WITH A LAWYER.

The distribution site forces you to check a "yes I agree" box before you can download the sources, but I'm sure everyone that did had their lawyer review it first. :) I've been looking for a package like Truecrypt, but am staying away from it until this licensing mess is clarified or the ridiculous click through EULA thingy is removed.

#

Re: TrueCrypt 5.0 license nightmare

Posted by: Anonymous [ip: 75.154.97.2] on March 17, 2008 04:05 PM
Neither is likely to happen, the package uses numerous encryption algorithms that each have different licenses. Almost all cryptographic software does.

#

Encrypt volumes through a cross-platform GUI with TrueCrypt 5.0

Posted by: Anonymous [ip: 208.111.201.169] on March 16, 2008 05:38 PM
Put a bit more bluntly than the prior comments, if you are Linux user and are using something other than Suse or Ubuntu you are not going to get this working from Linux machine

A fedora user

#

Installs from .deb file just fine

Posted by: Anonymous [ip: 91.155.1.14] on March 17, 2008 12:59 PM
Hmm? I just downloaded TrueCrypt 5.1 Ubuntu .deb file and it installed fine on Parsix Linux, that is based on Debian testing.
About installing it in Parsix I have some info at:
http://lauri.ojansivu.googlepages.com/parsixlinuxfixes/

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya