TrueCrypt has died, nearly. And may be for good. But its alternatives are there.
The use of Laptops, mobile phones, and USB flash drive is more common than ever. Especially during a time when everyone is on the go making these devices extremely popular amongst people in business and the general public alike.
Those systems typically contain vast quantities of often exposed, confidential details. Should this data get into the hands of harm, it could lead to the unauthorized publication of confidential, classified, or sensitive data, theoretically affecting the organizations involved with a loss of Billions of dollars.
There is one solution to all these issues, which is encryption. This brings us to our discussion topic if you are any familiar with encryption you’d have heard of TrueCrypt, the most popular encryption software since 2004 until its demise under than hands of multiple circumstances.
Software such as TrueCrypt is primarily used for building encrypted partitions on any provided hard drive. Besides, they are often used to create simulated encrypted disks that reside in a given format.
If a user has completed the encryption operation, no one can access the encrypted data stored on any given partition without the required password, which only the user can access. These features led to TrueCrypt’s popularity at the time of its initial release in 2004.
Many of you may believe you are doomed as TrueCrypt is no longer; that is not necessarily true TrueCrypt is gone, but there is nothing to worry about. This article will also discuss the alternatives to Truecrypt that provide services similar to TrueCrypt.
What went wrong with Truecrypt?
Most of us recognize TrueCrypt as a fantastic free and, most notably, an open-source hardware encryption utility. In 2004 what the service TruCrypt had to offer was introduced.
However, TrueCrypt did not make it past its 10th anniversary and was discontinued in 2014. But no one knows why, to some extent, it is because the developers have remained anonymous. No announcement has ever been released.
What accounted for TrueCrypt’s popularity was that it could build encrypted partitions on any provided hard drive. Also, companies would use it to create virtual encrypted disks that reside in a given file.
If a user has completed the encryption process, no-one can access the encrypted data stored on any given partition without the required password. Additionally, it was available for use on almost all popular Operating systems such as Windows and Mac OSX.
To some degree, people assume that the explanation for the end of TrueCrypt’s reign is partly to be blamed or to be praised for by Google’s Project Zero security team. The team found not only security loop-holes but also bugs that were unknown to the general public in TrueCrypt’s encryption algorithm.
A 77-page study from the Fraunhofer Institute for Secure Information Technology in 2015, which conducted a systematic audit of TrueCrypt’s latest stable version, found that the software is considered fit to encrypt specific drives, specifically data encryption on an external hard drive or USB drive.
It means that if present on an external hard drive, the encrypted data was reasonably secure. However, TrueCrypt was not given the green light for encryption if the encrypted data remained on a fixed drive or the system’s main memory.
The bottom line is TrueCrypt is gone, it is no longer being maintained, i.e., not being checked for bugs and fixed accordingly. And because of that, the key can be retrieved from the unmounted drive and used later to decrypt data.
Moreover, the source files are no longer being provided by the developers; this means that you can now only download through piracy, which has flaws ranging from the file being corrupted to being infected by malware.
Is it still safe to use TrueCrypt?
What you must question at this point is the potential risk of continuing using TrueCrypt and whether if it is still safe to use TrueCrypt.
As mentioned earlier, TrueCrypt got discontinued in 2014, which means it’s been more than five years since its development decided to change anything related to the faults and bugs within the software.
Not only has it not been maintained, but it is also no longer available to download from the source, this means the only way you’ll now be able to access the files for your use is through pirating.
Pirating comes with its cons, as mentioned earlier. Another alternative method to pirating is using the GitHub repository, which claims to be a legit version of TrueCrypt Download 7.1. However, it is still all talk from The Open Crypto Project as there is no evidence backing up this claim.
TrueCrypt may still be of some use to you if you are using the original files that you have had since before the discontinuation. And this, too, is limited to being useful if you are using it to encrypt data on external drives, and your system is reasonably old.
Bottom line, is it safe to use TrueCrypt? Both yes and no, it all depends on what system you are using it on, what drive you are encrypting, and if you are willing to put your data at risk of being corrupted through pirated source files. Want our advice? Do not continue using TrueCrypt any further unless you utilize it to migrate existing data encrypted by TrueCrypt.
Top 3 encryption methods
1. Full-disk encryption
Many operating systems store temporary files/swap partitions on hard drives, and because these files hold confidential data, a variety of issues occur if they are compromised.
A potential alternative is for the whole hard drive to be encrypted. Full Disk Encryption (FDE) methods, often known as “On-Disk Encryption” or “Complete Disk Encryption,” operate by encrypting every single piece of data on a storage system that exists.
The full-disk encryption method usually encrypts the entire content of a disk or volume and decrypts / encrypts it after a key has been issued during usage. That ensures the data is safe from circumstances such as failure of the laptop/disk or hacking where the data will be encrypted, and a key to decrypt will be needed.
This type of encryption, however, makes your data vulnerable. If the device is logged into or the data is being sent through an email, you cannot provide any form encryption.
2. Single-user file/folder level encryption
Most encryption programs are capable of creating an encrypted internet drive; this is precisely what is done in folder level encryption. The virtual disk is an encrypted file that looks like another drive that is already a part of your device, and this allows the user to open and transfer files in an encrypted region with ease.
This encryption method is useful when you want to protect a single file and folder rather than your whole disk, such as a folder containing sensitive information that you can only access if your device were to be stolen.
3. Multi-user file/folder level encryption
Much similar to the single-user file encryption, multi-user file/ folder level encryption also creates a virtual drive in which encrypted files can be kept. The only difference is that this mode of encryption allows multiple users to access encrypted information simultaneously.
If not all users have the encryption program installed, this methodology can get complicated. That is why paying serious consideration is extremely important. Otherwise, this may cause users to access encrypted data or lead them to think they have encrypted information when they have not falsely.
The types of encryption most widely known and used are:
5 best TrueCrypt alternatives
TrueCrypt has not been patched even once in recent years, and it is no longer publicly available for download. So, what are your options? There are many alternatives to TrueCrypt that provide services similar to TrueCrypt, if not better.
Your choice of an alternative will depend widely depending on whether you want full-disk encryption, Single-user file/folder level, or Multi-user file/folder level, what operating system you are using, etc.
VeraCrypt can manage about anything you throw at it; it is free, open-source, and multiplatform. It is a fork of TrueCrypt. A project fork occurs when programmers take a copy of the source code from a specific software platform and start working independently on it, making a new software piece.
VeraCrypt works based on supporting AES (advanced encryption standard), TwoFish, and Serpent encryption ciphers. VeraCrypt allows full disk encryption, including device drive encryption, along with encrypting volumes within volumes.
VeraCrypt not only works on all operating systems and their versions, but it also stands as one of the best TrueCrypt Mac alternatives for Apple fanatics.
VeraCrypt is marginally slower in terms of starting and opening containers than TrueCrypt, but it does not hinder the use of apps anyway. You navigate through VeraCrypt’s official website to read over all the latest features it provides. There is also a separate page where the VeraCrypt team explains how different their app is than TrueCrypt.
To keep sensitive files and data security or to encrypt the whole system, Veracrypt is the versatile go-to option. It can encrypt both volume encryption and on-the-fly encryption, so that only approved users can access them, making VeraCrypt the most popular reached out to software after TrueCrypt.
Bitlocker is Microsoft’s very own encryption tool. It is not open-source and only be run on Windows Ultimate, Pro, or Enterprise versions.
Just as VeraCrypt Bitlocker also supports advanced encryption standard. It is mainly used for full-disk encryption to protect your entire computer and not just individual files. It also works for encrypting a virtual drive or other volumes that can be used and viewed like every other drive on your computer.
One downside of Bitlocker is that not everybody has access to the Windows models of Pro or Enterprise, which renders Bitlocker a no-hope for many. If you have home versions for Windows, you would have to give up the thought of using Bitlocker altogether.
DiskCryptor, much like TrueCrypt, is a free, open-source file and drive encryption program. As with TrueCrypt, DiskCrypror would encrypt all of your data, system drives alongside other external devices, such as CD and USB drive.
It’s similarities to TrueCrypt can be credited back to the fact that a former TrueCrypt user developed it. And as with TrueCrypt, it has been discontinued. However, you can still download it through SourceForge.
DiskCryptor was incredibly fast and convenient to use. It did not use a lot of computing power and encrypted files much more quickly than TrueCrypt would. Similarly to VeraCrypt, DiskCryptor encrypts your data with multiple encryption algorithms, including Advanced Encryption Standard, Serpent, and Twofish, for increased security.
The main downside to DiskCryptor was that while it is open-source, close to none individuals or organizations had conducted any kind of security analysis on it.
CiperShed had its humble beginnings as a fork of TrueCrypt. CipherShed can be downloaded for different operating systems, such as Windows, Linux, and Mac OS X. Although to use it on Linux and Mac, you would have to compile the program.
The first non-alpha version was released this year in February. After its initial release in 2016, CipherShed’s progress has noticeably lagged in comparison to VeraCrypt, since there was no official release following v1.0.
CipherShed offers most, if not all, resources close to VeraCrypt, despite how slow its growth is.
Next on our list of TrueCrypt alternatives is also an open-source, cross-platform per-file encryption software that secures files by supporting AES and requires zero configurations. Simultaneously, Windows users can enjoy a free version; on the other hand, users with OS must get a premium edition, retailing at USD 35 annually.
For encrypting a file using AxCrypt, you simply have to right-click the file and pick the encrypt option. And voila! Your file will get encrypted with AES–128-bit encryption automatically. This is the most straightforward encryption software to use amongst all mentioned in this list.
This also means that Axcrypt does not provide the feature of full drive encryption. A major downside to using AxCrypt is that you miss out on cross-platform compatibility if you are availing the free version. However, this can easily be solved by opting for the premium version to test your money’s worth; you get a 30 days free trial.
Using a VPN for encrypting transiting data
Is disk encryption enough to secure your files being sent via email? The straightforward answer is no. Disk encryption protects your data only while it resides on your device or hard drive, but does not secure it when transmitted over the internet. You are going to need a VPN (Virtual Private Network) for that.
Data in transit is encrypted and indecipherable when using a VPN. Hackers typically use some kind of network sniffer to sniff networks for usernames and passwords, which means your data is at risk of theft at all times; however, with using a VPN, you ensure the security of your data.
A VPN operates by redirecting your system’s internet connection through your choice of VPN selected server instead of going through your internet service provider. That makes it seem your data is being transmitted from the VPN instead of your system. You could be in the United Kingdom and using an IP address found in the United States. Basically, by adopting a VPN, you are hiding in plain sight.
Now that we are aware that VPNs provide us with a new IP address and transmit our online traffic through an encrypted tunnel, we should be able to see all VPNs are not equally generated. A VPN can have various speeds, capabilities, or even vulnerabilities depending on the protocols it uses.
You should only use a VPN that is tested to be secure. Overall, pick a VPN service provider that supports VPN protocols like IKEv2, SoftEther, and OpenVPN, and ciphers like Camilla and AES and Camilla. You may also idealize VPNs that offer handshake encryption, such as RSA-2048 and authentication encryption, over 256 bits.
To save yourself heaps of time and energy, you can turn to our 10 best VPNs page; it features the top secure and reliable providers out there. Of course, you are welcome and encouraged to do your very own research before settling with a VPN.
While TrueCrypt is gone, there are many alternatives to TrueCrypt that provide services similar to it. Your choice of a resort or even for first-time use can be found but is not limited to this list.
When it comes to disk encryption, plausible deniability refers to the fact that no one can prove that there is any form of encrypted data on your computer. That is because encrypted data looks the same as no data at all – it is all hidden in plain sight.
We recommend using one of these Truecrypt alternatives (or other encryption software of your choice) to secure your data.
But note that there is still considerable debate on whether encryption can be used to claim plausible deniability in the court of law.
Do not choose your encryption software based on its plausible denial mechanism. It is like having a great strategy but weak gameplay and can result in the whole game going into the gutter.
Images via Pixabay.