TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct encryption key. Until decrypted, a TrueCrypt volume appears to be nothing more than a series of random numbers. The entire file system is encrypted (i.e., file names, folder names, contents of every file, and free space).
This software is highly recommended for securing data on laptops.
TrueCrypt performs the following tasks:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume (steganography) and hidden operating system. 2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
- Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Please Note: According to the programs author, TrueCrypt is not secure because it could contain unfixed security issues, therefore you should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.
As The development of TrueCrypt was ended in 5/2014 you should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
- Full compatibility with 32-bit and 64-bit Windows Vista:
- Support for User Account Control (UAC).
- All .sys and .exe files of TrueCrypt are now digitally signed with the digital certificate of the TrueCrypt Foundation, which was issued by the certification authority GlobalSign.
- When moving the mouse on a single-CPU computer while reading or writing data to a TrueCrypt volume, the mouse pointer stopped moving for a second every few seconds. This will no longer occur. (Windows Vista issue)
- Other minor compatibility-related changes.
- TrueCrypt volume is automatically dismounted if its host device is inadvertently removed.
Important: You should always dismount the volume in TrueCrypt and then use the "Safely Remove Hardware" function (built in Windows) before you physically remove the host device (e.g. a USB flash drive).
- Support for devices and file systems that use a sector size other than 512 bytes (e.g., new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.)
- Support for devices with a GPT partition table (GUID partitions). (Windows Vista/2003/XP)
- After a partition is successfully encrypted, the drive letter assigned to it (if any) is automatically removed. (Windows)
- Volume name (label) is displayed in device/partition selector. (Windows)
- New hotkey: 'Wipe Cache'. (Windows)
- New command line switch '/q background' for launching the TrueCrypt Background Task. (Windows)
- Portions of the TrueCrypt device driver redesigned.
- Maximum allowed size of FAT32 volumes increased to 2 TB (note that NTFS volumes can be larger than 2 TB).
- Traveller Disk Setup improved. (Windows)
- Volumes hosted on read-only media will always be mounted in read-only mode. (Windows)
- Improved support for big-endian platforms.
- Other minor improvements (Windows and Linux)
- The built-in FAT format facility now functions correctly on big-endian platforms.
- Improved handling of partitions and devices during volume creation. (Windows)
- Improved handling of low-memory conditions. (Windows)
- Fixed bug that rarely caused system errors when dismounting all volumes. (Windows)
- Tray icon is recreated when Windows Explorer is restarted (e.g. after a system crash).
- Other minor bug fixes (Windows and Linux)
- Improved security of set-euid mode of execution. Volume can be dismounted only by the user who mounted it or by an administrator (root). (Linux)
- It is no longer possible to create new volumes encrypted with 64-bit-block encryption algorithms (Blowfish, CAST-128, and Triple DES). 64-bit block ciphers are being phased out. It is still possible to mount such volumes using this version of TrueCrypt. However, it will not be possible to mount such volumes using TrueCrypt 5.0 and later versions (this applies also to volumes encrypted with AES-Blowfish and AES-Blowfish-Serpent, which have been in the process of being phased out since TrueCrypt 4.1). If you have such a volume, we recommend that you create a new TrueCrypt volume encrypted with a 128-bit-block encryption algorithm (e.g., AES, Serpent, Twofish, etc.) and that you move files from the old volume to the new one.