TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct encryption key. Until decrypted, a TrueCrypt volume appears to be nothing more than a series of random numbers. The entire file system is encrypted (i.e., file names, folder names, contents of every file, and free space).
This software is highly recommended for securing data on laptops.
TrueCrypt performs the following tasks:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume (steganography) and hidden operating system. 2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
- Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Please Note: According to the programs author, TrueCrypt is not secure because it could contain unfixed security issues, therefore you should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.
As The development of TrueCrypt was ended in 5/2014 you should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
- TrueCrypt volumes can now be created under Linux.
- Ability to create a dynamic container whose physical size (actual disk space used) grows as new data is added to it. (Dynamic containers are pre-allocated NTFS sparse files).
- Volume passwords/keyfiles can be changed under Linux.
- Keyfiles can be created under Linux.
- Volume headers can be backed up and restored under Linux.
- Multiple keyfiles can be selected in the file selector by holding the Control (Ctrl) or Shift key (Windows).
- It is now possible to enable and directly set keyfiles by dragging the icon of keyfile(s) or of keyfile search path(s) to the password entry window (Windows only).
- New Linux command line option: -u, --user-mount, which can be used to set default user and group ID of the file system being mounted to the user and group ID of the parent process. Some file systems (such as FAT) do not support user permissions and, therefore, it is necessary to supply a default user and group ID to the system when mounting such file systems.
- The build.sh script can now perform automatic configuration of the Linux kernel source code, which is necessary in order to compile TrueCrypt on Linux. Note that this works only if the installed version of the kernel enables/supports it.
- TrueCrypt volume properties can be viewed under Linux.
- New Mount Option: 'system'. It is possible to place paging (swap) files on a TrueCrypt volume that is mounted with this option enabled. Thus, it is possible to use TrueCrypt to on-the-fly encrypt a paging file. (Windows, command line usage)
- New Mount Option: 'persistent'. A volume mounted with this option enabled is not displayed in the TrueCrypt GUI and is prevented from being auto-dismounted (Dismount All will not dismount the volume either). (Windows, command line usage)
- It is now possible to mount a single TrueCrypt volume from multiple operating systems at once (for example, a volume shared over network), provided that the volume is mounted as read-only under each system (Windows).
- Current directory is never left set to a removable device after a file (e.g., a container, keyfile, header backup) stored on it is selected via file selector in TrueCrypt. Therefore, it will be possible to Safely Remove the device in such cases. (Windows)
- Improved security of set-euid mode of execution (Linux).
- Other minor improvements
- It is now possible to dismount volumes that cannot be opened (for example, after disconnecting and reconnecting a USB flash drive formatted as NTFS containing a mounted TrueCrypt volume).
- Fixed bug that sometimes caused the mount process to fail under Linux when one or more TrueCrypt volumes were already mounted.
- Command line argument buffer is now wiped upon exit (Windows, command line usage).
- Other minor bug fixes