TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct encryption key. Until decrypted, a TrueCrypt volume appears to be nothing more than a series of random numbers. The entire file system is encrypted (i.e., file names, folder names, contents of every file, and free space).
This software is highly recommended for securing data on laptops.
TrueCrypt performs the following tasks:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume (steganography) and hidden operating system. 2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
- Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Please Note: According to the programs author, TrueCrypt is not secure because it could contain unfixed security issues, therefore you should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.
As The development of TrueCrypt was ended in 5/2014 you should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Ability to encrypt a non-system partition without losing existing data on the partition. (Windows Vista/2008)
Note: To encrypt a non-system partition in place, click 'Create Volume' > 'Encrypt a non-system partition' > 'Standard volume' > 'Select Device' > 'Encrypt partition in place' and then follow the instructions in the wizard. Please note that this is not supported on Windows XP/2000/2003 as these versions of Windows do not natively support shrinking of a filesystem (the filesystem needs to be shrunk to make space for the volume header and backup header).
Support for security tokens and smart cards (for more information, see section Security Tokens and Smart Cards in chapter Keyfiles).
The TrueCrypt boot loader can be prevented from displaying any texts (by selecting Settings > System Encryption and enabling the option 'Do not show any texts in the pre-boot authentication screen').
The TrueCrypt boot loader can now display a custom message (select Settings > System Encryption and enter the message in the corresponding field) either without any other texts or along with the standard TrueCrypt boot loader texts.
Pre-boot authentication passwords can now be cached in the driver memory, which allows them to be used for mounting of non-system TrueCrypt volumes (select Settings > System Encryption and enable the option 'Cache pre-boot authentication password').
Linux and Mac OS X versions: The ability to mount a Windows system partition encrypted by TrueCrypt and to mount a partition located on a Windows system drive that is fully encrypted by a Windows version of TrueCrypt.
Protection against memory corruption caused by certain inappropriately designed versions of some BIOSes, which prevented the pre-boot authentication component from working properly.
During the process of creation of a hidden operating system, TrueCrypt now securely erases the entire content of the partition where the original system resides after the hidden system has been created. The user is then prompted to install a new system on the partition and encrypt it using TrueCrypt (thus the decoy system is created).
Note: Although we are not aware of any security issues (connected with decoy systems) affecting the previous versions of TrueCrypt, we have implemented this change to prevent any such undiscovered security issues (if there are any). Otherwise, in the future, a vulnerability might be discovered that could allow an attacker to find out that the TrueCrypt wizard was used in the hidden-system-creation mode (which might indicate the existence of a hidden operating system on the computer) e.g. by analyzing files, such as log files created by Windows, on the partition where the original system (of which the hidden system is a clone) resides. In addition, due to this change, it is no longer required that the paging file is disabled and hibernation prevented when creating a hidden operating system.
Many other improvements. (Windows, Mac OS X, and Linux)
Many minor bug fixes and security improvements. (Windows, Mac OS X, and Linux)