With the Truecrypt project abandoned, I see a lot of clamoring in comment sections about suitable alternatives... but confusion as to what is available. This forum post is an attempt to sift through the more popular options, and provide some basic info on their capabilities. I will post audit info as well if I come across any (or if you mention it in a post).
Suggestions are welcome! I will add them to the list in the below format. You can use the template I have below, or just put in a blurb with what you know and I will add it in when I get the chance. ~~~CROSS-PLATFORM OPTIONS~~~ Trupax *Truecrypt compatible Description: Java-based app for creating/managing truecrypt containers; built from the ground up. License: Open-Source, LPGL3 Supported ciphers: AES-256, maybe more via command line Encryption layer: volumes/containers Platform Support:
TruPax allows you to create and extract truecrypt containers, similar to an archiving utility. It does not manage mounting of truecrypt volumes. It also only supports containers with certain formats and algorithms. EncFS Description:Encrypted filesystem that runs in user-space, using FUSE library and Linux kernel modules. Ports are available to other Operating Systems. License: Open-Source, GPL Supported ciphers: AES, Blowfish, others depending on OS Encryption layer: file-based Platform Support:
EncFS works differently from Truecrypt in that it does not encrypt and mount volumes or "containers", but instead watches a designated folder, and encrypts/decrypts the individual files as-needed using your specified key. This makes encrypted content more resistant to bitrot (as one bad bit can destroy an entire truecrypt container). It also makes for a more "cloud-friendly" encryption option, as you will be syncing only modified files and not the entire container. The tradeoff is that others can see how many files are encrypted in your folder (though not their names or contents). Many cloud-based encryption services seem to borrow from encFS in their methodology. How to Encrypt Cloud Storage on Linux and Windows with EncFS Blog post: EncFS & Dropbox for Linux/Android/Windows/MacOSX dm-crypt + LUKS Description: Linux-native disk encryption, a standard option for many Linux distributions. License: Open-Source, GPL Supported ciphers: aes-256, others can be compiled in Encryption layer: block-level, can contain various filesystems Platform Support:
Currently, dm-crypt has limited cross-platform support, but the FreeOTFE program would allow a Windows user to mount a dm-crypt protected thumb drive, as long as the formatting inside was windows-compatible (like Fat32). You can create a truecrypt-style virtual container in Linux via the command line, but the process is not quite as user-friendly. Ubuntu: Encrypted Filesystems on Removable Storage Making a Truecrypt-style container with LUKS GnuPG (GPG) Description: GNU implementation of PGP encryption, and a popular option for encrypting emails. Can also be used to encrypt individual files. License: Open-Source, GPL Supported ciphers: IDEA, 3DES, CAST5, Blowfish, AES-128/192/256, Twofish, Camellia-128/192/256 Encryption layer: file-based, text Platform Support:
There are many options across platforms for encrypting emails with PGP as well as managing keys. There is somewhat less support for encrypting and decrypting individual files on mobile devices. AES Crypt Description: Basic file encryption/decryption tool available on a variety of platforms. License: none found (Free and Open Source) Supported ciphers: AES-256 Encryption layer: file-based Platform Support: (please indicate if support is limited or experimental)
Aes crypt is a basic file encryption/decryption tool. It is a command-line client, with GUI support provided via context menu integration (ie. right-click a file + "encrypt"). This suite would be more suitable for one-off secure file transfer, or deep storage of sensitive files. Files are not encrypted or decrypted in-place; you will be generating a new file that is encrypted/decrypted each time. Boxcryptor Description: A commercial offering with a focus on encrypting local files that are then synced to the cloud storage provider of your choice. Basic version is free; full versions require yearly subscription. License: Commercial Supported ciphers: AES-256 Encryption layer: file-based Platform Support:
There are actually two versions of boxcryptor- the older, "classic" version used encFS under the hood, and could even be used to decrypt existing encFS folders. The new 2.0 version uses something different that is not backwards-compatible. Version 2 also requires a user account, and keys are stored on a Boxcryptor server (enables user/group sharing of encrypted files). Bestcrypt Description: A commercial, cross-platform program that allows you to create and mount encrypted containers similar to Truecrypt. The software is trialware, and currently $60 to buy. License: Commercial, closed-source Supported ciphers: AES-256, Blowfish, CAST, GOST, 3DES, Serpent, Twofish Encryption layer: Volume/File (encrypted containers) Platform Support:
It works very similar to Truecrypt, allowing you to create virtual containers which you then mount like drives. According to its feature list, it supports "Enhanced Hidden Containers" which function similar to Truecrypt's "Hidden Volume" feature. Full disk encryption is provided by a separate product; this one focuses on containers. ~~~OS-SPECIFIC~~~ (under construction, suggestions welcome!) ~~Windows~~ Bitlocker:
EFS:
axcrypt:
~~MacOS~~ FileVault
Espionage
Knox
~~Linux~~ dm-crypt + LUKS:
luksus / tcplay *Truecrypt compatible
realcrypt *Truecrypt-compatible:
ecryptfs:
~~Android~~ Encrypted Data Storage (EDS) *Truecrypt compatible:
Cryptonite *Truecrypt compatible:
|
Last edited by feistypenguin on Tue Jun 17, 2014 2:47 pm
|
Worth a mention, eCryptfs. (Linux specific, as far as I know)
https://help.ubuntu.com/12.04/serverguide/ecryptfs.html And especially, tcplay. (DragonFly BSD and Linux support) https://github.com/bwalex/tc-play
Quote:
tcplay is a free (BSD-licensed), pretty much fully featured (including multiple keyfiles, cipher cascades, etc) and stable TrueCrypt implementation.
|
EncFS seem to have serious issues in its current form according to a security audit. I would not use it as TrueCrypt replacement.
https://defuse.ca/audits/encfs.htm I've been playing with eCryptfs this weekend, and it's something I could use daily. But it need more security audit according to security audit. I wonder what other people's verdict are on eCryptfs. https://defuse.ca/audits/ecryptfs.htm |
It's worth noting for FileVault 2 that it does full disk encryption as well, since you pointed it out for BitLocker.
|
Suggestions added, thanks!
|
Tomb seems the closest to me. Linux-only again, unfortunately. C'mon, it can't be hard to at least get it working on my Mac!
|
Does anyone have an alternative that can do TC's slackspace encryption, where an alternate password will "decrypt" the image with contents that had been stored in the slack space?
I've been looking for something that can do this and is cross-platform. Haven't found a thing. I figure full-volume encryption is already on by default on iOS, is easily doable on Windows, Linux and OS X, so the three categories are: file at rest encryption, file in transit encryption, and plausible deniability encryption/steganography. What I'd really like is a cross-platform solution that can create sliced images, to improve backups/cloud hosting while protecting the files. |
adespoton wrote:
Does anyone have an alternative that can do TC's slackspace encryption, where an alternate password will "decrypt" the image with contents that had been stored in the slack space?.
If you are referring to the "hidden volume" feature of Truecrypt, I'm not aware of any. There may be some on the market, but they are likely proprietary solutions that cost your left kidney and your firstborn. Truecrypt really spoiled a lot of people, because it filled its niche well enough that nobody bothered making anything with comparable features... especially something that was cross-platform. |
I think our work policy is to use the built-in Bitlocker or FileVault, with the employer getting the backup decryption key.
Mine might even be in iCloud. Any enterprise-type or business solution needs to worry a lot more about key management than about the actual encryption. I've lost data before due to lost keys for encrypted backups. Never due to "the bad guys" stealing the data. |
http://support.apple.com/kb/ht5077
http://training.apple.com/pdf/WP_FileVault2.pdf FileVault 2 key management resources |
FreeBSD (only noting the native tools):
http://www.freebsd.org/doc/handbook/dis ... pting.html Of note, zfs can be stacked on top of geli. Geli also supports encrypting the root partition. While I assume the desktop userbase is small, this is handy if you need to encrypt whatever lives on your file server. |
adespoton wrote:
Does anyone have an alternative that can do TC's slackspace encryption, where an alternate password will "decrypt" the image with contents that had been stored in the slack space?
Tomb. It's Linux-only. |
adespoton wrote:
Does anyone have an alternative that can do TC's slackspace encryption, where an alternate password will "decrypt" the image with contents that had been stored in the slack space?
Bestcrypt(Mac/Windows/Linux) has "enhanced hidden containers" that allows alternate password access into a container. I think if you use the 'main' password and edit something in the normal container then hidden part has the potential to be corrupted (but that happens in truecrypt too). https://www.jetico.com/products/personal-privacy/bestcrypt-container-encryption |
im new to all this encryption jazz. how does rohos compare to all these listed programs?
|
Hi, one of the devs of Espionage here, just wanted to mention a few things not listed here about it:
|
"My mom says I'm Awesome."
Ars Legatus Legionis
Tribus: Northwest Soviet Canuckistan
Registered: Nov 29, 2005
Posts: 10960
| |
Since this was necro'd by what I assume is the vendor I might as well ask, has anyone found anything truly good in the last year? Can we vouch for any of the options presented previously?
|
Veracrypt.
|
SecureDoc (Cross Platform on Windows, Mac, iOS and Linux)
Allows for either a Standalone solution or a Managed Solution using a backend server. |
ncrand wrote:
SecureDoc (Cross Platform on Windows, Mac, iOS and Linux)
Allows for either a Standalone solution or a Managed Solution using a backend server. My wifes company uses this. |
Thank for this recopilation. I was tired of using online crypters.
------------------------------------------------------------- anadirrecordatorio.com/ | |
Last edited by freddy mercury on Mon Oct 12, 2015 6:32 pm
|
freddy mercury wrote:
Thank for this recopilation. I was tired of using online crypters
That's basically equivalent to walking up to the NSA office and giving them a hard drive with all your data (unencrypted) and your passphrase, then dropping the above in a parking lot in a sketchy part of town. This is all assuming that the "online crypters" are server side (even so, it's a bad idea). |
"My mom says I'm Awesome."
Ars Legatus Legionis
Tribus: Northwest Soviet Canuckistan
Registered: Nov 29, 2005
Posts: 10960
| |
Anonymouspock wrote:
freddy mercury wrote:
Thank for this recopilation. I was tired of using online crypters
That's basically equivalent to walking up to the NSA office and giving them a hard drive with all your data (unencrypted) and your passphrase, then dropping the above in a parking lot in a sketchy part of town. This is all assuming that the "online crypters" are server side (even so, it's a bad idea). What? |
Adding the entry here since my original post is past-due for edits...
Veracrypt *Truecrypt compatible Description: A fork of Truecrypt 7.1a widely viewed as the successor to Truecrypt, under active development as of 2015. Author has worked on modernizing the app with security fixes and code rewrites, while expanding functionality in other ways. License: Apache 2.0 as of 2015 Supported ciphers: AES, Serpent, Twofish, Cascades Encryption layer: volumes/containers Platform Support:
Notes: Initial versions were not Truecrypt-compatible, but newer versions have re-implemented Truecrypt container support, as well as the ability to convert Truecrypt volumes to Veracrypt format. In its current state, it can function as a drop-in replacement for Truecrypt. |
No comments:
Post a Comment