Business is booming.

The Fall of TrueCrypt and Rise of VeraCrypt

The researchers advocated free and open-source software, such as VeraCrypt (which is based on TrueCrypt), for the following reasons:

Recently, research was released that demonstrated issues with BitLocker, as well as how it was easy to compromise SSDs that employ hardware encryption to compromise data.

VeraCrypt

The Fall of TrueCrypt and Rise of VeraCrypt

On May 28, 2014, visitors to the TrueCrypt website discovered the following message: ( VeraCrypt )

TrueCrypt development ceased on 5/2014, when Microsoft discontinued support for Windows XP. Windows 8/7/Vista and subsequent versions of Windows have built-in support for encrypted drives and virtual disk images.
Such integrated support is available on other platforms as well (click here for more information). Any data encrypted by TrueCrypt should be moved to encrypted drives or virtual disk images supported by your O.S.

It was an odd message to advise that people should switch to a closed-source and paid solution for an open-source project that supported a broad variety of computer kinds and languages. Bitlocker is part of Microsoft Windows and needs a licence for a version of Microsoft Windows that supports disk encryption. It is a software solution that helps most current P.C.s and is free to use. ( VeraCrypt )

Some basics of encryption

Most encryption employs a secret encryption key that is used both to encrypt and decode data. This is known as private-key encryption, and AES is the most powerful of them (Advanced Encryption Standard).

The key must be kept someplace, usually in a digital certificate that is stored on the computer and may be backed up to a USB drive. Normally, the encryption key is produced by the user when they create a password, which then produces the encryption key. ( VeraCrypt )

Along with this, we must provide the user’s identification and ensure that the data has not been altered. We utilize a hash signature for this, which enables us to generate nearly unique codes for blocks of data. TrueCrypt employs the SHA-512 hashing technique.

A Brief History of TrueCrypt

TrueCrypt is an open-source disk cryptography program that has been maintained by the TrueCrypt Foundation since February 2004. It is available in Microsoft Windows, OS X, Linux, and Android versions, and it supports 30 languages.

David Tesak registered the TrueCrypt trademark in the United States and the Czech Republic, while Ondrej Tesarik registered the TrueCrypt not-for-profit business in the United States. It works by establishing a virtual drive on a computer, after which everything written to the disk is encrypted and then decrypted when the data are read again.

It employs private key encryption using AES, Serpent, or Twofish (or combinations thereof), as well as hash algorithms RIPEMD-160, SHA-512, and Whirlpool. In current systems, AES is regarded as the most secure, while SHA-512 gives cutting-edge signatures.

The encrypted disk lacks a magic number that reveals the existence of TrueCrypt, but forensic analysis may disclose a TrueCrypt boot loader, after which a hacker may attempt various passwords to access the drive.

So what happened?

Internally, with Version 7.1a, there had been a code audit, with a notification on May 28, 2014, that TrueCrypt will be discontinued, along with the release of a version of 7.2. (which was intentionally crippled and contained lots of warnings in the code).

The modified license (TrueCrypt License v 3.1) removed a particular sentence that requires TrueCrypt attribution. Never before in software history has there been such a sudden termination, and the creators did not even desire a fork of their code.

Do you want to know what is better than VeraCrypt? Click here

A recent communication from a TrueCrypt developer (on June 16, 2014) said that they did not want the license to be changed to open-source, and that the code should not be forked.

Backdoor?

Some believe that a code audit was continuing and that an NSA-created backdoor was about to be discovered. Again, a smokescreen was used to steer towards a closed-source alternative, which some believe also contains an NSA-enabled backdoor. Few security experts, particularly those engaged in the development of encryption software, would have advocated Microsoft technology.

The code remains a mystery, however there are some unusual points that provide some hints. One oddity is that “U.S.” has been changed to “United States” in the code, which might indicate an automated search and replace way of updating the code to reflect a prospective change of ownership of the code.

The page built for the re-directed seems to have been made by a total novice, which is another unusual aspect of the post:

Even the Wayback Machine was having difficulty locating the archived pages:

Was it a back door, or was it a flaw, in the same manner that OpenSSL was exposed?

Code bug?

If there is a coding error, the spotlight will most likely focus on one of cryptography’s weak points: the production of a pseudo-random number, which is almost impossible on a computer.

One method is to utilize the time between keystrokes at random for users; however, if an intruder can predict them, they may dramatically decrease the range of numbers used in the cryptography process.

This may have been the code’s Achilles heel, and the audit process could have revealed a defect that others could exploit. In the instance of TrueCrypt, the random number was created by the user dragging a pointer over the screen, and this approach may have caused the issue.

Another potential issue centers on the binary code itself. Even if the source code is bug-free, it will be transformed into machine code, which may disclose vulnerabilities that may be exploited.

Overall, most users will download the binary distribution since building the code from scratch is typically too complex. As a result, there might have been an exploit inside the binary releases that was compromised.

Developers often overlook the fact that their code may be executed under a debugger to see and even alter the code. With the code written for so many platforms, it would have been almost difficult to ensure that the generated code was safe from tampering.

Will it die?

While the license may have barred a fork of the source, new parties operating outside of the U.S. began to reproduce the code in order to bypass licensing concerns. VeraCrypt has been one of the most successful:

The Problems with Disk Encryption

Many people consider disk encryption to be the ultimate form of security, yet it has a number of flaws. These are some examples:

When a person chooses a weak password, it is very simple for an intruder to break since they are constantly trying popular passwords.

VeraCrypt

The encryption key is held in running memory, which is secured while TrueCrypt is operating, but researchers have shown that a warm boot (that is, one that begins with a Ctrl-Al-Del, rather than a power-up) may remove the memory lock and disclose the encryption key.

The encryption keys are in the possession of the domain administrator. Most users in businesses connect to a domain, and the domain administrator usually possesses a copy of the encrypted drive’s encryption keys (and which normally can be used to decrypt the disk if the user forgets their password). The encryption key may be stolen and used to decode the disk if the domain is compromised.

The electronic key must be kept someplace, which is usually on a digital certificate. This is saved on the system and may be broken by brute-forcing the digital certificate’s password.
To find out how TrueCrypt and VeraCrypt safeguard the symmetric key on the disk and connect it to the password, read on: