As most of you know, the encryption program TrueCrypt is no longer supported. Is there anything out there that you would consider the equivalent or better? I’ve got some files (financial, etc.) that I would like to protect, but am unsure it TrueCrypt is still satisfactory for that.
I’ve looked at BitLocker, but am not sure if that would do the job as easily or safely as TC.
Thanks in advance for any advice.
They replaced it by VeraCrypt.
If you just want to encrypt individual files, programs like GPG can do that.
TrueCrypt is just fine to keep using. You want the last version before they crippled it.
Get it here: GRC's | TrueCrypt, the final release, archive
I use TrueCrypt all of the time.
It depends what you are trying to defend against. I use VeraCrypt to encrypt USB memory keys which need to be read on both Macs and PCs. In that case, I’m defending against some random person finding the USB key and trying to read the data. I’ve not seen anything to suggest that VeraCrypt is not suitable for this.
For encrypting the hard disk on Macs and PCs I use FileVault and BitLocker, which are included with the OS. I trust these will protect the data from a laptop thief. I am not convinced these will protect against the government, but that’s not who I’m worried about accessing the data.
CPUs made in the last 10 years or so have hardware accelerated encryption (AES-NI), so I think it is almost always wise to use full disk encryption. The performance penalty is negligible, and it will leave the disk unreadable if, for example, you return it for a warranty replacement.
If your threat model is protecting against another user of the computer, then VeraCrypt virtual images should be fine. Create one, put your sensitive data in it, and then only open it when you need the data.
VeraCrypt is nothing other than a continued development of TrueCrypt.
It’s a new and better incarnation of TrueCrypt. It’s based on the same code, but with all the vulnerabilities fixed, and with various improvements, and ongoing development.
VeraCrypt can now open existing TrueCrypt volumes and (optionally) convert them to VeraCrypt format.
It takes a few seconds longer to mount a volume encrypted with VeraCrypt, due to the increased security, but once it’s open, it functions exactly like TrueCrypt.
VeraCrypt Portable:
You can run both VeraCrypt and TrueCrypt on the same computer - there is no conflict.
My wife got a new Windows 10 machine a couple of years ago, and TrueCrypt wasn’t able to do its whole-disk encryption with Win10.
Also at that time, VeraCrypt was not yet able to do whole-disk encryption, but I believe that’s been added since.
I’m still using TrueCrypt too. It has been thoroughly audited, and the audit found no backdoors and no significant vulnerabilities (I do not have the expertise to interpret the audit report, but prominent security bloggers like Bruce Schneier and Matthew Green have pronounced the program safe to use).
However, I realize it will probably stop working in some future version of Windows. I am still on Windows 7, and I don’t use the whole-disk encryption feature (which was noted above as not working in Windows 10).
The built-in full-disk encryption in Windows (called Bitlocker) is unbroken, fast and perfectly fine to use. For full-disk encryption, I’d recommend using the OS’ version as it’ll be less likely to have compatibility issues.
For what it’s worth, the usage scenarios between file/folder vs full-disk encryption are a bit different.
With full disk encryption, if somebody steals your laptop while it’s on and you’re logged in, your file will be completely unencrypted even if the whole drive was protected by Bitlocker. Once you log in, Bitlocker provides no security.
But if you had separately encrypted your most critical files with a different key, they can’t do anything with the encrypted files even if they stole them right off your unlocked desktop. You would need to encrypt the folder with something else (usually, a distinct passphrase) that’s not tied to your Windows login identity, which automatically unlocks Bitlocker and the built-in Windows file/folder encryption.
As for whether to use VeraCrypt, TrueCrypt, or PGP, or some other widely-available tool (7zip’s AES encryption?), it’s largely an academic question. Generally open-source is considered safer, audited is even better but no promise of anything, all are considered questionable/potentially insufficient against determined state actors, but all are generally “good enough” against just about anybody else, like casual identity thieves. Encryption is just a very good lock, used to encourage hackers to move on to easier targets (of which there are millions) or at least easier methods (call up your bank directly using a spoofed phone number or a fake ID). Just encrypt it with a relatively popular program, a password you’ll remember, and put it in a bank vault or bury it under your grandma’s house or something.