TrueCrypt an open source laptop encryption choice for SMBs


This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."

Download it now to read this article plus other related content.

TrueCrypt is not currently geared toward the enterprise, but if you are concerned about sensitive business and personal data, or aren't satisfied waiting for corporate to roll out a commercial solution, TrueCrypt is a worthy alternative.

While it lacks the central management, key management, reporting, access control features and scalability of enterprise commercial products, it's suitable for small office or workgroup scenarios. Multiple users can share access to encrypted data by presenting keyfiles in addition to their passwords. You can create any number of keyfiles using TrueCrypt's random number generator.

While not necessarily enterprise-ready, True-Crypt's use of cryptographic algorithms and encryption methodology is comparable to its commercial counterparts and may be easier to use.

The mode of operation TrueCrypt uses for encrypted partitions, drives and virtual volumes is XTS, a variant of Phillip Rogaway's XEX mode. XEX mode uses a single key for two different purposes, while XTS mode uses two independent keys, specifically, its own secret key, or "tweak key," that is independent from the primary encryption key. "Tweak" refers to a block cipher that can accept a second input (the tweak) in addition to its plaintext or ciphertext input. The tweak, along with the key,

    Requires Free Membership to View

selects the permutation computed by the cipher. XTS mode is the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices as of December 2007.

Encryption algorithms include AES, Serpent and Twofish, while ciphers can be cascaded, that is, used in combination--AES-Twofish, Serpent-Twofish-AES, etc. For example, a 128-bit block is first encrypted in Twofish (256-bit key), then with AES (256-bit key).

Hash algorithms, which include RIPEMD-160, SHA-512 and Whirlpool, are utilized during volume creation, password changes and keyfile generation.

All these hash algorithms are considered secure, given that it is computationally infeasible to find the message that produced the message digest. However, SHA-512 and Whirlpool meet NESSIE (New Euro-pean Schemes for Signatures, Integrity and Encryp-tion) standards because they are collision resistant, while RIPEMD-160 does not meet NESSIE standards because its output is only 160 bits.

TrueCrypt allows three basic volume choices: a file container, partition or whole disk.

This was first published in November 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: