|
SEALED TIGHT
TrueCrypt is not currently geared toward the enterprise, but if you are concerned about sensitive business and personal data, or aren't satisfied waiting for corporate to roll out a commercial solution, TrueCrypt is a worthy alternative.
While it lacks the central management, key management, reporting, access control features and scalability of enterprise commercial products, it's suitable for small office or workgroup scenarios. Multiple users can share access to encrypted data by presenting keyfiles in addition to their passwords. You can create any number of keyfiles using TrueCrypt's random number generator.
While not necessarily enterprise-ready, True-Crypt's use of cryptographic algorithms and encryption methodology is comparable to its commercial counterparts and may be easier to use.
The mode of operation TrueCrypt uses for encrypted partitions, drives and virtual volumes is XTS, a variant of Phillip Rogaway's XEX mode. XEX mode uses a single key for two different purposes, while XTS mode uses two independent keys, specifically, its own secret key, or "tweak key," that is independent from the primary encryption key. "Tweak" refers to a block cipher that can accept a second input (the tweak) in addition to its plaintext or ciphertext input. The tweak, along with the key, selects the permutation computed by the cipher. XTS mode is the IEEE 1619 standard for cryptographic protection of data on block-oriented storage device...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
s as of December 2007.
Encryption algorithms include AES, Serpent and Twofish, while ciphers can be cascaded, that is, used in combination--AES-Twofish, Serpent-Twofish-AES, etc. For example, a 128-bit block is first encrypted in Twofish (256-bit key), then with AES (256-bit key).
Hash algorithms, which include RIPEMD-160, SHA-512 and Whirlpool, are utilized during volume creation, password changes and keyfile generation.
All these hash algorithms are considered secure, given that it is computationally infeasible to find the message that produced the message digest. However, SHA-512 and Whirlpool meet NESSIE (New Euro-pean Schemes for Signatures, Integrity and Encryp-tion) standards because they are collision resistant, while RIPEMD-160 does not meet NESSIE standards because its output is only 160 bits.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
TrueCrypt allows three basic volume choices: a file container, partition or whole disk.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
|
 |
|
