Replacement for TrueCrypt in Win 7 Pro

[pete barnes]

Now that TrueCrypt has (apparently) taken itself off the market for securing Win7 Pro PCs (or any other system for that matter), and since MS BitLocker is not supported for Win7 Pro, what options are available for using encryption to secure data and hardware, including HDDs etc. for a Win7 Pro system? All I really want to do is to be able to encrypt entire HDDs/volumes as well as files, folders, etc. on my own PC, I do not need any remote functionality beyond use for local memory sticks and local external backup HDDs; but I do run a WinXP VM on my system so TC is nice to have for that as well.

Any help? That is, any help that won't require me to buy an Ultimate upgrade (which I have no use for), or some expensive 3rd-party software?

Thanks
Pete B

 

[OvenMaster]

There's nothing wrong at all with continuing to use TrueCrypt version 7.1a. It still works just fine.

A lot of people panic and start to think that just because something isn't developed anymore, or temporarily taken off the market, so to speak, that it's suddenly compromised or no longer works. TrueCrypt version 7.1a has been available and unchanged for the past 27 months... because there's no reason to change it or fix it. If you're using it, keep on using it. I know I will.

https://www.grc.com/misc/truecrypt/truecrypt.htm

 

[GD4E1]

I use truecrypt, but I extensively use another program too, ' cryptbox', it also has the option to encrypt system partitions and create safes a lot like truecrypt, however it is only limited to AES-128 or AES-256, not multiple algorithms like truecrypt

 

[pete barnes]

There's nothing wrong at all with continuing to use TrueCrypt version 7.1a. It still works just fine.

A lot of people panic and start to think that just because something isn't developed anymore, or temporarily taken off the market, so to speak, that it's suddenly compromised or no longer works. TrueCrypt version 7.1a has been available and unchanged for the past 27 months... because there's no reason to change it or fix it. If you're using it, keep on using it. I know I will.

https://www.grc.com/misc/truecrypt/truecrypt.htm

Well, thanks, but no thanks, I think. You should read the following from Ars Technica:

Law & Disorder
“TrueCrypt is not secure,” official SourceForge page abruptly warns
by Dan Goodin
One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use.
Read More


When it comes to matters of encryption of data, that warning is sufficient for me to rule out further use of the TC software. This is the same reason one never trusts a home-grown custom security program that someone claims is their own absolutely secure design: there are people out there who dedicate their whole life to cracking the encryption of such software, and I cannot afford to take the chance that the TC is still safe after a warning posted on the TC official website explicitly states oitherwise. Any decent book on encryption will tell you the same thing.

Now, I suspect this was all attributable to the MS decision to end support for MS versions of Windows earlier than Vista, mainly WinXP which still has more users than any other Win OS version, but is no longer being kept secure by MS.

The real problem is that MS did not provide for secure deployment of BitLocker in any version of Win7 other than Ultimate and Enterprise. Although the BL service can be activated for Win7 Pro, it does not have the public/private key services needed to make it work securely, so that option is no good either.

I suppose I could just buy a third-party encryption package, but if I am going to do that, I might as well just shell out my money to upgrade to Win7 Ultimate instead, even though I do not need anything else in that version that I do not already have in Pro.

Thanks for the reply
Pete B

 

[Alejandro85]

TrueCrypt is still a pretty safe alternative, as research shows. It's very rare the message on their homepage, but saying that "it's not safe anymore" is a bit drastic. To me, it appears some sort of self-FUD, the same that MS made to lure users away from XP.

Anyway, serious, independent research has been performed on TrueCrypt, at least on their 7.1a version (the latest before their shutdown). Look here:
Is TrueCrypt Audited Yet?

That link shows a complete work analyzing both the source and behaviour of TrueCrypt, and in it's conclusions, it draws that, while it has bugs, they're of minor to medium severity only. An extensive report is available there too.

While not being maintained anymore is for sure a big con, I don't think it's time to rush for an alternative, at least until a serious FOSS candidate appears. TC is perfectly enough for home use, and maybe for non-critical company usage.

 

[OvenMaster]

Here's a promising fork

https://veracrypt.codeplex.com/

Minor TrueCrypt bugs and vulnerabilities have been fixed. I'm impressed and glad to see it.

The only "problem" that I can find is that "VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format." Personally, I'd say this is a fair tradeoff, especially if security is enhanced. So I need to make new containers and swap my data from one to the other. No biggie.

 

[Tookeri]

I still use TrueCrypt 7.1a, haven't seen any proof that it could be unsafe. A recent article says it's still safe, but warns you to be cautious about where you download it from. If you need to download it I too recommend Steve Gibson's site (grc.com) but you should always also verify the file hash after downloading. Use the strong SHA256. If you don't have a tool or know how to check it an easy way is to go to virustotal.com and upload the file you downloaded. Virustotal will show the SHA256 which should be:

e95eca399dfe95500c4de569efc4cc77b75e2b66a864d467df37733ec06a0ff2

for file TrueCrypt Setup 7.1a.exe

Here's the latest Virustotal report of that exact file version: https://www.virustotal.com/en/file/...c77b75e2b66a864d467df37733ec06a0ff2/analysis/

 

[pete barnes]

Thanks to all for the comments. I am still somewhat uncobvinced of the security of TrueCrypt, since I have seen nothing describing the exact and precise nature of the issues that prompted the original designers of TrueCrypt to remove the product from their care; thus, all the assurances of its current safety may be misguided because we do not know (and at this point may never know) the true nature of the security breach. Thus I will not say this issue is resolved as far as I am concerned.

But I have seen enough to assume that, for my case of non-commercial user protection, it is likely to be as secure as anything else available at no cost for my protection. So I will probably follow the advice here and get and install the version as described.

Thanks again
Pete B

 

[mdd1963]

If simply looking to encrypt your own files/folders, etc, the program Puffer (from Briggs Software) was very easy to use, and has numerous encryption options, but, it costs about $30-$35, if memory serves....

(I've not even read any rumors of it's lack of security)