TrueCrypt (Smith) - TrueCrypt
Upcoming SlideShare
Loading in...5
×
 

TrueCrypt (Smith) - TrueCrypt

on

  • 1,891 views

 

Statistics

Views

Total Views
1,891
Views on SlideShare
1,889
Embed Views
2

Actions

Likes
0
Downloads
71
Comments
0

2 Embeds 2

http://webcache.googleusercontent.com 1
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

TrueCrypt (Smith) - TrueCrypt TrueCrypt (Smith) - TrueCrypt Presentation Transcript

  • TrueCrypt
    A presentation by Brett Smith
    COSC 4553-01
    Spring 2008
    Assignment #11
  • Overview
    Brief History
    Basics of TrueCrypt
    Why do we need this?
    Known security vulnerabilities
    Conclusion
    Sources
  • Brief History
    TrueCrypt is an open-source project based on Encryption for the Masses (E4M), a popular open source on-the-fly-encryption (OTFE) program that was discontinued in 2000. TrueCrypt was first released in February of 2004, and is still an active and thriving project today.
  • Basics of TrueCrypt
    TrueCrypt is a software application used for on-the-fly encryption (OTFE). It can create a "file-hosted container" by writing an encrypted file system contained within a regular file, which can then be mounted as if it were a real disk. TrueCrypt also supports device-hosted volumes, which can be created on either an individual partition or an entire disk. These volumes or files have no identifying information to indicate that they are data managed by TrueCrypt. It will appear to be a file filled with random bytes or in the case of a volume, simply unused free space.
  • Basics cont.
    Access to a TrueCrypt partition is protected using a traditional password and/or a “key file”. A key file acts as a binary equivalent to a traditional password. It can be a favorite song, a picture of your grandpa, or a random file generated by TrueCrypt.
    With version 5.0 and above it can now encrypt the Windows boot partition. With Linux kernel 2.6.24 and above you can encrypt everything with TrueCrypt but the /boot folder.
    Encryption algorithms: AES-256, Serpent, and Twofish. (And combinations of these three)
    Mode of operation: XTS.
  • Why do we need this?
    I have a password set for my user account on Windows/Linux, so I’m safe, right?
    Wrong! Someone can easily take your hard drive and read your files using a different computer.
    Do you have data that could cause damage to your organization or your personal reputation if it fell into the wrong hands?
    Are there documents on your computer that are strictly confidential? (For example, bank and credit card account numbers, or personnel files.)
    Do you send and receive email messages containing confidential information about your organization's work?
    TrueCrypt tries to remedy these security breaches by offering a secure data dump for your private or confidential files. Or if you really want extra protection, you can encrypt your entire partition.
  • Known security vulnerabilities
    The only currently known security
    vulnerability of TrueCrypt is a “cold boot
    attack”. This attack requires that you are using full-disk encryption and the attacker has physical access to your machine within a few minutes after shutdown. The attacker can get the master password for your encrypted partition from RAM before the bits fade.
    Note that this attack does not work if TrueCrypt unmounts the drive itself, as it securely wipes the master password from RAM.
  • Conclusion
    TrueCrypt is an on the fly encryption software that has a bright future. The market for such encryption is only growing bigger as corporations and consumers become more aware of just what sort of privacy threats they are coming up against.
    TrueCrypt is a program that I personally use for sensitive data and will keep using. I would also personally recommend this software for anyone looking for a way to keep their data encrypted.
  • Sources
    http://en.wikipedia.org/wiki/TrueCrypt
    http://www.truecrypt.org/
    http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php