Encryption and speed. Benchmarking Disk Encryption Tools
Open source has been popular for 10 years due to its independence from major vendors. The creators of the program are publicly unknown. Among the most famous users of the program are Edward Snowden and security expert Bruce Schneier. The utility allows you to turn a flash drive or HDD to a secure encrypted vault where confidential information hidden from prying eyes.
The mysterious developers of the utility announced the closure of the project on Wednesday, May 28, explaining that using TrueCrypt is insecure. “WARNING: It is not safe to use TrueCrypt because it the program may contain unpatched vulnerabilities" - such a message can be seen on the product page on the SourceForge portal. This is followed by another appeal: “You must transfer all data encrypted in TrueCrypt to encrypted disks or images virtual disks supported on your platform."
Independent security expert Graham Cluley commented quite logically on the current situation: “It is time to find an alternative solution for encrypting files and hard drives.”
It's not a joke!
Initially, there were suggestions that the program's website was hacked by cybercriminals, but now it is becoming clear that this is not a hoax. The SourceForge site now offers updated version TrueCrypt (which is digitally signed by the developers), during the installation of which it is proposed to switch to BitLocker or another alternative tool.
Johns Hopkins University cryptography professor Matthew Green said: "It is highly unlikely that an unknown hacker identified the TrueCrypt developers, stole their digital signature, and hacked into their site."
What to use now?
The website and pop-up notification in the program itself contain instructions for transferring TrueCrypt-encrypted files to Microsoft's BitLocker service, which comes with Microsoft Vista Ultimate/Enterprise, Windows 7 Ultimate/Enterprise, and Windows 8 Pro/Enterprise. TrueCrypt 7.2 allows you to decrypt files, but does not allow you to create new encrypted partitions.
The most obvious alternative to the program is BitLocker, but there are other options. Schneier shared that he is returning to using Symantec's PGPDisk. ($110 per user license) uses the well-known and proven PGP encryption method.
There are other free alternatives for Windows, such as DiskCryptor. The computer security researcher known as The Grugq compiled a whole last year that is still relevant to this day.
Johannes Ulrich, Research Director at the SANS Institute of Technology, recommends that Mac OS X users take a look at FileVault 2, which is built into OS X 10.7 (Lion) and later. FileVault uses 128-bit XTS-AES encryption, which is used by the US National Security Agency (NSA). According to Ulrich Linux users must adhere to the built-in Linux Unified Key Setup (LUKS) system tool. If you are using Ubuntu, then the installer of this OS already allows you to enable full disk encryption from the very beginning.
However, users will need other portable media encryption applications that are used on computers with different operating systems. Ulrich said that in this case comes to mind.
The German company Steganos offers to use old version its Steganos Safe encryption utility ( current version on the this moment- 15, and it is proposed to use version 14), which is distributed free of charge.
Unknown vulnerabilities
The fact that TrueCrypt may have security vulnerabilities raises serious concerns, especially considering that the audit of the program did not reveal such problems. Users of the program saved up $70,000 to conduct an audit following rumors that the US National Security Agency could decode significant amounts of encrypted data. The first phase of the study, which analyzed the TrueCrypt loader, was carried out last month. The audit did not reveal any backdoors or deliberate vulnerabilities. The next phase of the study, which was to test the cryptography methods used, was scheduled for this summer.
Green was one of the experts involved in the audit. He said that he had no prior information that the developers were planning to close the project. Green said: “The last thing I heard from the TrueCrypt developers was: “We are looking forward to the results of the Phase 2 trial. Thank you for your efforts! It should be noted that the audit will continue as planned despite the termination of the TrueCrypt project.
Perhaps the creators of the program decided to suspend development because the utility is outdated. Development ceased on May 5, 2014, i.е. after the official end of support for Windows XP. SoundForge mentions: "Windows 8/7/Vista and later have built-in encryption for disks and virtual disk images." Thus, data encryption is built into many operating systems, and developers could consider the program no longer needed.
To add fuel to the fire, we note that on May 19, TrueCrypt was removed from the secure Tails system (Snowden's favorite system). The reason is not completely clear, but the program clearly should not be used, Cluley noted.
Cluley also wrote, "Whether it's a hoax, a hack, or a logical end life cycle TrueCrypt, it's clear that conscientious users won't feel comfortable trusting their data to a program after the debacle."
On our media, personal and important information, documents and media files. They need to be protected. cryptographic methods such as AES and Twofish, which are standardly offered in encryption programs, belong to approximately one generation and provide relatively high level security.
In practice, an ordinary user will not be able to make a big mistake in choosing. Instead, you should decide on a specialized program depending on your intentions: often encryption hard drive uses a different operating mode than file encryption.
For a long time the best choice was a utility TrueCrypt, if it was about full encryption of the hard drive or saving data in an encrypted container. This project is now closed. Its worthy successor was the open source program VeraCrypt. It was based on the TrueCrypt code, but it was finalized, due to which the quality of encryption improved.
For example, in VeraCrypt improved key generation from password. For encryption hard drives not as widely used as CBC, a XTS. AT this mode blocks are encrypted by type ECB, however, this adds the sector number and intra-segment offset.
Random numbers and strong passwords
For guard individual files enough free program With simple interface, for example, MAXA Crypto Portable or AxCrypt. We recommend AxCrypt as it is an open source project. However, when installing it, you should pay attention to the fact that unnecessary add-ons are included in the package with the application, so you need to uncheck them.
The utility is launched by right-clicking on a file or folder and entering a password (for example, when opening an encrypted file). This program uses the AES algorithm 128 bit with CBC mode. To create a reliable initialization vector (IV), Ax-Crypt embeds a pseudo-random number generator.
If the IV is not real random number, then the CBC mode weakens it. MAXA Crypt Portable works in a similar way, but encryption is done using a key 256 bits long. If you upload personal information to cloud storage, you need to assume that their owners, such as Google and Dropbox, crawl the content.
Boxcryptor is built into the process as a virtual hard drive and, with a right-click, encrypts all files located there before uploading to the cloud. It is important to get a password manager, such as Password Depot. He creates complex passwords that no one can remember. Need just don't lose master password for this program.
Using encrypted disks
Similar to TrueCrypt, utility wizard VeraCrypt will guide the user through all the steps of creating an encrypted disk. You can also protect an existing partition.
One click encryption
Free program Maxa Crypto Portable offers all the options you need to quickly encrypt individual files using the AES algorithm. By pressing the button you start the generation secure password.
Associating the cloud with privacy
Boxcryptor one click encrypts important files before uploading to Dropbox or Google storage. AES encryption is used by default with 256 bit key.
Cornerstone - password manager
Long passwords enhance security. Program Password Depot generates and uses them, including for encrypting files and working with web services, to which it transfers data to access account.
A photo: manufacturing companies
The idea for this article was born when EFSOL specialists were tasked with analyzing information security risks in the restaurant business and developing measures to counter them. One of the significant risks was the possibility of seizing management information, and one of the countermeasures was the encryption of accounting databases.
I will immediately make a reservation that consideration of all possible crypto products or solutions based on specific accounting systems is not within the scope of this article. We are only interested in a comparative analysis of personal encryption tools, for which we have chosen the most popular free solution open source and a couple of the most promoted commercial counterparts. Let inexperienced users not be afraid of the phrase "open source"- it only means that a group of enthusiasts is engaged in the development, who are ready to accept anyone who wants to help them.
So why did we take this approach? The motivation is extremely simple.
- AT different companies uses its own accounting system, so we choose encryption tools that are not tied to a specific platform - universal.
- It is more reasonable to use personal cryptoprotection in small enterprises where 1-5 users work with the accounting program. For large companies, the removal of management information will entail larger financial losses- therefore, protection solutions will cost much more.
- Analysis of many commercial information encryption products makes no sense: it is enough to evaluate a few of them to form an understanding of price and functionality for yourself.
Let's move on to comparing products, which is convenient to do on the basis of a pivot table. I deliberately left out many technical details (such as support for hardware acceleration or multi-threading, multiple logical or physical processors) from the analysis, from which regular user starts to have a headache. Let us dwell only on the functionality from which we can really highlight the benefits.
pivot table
| TrueCrypt | Secret Disc | Zecurion Zdisk | |
| Latest version at the time of review | 7.1a | 4 | No data |
| Price | Is free | From 4 240 rub. for 1 computer | From 5250 rub. for 1 computer |
| Operating system | Windows 7, Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008: (32-bit and 64-bit versions); Windows Server 2008 R2; Windows 2000 SP4; Mac OS X 10.7 Lion (32-bit and 64-bit); Linux (32-bit and 64-bit, kernel 2.6 or compatible) | Windows 7, Windows Vista, Windows XP: (32-bit and 64-bit) | Windows 98; Windows Me; Windows NT Workstation; Windows 2000 Professional; Windows XP; Windows Vista |
| Built-in encryption algorithms | AES Serpent Twofish | Not | Not |
| Using Cryptographic Providers (CSPs) | Not | Microsoft Enhanced CSP: Triple DES and RC2 Secret Disk NG Crypto Pack: AES and Twofish; CryptoPro CSP, Signal-COM CSP or Vipnet CSP: GOST 28147-89 | rc5, AES, KRYPTON CSP: GOST 28147-89 |
| XTS encryption mode | Yes | Not | Not |
| Cascading Encryption | AES-Twofish-Serpent; Serpent-AES; Serpent-Twofish-AES; Twofish Serpent | Not | Not |
| Transparent Encryption | Yes | Yes | Yes |
| System partition encryption | Yes | Yes | Not |
| Authentication before OS boot | Password | Pin + token | Not |
| Disk partition encryption | Yes | Yes | Not |
| Creating container files | Yes | Yes | Yes |
| Creation hidden sections | Yes | Not | Not |
| Creating a hidden OS | Yes | Not | Not |
| Portable Drive Encryption | Yes | Yes | Yes |
| Working with portable drives | Yes | Not | Not |
| Networking | Yes | Not | Yes |
| Multiplayer mode | By means of NTFS | Yes | Yes |
| Password-only authentication | Yes | Not | Not |
| Keyfile authentication | Yes | Not | Not |
| Support for tokens and smart cards | Supporting PKCS #11 2.0 protocol or higher | eToken PRO/32K USB key (64K); eToken PRO/72K USB dongle (Java); Smart card eToken PRO/32K (64K); Smart card eToken PRO/72K (Java); Combination key eToken NG-FLASH eToken NG-OTP Combined Key eToken PRO Anywhere | Rainbow iKey 10xx/20xx/30xx; ruToken; eToken R2/Pro |
| Emergency Disable Encrypted Drives | Hotkeys | Hotkeys | Hotkeys |
| Duress password protection | Not | Yes | Yes |
| Ability to use "Plausible Deniability" | Yes | Not | Not |
| Contents of delivery | No boxed version - the distribution is downloaded from the developer's site | eToken PRO Anywhere USB key with a license to use the product; Quick Guide in printed form; CD-ROM (distribution kit, detailed documentation, MBR boot part; Packing DVD box | License; USB key and USB extension cable; Distribution disk; Documentation in printed form; ACS-30S Smart Card Reader/Writer |
Following the laws of the genre, it remains only to comment on individual points and highlight the advantages of a particular solution. Everything is clear with product prices, as well as with supported operating systems. I will only note the fact that versions of TrueCrypt for MacOS and Linux have their own nuances of use, and installing it on server platforms from Microsoft, although it gives certain advantages, it is completely incapable of replacing the huge functionality of commercial data protection systems in a corporate network. Let me remind you that we are still considering personal cryptoprotection.
Built-in algorithms, crypto providers, XTS and cascading encryption
Crypto providers, unlike built-in encryption algorithms, are separately plug-in modules that determine the encoding (decoding) method used by the program. Why do commercial solutions use packages of crypto providers? The answers are simple, but financially justified.
- There is no need to make changes to the program to add certain algorithms (to pay for the work of programmers) - it is enough to create new module or connect third-party solutions.
- All over the world, international standards are being developed, tested and implemented, but for Russian government agencies it is necessary to comply with the requirements of the FSTEC and the FSB. These requirements imply licensing the creation and distribution of information security tools.
- Crypto providers are the means of data encryption, and the programs themselves do not require development and distribution certification.
Cascading encryption is the ability to encode information with one algorithm when it has already been encoded with another. This approach, although it slows down the work, allows you to increase the resistance of protected data against hacking - the more the “opponent” knows about encryption methods (for example, the algorithm used or the key character set), the easier it is for him to disclose information.
XTS encryption technology (XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS)) is a logical development of the previous XEX and LRW block encryption methods, in which vulnerabilities were discovered. Since read/write operations on storage media are performed sector-by-sector in blocks, the use of streaming encoding methods is unacceptable. Thus, on December 19, 2007, the XTS-AES encryption method for the AES algorithm was described and recommended international standard IEEE P1619 Stored Information Protection.
This mode uses two keys, the first of which is used to generate the initialization vector, and the second is to encrypt the data. The method works according to the following algorithm:
- generates a vector by encrypting the sector number with the first key;
- adds the vector with the original information;
- encrypts the addition result with the second key;
- adds a vector with the encryption result;
- multiplies the vector by the generating polynomial of the finite field.
The National Institute of Standards and Technology recommends using the XTS mode to encrypt block device data. internal structure because he:
- described by international standard;
- It has high performance by performing precomputations and parallelization;
- allows processing an arbitrary sector block by computing an initialization vector.
I also note that IEEE P1619 recommends using the XTS method with the AES encryption algorithm, however, the mode architecture allows it to be used in conjunction with any other block cipher. Thus, if it is necessary to certify a device that implements transparent encryption in accordance with the requirements Russian legislation is possible sharing XTS and GOST 28147-89.
Emergency shutdown of drives, password entry "under duress", denial of involvement
Emergency disabling of encrypted disks is an undeniably necessary feature in situations that require an instant response to protect information. But what happens next? The "opponent" sees a system on which crypto protection is installed and unreadable system means disk. The conclusion about the concealment of information is obvious.
There comes a stage of "coercion". "Opponent" will use physical or legal measures to force the owner to disclose information. The domestic well-established solution “entering a password under duress” from the category of “I will die, but I will not betray” becomes irrelevant. It is impossible to delete information that the "opponent" previously copied, and he will do it - do not hesitate. Removing the encryption key only confirms that the information is really important, and the spare key is necessarily hidden somewhere. And even without a key, information is still available for cryptanalysis and hacking. I won't elaborate on how much these actions bring the owner of the information closer to a legal fiasco, but I'll talk about the logical method of plausible deniability.
The use of hidden partitions and a hidden OS will not allow the "opponent" to prove the existence of information that is protected. In this light, disclosure requirements become absurd. TrueCrypt developers recommend to obfuscate the traces even more: in addition to hidden sections or operating systems create encrypted visible ones that contain deceptive (fictitious) data. The “opponent”, having discovered visible encrypted sections, will insist on disclosing them. By disclosing such information under duress, the owner does not risk anything and relieves himself of suspicion, because real secrets will remain invisible on hidden encrypted sections.
Summarizing
There are a great many nuances in protecting information, but the lighted ones should be enough to sum up the intermediate results - everyone will make the final decision for himself. The advantages of the free program TrueCrypt include its functionality; the opportunity for everyone to participate in testing and improvement; an excessive amount of open information on the application. This solution was created by people who know a lot about the secure storage of information and are constantly improving their product, for people who need a really high level of reliability. The disadvantages include the lack of support, high complexity for the average user, the lack of two-level authentication before starting the OS, the inability to connect modules from third-party crypto providers.
Commercial products are full of user care: technical support, excellent equipment, low cost, availability of certified versions, the ability to use the GOST 28147-89 algorithm, multi-user mode with delimited two-level authentication. Only limited functionality and naivety in maintaining the secrecy of storing encrypted data upsets.
Updated: June 2015.
Despite the fact that TrueCrypt 7.1a was released on February 7, 2011, it remains the last complete functional version product.
The mysterious story with the termination of development of TrueCrypt is curious. On May 28, 2014, all previous versions of the product were removed from the developers' site and version 7.2 was released. This version can only decrypt previously encrypted disks and containers - the encryption option has been removed. From that moment on, the site and the program are calling for the use of BitLocker, and the use of TrueCrypt is called insecure.
This caused a wave of gossip on the Internet: the authors of the program were suspected of setting a “bookmark” in the code. Fueled by information from former NSA employee Snowden that intelligence agencies are deliberately weakening cryptographic tools, users began raising funds to audit the TrueCrypt code. Over $60,000 was raised to test the program.
The audit was fully completed by April 2015. Code analysis did not reveal any bookmarks, critical architecture flaws or vulnerabilities. TrueCrypt has been proven to be a well-designed cryptographic tool, though not ideal.
Now the developers' advice to switch to Bitlocker is seen by many as "evidence of a canary". TrueCrypt authors have always ridiculed Bitlocker and its security in particular. Using Bitlocker is also unreasonable due to the closed nature of the program code and its inaccessibility in the "younger" editions of Windows. Because of all of the above, the Internet community tends to believe that developers are being influenced by intelligence agencies, and they are hinting at something important by their silence, insincerely recommending Bitlocker.
Let's recap
TrueCrypt continues to be the most powerful, reliable and functional cryptography tool. Both the audit and the pressure of the special services only confirm this.
Zdisk and Secret Disk have versions FSTEC certified. Therefore, it makes sense to use these products to comply with the requirements of the legislation of the Russian Federation in the field of information protection, for example, the protection of personal data, as required The federal law 152-FZ and subordinate regulations.
For those who are seriously concerned about the security of information, there is a comprehensive solution "Server in Israel", in which comprehensive approach to data protection enterprises.
System integration. Consulting
