TrueCrypt was an open source software program that enabled you to encrypt your computer files using keys that were protected by a separate TrueCrypt passphrase. It allowed users to create hidden volumes whose existence would only be revealed with a secret password. The encryption is transparent to the user and it is done locally at the user’s PC. On Wednesday, May 28th, a message was posted on the TrueCrypt website, alerting TrueCrypt users not to use the application because it isn’t secure enough.
Ever since then, users have been looking for an alternative, safe encryption utility solution.
Cryptographers Matthew Green and Kenneth White, Principal Scientist at Social & Scientific Systems, head the Open Crypt Audit Project and have been considering to take over TrueCrypt’s development and are working on the second phase of its audit process. The audit process consists of a thorough analysis of TrueCrypt’s code that accountable for the actual encryption process. A TrueCrypt developer has expressed disapproval for the project, which could potentially fork the software (taking a copy of source code from on software package and start independent development on it). "I don't feel that forking TrueCrypt would be a good idea, a complete rewrite was something we wanted to do for a while," he said. "I believe that starting from scratch wouldn't require much more work than actually learning and understanding all of TrueCrypt's current codebase. I have no problem with the source code being used as reference."
CypherShed Development
As the need for a secure alternative to TrueCrypt escalades, there have been several other attempts to fork the software.CypherShed Development
One of these projects is called CipherShed. According to the TrueCrypt open source license, use of the code is permitted if all references to TrueCrypt are removed from it, and if the final software doesn’t contain "TrueCrypt" in its name.
"CipherShed is cross-platform; it will be available for Windows, Mac OS and GNU/Linux," the developers say.
"CipherShed is cross-platform; it will be available for Windows, Mac OS and GNU/Linux," the developers say.
CipherShed is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). There’s no complicated commands or knowledge required; a simple wizard guides you step-by-step through every process. After creating an encrypted file or disk drive, the encrypted volume is mounted through CipherShed. The mounted volume shows up as a regular disk that can be read and written to on-the-fly. The encryption is transparent to the operating system and any programs. When finished, the volume can be unmounted, and stored or transported elsewhere, fully secured. Encryption volumes can be moved from OS-to-OS (eg, Windows to Mac) with full compatibility.
CipherShed is still under development. According to project initiator, Jos Doekbrijder, an alpha release of CipherShed will be made available for download soon. The goal for its first release includes the following:- Scrub forked code of images and the name TrueCrypt
- Fix known security issues pointed out by security experts
- Recompile binaries for Windows, Linux, and Mac, with updated libraries
- Openly review changes, and solicit feedback from security community
- Release signed binaries and source packages
No comments:
Post a Comment