Das geniale Verschlüsselungstool TrueCrypt ist in der Version 4 erschienen. Nun gibt es auch endlich
Unterstützung für Linux. Die OS X-Version dürfte auch nicht mehr lange auf sich warten lassen.
Die Änderungen im Detail:
TrueCrypt volumes can now be mounted on Linux. The Linux version of TrueCrypt is available at http://www.truecrypt.org/downloads.php
It is now possible to write to outer volume without risking that a hidden volume within it will get
damaged (overwritten):
When mounting an outer volume, the user can now enter two passwords: One for the outer volume, and the other for a
hidden volume within it, which he/she wants to protect. In this mode, TrueCrypt does not actually mount the hidden
volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted
header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be
rejected by the driver (until the outer volume is dismounted). For further details, please see the section
‘Protection of Hidden Volumes against Damage’ in the documentation.
Support for the x86-64 (64-bit) platform
TrueCrypt now runs on Windows XP x64 Edition (64-bit) and Windows Server 2003 x64.
Support for big-endian hardware platforms (PowerPC, SPARC, Motorola, etc.)
Full support for keyfiles. Keyfiles provide protection against keystroke loggers and may strengthen
protection against brute force attacks. Keyfile is a file whose content is combined with a password. Until correct
keyfile is provided, no volume that uses the keyfile can be mounted. Any number of, and any kind of files (for example,
.mp3, .jpg, .exe, .avi) may be used as TrueCrypt keyfiles. TrueCrypt never modifies the keyfile contents. Therefore, it
is possible to use, for example, five files in your large mp3 collection as TrueCrypt keyfiles (and inspection of the
files will not reveal that they are used as keyfiles). TrueCrypt can also generate a file with random content, which can
be used as a keyfile. For more information on keyfiles, see the chapter Keyfiles in the documentation.
Support for language packs (localizations). Language packs may be downloaded at: http://www.truecrypt.org/localizations.php
Whirlpool hash algorithm added.
The size of the output of this hash algorithm is 512 bits. It was designed by Vincent Rijmen (co-author of the AES
encryption algorithm) and Paulo S. L. M. Barreto. The first version of Whirlpool was published in November 2000. The
second version, now called Whirlpool-T, was selected for the NESSIE (“New European Schemes for Signatures,
Integrity and Encryption") portfolio of cryptographic primitives (a project organized by the European Union,
similar to the AES contest). TrueCrypt uses the third (final) version of Whirlpool, which was adopted by the
International Organization for Standardization (ISO) and the IEC in the ISO/IEC 10118-3:2004 international
standard.
Auto-Dismount facility, which can be set to dismount a volume after no data has been written/read
to/from it for specified number minutes. It can also be set to dismount all mounted TrueCrypt volumes when:
- user logs off
- entering power saving mode
- screen saver is launched
Auto-dismount can be configured and activated in the Preferences (select Settings ->
Preferences)
TrueCrypt settings are not saved to the Windows registry file. Instead, they are stored in XML files in
the folder where application data are saved on the system (for example, in C:\Documents and
Settings\YourUserName\Application Data\TrueCrypt). In traveller mode, the configuration XML files are saved to the
folder from which you run the file TrueCrypt.exe.
Note: When you install this version of TrueCrypt, all TrueCrypt settings that were stored by previous versions in
the registry file will be automatically removed.
Tray icon. Right-clicking the tray icon opens a popup menu with the most used functions. Left-clicking
the tray icon opens the main TrueCrypt window and puts it into the foreground.
Optionally, TrueCrypt can now continue running in the background after its main window is closed. This
is referred to as TrueCrypt Background Task. When the main TrueCrypt window is closed, the TrueCrypt Background
Task handles the following tasks/functions:
1) Hot keys
2) Auto-dismount
3) Notifications (e.g., when damage to hidden volume is prevented)
4) Tray icon
For more information, see the chapter TrueCrypt Background Task in the documentation.
When a mounted volume is right-clicked in the drive list (in the main TrueCrypt window), a context menu
is opened. From this menu, the user can select functions such as ‘Repair Filesystem’ or ‘Check
Filesystem’ (front-end to the ‘chkdsk’ tool).
Containers stored on a locally mapped network drive can now be mounted.
Container stored on a remote server can be mounted via UNC path (e.g., \\server\share\volume).
Option to display password (typed in input field)
‘Favorite Volumes’ facility, which is useful if you often work with more than one TrueCrypt volume
at a time and you need each of them to be mounted as the same drive letter every time. For more information, see the
chapter ‘Main Program Window’, section ‘Program Menu’, subsection ‘Volumes -> Save
Currently Mounted Volumes as Favorite’ in the documentation.
Functions ‘Backup Volume Header’ and ‘Restore Volume Header’ added to the Tools menu.
Both the standard volume header and the hidden volume header area are always backed up (copied to the backup file) even
if there is no hidden volume within the volume (to preserve plausible deniability of hidden volumes).
Note: If you do not have enough free space to backup all files, we highly recommend that you at least use this
facility to backup the volume header, which contains the master key (size of the backup file will be 1024 bytes). If the
volume header is damaged, the volume is, in most cases, impossible to mount.
System-wide hot keys (which can be used, for example, to dismount all TrueCrypt volumes, etc.)
Users can now set actions to perform upon log on to Windows. The actions can be any of the following:
- Start TrueCrypt
- Mount all device-hosted TrueCrypt volumes
- Mount favorite volumes
These actions can be enabled in the Preferences (select Settings -> Preferences).
Title bar of the password prompt dialog window now displays path to volume being mounted
When the 'Never save history' option is enabled, TrueCrypt clears the registry entries created by
the Windows file selector for TrueCrypt. Therefore, the Windows file selector will not remember the path of the last
mounted container after you exit TrueCrypt. Note that even when this option is enabled, the file selector will still
remember the path, but only until you exit TrueCrypt.
Set Header Key Derivation Algorithm' added to the Volumes menu. It allows the user to
re-encrypt a volume header with a header key derived using a different PRF function (e.g., instead of HMAC-SHA-1 you
could use HMAC-Whirlpool). Note: Volume header contains master encryption key with which volume is encrypted. Therefore,
data stored on the volume will not be lost after this function is used.
Number of bytes read/written from/to a volume since it was mounted is displayed in the Volume Properties
window.
Preserving container timestamps can now disabled in the Preferences (Settings ->
Preferences).
Command line usage:
if ’/silent’ is specified, interaction with user (prompts, error messages, warnings, etc.) is
suppressed.
If '/m timestamp' is specified, volume/keyfile timestamps are not preserved.
’/keyfile’ may be used to specify a keyfile or a keyfile search path.
’/auto favorites’ may be used to mount favorite volumes.
’/auto’ is implicit if ’/quit’ and ’/volume’ are specified.
If ’/q preferences’ is specified, TrueCrypt loads/saves settings.
Auto-Mount Devices keeps prompting for a password until a volume is successfully mounted or until
cancelled. Warning is displayed after each unsuccessful mount.
If the Shift key is down when clicking 'Auto-Mount Devices' and if there are cached passwords,
then password prompt will be bypassed (mounting will be attempted only with cached passwords).
It is now possible to run multiple instances of the TrueCrypt application simultaneously.
