Software Update: TrueCrypt 3.0a

TrueCrypt is an open source encryption program. This can be either physical (the entire hard drive or a partition) or virtual volumes (a file on the hard drive that is accessed as a partition). AES (256-bit), Blowfish (448-bit key), CAST5 (128-bit), Serpent (256-bit), Triple DES and Twofish (256-bit) can be used for encryption. Combinations of different encryption methods can also be used to increase security.

The special thing about TrueCrypt is the ability to create a hidden volume in the encrypted disk. This second volume is only visible if the correct password is given. So if you are forced to give the password, you can only give the password that gives access to the entire encrypted disk. The second hidden volume is then completely invisible. More information about this can be found at this one page to be found. A few days ago, version 3.0a of TrueCrypt was released that fixes a problem from the version 3.0 released one day before. The changelog of both versions looks like this:

3.0a Bug fixes:

• Data corruption will not occur when data is written to a volume encrypted with Twofish or Serpent while another TrueCrypt volume is mounted (applies also to volumes encrypted using a cascade of ciphers, out of which one is Twofish or Serpent).
• Other minor bug fixes

3.0 New features:

• Ability to create and mount a hidden TrueCrypt volume (file container or partition/device). This allows solving situations where the user is forced by an adversary to reveal the password and cannot refuse to do so (for example, when the adversary uses violence).
• The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to tell whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created and no part of the hidden volume can be distinguished from random data.
• The password for the hidden volume must be different from the password for the outer volume. To the outer volume, (before creating the hidden volume within it) you should copy some sensitive-looking files that you do NOT really want to hide. These files will be there for anyone who would force you to hand over the password. You will reveal only the password for the outer volume, not for the hidden one. Files that are really sensitive will be stored on the hidden volume.
• As it is very difficult or even impossible for an inexperienced user to set the size of the hidden volume such that the hidden volume does not overwrite any data on the outer volume, the Volume Creation Wizard automatically scans the cluster bitmap of the outer volume (before the hidden volume is created within it) and determines the maximum possible size of the hidden volume.
  For more information, refer here†
• Serpent encryption algorithm (256-bit key)
• Twofish encryption algorithm (256-bit key)
• Forced/”brutal” dismount (allows dismounting a volume containing files being used by the system or an application).
• Cascades of ciphers added (eg, AES-Twofish-Serpent, AES-Blowfish, etc.) Each of the ciphers in a cascade uses its own encryption key (the keys are mutually independent).
• Ability to mount a TrueCrypt volume that is being used by the system or an application (shared access mode).
• Ability to encrypt devices/partitions that are being used by the system or an application.
• The ‘Select Device’ dialog and the ‘Auto-Mount Partitions’ facility now support devices that do not contain any partitions.
• Encryption Algorithm Benchmark facility added to the Tools menu and to the Volume Creation Wizard.
• A warning is displayed if Caps Lock is on when creating a new volume or changing a password.
• When /l is omitted and /a is used, the first free drive letter is used (command line usage)
• New command line option: /force or /f enables forced (“brutal”) dismount or mounting in shared mode (ie, without exclusive access).
• Drive letters are now displayed in the ‘Select Device’ window.

3.0 Bug fixes:

• ‘Blue screen’ errors (system crashes) will not occur when dismounting a volume (remark: this bug was inherited from E4M).
• The ‘Select Device’ dialog will display also partitions being used by the system or an application.
• If the size of a partition/device was not a multiple of 1024 bytes, its last sector (512 bytes) was not used for TrueCrypt volume (the volume was 512 bytes shorter than the partition/device).
  Remark: This bug was inherited from E4M, so it applies also to encrypted partitions/devices created by E4M.
• FAT volumes that are exactly 129 MB in size will not have zero size of free space (129-MB FAT volumes created by the previous versions had no free space available).
• Users without administrator privileges can now create file containers under Windows Server 2003.
• Other minor bug fixes

3.0 Improvements:

• The timestamp of a container (date and time that the container was last accessed, and last modified) will not be updated when TrueCrypt accesses the container (ie, after dismounting, attempting to mount, changing or attempting to change the password, or creating a hidden volume within it).
• The TrueCrypt Service is no longer necessary and has been removed because its functions are now handled by the TrueCrypt driver.
• When ‘Never save history’ is checked, Windows is prevented from saving the file names of the last accessed file containers to the ‘Recent Documents’ and File Selector history.
• Other minor improvements

3.0 Miscellaneous:

• TrueCrypt has been successfully tested on the Windows “Longhorn” operating system (beta version of the future successor to Windows XP).

[break]