Encryption of disk partitions. Data protection on an external HDD or encrypted in full. Decrypting and unlocking a disk

These days we are constantly dealing with information. Thanks to the development of information technology, now work, creativity, entertainment have largely turned into processes for the processing or consumption of information. And among this huge array of information, some of the data should not be publicly available. Examples of such information include files and data related to business activities; private archives.

Some of this data is not intended for the general public, simply for the reason that “they don’t need to know about it”; and some information is vital.

This article is devoted to the reliable protection of vital information, as well as any files that you want to protect from the access of others, even if your computer or media (flash drive, hard disk) fell into the hands of unauthorized persons, including technically advanced and having access to powerful computing resources.

Why you shouldn't trust closed source encryption software

Closed source programs can include "bookmarks" (and hopefully they are not there!) And the ability to open encrypted files using a master key. Those. You can use any, the most complex password, but your encrypted file can still be opened easily, without brute-forcing passwords, using a “bookmark” or by the owner of the master key. The size of the encryption software company and the name of the country do not play a role in this matter, as it is part of the government policy of many countries. After all, we are all the time surrounded by terrorists and drug dealers (and what to do?).

Those. really strong encryption can be hoped for correctly using popular open source software and a hard-to-break encryption algorithm.

Should you upgrade from TrueCrypt to VeraCrypt

A reference program that has been providing very reliable file encryption for many years is TrueCrypt. This program still works great. Unfortunately, at the present time the development of the program has been discontinued.

Its best successor is the VeraCrypt program.

VeraCrypt is a free disk encryption software based on TrueCrypt 7.1a.

VeraCrypt continues the best TrueCrypt tradition while adding increased security to the algorithms used to encrypt systems and partitions, making your encrypted files immune to new advances in brute-force attacks.

VeraCrypt has also fixed many of the vulnerabilities and security issues found in TrueCrypt. It can work with TrueCrypt volumes and offers the ability to convert TrueCrypt containers and non-system partitions to VeraCrypt format.

This improved security adds some latency only to the opening of encrypted partitions without any performance impact during the usage phase of the encrypted disk. For a legitimate user, this is an almost imperceptible inconvenience, but for an attacker it becomes almost impossible to gain access to encrypted data, despite the presence of any computing power.

This can be clearly demonstrated by the following benchmarks for cracking (brute-forcing) passwords in Hashcat:

For TrueCrypt:

Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev. # 1 .: 21957 H / s (96.78ms) Speed.Dev. # 2 .: 1175 H / s (99.79ms) Speed.Dev. # * .: 23131 H / s Hashtype: TrueCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev. # 1 .: 9222 H / s (74.13ms) Speed.Dev. # 2 .: 4556 H / s (95.92ms) Speed.Dev. # * .: 13778 H / s Hashtype: TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev. # 1 .: 2429 H / s (95.69ms) Speed.Dev. # 2 .: 891 H / s (98.61ms) Speed.Dev. # * .: 3321 H / s Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev. # 1 .: 43273 H / s (95.60ms) Speed.Dev. # 2 .: 2330 H / s (95.97ms) Speed.Dev. # * .: 45603 H / s

For VeraCrypt:

Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev. # 1 .: 68 H / s (97.63ms) Speed.Dev. # 2 .: 3 H / s (100.62ms) Speed.Dev. # * .: 71 H / s Hashtype: VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev. # 1 .: 26 H / s (87.81ms) Speed.Dev. # 2 .: 9 H / s (98.83ms) Speed.Dev. # * .: 35 H / s Hashtype: VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev. # 1 .: 3 H / s (57.73ms) Speed.Dev. # 2 .: 2 H / s (94.90ms) Speed.Dev. # * .: 5 H / s Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev. # 1 .: 154 H / s (93.62ms) Speed.Dev. # 2 .: 7 H / s (96.56ms) Speed.Dev. # * .: 161 H / s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit Speed.Dev. # 1 .: 118 H / s (94.25ms) Speed.Dev. # 2 .: 5 H / s (95.50ms) Speed.Dev. # * .: 123 H / s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit + boot-mode Speed.Dev. # 1 .: 306 H / s (94.26ms) Speed.Dev. # 2 .: 13 H / s (96.99ms) Speed.Dev. # * .: 319 H / s

As you can see, it is orders of magnitude more difficult to crack VeraCrypt encrypted containers than TrueCrypt containers (which are also not easy at all).

I published the complete benchmark and description of the hardware in the article "".

The second important issue is reliability. Nobody wants especially valuable and important files and information to be lost due to an error in the program. I know about VeraCrypt right after its release. I followed her development and kept an eye on her. Over the past year, I have completely switched from TrueCrypt to VeraCrypt. For a year of daily work VeraCrypt has never let me down.

Thus, in my opinion, it is now worth switching from TrueCrypt to VeraCrypt.

How VeraCrypt works

VeraCrypt creates a special file called a container. This container is encrypted and can only be connected if the correct password is entered. After entering the password, the container is displayed as an additional disk (like an inserted USB flash drive). Any files placed on this disk (i.e. in the container) are encrypted. While the container is connected, you can freely copy, delete, write new files, open them. As soon as the container is disconnected, all files on it become absolutely inaccessible until it is connected again, i.e. until a password is entered.

Working with files in an encrypted container is no different from working with files on any other disk.

When you open a file or write it to a container, you do not need to wait for decryption - everything happens very quickly, as if you were really working with a regular disk.

How to install VeraCrypt on Windows

There was a half-spy story with TrueCrypt - sites for "downloading TrueCrypt" were created, on which a binary file (of course!) Was infected with a virus / trojan. Those who downloaded TrueCrypt from these unofficial sites infected their computers, allowing attackers to steal personal information and spread malware.

Actually, all programs need to be downloaded only from the official sites. And even more so this applies to programs that involve security issues.

The official locations of the VeraCrypt installation files are:

Installing VeraCrypt on Windows

There is an installation wizard, so the VeraCrypt installation process is similar to that of other programs. Only a few points can be clarified.

The VeraCrypt installer will offer two options:

Install(Install VeraCrypt on your system)
Extract(Extract. If you select this option, all files from this package will be extracted, but nothing will be installed on your system. Do not select it if you intend to encrypt the system partition or system drive. Selecting this option can be useful, for example, if you want to run VeraCrypt in the so-called portable mode. VeraCrypt does not need to be installed on the operating system it will run on. After extracting all the files, you can run the extracted file "VeraCrypt.exe" directly (this will open VeraCrypt in portable mode))

If you select the checked option, i.e. file association .hc then it will add convenience. Because if you create a container with the .hc extension, then by double-clicking on this file VeraCrypt will be launched. But the downside is that outsiders might know that .hc are VeraCrypt encrypted containers.

The program reminds of donation:

If you are not constrained in funds, of course, be sure to help the author of this program (he is the only one) I would not want to lose him, as we lost the author of TrueCrypt ...

VeraCrypt tutorial for beginners

VeraCrypt has many different features and advanced features. But the most requested feature is file encryption. The following steps show you how to encrypt one or more files.

Let's start by switching to Russian. The Russian language is already built into VeraCrypt. It only needs to be turned on. For this in the menu Settings choose Language ...:

There select the Russian language, after that the language of the program will immediately change.

As already mentioned, files are stored in encrypted containers (also called "volumes"). Those. you need to start by creating such a container, for this, in the main interface of the program, click on the button " Create volume».

The VeraCrypt Volume Creation Wizard will appear:

We are interested in the first option (" Create encrypted file container"), So we, without changing anything, press Further,

VeraCrypt has a very interesting feature - the ability to create a hidden volume. The bottom line is that not one, but two containers are created in the file. Everyone knows that there is an encrypted section, including possible ill-wishers. And if you are forcibly forced to give out the password, then it is difficult to say that “there is no encrypted disk”. When creating a hidden partition, two encrypted containers are created, which are located in the same file, but open with different passwords. Those. you can place files that look "sensitive" in one of the containers. And the second container contains the really important files. For your needs, you enter a password to open an important section. If it is impossible to refuse, you reveal the password for a not very important disk. There is no way to prove that there is a second disc.

For many cases (hiding not very critical files from prying eyes) it will be enough to create a regular volume, so I just press Further.

Select the location of the file:

A VeraCrypt volume can be in a file (in a VeraCrypt container) on a hard disk, USB flash drive, etc. The VeraCrypt container is no different from any other regular file (for example, it can be moved or deleted like other files). Click the "File" button to specify the name and path to the created container file for storing the new volume.

WARNING: If you select an existing file, VeraCrypt will NOT encrypt it; this file will be removed and replaced by the newly created VeraCrypt container. You will be able to encrypt existing files (later) by moving them into the VeraCrypt container you are currently creating.

You can choose any file extension; this does not affect the operation of the encrypted volume in any way. If you choose the extension .hc, and also if during installation you set the association of VeraCrypt with this extension, then when you double-click on this file, VeraCrypt will be launched.

The history of recently opened files allows you to quickly access these files. Nevertheless, records in history such as “H: \ My offshore accounts of stolen dollars. To prevent files opened from an encrypted disk from entering history, check the box next to “ Don't save history».

Choice of encryption and hashing algorithms. If you are not sure which to choose, then leave the default values:

Enter the size of the volume and select the units (kilobytes, megabytes, gigabytes, terabytes):

A very important step, setting a password for your encrypted disk:

A good password is very important. Avoid passwords of one or more words that can be found in the dictionary (or combinations of 2, 3, or 4 such words). The password must not contain names or dates of birth. It should be hard to guess. A good password is a random combination of uppercase and lowercase letters, numbers, and special characters (@ ^ = $ * +, etc.).

Now again, Russian letters can be used as passwords.

We help the program collect random data:

Note that here you can check the box to create a dynamic disk. Those. it will expand as it fills with information.

As a result, I have a test.hc file created on my desktop:

If you have created a file with the .hc extension, then you can double-click on it, the main program window will open, and the path to the container will already be inserted:

In any case, you can open VeraCrypt and select the path to the file manually (To do this, click the "File" button).

If the password is entered correctly, then a new disk will appear in your system:

You can copy / move any files to it. You can also create folders there, copy files from there, delete, etc.

To close the container from strangers, press the button Unmount:

To get access to your confidential files again, re-mount the encrypted drive.

Configuring VeraCrypt

VeraCrypt has quite a few settings that you can change for your convenience. I highly recommend ticking the “ Automatically unmount volumes when inactive for»:

And also set a hotkey for " Unmount everything at once, clear the cache and exit»:

This can be very ... VERY useful ...

Portable version of VeraCrypt on Windows

Starting with version 1.22 (which is beta at the time of writing) a portable version has been added for Windows. If you've read the installation section, you should remember that the program is already portable and allows you to simply extract its files. However, the separate portable package has its own peculiarities: you need administrator rights to run the installer (even if you just want to unpack the archive), and the portable version can be unpacked without administrator rights - the only difference is this.

Official beta versions are only available. In the VeraCrypt Nightly Builds folder, the portable version file is VeraCrypt Portable 1.22-BETA4.exe.

The file with the container can be placed on a USB flash drive. You can copy the portable version of VeraCrypt to the same USB flash drive - this will allow you to open an encrypted partition on any computer, including without VeraCrypt installed. But be aware of the dangers of intercepting keystrokes - the onscreen keyboard can probably help in this situation.

How to use encryption software correctly

Here are some tips to help you keep your secrets better:

Try to keep unauthorized persons out of your computer, including checking laptops in your luggage at airports; if possible, send computers for repair without a system hard drive, etc.
Use a strong password. Don't use the same password that you use for mail, etc.
Do not forget your password! Otherwise, the data cannot be recovered.
Download all programs only from official sites.
Use free programs or purchased ones (do not use hacked software). Also, do not download or run dubious files, since all such programs, among other malicious elements, can have kiloggers (keystroke interceptors), which will allow an attacker to find out the password for your encrypted container.
Sometimes it is recommended to use the on-screen keyboard as a means of intercepting keystrokes - I think this makes sense.

In Windows Vista, Windows 7 and Windows 8 Pro versions and higher, the developers have created a special technology to encrypt the contents of logical partitions on all types, external drives and USB flash drives - BitLocker.
What is it for? If you start BitLocker, all files on the drive will be encrypted. Encryption is transparent, that is, you do not need to enter a password every time you save a file - the system does everything automatically and invisibly. However, as soon as you disconnect this disk, then the next time you turn it on, you need a special key (special smart card, flash drive or password) to access it. That is, if you accidentally lose your laptop, you will not be able to read the contents of the encrypted disk on it, even if you remove this hard disk from this laptop and try to read it on another computer. The encryption key is so long that the time it takes to go through all possible combinations to find the right one on the most powerful computers will take decades. Of course, the password can be found out under torture or stolen in advance, but if the flash drive was lost by accident, or it was stolen, not knowing that it is encrypted, then it will be impossible to read it.

Configuring BitLocker encryption using the example of Windows 8: encrypting the system drive and encrypting flash drives and external USB drives.
System disk encryption
The requirement for BitLocker to encrypt the logical drive on which the Windows operating system is installed is to have an unencrypted boot partition: the system must still start from somewhere. If you install Windows 8/7 correctly, then during installation two partitions are created - an invisible partition for the boot sector and initialization files and the main partition where all files are stored. The first is just such a section that you don't need to encrypt. But the second section, which contains all the files, is encrypted.

To check if you have these sections, open Computer management

go to section Storage devices - Disk management.

In the screenshot, the section created to boot the system is marked as SYSTEM RESERVED... If it is, then you can safely use BitLocker to encrypt the logical drive on which Windows is installed.
To do this, go to Windows with administrator rights, open Control Panel

go to section system and safety

and enter the section BitLocker Drive Encryption.
You will see in it all the disks that can be encrypted. Click on the link Turn on BitLocker.

Configuring Security Policy Templates
At this point, you may receive a message stating that disk encryption is not possible until security policy templates are configured.

The fact is that to start BitLocker, the system needs to allow this operation - this can only be done by an administrator and only with his own hands. This is much easier to do than it seems after reading obscure messages.

Open up Conductor, click Win + R- the input line will open.

Enter into it and execute:

gpedit.msc

Will open Local Group Policy Editor... Go to section

Administrative Templates
- Windows components
- This policy setting allows you to select BitLocker Drive Encryption
--- Operating system disks
---- This policy setting allows you to configure to require additional authentication at startup.

Set parameter value Included.

After that, save all values and return to Control Panel- can run BitLocker Drive Encryption.

Creating a key and saving it

The system will offer you two options for a key: a password and a USB flash drive.

When using a USB flash drive, you can use the hard disk only if you insert this USB flash drive - the key will be written on it in an encrypted form. When using a password, you will need to enter it every time you access the encrypted partition on this disk. In the case of the system logical disk of the computer, the password will be needed during a cold (from scratch) boot or full restart, or when trying to read the contents of the logical disk on another computer. To avoid any pitfalls, create a password using English letters and numbers.

After creating the key, you will be prompted to save information to restore access in case of loss: you can save a special code in a text file, save it to a USB flash drive, save it to your Microsoft account, or print it out.

Please note that it is not the key itself that is saved, but a special code required for the access restoration procedure.

Encryption of USB disks and flash drives
You can also encrypt external USB drives and flash drives - this feature first appeared in Windows 7 under the name BitLocker To Go... The procedure is the same: you come up with a password and save the recovery code.

When you mount a USB disk (connect to a computer), or try to unlock it, the system will ask you for a password.

If you do not want to enter the password every time, because you are sure of the safety when working on this computer, then you can specify in the additional parameters when unlocking that you trust this computer - in this case, the password will always be entered automatically, until you cancel the trust setting. Please note that on the other computer, the system will ask you to enter a password, since the trust setting on each computer operates independently.

After you have worked with the USB drive, unmount it, either by simply unplugging it, or via the safe removal menu, and the encrypted drive will be protected from unauthorized access.

Two ways of encryption

BitLocker offers two methods for encryption, which have the same result, but different execution times: you can encrypt only the space occupied by the information, bypassing the processing of empty space, or you can walk through the disk completely, encrypting all the space of the logical partition, including the unused one. The first is faster, but it remains possible to recover information from empty space. The fact is that with the help of special programs you can recover information even if it has been deleted from the Recycle Bin, and even if the disk has been formatted. Of course, this is difficult to accomplish in practice, but there is still a theoretical possibility if you do not use special utilities for removal that permanently delete information. When encrypting the entire logical drive, the place marked as empty will be encrypted, and there will be no possibility of recovering information from it, even with the help of special utilities. This method is completely reliable, but slower.

When encrypting a disk, it is advisable not to turn off your computer. It took me about 40 minutes to encrypt 300 gigabytes. What happens if the power goes off suddenly? I don’t know, I haven’t checked it, but they write on the Internet that nothing terrible will happen - you just need to start encryption again.

Conclusion

Thus, if you constantly use a flash drive on which you store important information, then using BitLocker you can protect yourself from important information falling into the wrong hands. It is also possible to protect information on hard drives of a computer, including system ones - it is enough to completely turn off the computer, and the information on the drives will become inaccessible to strangers. Using BitLocker after configuring security policy templates does not cause any difficulties even for unprepared users; I did not notice any slowdown when working with encrypted disks.

Hello readers of the blog of the ComService company (Naberezhnye Chelny). In this article, we will continue to explore the systems built into Windows designed to improve the security of our data. Today it is the Bitlocker disk encryption system. Data encryption is necessary so that strangers do not use your information. How she gets to them is another question.

Encryption is the process of transforming data so that only the right people can access it. Keys or passwords are usually used to gain access.

Encrypting the entire drive prevents access to data when you connect your hard drive to another computer. A different operating system might be installed on the attacker's system to bypass protection, but this will not help if you are using BitLocker.

BitLocker was introduced with the Windows Vista operating system and has been enhanced in. Bitlocker is available in Maximum and Enterprise versions as well as in Pro. Owners of other versions will have to search.

Article structure

1. How BitLocker Drive Encryption Works

Without going into details, it looks like this. The system encrypts the entire drive and gives you the keys to it. If you encrypt the system disk, it will not boot without your key. The same as the keys to the apartment. You have them, you will fall into it. Lost, you need to use spare (recovery code (issued during encryption)) and change the lock (re-encrypt with different keys)

For reliable protection, it is desirable to have a Trusted Platform Module (TPM) in the computer. If it is there and its version is 1.2 or higher, then it will control the process and you will have stronger protection methods. If it is not there, then it will be possible to use only the key on the USB-drive.

BitLocker works as follows. Each disk sector is encrypted separately using a full-volume encryption key (FVEK). AES algorithm with 128 bit key and diffuser is used. The key can be changed to 256 bit in group security policies.

When the encryption is complete, you will see the following picture

Close the window and check if the startup key and recovery key are in safe places.

3. Encryption of a flash drive - BitLocker To Go

Why pause encryption? So that BitLocker does not lock your drive and does not resort to the recovery procedure. System parameters (and the contents of the boot partition) are fixed during encryption for additional protection. If you change them, the computer may lock up.

If you select Manage BitLocker, you can Save or print the recovery key and Duplicate the startup key

If one of the keys (startup key or recovery key) is lost, you can restore them here.

External storage encryption management

The following functions are available to manage the encryption parameters of a flash drive

You can change the password to unlock. The password can be deleted only if a smart card is used to unlock. You can also save or print the recovery key and enable unlocking the disk for this automatically.

5. Restoring access to the disk

Restoring access to the system disk

If the flash drive with the key is out of the access zone, then the recovery key comes into play. When you boot your computer, you will see something like the following.

To restore access and boot Windows, press Enter

We will see a screen asking you to enter the recovery key

Entering the last digit, provided the correct recovery key is used, will automatically boot the operating system.

Restoring access to removable drives

To restore access to information on a USB flash drive or press Forgot your password?

Select Enter recovery key

and enter this terrible 48-digit code. Click Next

If the recovery key is suitable, then the disk will be unlocked

A link appears to Manage BitLocker, where you can change the password to unlock the drive.

Conclusion

In this article, we learned how we can protect our information by encrypting it using built-in BitLocker. It is disappointing that this technology is only available in older or advanced versions of Windows. It also became clear why this hidden and bootable 100 MB partition was created when setting up a disk using Windows.

Perhaps I will use encryption of flash drives or. But, this is unlikely, since there are good substitutes in the form of cloud storage services such as, and the like.

Thank you for sharing this article on social media. All the best!

We bring to your attention an overview of the most popular hardware and software tools for encrypting data on an external hard drive.

Let's start with the simplest. Mac OS X has a built-in Disk Utility that allows you to create an encrypted disk image. You can also use third-party software such as Espionage, FileWard, StuffIt Deluxe to encrypt files or folders. In addition, some backup apps offer encryption of backups out of the box.

These methods are good. But sometimes, using software encryption is not the best option. For example, when you need to encrypt Time Machine backups. To protect such backups, you will have to do some tricky manipulations, because Time Machine does not support encryption. Regular software will not help if you need to create an encrypted copy of the bootable disk so that it remains bootable. Another limitation applies to encrypted disks: they cannot be used on other computers (Mac or PC) without special software.

PGP Whole Disk Encryption for the Mac is one of those applications that allows you to encrypt the contents of a disk that remains bootable and usable on Mac and PC. This is a great application, but a PGP installation is required to access the information on every computer that the drive connects to. Also, if the disk is damaged, encryption can interfere with data recovery.

If you need a universal solution that does not impose restrictions on disk usage, you should purchase an HDD with built-in encryption. The disk encrypts and decrypts data on its own, so there is no need to install additional software. In this case, the disk can be used as a boot volume or for Time Machine. One caveat: if a controller or other electronics fail on a disk, you won't be able to transfer data from the device (even with fully functioning mechanics) until the HDD is fully restored.

Encryption-enabled hard drives are of several types, depending on the decryption mechanism:

Hardware keys

Some manufacturers offer encryption HDD boxes that are locked with a physical device. As long as the key is present (connected or located next to the disk), the disk can be read.

HDDs of this type: RadTech's Encrypted Impact Enclosures ($ 95), RocStor Rocbit FXKT drives and several devices from SecureDISK (from $ 50). All boxes have two or three compatible keys that are connected to a special port of the device. SecureDISK offers RFID Security External Enclosure with an infrared key (media must be nearby to use the disk).

Fingerprint scanners

If you are worried about the loss of physical media, then you can look towards HDD boxes with a fingerprint scanner. Some examples: MXI Security Outbacker MXI Bio ($ 419-599) and LaCie SAFE hard drives ($ 400 for 2GB model). (Some older models of LaCie boxes, 2.5 ″ format, do not encrypt data, but use less secure locking in the firmware). These discs are easy to use and can hold fingerprints for up to five people. It is worth noting that there are several techniques for tricking the finger scanner (without the original finger).

Keyboard

($ 230-480) - Encryption disk boxes that do not require physical keys or biometric readers. Instead, a keyboard is used to enter a password (up to 18 characters). Using a keyboard instead of a physical key is convenient when the disk is often walked around. Disks support the function of "self-destruction", which deletes all stored information after several unsuccessful attempts to enter the password.

Open source has been popular for over 10 years due to its independence from major vendors. The creators of the program are publicly unknown. Among the most famous users of the program are Edward Snowden and security expert Bruce Schneier. The utility allows you to turn a flash drive or hard drive into a secure encrypted storage in which confidential information is hidden from prying eyes.

Mysterious developers of the utility announced the closure of the project on Wednesday May 28, explaining that using TrueCrypt is unsafe. “WARNING: Using TrueCrypt is unsafe because the program may contain unresolved vulnerabilities ”- such a message can be seen on the product page on the SourceForge portal. Then another appeal follows: "You must transfer all data encrypted in TrueCrypt to encrypted disks or virtual disk images supported on your platform."

Independent security expert Graham Cluley made a logical comment on the situation: "Now is the time to find an alternative solution for encrypting files and hard drives."

I'm not kidding!

Initially, there were suggestions that the program's website was hacked by cybercriminals, but now it is becoming clear that this is not a hoax. SourceForge now offers an updated version of TrueCrypt (which is digitally signed by the developers) that prompts you to upgrade to BitLocker or another alternative tool during installation.

Matthew Green, professor of cryptography at Johns Hopkinas University, said: "It is highly unlikely that an unknown hacker identified the TrueCrypt developers, stole their digital signature, and hacked their site."

What to use now?

The website and pop-up notification in the program itself contains instructions on how to transfer files encrypted by TrueCrypt to Microsoft's BitLocker service, which comes with Microsoft Vista Ultimate / Enterprise, Windows 7 Ultimate / Enterprise and Windows 8 Pro / Enterprise. TrueCrypt 7.2 allows you to decrypt files, but does not allow you to create new encrypted partitions.

BitLocker is the most obvious alternative to the program, but there are other options. Schneier shared that he is returning to using PGPDisk from Symantec. ($ 110 per user license) uses the well-known and proven PGP encryption method.

There are other free alternatives for Windows like DiskCryptor. A computer security researcher known as The Grugq last year compiled a whole that is still relevant today.

Johannes Ulrich, Science Director at SANS Institute of Technology, recommends that Mac OS X users take a look at FileVault 2, which is built into OS X 10.7 (Lion) and later. FileVault uses XTS-AES 128-bit encryption, which is used by the US National Security Agency (NSA). According to Ulrich, Linux users should stick to the built-in Linux Unified Key Setup (LUKS) system tool. If you are using Ubuntu, then the installer of this OS already allows you to enable full disk encryption from the very beginning.

However, users will need other portable media encryption applications that are used on computers with different operating systems. Ulrich said that in this case it comes to mind.

The German company Steganos offers to use the old version of its encryption utility Steganos Safe (the current version is currently 15, but it is proposed to use version 14), which is distributed free of charge.

Unknown vulnerabilities

The fact that TrueCrypt may have security vulnerabilities raises serious concerns, especially considering that the audit of the program did not reveal such problems. Users of the program have raised $ 70,000 for an audit following rumors that the US National Security Agency could decode significant amounts of encrypted data. The first phase of the study, which analyzed the TrueCrypt downloader, was carried out last month. The audit did not reveal any backdoors or intentional vulnerabilities. The next phase of the study, in which the cryptographic methods used were to be tested, was planned for this summer.

Green was one of the experts involved in the audit. He said that he had no preliminary information that the developers were planning to close the project. Greene said, “The last thing I heard from the TrueCrypt developers was,“ We're looking forward to the results of Phase 2 of the trial. Thanks for your efforts! " It should be noted that the audit will continue as planned, despite the shutdown of the TrueCrypt project.

Perhaps the creators of the program decided to suspend development, because the utility is outdated. Development stopped on May 5, 2014, i.e. after the official end of support for Windows XP. SoundForge mentions: "Windows 8/7 / Vista and later have built-in encryption for disks and virtual disk images." Thus, data encryption is built into many operating systems, and developers may find the program no longer necessary.

To add fuel to the fire, we note that on May 19, TrueCrypt was removed from the secure Tails system (Snowden's favorite system). The reason is not completely clear, but clearly you should not use the program - said Cluley.

Cluley also wrote, "Whether it's trickery, hacking, or the logical end of the TrueCrypt lifecycle, it's clear that conscious users won't feel comfortable trusting their data to a program after a fiasco."