其实很早之前就知道这个软件,不过之前没有使用,今天折腾了一把,记录下使用过程中遇见的一些问题。
百度百科:
TrueCrypt,是一款免费开源的加密软件,同时支持Windows Vista,7/XP, Mac OS X, Linux 等操作系统。TrueCrypt不需要生成任何文件即可在硬盘上建立虚拟磁盘,用户可以按照盘符进行访问,所有虚拟磁盘上的文件都被自动加密,需要通过密码来进行访问。TrueCrypt 提供多种加密算法,包括:AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish,其他特性还有支持FAT32和NTFS分区、隐藏卷标、热键启动等。
这个软件原来的官网是:http://www.truecrypt.org。不过现在官方号称这个软件已经不安全了。我们现在进去前面我说的那个官网就会自动跳转到http://truecrypt.sourceforge.net/这个网址。官方的解释是该软件不再安全,替代的产品是windows自带的bitlocker。原文如下:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Migrating from TrueCrypt to BitLocker:
If you have the system drive encrypted by TrueCrypt:
If you do not see the Turn on BitLocker menu item, click here.
Alternatively, use search in the Start menu or screen:
If you do not see the BitLocker item, click here.
If BitLocker reports Trusted Platform Module (TPM) unavailable error, click here.
If you have a non-system drive encrypted by TrueCrypt:
If you do not see the Turn on BitLocker menu item, click here.
If you do not have a spare drive, first decrypt the drive encrypted by TrueCrypt. Select the drive in TrueCrypt, open the Volumes menu and select Permanently Decrypt item (available in version 7.2). Then encrypt the drive by BitLocker (see above).
To mount a drive encrypted by BitLocker, open the drive in Explorer.
To dismount a removable drive encrypted by BitLocker, use Eject menu item or Safely Remove icon:
To dismount a non-removable drive encrypted by BitLocker, use Offline item in the context menu of the drive in Disk Management window:
To mount the drive again, use Online item in the context menu of the drive.
If you have a file container encrypted by TrueCrypt:
Alternatively, use search in the Start menu or screen:
If you do not see the Turn on BitLocker menu item, click here.
To dismount the drive, click the drive using the right mouse button in Explorer and select Eject:
To mount the drive again, double click the virtual disk file (requires Windows 8 or later):
Alternatively, use Attach VHD in the Action menu of the Disk Management window:
Download:
WARNING: Using TrueCrypt is not secure
You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.
TrueCrypt 7.2 sig key
If you use TrueCrypt on other platform than Windows, click here.
然后我自己下载使用了一下官网提供的最后的那个版本,结果发现可以安装,不过使用的时候会提示不安全而不能正常使用。于是就在我打算放弃使用这个软件的时候,我又发现了这篇帖子:http://www.52pojie.cn/thread-325161-1-1.html
TrueCrypt不会死 -- 瑞士网友创建TrueCrypt新家园
在一个国外的网站上看到了一篇关于著名加密软件TrueCrypt的英语文章,我把主要意思翻译了一下,供有兴趣的网友参考。
The development of TrueCrypt, an open source piece of software used for on-the-fly encryption, has been terminated and users have been advised not to use it because it is not secure enough. Now, it seems that another team of developers have forked the software and rebased it in Switzerland.
The abrupt announcement of the demise of TrueCrypt took everyone by surprise and some of its users have been disappointed that their favorite software is no longer being developed. The Sourceforge website, where the project was keeping its files, is now plastered with warnings that TrueCrypt is no longer secure because it is full of security issues.
Fortunately for us, TrueCrypt was an open source project and that meant that anyone could take it and fork it into another version, and try to fix some of the problems reported. Whether this will be a success remains to be seen, but at least there is a chance that it will live on.
Many users think that the TrueCrypt project has been forced to close its doors by various other malevolent forces, like the US government, for example. To be fair, the US government is accused of many such acts, but it is likely that it's not actually responsible for all of them.
So, TrueCrypt has now been rebased in Switzerland and the project has been forked by another team of developers. They are promising that the security problems will be fixed and that no one will be able to force them to close the gates.
“Currently it is very unclear what really happened. Was it really just the end of a 10 year effort, or was it driven by some government? While a simple defacement is more and more unlikely we still don't know where this is going. However the last 36 hours showed clearly that TrueCrypt is a fragile product and must be based on more solid ground. We start now with offering to download the Truecrypt file as is, and we hope we can organize a solid base for the Future,” reads the new truecrypt.ch website.
曾获包括斯诺登(Edward Snowden)在内的专业人士推荐并使用过的流行达十年之久的著名加密软件TrueCrypt,于2014年5月28日突遭关闭,其官方网站被重定向到 SourceForge网页并且警告称该软件并不安全,建议所有TrueCrypt用户将加密的数据迁移到Bitlocker,这一消息对于很多习惯了使用TrueCrypt的用户来说犹如一颗重磅炸弹!TrueCrypt项目究竟发生了什么?对于TrueCrypt突遭神秘关闭的背景、真实原因,一时间各种猜测纷至沓来:网站被黑、有人恶作剧、主要开发者已经放弃开发甚至已经死亡、项目被NSA盯上并遭到胁迫、发现重大安全漏洞甚至已经被胁迫植入后门等等。
真正的背景如何,有待进一步观察。不过已经有一些热心的网友开始行动起来准备拯救他们一直以来心爱的加密软件,一个瑞士的开发者团队刚刚组建了TrueCrypt新的网上家园。他们决心修复TrueCrypt的安全漏洞并且承诺没有人能够强迫他们关闭大门!
参见:
Steve Gibson: TrueCrypt is still safe to use(TrueCrypt仍然可以安全使用) https://www.grc.com/misc/truecrypt/truecrypt.htm
TrueCrypt瑞士开发团队官网:If TrueCrypt.org really is dead, we will try to organize a future. http://truecrypt.ch/
英文原文:https://www.grc.com/misc/truecrypt/truecrypt.htm
TrueCryptⓇ | ||
Final Release Repository |
Phase 2 of the TrueCrypt Audit FINISHED!
No significant cryptographic problems found |
Recent attempts to download the TrueCrypt files here, using Chrome or Firefox (Mozilla uses Google's technology), have been generating false-positive malware infection warnings. They must be false-positives because no change has been made to the files since this page was put up nearly a year ago (May 29th, 2014) and many people have confirmed that the downloaded binaries have not changed and that their cryptographic hashes still match.
Also, the well-known and respected “VirusTotal” site, which scans files through all virus scanners reports ZERO hits out of 57 separate virus scan tests: VirusTotal scan results.
We have no idea where or why Google got the idea that there was anything wrong with these files. This just appears to be “The Google” doing their best to protect us from ourselves. But that does misfire occasionally. We expect it to fix itself within a day or two.
Although the disappearance of the TrueCrypt site, whose ever-presence the Internet community long ago grew to take for granted, shocked and surprised many, it clearly came as no surprise to the developers who maintained the site and its namesake code for the past ten years. An analysis of the extensive changes made to TrueCrypt's swan song v7.2 release, and to the code's updated v3.1 license, shows that this departure, which was unveiled without preamble, was in fact quite well planned.
For reasons that remain a titillating source of hypothesis, intrigue and paranoia, TrueCrypt's developers chose not to graciously turn their beloved creation over to a wider Internet development community, but rather, as has always been their right granted by TrueCrypt's longstanding license, to attempt to kill it off by creating a dramatically neutered 7.2 version that can only be used to view, but no longer to create new, TrueCrypt volumes.
Then, leveraging the perverse and wrongheaded belief that software whose support was just cancelled renders it immediately untrustworthy, they attempted to foreclose on TrueCrypt's current and continued use by warning the industry that future problems would remain unrepaired. This being said of the latest 7.1a version of the code that has been used by millions, without change, since its release in February of 2012, more than 27 months before. Suddenly, for no disclosed reason, we should no longer trust it?
they still “owned” TrueCrypt, and that it was theirs to kill.
But that's not the way the Internet works. Having created something of such enduring value, which inherently requires significant trust and buy-in, they are rightly unable to now take it back. They might be done with it, but the rest of us are not.
The developers' jealousy is perhaps made more understandable by examining the code they have created. It is truly lovely. It is beautifully constructed. It is amazing work to be deeply proud of. Creating something of TrueCrypt's size and complexity, and holding it together as they did across the span of a decade, is a monumental and truly impressive feat of discipline. So it is entirely understandable when they imply, as quoted below, that they don't trust anyone else to completely understand and maintain their creation as they have. Indeed, it will not be easy. They might look at the coding nightmare atrocity that OpenSSL became over the same span of time and think: “Better to kill off our perfect creation than turn it over to others and have it become that.”
TrueCrypt's creators may well be correct. TrueCrypt may never be as pure and perfect as it is at this moment, today—in the form they created and perfected. Their true final version, 7.1a, may be the pinnacle of this story. So anyone would and should be proud to use and to continue to use this beautiful tool as it is today.
TrueCrypt's formal code audit will continue as planned. Then the code will be forked, the product's license restructured, and it will evolve. The name will be changed because the developers wish to preserve the integrity of the name they have built. They won't allow their name to continue without them. But the world will get some future version, that runs on future operating systems, and future mass storage systems.
There will be continuity . . . as an interesting new chapter of Internet lore is born.
Tweets from the @OpenCryptoAudit project:
- At 5:40am, 29 May 2014
We will be making an announcement later today on the TrueCrypt audit and our work ahead. - 9 hours later at 2:40pm, 29 May 2014
We are continuing forward with formal cryptanalysis of TrueCrypt 7.1 as committed, and hope to deliver a final audit report in a few months. - And eight minutes later at 2:48pm, 29 May 2014
We are considering several scenarios, including potentially supporting a fork under appropriate free license, w/ a fully reproducible build.
So it appears that the unexpected (putting it mildly) disappearance of TrueCrypt.org and the startling disavowal of TrueCrypt's bullet proof security will turn out to be a brief disturbance in the force. We should know much more about a trustworthy TrueCrypt in the late summer of 2014.
Time to panic?
No. The TrueCrypt development team's deliberately alarming and unexpected “goodbye and you'd better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we're on our own. |
Note that once TrueCrypt has been independently audited it will be the only mass storage encryption solution to have been audited. This will likely cement TrueCrypt's position as the top, cross-platform, mass storage encryption tool. |
My two blog postings on the day, and the day after, TrueCrypt's self-takedown:
My third and final posting about this page, in order to allow feedback.
The posting generated many interesting comments:
And then the TrueCrypt developers were heard from . . .
Steven Barnhart (@stevebarnhart) wrote to an eMail address he had used before and received several replies from “David.” The following snippets were taken from a twitter conversation which then took place between Steven Barnhart (@stevebarnhart) and Matthew Green (@matthew_d_green):
|
TrueCrypt v7.1a installation packages: | Downloads | |
• TrueCrypt Setup 7.1a.exe (32/64-bit Windows) | 285,739 | |
• TrueCrypt 7.1a Mac OS X.dmg | 66,215 | |
• truecrypt-7.1a-linux-x64.tar.gz | 69,302 | |
• truecrypt-7.1a-linux-x86.tar.gz | 42,687 | |
• truecrypt-7.1a-linux-console-x64.tar.gz | 30,893 | |
• truecrypt-7.1a-linux-console-x86.tar.gz | 24,388 | |
The TrueCrypt User's Guide for v7.1a: | ||
• TrueCrypt User Guide.pdf | 152,372 | |
The TrueCrypt v7.1a source code as a gzipped TAR and a ZIP: | ||
• TrueCrypt 7.1a Source.tar.gz | 24,977 | |
• TrueCrypt 7.1a Source.zip | 30,683 |
(Because caution is never foolish.)
- Many sites attempt to assert the authenticity of the files they offer by posting their cryptographic hash values. But if bad guys were able to maliciously alter the downloaded files, they could probably also alter the displayed hashes. Until we have secure DNS (DNSSEC, which will create a secured Internet-wide reference for many things besides IP addresses) the best we can do is host confirmation hashes somewhere else, under the theory that as unlikely as it is that this primary site was hacked, it's significantly less likely that two unrelated sites were both hacked.
So, for those who double-knot their shoelaces, Taylor Hornby (aka FireXware) of Defuse Security is kindly hosting a page of hash values of every file listed above. And, being the thorough cryptographic code auditor that he is, Taylor first verified the files GRC is offering here against several independent archives:
Additional online TrueCrypt sites and repositories:
- The reconstructed browsable version of the truecrypt.org website. A terrific Canadian web developer, Andrew Y. (who also created the ScriptSafe Chrome browser extension to duplicate the script-disabling of Firefox's NoScript), captured some of the TrueCrypt.org website before it disappeared from the Internet and then reconstructed the missing pieces using the PDF manual. The result is a terrific web-browsable site for TrueCrypt.
- TrueCrypt.ch: A just launched, Swiss-based, possible new home for TrueCrypt. Follow these folks on Twitter: @TrueCryptNext. Given the deliberate continuing licensing encumbrance of the registered TrueCrypt trademark, it seems more likely that the current TrueCrypt code will be forked and subsequently renamed. In other words . . . for legal reasons it appears that what TrueCrypt becomes will not be called “TrueCrypt.”
- github.com/DrWhax/truecrypt-archive: This is a frequently cited and trusted archive maintained by Jurre van Bergen (@DrWhax) and Stefan Sundin. It contains a nearly complete, historical repository of previous TrueCrypt versions, tracking its evolution all the way back to when it was previously named “ScramDisk” (which is when we were first using and working with it).
- github.com/syglug/truecrypt: Another TrueCrypt v7.1 archive, though apparently not the latest. But readily browsable if someone wishes to poke around within the source with their web browser.
- IsTrueCryptAuditedYet.com: This is the home of the TrueCrypt auditing project. As the audit moves into its next phase, digging past the startup and boot loader and into the core crypto, updates will be posted and maintained here.
Thoughts about a next-generation encrypted-data logo:
Graphic designer William Culver spend a bit of time thinking about a logo for whatever TrueCrypt becomes in the future. The theme of an infinity symbol is meant to convey the endless lifetime of this terrific data encryption solution. As is made clear on William's page for this, he's releasing all copyright:
256 x 256 pixels
32 x 32 pixels
Additional Miscellany:
- Amazon uses TrueCrypt when exporting archived data to users. See the first Q&A of the link. TrueCrypt is a perfect solution for this. We have every reason to believe that it is utterly bulletproof and only TrueCrypt provides the universal Windows/Mac/Linux platform neutrality that this application requires.
瑞士继续维护这个软件的组织的官网是:https://truecrypt.ch/
下面说说我自己的总结:
官网最新的7.2版本不能正常使用,不过他的老版本可以正常使用,比如7.2的上一个版本7.1a。这些继续维护他的网站提供了7.1a版本的下载,并做了一些改进。于是我安装了7.1a版本。安装好是英文的界面,不过网上很多简体中文语言包,复制到该软件的安装目录然后在软件的setting什么选择一下语言包即可,这个软件可以安装,也可以解压使用,很方便,安装好之后界面如下:
功能有很多,我说说几种常用的使用吧。
文件型加密:
点击“创建加密卷”,
可以看见有三种,我现在说的就是第一种,第二种是以分区的形式,第三种是以系统分区的形式,也就是给你现在所使用的系统进行加密,开机的时候会提示你输入密码才能进入,继续说第一种,下一步。
下一步。
这个时候需要手动创建一个文件来作为你的加密分区,位置随便你,点击“选择文件”
比如我输入“加密文件夹”然后确定。
下一步,这里可改加密算法。
下一步。
这里大小看你自己的需要,如果你要隐藏的东西很多就大点,此时下面为什么显示的是D盘呢?这是因为我刚才创建那个文件的时候创建在D盘里面,所以我们新创建的这个加密卷其实是用了D盘的空间,从D盘划分了一部分来使用,所以到时候我创建好这个加密卷的时候,这个加密卷有多大,那么D盘也就会相应的减少多大的空间。这里我就输入100MB,然后下一步,
这里提示你输入密码,并且可以使用一个密钥文件,如果你觉得不够安全的话就可以使用一个密钥文件,这个文件可以是一张图片,一个mp3等等。然后到时候解密使用这个加密卷的时候没有这个密钥文件就不能解开,所以如果你使用了一个密钥文件,那么一定要保管好这个文件,不过到时候打不开你的加密卷是很悲催的。然后接着下一步。
我的密码太短了,没关系,选“是”
这里你可以选择不同文件系统来作为你加密卷的文件系统,并且可以移动鼠标来产生随机缓冲。然后选择“格式化”。
退出即可。
到这里创建文件型加密卷就完成了。那么该怎么使用这个呢?
我们可以看见这个加密卷的大小是100MB。
相应的D盘也减少了100MB。
此时我们可以通过挂载这个加密卷来往里面添加一些我们想要隐藏的文件,方法:随便选择一个盘符,
然后选择我们刚才创建的那个文件。
然后点击左下角的“挂载”,然后出现下面的提示,
输入密码然后确定就会在资源管理器中看见多了一个盘符H。
此时就可以往这个加密卷中添加东西了。
然后卸载之后就会隐藏掉这个加密卷了,别人不能看见,就算知道这个文件也没有密码打开。因为是文件型的加密卷,所以这个文件其实还是属于D盘,所以如果从D盘往这个加密卷中添加东西可以看见很快,不过由于我刚才选择的是FAT文件系统,所以不支持复制大于4G的文件,改成NTFS就可以了。还有就是我们在这个加密卷中删除一些东西之后我们会看见这个加密卷的可用空间还是一样,这是因为这个在这个加密卷中也存在一个回收站,删除的东西还是在这个加密卷中,这个回收站是隐藏的,所以看不见,可以通过取消勾选下图中的选项来看见。
可以在回收站上右击——属性让删除的文件不经过回收站。
还有我们手动删除了这个加密卷之后会发现他的空间归还给了原来的D盘,因为这个是文件型的加密卷。
还有就是这个文件
可以随意更改名称,也可以添加扩展名。
这个软件还有很多其他的功能,比如加密windows,这里就不再讲了。
TrueCrypt的更多相关文章
-
加密入门(三):TrueCrypt(转)
http://terrychen.info/encryption-truecrypt/ TrueCrypt 是一款功能强大的开源加密工具,利用 TrueCrypt 可以创建一个加密文件作为虚拟加密卷, ...
-
[How To] TrueCrypt使用教學 - 重要資訊的加密保險箱(转)
我在2013年八月的時候寫了這篇關於TrueCrypt的使用教學,但從去年(2014)五月下旬開始,TrueCrypt的首頁出現了"Using TrueCrypt is not secure ...
-
TrueCrypt 7.1a Hashes
Here are the SHA256, SHA1, and MD5 hashes of all TrueCrypt version 7.1a files. The signature of the ...
-
TrueCrypt简介及TrueCrypt 7.1a Source.zip源码在VS2008下的编译过程
转载:http://blog.csdn.net/cncrypt/article/details/51565493 转载:http://www.cnblogs.com/shenjieblog/p/521 ...
-
TrueCrypt与CryptSetup双系统全盘加密(图文)
http://blog.topsec.com.cn/truecrypt%E4%B8%8Ecryptsetup%E5%8F%8C%E7%B3%BB%E7%BB%9F%E5%85%A8%E7%9B%98% ...
-
Automated Memory Analysis
catalogue . 静态分析.动态分析.内存镜像分析对比 . Memory Analysis Approach . volatility: An advanced memory forensics ...
-
灰常好的开源项目[c/c++]
ClibPDF http://cosoft.net.cn http://www2s.biglobe.ne.jp/~Nori/ruby/dist/ClibPDF-ALPHA-20010519.tar.g ...
-
Linux强化论:15步打造一个安全的Linux服务器
Linux强化论:15步打造一个安全的Linux服务器 Alpha_h4ck2016-11-30共28761人围观 ,发现 8 个不明物体专题系统安全 可能大多数人都觉得Linux是安全的吧?但我要告 ...
-
用 VeraCrypt 加密闪存盘
导读 很多安全专家偏好像 VeraCrypt 这类能够用来加密闪存盘的开源软件,是因为可以获取到它的源代码.要是你需要在 Windows 系统,苹果的 OS X 系统或者 Linux 系统上加密以及访 ...
随机推荐
-
Angular2 小贴士 RouterLink 导航
AngularJS的路由一直是学习的一大难点,我们只能边看边学边掌握,边看边学边推翻.今天我们来看一下在angular2中通过routerLink实现导航的几种方式,以及各自的优缺点. Angular ...
-
html meta标签属性与内容
meta是html语言head区的一个辅助性标签.也许你认为这些代码可有可无.其实如果你能够用好meta标签,会给你带来意想不到的效果,meta标签的作用有:搜索引擎优化(SEO),定义页面使用语言, ...
-
大数据下的Distinct Count(二):Bitmap篇
在前一篇中介绍了使用API做Distinct Count,但是精确计算的API都较慢,那有没有能更快的优化解决方案呢? 1. Bitmap介绍 <编程珠玑>上是这样介绍bitmap的: B ...
-
andorid 远程存储中JDK和Volley的GET和POST方法
在操作Volley的时候先添加volley.jar(包) <uses-permission android:name="android.permission.INTERNET" ...
-
注意WPF中绑定使用的是引用类型
绑定(Binding)是WPF提供的一个非常方便的特性,它可以方便的实现一个WPF的MVVM结构. 既可以实现数据驱动UI变化,也可以做到End-user在UI上的修改实现的反映到数据上. 但是有一点 ...
-
bzoj4010: [HNOI2015]菜肴制作【拓扑排序】
想到了一个分治方法,每一次尽量放小的那个,把它依赖的放在左边,不依赖的放在右边. TLE 80: #include <bits/stdc++.h> #define rep(i, a, b) ...
-
MyBatis基础学习笔记--自总结
一.MyBatis和jdbc的区别 jdbc的过程包括: 1.加载数据库驱动. 2.建立数据库连接. 3.编写sql语句. 4.获取Statement:(Statement.PrepareStatem ...
-
杭电ACM2014--青年歌手大奖赛_评委会打分
青年歌手大奖赛_评委会打分 Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32768 K (Java/Others)Tot ...
-
软件工程第二次作业-VSTS单元测试
一.选择开发工具 开发工具选择 Visual studio 2017 社区版,开发语言为C 由于之前已经安装完毕,所以不上传安装过程,主界面如下: 二.练习自动单元测试 使用的测试工具是VSTS,具体 ...
-
双线程 线性dp 传纸条
/* 两种做法:一是暴力dp[i][j][k][l] 二是以走的步数k作为阶段, dp[k][i][j]表示走到第k步,第一个人横坐标走到i,第二个人横坐标走到j 可以以此推出第第一个人的坐标为[i, ...