Truecrypt (5.0)

[marrowhk]

Truecrypt 5.0 for linux is out and now contains a built-in dialog/full gui for password entry!

In the past we've needed to create scripts like this to mount an encrypted pen-usb: (Gnome example)

[R-Type]

There are some rather annoying regressions in Truecrypt 5.0.

1. linux version cannot create hidden volumes. !!!?
2. the command line 'mount options' only accepts a few parameters, but the dialog box input accepts any option. I had to look at the code to figure out why my cmdline scripts weren't running.
3. does not compile on x86_64 without some typesize cleanups.
4. now requires X running to execute, which is frankly stupid.

This release feels rushed to me...that or they were focused on the windows version. Hopefully 5.1 will fix these...

[marrowhk]

The regressions are a shame. I guess if you're using hidden volumes you'll need to stick with 4.3a
_________________
You'll always come back to GENTOOOOOOO ! (Trust me...)

[R-Type]

It mounts 4.3a hidden partitions just fine.. The wizard says it can't create them..

[marrowhk]

Can't you just slot these version somehow so you have a CLI route to create a hidden volume
_________________
You'll always come back to GENTOOOOOOO ! (Trust me...)

[R-Type]

I doubt 5.0 volumes are openable with 4.3 because of the new XEX key handling mode, which is the major new crypto feature in 5.0. If the user has to forgo XEX to make hidden volumes, then he might as well stay with 4.3a for now...or create his volume in windows (if that works, I haven't tried). Another thing I forgot to add to my list is the lack of a complete command line interface. It doesn't even look like you can create volumes without running the GUI wizard. Yuck.

Imo, it's best to wait until they fix these things before adding to portage.. It's not even a feature complete release :\.

[maltheus]

What a pain! I didn't realize this release cripples the command line. Hopefully they'll fix that before the old version leave portage. Does anybody know of any decent Truecrypt alternatives (I don't care about Windows support)?

[nirax]

regarding truecrpyt 5 release i have two questions, maybe someone knows the answer

1) is there a speed difference to cryptsetup/dmcrypt ? (under comparable algorythm)
2) did anyone made experiences already using TC 5.0 under amd64 systems ? Curremtly its ~amd64 only enabled, so im gonna wait for a stable gentoo release anyway, but maybe someone made already experiences.

background is, that im using a drive to store, unpack and "put together" movies and stuff. This is performing quite some system lag using current cryptsetup, so im looking for any possibility to speed it up somehow, while still taking partition encryption benefit.
_________________
quot licet iovi non licet bovi

[R-Type]

Well, 5.0 uses libfuse and a standard loop device instead of dm like 4.3. I would imagine this might be a bit slower? I'll bet, though, that the crypto stuff will bottleneck your cpu first. luks might be faster than both of them. benchmark and see.

5.0 will not build on amd64 without typedef fixes.

[Havin_it]

Lots of doubt about upgrading to this version

1) How is auto mount/unmount handled now if it has to be done while X is running?

2) I tried building it myself before it went int the tree, and the "admin password required" dialog when trying to mount a volume didn't succeed. (Result: had to run it with sudo, just as I do now ) Am I missing something or is it fixed in portage?

3) Now that mounting is a single-step operation (no access to the raw device) how are you supposed to use fsck on your filesystem? I crash a lot so this is quite important.

4) Why is the package fetch-restricted?

[JayJay78]

hi Havin_it,

[Havin_it]

Yeah, I was under the impression it wouldn't be able to do *anything* unless X was running, meaning that rcscript wouldn't work. I've learned a bit more now

Also it seems to work fine as non-root now, not sure what the problem was before.

And as for my occasional need to fsck, I see now that there's the "do not mount" option in the password dialog options, so it's all good.

All in all, my worries are fully cured. Although I'll keep hold of a binpkg of 4.3a in case I need at some point to make a hidden volume...

[dave_deu]

Hi, I'm new to Truecrypt. I set ACCEPT_KEYWORDS so v5.0 of Truecrypt installed. I had the Truecrypt module modprobed and the encrypted volume worked fine.

Now, I had a problem on boot come up complaining about the module being the wrong format or something. Anyway, despite there being no Truecrypt module loaded I tried mounting the device and it worked anyway. What's going on!?!? Does Truecrypt not need the module loaded to work?

Thanks,
Dave.

[Havin_it]

dave_deu, there is a major difference between v4.3a and v5.0* in terms of module structure. The old version built its own kernel module (and so had to be rebuilt every time the kernel was upgraded). The 5.0 version uses FUSE (Filesystems in Userspace) which is part of the kernel (may be built-in or as a module), there's no actual truecrypt module anymore, so it doesn't need rebuilding for a new kernel.

Anyway, your problem is perhaps due to the old-version module still attempting to load itself into the kernel. Run update-modules as root and that should get rid of the error. If you've previously added the truecrypt module to /etc/modules.autoload.d/ then make sure you also remove it from there.

[dave_deu]

Thanks for that. All is explained. Truecrypt 5 is working well, though shame they do not build in more options than for VFAT filesystems.

[Havin_it]

Well, perhaps in time there will be more... in fairness, that's only one less than you get with Windows, and I would think few Linux users will be queuing up to make NTFS formatted crypts

Besides, once you've made the crypt you can reformat it to whatever you want using system tools.