Truecrypt 5 and amd64 problems

Message

Morimando · Post by **Morimando** » Wed Apr 16, 2008 8:10 am

Well, i unmasked truecrypt 5 to try if it might work and it seems to work (i can encrypt volumes for instance), but when i mount the created volume (no filesystem) and then want to create an ext3 filesystem on it, i notice that a) the device is named /dev/loop0 instead of /dev/mapper/truecrypt0 and b) the system freezes after 1 minute of what seems to be absolute inactivity (well the progress-counter jumps from 0/3700 (3700 is a guess, something around there (Inode count)) to 94/3700 (now the 94 is exact). Also i noticed that there isn't a truecrypt module anymore, but i could not find out if this is normal yet.
So basically what i want to ask is: Is this the reason truecrypt 5 (for amd64 at least) is still masked or should it already work and something went terribly wrong so that i need to investigate?
Oh, and also truecrypt 4 (i downgraded) tells me that the volume (that truecrypt 5 had created) is not a truecrypt volume because of which i now have to encrypt the drive anew

MM Trigger · Post by **MM Trigger** » Wed Apr 16, 2008 3:43 pm

I've been having problems with version 5.1 as well. Pretty much the same thing too. I formatted a volume with fat32 so I could use it between both Linux and Windows. After a certian amount of time, disk IO stops, and eventually my system will freeze. Best I can tell, this is something that needs to be reported on bugzilla.

There shouldn't be a TrueCrypt module anymore because since v5, TrueCrypt uses FUSE instead. You must already have FUSE built into your kernel or built as a module if you have it working. Also, v4 can't read volumes created with >=v5 because there it uses a new key generation mode (XTS) that v4 just doesn't understand.

For now I'm sticking with v4. I thought my problem with v5 was just some quirk with my setup. I guess not...

Morimando · Post by **Morimando** » Wed Apr 16, 2008 6:37 pm

I read something about the .22 kernel noch being able to correctly write to loop devices. Since i use .23-gentoo-r9, i thought that doesn't apply, but then again - it might. I will test the .24 kernel now, configuring it entirely anew (since i use the same -config since .21). If this reconfiguration of the kernel works, i will let you know (here). From what i understand, the freeze should occur while tranferring data to a mapped device, be it formatting or actual filetransfers. Using a truecrypt 4 volume with truecrypt 5 should be less secure, right?

Carnildo · Post by **Carnildo** » Wed Apr 16, 2008 8:05 pm

Truecrypt 5 is incompatible with certain FUSE modules, leading to the crash you're experiencing.

On Linux, the only major differences between TrueCrypt 4 and TrueCypt 5 are that 5 adds a GUI, and removes support for creating hidden volumes. There's no change in security.

Morimando · Post by **Morimando** » Wed Apr 16, 2008 9:44 pm

Wha? (To quote Dr Foundsworth)
First thing it asked me is if i wanted to create a normal encrypted volume or a hidden volume... so uhm... well, to the inexperienced eye... it looks as if truecrypt 5 does support hidden volumes. Could you define "certain FUSE modules"? Does that refer to any particular kernel version? Because i have FUSE built into the kernel, so i guess that should suffice.

MM Trigger · Post by **MM Trigger** » Thu Apr 17, 2008 12:01 am

Regarding backwards compatibility of truecrypt volumes, its in the documentation. As of v5.0 truecrypt uses XTS mode for key generation. Version 4.3a and earlier only use LRW for key generation method, thus prior versions to 5.0 have no capability of reading from or writing to volumes created v5.0 or greater provided that XTS was used (it is selected by default, if I am not mistaken). I found that out the hard way when upgrading some of my clients' workstations...

If you read the ebuild, it lists a dependency on sys-fs/fuse, which is the externally built modules for FUSE, not the in-kernel ones. It doesn't look like truecrypt looks to see if FUSE is built in the kernel already; it makes you install the modules from portage. I also see that this release of truecrypt was made stable before either of the two stable versions of fuse in portage were stabilized (by about 2-3 days). I assume then, that truecrypt may not have been tested fully with the latest modules for fuse available in portage.

So, since I believe this is an issue for the devs and maintainer, I filed a bug for this problem.

Morimando: I believe that the only security issue with using a v4 volume with v5 is that LRW key generation is technically not as secure as XTS. So you're not really introducing any new vulnerabilities by doing so since you originally created the volume using v4.x.

Morimando · Post by **Morimando** » Thu Apr 17, 2008 9:57 am

Okay then... i will remove FUSE from the kernel and build the sys-fs modules from portage instead (2.7.0?). Will let you know if that worked out

MM Trigger · Post by **MM Trigger** » Thu Apr 17, 2008 12:47 pm

So, since I believe this is an issue for the devs and maintainer, I filed a bug for this problem.

Well that bug didn't last long

. Looks like the maintainer doesn't know how to fix the problem, so I sent the bug upstream. I hope that the truecrypt devs can tell me what is going on. I would post a link to the new bugpost, except that it looks like the truecrypt devs keep bug postings to themselves.

Morimando · Post by **Morimando** » Thu Apr 17, 2008 1:10 pm

Well, as long as you let us know what they found out

Do you have FUSE built into the kernel AND compiled sys-fs/fuse ? Because that is what i had. I will be able to reboot in half an hour or something, kernel w/o fuse is ready, sys-fs/fuse will be recompiled after i rebooted and truecrypt 5 will be emerged as well. I will let you know if file transfers work with the new settings or not (also i changed the kernel version, which -frankly- is a little unprofessional to change both kernel version and some of the config, but well...2.6.23 => 2.6.24)

Morimando · Post by **Morimando** » Fri Apr 18, 2008 9:31 pm

Okay... i made a new kernel, 2.6.24. FUSE is in kernel, built as a module. sys-fs/fuse is installed (and recompiled after the kernel switch) Without fuse in kernel, sys-fs/fuse wouldn't compile either. Truecrypt 5 now seems to work fine, although the transfer-speed seems to be lower than with the old truecrypt (for example i can't playback a video stored on the drive while i copy new files to it), but at least it doesn't freeze when i copy larger amounts of data to an encrypted drive.
Is it normal that truecrypt 5 is slower than truecrypt 4? Or might this result from a configuration error? I encrypted it with Serpent-Twofish-AES and Whirlpool, if that's of any relevance..

Carnildo · Post by **Carnildo** » Fri Apr 18, 2008 11:40 pm

Morimando wrote:Wha? (To quote Dr Foundsworth)
First thing it asked me is if i wanted to create a normal encrypted volume or a hidden volume... so uhm... well, to the inexperienced eye... it looks as if truecrypt 5 does support hidden volumes.

Have you tried actually selecting that option? Somewhere in the process of creating a hidden volume, you'll get a very polite error message telling you that this isn't supported in this version.