Truecrypt (5.0)

Message

marrowhk · Post by **marrowhk** » Sat Feb 09, 2008 6:17 am

Truecrypt 5.0 for linux is out and now contains a built-in dialog/full gui for password entry!

In the past we've needed to create scripts like this to mount an encrypted pen-usb: (Gnome example)

Code: Select all

(A) zenity --entry --title="Truecrypt Password" --text="Enter Your Password:" --hide-text | sudo truecrypt -u /media/directory-x/xxx.tc /media/directory-y

Given an entry exists in your fstab for the receiving directory (shows the mount point clearly in nautilus):

Code: Select all

(B)/dev/mapper/truecrypt0 /media/directory-y 	fuse		users,noauto		0 0

Now, we can change script (A) to the following with truecrypt 5.0 whilst leaving the fstab entry intact:

Code: Select all

truecrypt /media/directory-x/xxx.tc  /media/directory-y

The inbuilt dialog will now ask for the password, and give you options as well; no need for zenity, or any other external dialog construction!

R-Type · Post by **R-Type** » Sat Feb 09, 2008 6:29 am

There are some rather annoying regressions in Truecrypt 5.0.

1. linux version cannot create hidden volumes. !!!?
2. the command line 'mount options' only accepts a few parameters, but the dialog box input accepts any option. I had to look at the code to figure out why my cmdline scripts weren't running.
3. does not compile on x86_64 without some typesize cleanups.
4. now requires X running to execute, which is frankly stupid.

This release feels rushed to me...that or they were focused on the windows version. Hopefully 5.1 will fix these...

marrowhk · Post by **marrowhk** » Sat Feb 09, 2008 6:31 am

The regressions are a shame. I guess if you're using hidden volumes you'll need to stick with 4.3a

R-Type · Post by **R-Type** » Sat Feb 09, 2008 6:33 am

It mounts 4.3a hidden partitions just fine.. The wizard says it can't create them..

marrowhk · Post by **marrowhk** » Sat Feb 09, 2008 6:36 am

Can't you just slot these version somehow so you have a CLI route to create a hidden volume

R-Type · Post by **R-Type** » Sat Feb 09, 2008 6:48 am

I doubt 5.0 volumes are openable with 4.3 because of the new XEX key handling mode, which is the major new crypto feature in 5.0. If the user has to forgo XEX to make hidden volumes, then he might as well stay with 4.3a for now...or create his volume in windows (if that works, I haven't tried). Another thing I forgot to add to my list is the lack of a complete command line interface. It doesn't even look like you can create volumes without running the GUI wizard. Yuck.

Imo, it's best to wait until they fix these things before adding to portage.. It's not even a feature complete release :\.

maltheus · Post by **maltheus** » Mon Feb 11, 2008 5:51 pm

What a pain! I didn't realize this release cripples the command line. Hopefully they'll fix that before the old version leave portage. Does anybody know of any decent Truecrypt alternatives (I don't care about Windows support)?

nirax · Post by **nirax** » Mon Feb 11, 2008 11:02 pm

regarding truecrpyt 5 release i have two questions, maybe someone knows the answer

1) is there a speed difference to cryptsetup/dmcrypt ? (under comparable algorythm)
2) did anyone made experiences already using TC 5.0 under amd64 systems ? Curremtly its ~amd64 only enabled, so im gonna wait for a stable gentoo release anyway, but maybe someone made already experiences.

background is, that im using a drive to store, unpack and "put together" movies and stuff. This is performing quite some system lag using current cryptsetup, so im looking for any possibility to speed it up somehow, while still taking partition encryption benefit.

R-Type · Post by **R-Type** » Wed Feb 13, 2008 1:45 am

Well, 5.0 uses libfuse and a standard loop device instead of dm like 4.3. I would imagine this might be a bit slower? I'll bet, though, that the crypto stuff will bottleneck your cpu first. luks might be faster than both of them. benchmark and see.

5.0 will not build on amd64 without typedef fixes.

Havin_it · Post by **Havin_it** » Wed Feb 13, 2008 11:29 am

Lots of doubt about upgrading to this version

1) How is auto mount/unmount handled now if it has to be done while X is running?

2) I tried building it myself before it went int the tree, and the "admin password required" dialog when trying to mount a volume didn't succeed. (Result: had to run it with sudo, just as I do now

) Am I missing something or is it fixed in portage?

3) Now that mounting is a single-step operation (no access to the raw device) how are you supposed to use fsck on your filesystem? I crash a lot

so this is quite important.

4) Why is the package fetch-restricted?

JayJay78 · Post by **JayJay78** » Wed Feb 13, 2008 5:13 pm

hi Havin_it,

1) How is auto mount/unmount handled now if it has to be done while X is running?

I mean

Code: Select all

truecrypt -t

(for textmode) is what you want?
Or do you mean, you shut down your system, and the truecrypt-volume or partition is auto unmounted?
Look at: /lib/rcscripts/addons/truecrypt-stop.sh

I have disabled the GUI Stuff (with -t), because i do not need them.

JJ

Havin_it · Post by **Havin_it** » Thu Feb 14, 2008 12:53 am

Yeah, I was under the impression it wouldn't be able to do *anything* unless X was running, meaning that rcscript wouldn't work. I've learned a bit more now

Also it seems to work fine as non-root now, not sure what the problem was before.

And as for my occasional need to fsck, I see now that there's the "do not mount" option in the password dialog options, so it's all good.

All in all, my worries are fully cured. Although I'll keep hold of a binpkg of 4.3a in case I need at some point to make a hidden volume...

dave_deu · Post by **dave_deu** » Tue Feb 26, 2008 11:35 pm

Hi, I'm new to Truecrypt. I set ACCEPT_KEYWORDS so v5.0 of Truecrypt installed. I had the Truecrypt module modprobed and the encrypted volume worked fine.

Now, I had a problem on boot come up complaining about the module being the wrong format or something. Anyway, despite there being no Truecrypt module loaded I tried mounting the device and it worked anyway. What's going on!?!? Does Truecrypt not need the module loaded to work?

Thanks,
Dave.

Havin_it · Post by **Havin_it** » Wed Feb 27, 2008 1:27 am

dave_deu, there is a major difference between v4.3a and v5.0* in terms of module structure. The old version built its own kernel module (and so had to be rebuilt every time the kernel was upgraded). The 5.0 version uses FUSE (Filesystems in Userspace) which is part of the kernel (may be built-in or as a module), there's no actual truecrypt module anymore, so it doesn't need rebuilding for a new kernel.

Anyway, your problem is perhaps due to the old-version module still attempting to load itself into the kernel. Run update-modules as root and that should get rid of the error. If you've previously added the truecrypt module to /etc/modules.autoload.d/ then make sure you also remove it from there.

dave_deu · Post by **dave_deu** » Wed Feb 27, 2008 4:39 pm

Thanks for that. All is explained. Truecrypt 5 is working well, though shame they do not build in more options than for VFAT filesystems.

Havin_it · Post by **Havin_it** » Thu Feb 28, 2008 10:57 am

Well, perhaps in time there will be more... in fairness, that's only one less than you get with Windows, and I would think few Linux users will be queuing up to make NTFS formatted crypts

Besides, once you've made the crypt you can reformat it to whatever you want using system tools.