VeraСrypt - analogue of TrueCrypt, review, comparison and installation. Comparison of encryption tools

  • Continue to use TrueCrypt, because even despite serious analysis, no security problems were identified in it. This is a good option, because TrueCrypt has proven itself to be an excellent and reliable program in every sense. Plus, it's free. Possibly during a change operating systems to more recent ones, there may be compatibility issues with TrueCrypt in the future.
  • Use one of the TrueCrypt forks. It’s also good as the first option, but there is hope for updating the program and adding new functions and algorithms. The main advantage is that they retain all the functionality of TrueCrypt.
  • Select a third-party product. There are many such products, we will consider some of them.
Programs instead of TrueCrypt

Hidden from guests

VeraCrypt is free program encryption from IDRIX (

Hidden from guests

), this program is based on TrueCrypt.

It increases the security of the algorithms and sections used to encrypt the system, making them immune to new developments in brute-force attacks. For example, when encrypting a system partition, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations, while VeraCrypt uses 327661! And for standard containers and other sections, TrueCrypt uses no more than 2000 iterations, while VeraCrypt uses 655331 for RIPEMD160 and 500000 iteration for SHA-2 and Whirlpool.

These security enhancements only add some latency when opening partitions, with no performance penalty during use. This is acceptable to the true owners, but it makes it much more difficult for attackers to gain access to the encrypted data.

Hidden from guests

This program can encrypt system partition and non-system partitions, supports all latest versions Windows OS, third-party bootloaders and much more. DiskCryptor supports multiple encryption algorithms and their combinations, AES hardware acceleration if supported by the system, and full support for external drives. In terms of functionality, this program comes closest to TrueCrypt.

Hidden from guests

(a commercial)

Allows you to create encrypted containers. This program officially declares that it does not contain backdoors or bookmarks, since it is located in a country whose legislation cannot force it to do so. Among the interesting functions - file manager(Disk Firewall) which protects data from illegal copying and viruses. It allows only authorized programs to make changes to data on the encrypted disk.

Hidden from guests

This program cannot encrypt partitions, only individual files. Although not a complete alternative to TrueCrypt, it can be used to encrypt important files on the system. The program uses the AES 128-bit encryption algorithm and also supports key files.

Hidden from guests

Available for Windows, Mac, Linux and mobile operating systems. It only supports file encryption, which only means that you can right-click on a file and encrypt or decrypt it.

Hidden from guests

Bitlocker is part of Windows only in the Enterprise and Ultimate and Pro versions on Windows 8. Claims that Bitlocker has a built-in backdoor for law enforcement and other services have never been proven, but it does have key recovery functionality that can be used for decryption disks protected by this program, which may be located on Microsoft servers and not locally.

Hidden from guests

(as well as Boxcryptor, CryptSync and Viivo from PKWare)

Specifically designed to protect the data you sync with cloud services such as Google Drive, OneDrive or Dropbox. It uses 256bit and will detect supported providers automatically after installation. Not available for Linux.

The service has stopped working (Sophie Hunt- thanks for the info). The website bears the following inscription:

The Cloudfogger project has been stopped, Cloudfogger is not available anymore.
Current Cloudfogger users should re-encrypt their files with a new solution as we will also turn off our keyservers in the following weeks.
Looking for an alternative? How about

Hidden from guests

It might be worth taking a look at

Hidden from guests

As an alternative to Cloudfogger.

Hidden from guests

Can be used to synchronize encrypted copies of files on a cloud service.

Hidden from guests

Another program if you want to encrypt on the cloud.

Hidden from guests

(free for personal use)

This program can be used to encrypt individual files, directories or drives on Windows. The project's website lacks information about the ciphers and encryption algorithms used.

Hidden from guests

Available for Linux only. Supports TrueCrypt and other drives. Source code available.

Data encryption programs

Of course, it’s impossible to cover all programs in one article. But if you want to continue your research in this direction, then here is a list of programs for data protection. Try it and post your results in the comments.

  • Encrypt4all
  • Exlade Cryptic Disk
  • Folder Encryption Dog
  • GiliSoft Private Disk
  • G-Soft Easy Crypter
  • HiTek Software AutoKrypt
  • idoo Full Disk Encryption
  • Jetico BCArchive
  • Jetico Best Crypt
  • KakaSoft KaKa Private Disk
  • Kruptos 2
  • NCH ​​MEO Encryption Software
  • Odin HDD Encryption
  • Odin U Disk Encrypt Creator
  • PC-Safety Advanced File Vault
  • Rohos Disk Encryption
  • SafeEnterprise ProtectDrive
  • SafeHouse Professional
  • SecurStar DriveCrypt
  • Steganos Safe Professional
  • Symantec Encryption Desktop Professional
  • Utimaco SafeGuard Easy
  • Utimaco Safeware AG PrivateDisk
  • ZardsSoftware SafeKeeping
  • AbelsSoft CryptBox Pro
  • Comodo Disk Encryption
Now you: are there other alternatives not mentioned here? Share them with everyone in the comments. Tell us which program you prefer and why?

There are many reasons to encrypt the data on your hard drive, but the price for data security will be a decrease in system speed. The purpose of this article is to compare performance when working with a disk encrypted with different means.

To make the difference more dramatic, we chose not a super-modern car, but an average one. A regular mechanical hard drive of 500 GB, dual-core AMD at 2.2 GHz, 4 gigs of RAM, 64-bit Windows 7 SP 1. No antiviruses or other programs will be launched during the test, so that nothing could affect the results.

I chose CrystalDiskMark to evaluate performance. As for the encryption tools I tested, I settled on the following list: BitLocker, TrueCrypt, VeraCrypt, CipherShed, Symantec Endpoint Encryption and CyberSafe Top Secret.

BitLocker

This standard remedy disk encryption built into Microsoft Windows. Many people simply use it without installing third-party programs. Indeed, why, if everything is already in the system? On the one hand, it’s correct. On the other hand, the code is closed, and there is no certainty that it did not contain backdoors for the FBI and other interested parties.

Disk encryption is carried out using the AES algorithm with a key length of 128 or 256 bits. The key can be stored in the Trusted Platform Module, on the computer itself or on a flash drive.

If TPM is used, then when the computer boots, the key can be obtained immediately from it or after authentication. You can log in using the key on the flash drive or by entering the PIN code from the keyboard. Combinations of these methods give many options for limiting access: simply TPM, TPM and USB, TPM and PIN, or all three at once.

BitLocker has two undeniable advantages: firstly, it can be managed through group policies; Secondly, it encrypts volumes, not physical disks. This allows you to encrypt an array of multiple drives, something that some other encryption tools cannot do. BitLocker also supports GUID Partition Table (GPT), which even the most advanced Trucrypt fork VeraCrypt cannot boast of. To encrypt a system GPT disk with it, you will first have to convert it to the MBR format. This is not required with BitLocker.

In general, there is only one drawback - closed source. If you're keeping secrets from people in your household, BitLocker is perfect. If your disk is full of documents of national importance, it is better to find something else.

Is it possible to decrypt BitLocker and TrueCrypt

If you ask Google, it will find an interesting program called Elcomsoft Forensic Disk Decryptor, suitable for decrypting BitLocker, TrueCrypt and PGP drives. As part of this article, I will not test it, but I will share my impressions of another utility from Elcomsoft, namely Advanced EFS Data Recovery. It perfectly decrypted EFS folders, but provided that the user password was not set. If you set the password to even 1234, the program was powerless. In any case, I was unable to decrypt an encrypted EFS folder belonging to a user with password 111. I think the situation will be the same with the Forensic Disk Decryptor product.

TrueCrypt

This is a legendary disk encryption program that was discontinued in 2012. The story that happened to TrueCrypt is still shrouded in darkness, and no one really knows why the developer decided to refuse support for his brainchild.

There are only grains of information that do not allow us to put the puzzle together. Thus, in 2013, fundraising began to conduct an independent audit of TrueCrypt. The reason was information received from Edward Snowden about the deliberate weakening of TrueCrypt encryption tools. Over 60 thousand dollars were collected for the audit. At the beginning of April 2015, the work was completed, but no serious errors, vulnerabilities or other significant flaws in the application architecture were identified.

As soon as the audit was completed, TrueCrypt again found itself at the center of a scandal. ESET specialists published a report that the Russian version of TrueCrypt 7.1a, downloaded from truecrypt.ru, contained malware. Moreover, the site truecrypt.ru itself was used as a command center - commands were sent from it to infected computers. In general, be vigilant and do not download programs from anywhere.

The advantages of TrueCrypt include open source, the reliability of which is now supported by independent audit, and support for dynamic Windows volumes. Disadvantages: the program is no longer being developed, and the developers did not have time to implement UEFI/GPT support. But if the goal is to encrypt one non-system drive, then it doesn’t matter.

Unlike BitLocker, which only supports AES, TrueCrypt also includes Serpent and Twofish. To generate encryption keys, salt and header key, the program allows you to select one of three hash functions: HMAC-RIPEMD-160, HMAC-Whirlpool, HMAC-SHA-512. However, a lot has already been written about TrueCrypt, so we won’t repeat it.

VeraCrypt

The most advanced TrueCrypt clone. It has its own format, although it has the ability to work in TrueCrypt mode, which supports encrypted and virtual disks in the TrueCrypt format. Unlike CipherShed, VeraCrypt can be installed on the same computer at the same time as TrueCrypt.

INFO

Having retired, TrueCrypt left a rich legacy: it has many forks, starting with VeraCrypt, CipherShed and DiskCryptor.

TrueCrypt uses 1000 iterations to generate the key that will encrypt the system partition, while VeraCrypt uses 327,661 iterations. For standard (non-system) partitions, VeraCrypt uses 655,331 iterations for the RIPEMD-160 hash function and 500,000 iterations for SHA-2 and Whirlpool. This makes encrypted partitions significantly more resistant to brute force attacks, but also significantly reduces the performance of working with such a partition. How significant we will soon find out.

Among the advantages of VeraCrypt is its open source code, as well as its own and more secure format of virtual and encrypted disks compared to TrueCrypt. The disadvantages are the same as in the case of the progenitor - lack of UEFI/GPT support. It is still impossible to encrypt the system GPT disk, but the developers claim that they are working on this problem and such encryption will soon be available. But they’ve been working on this for two years now (since 2014), and when there will be a release with GPT support and whether there will be one at all is not yet known.

CipherShed

Another TrueCrypt clone. Unlike VeraCrypt, it uses the native TrueCrypt format, so you can expect its performance to be close to that of TrueCrypt.

The advantages and disadvantages are still the same, although you can add to the disadvantages the inability to install TrueCrypt and CipherShed on the same computer. Moreover, if you try to install CipherShed on a machine with TrueCrypt already installed, the installer offers to remove the previous program, but fails to cope with the task.

Symantec Endpoint Encryption

In 2010, Symantec bought the rights to the PGPdisk program. The result was products such as PGP Desktop and, subsequently, Endpoint Encryption. This is what we will consider. The program, of course, is proprietary, the sources are closed, and one license costs 64 euros. But there is support for GPT, but only starting from Windows 8.

In other words, if you need GPT support and want to encrypt the system partition, you will have to choose between two proprietary solutions: BitLocker and Endpoint Encryption. It is unlikely, of course, that a home user will install Endpoint Encryption. The problem is that this requires Symantec Drive Encryption, which requires an agent and a Symantec Endpoint Encryption (SEE) management server to install, and the server also wants to install IIS 6.0. Isn't it a lot of good stuff for one disk encryption program? We went through all this just to measure performance.

Moment of truth

So, let's get to the fun part, namely testing. The first step is to check the performance of the disk without encryption. Our “sacrifice” will be partition hard drive(regular, not SSD) 28 GB in size, formatted as NTFS.

Open CrystalDiskMark, select the number of passes, the size of the temporary file (we will use 1 GB in all tests) and the disk itself. It is worth noting that the number of passes has virtually no effect on the results. The first screenshot shows the results of measuring disk performance without encryption with the number of passes 5, the second - with the number of passes 3. As you can see, the results are almost identical, so we’ll focus on three passes.



CrystalDiskMark results should be interpreted as follows:

  • Seq Q32T1 - sequential write / sequential read test, number of queues - 32, threads - 1;
  • 4K Q32T1 - random write / random read test (block size 4 KB, number of queues - 32, threads - 1);
  • Seq - sequential write/sequential read test;
  • 4K - random write / random read test (block size 4 KB);

Let's start with BitLocker. It took 19 minutes to encrypt a 28 GB partition.

Continuation is available only to subscribers

Option 1. Subscribe to Hacker to read all materials on the site

Subscription will allow you to read ALL paid materials on the site within the specified period. We accept payments by bank cards, electronic money and transfers from mobile operator accounts.

Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Desktop Cryptomator is free and open source source code, so you can be sure there are no backdoors. Cryptomator for Android/iOS costs a small fee and is not open source, but uses an open kernel component that can be tested for backdoors

Free Open source Mac Windows Linux Android iPhone iPad

  • AES Crypt

    AES Crypt is an advanced file encryption utility that integrates with the Windows shell or runs from the Linux command line to provide a simple yet powerful tool for encrypting files using the Advanced Encryption Standard (AES). The Java library is also available for developers who use Java to read and write AES files

    Free Open source Mac Windows Linux Android iPhone Android Tablet iPad

  • CipherShed

    A fork of the now discontinued TrueCrypt. CipherShed is a program that can be used to create encrypted files or to encrypt all drives (including USB drives and external hard disks). There is no need for complex commands or knowledge; A simple wizard will guide you step by step through each process.

    Free Open source Mac Windows Linux

  • DiskCryptor

    DiskCryptor is the only truly free solution, provided under the GNU General Public License (GPLv3), that offers encryption of all disk partitions, including the system partition. The main criteria for open source software is that its source code is covered under one of the open source licenses

    Free Open source Windows

  • Sookasa

    Sookasa transparently protects files via the Dropbox cloud and related mobile devices, while maintaining the native Dropbox user experience on Windows, Mac, iOS and Android.

    Paid Mac Windows Android iPhone Android Tablet iPad

  • LUKS

    LUKS is a standard for hard encryption Linux disk. By providing a standard format on disk, it not only facilitates compatibility between distributions, but also provides secure management of multiple user passwords. Unlike the existing solution, LUKS stores all the necessary installation information in the partition header, allowing the user to easily transfer or migrate their data

    Free Open source Linux

  • EncFS

    EncFS provides an encrypted file system in user space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the interface file system. Below you can find links to the source and binary versions. EncFS is software open source, licensed under GPL

    Free Open source Mac Linux BSD

  • Boxcryptor

    Boxcryptor is easy-to-use encryption software optimized for the cloud. This allows safe use cloud storage services without sacrificing comfort. Boxcryptor supports all major providers cloud storage(such as Dropbox, Google Drive, Microsoft OneDrive, SugarSync) and supports all clouds that use the WebDAV standard (such as Cubby, Strato HiDrive and ownCloud)

    Free (with restrictions) Mac Windows Android iPhone Chrome OS Windows S Android Tablet Windows ( mobile version) iPad Blackberry 10

  • Windows BitLocker

    No dynamic disk encryption, but encryption in command line! Dynamic disks must be converted to basic disks with EasyUS Partition Wizard or Partition Master before encrypting with Bitlocker. Windows BitLocker encryption and "Bitlocker To Go" are a data protection feature in Windows 10 Professional, Windows Vista Enterprise, and Windows Vista Ultimate for client computers and Windows Server 2008


    • This is the first of five articles on our blog dedicated to VeraCrypt, it discusses the differences between VeraCrypt and its ancestor TrueCrypt, where to download VeraCrypt, portable installation and Russification.

    If you are looking for encryption instructions, read:

    Since the closure of the TrueCrypt project in 2014, VeraCrypt has remained its most popular fork, which not only replicates the capabilities of the original, but also corrects a number of TrueCrypt vulnerabilities, and also brings additional functionality that was previously missing.

    Features of VeraCrypt and differences from TrueCrypt

    1. TrueCrypt did not produce an insufficient number of iterations for PBKDF2 (the standard for generating a password-based encryption key), in VeraCrypt the number of iterations for the system partition was increased from 1000 to 327661, and for other partitions and file containers from 2000 to 655331, which significantly increases the crypto strength of the resulting keys .
    2. VeraCrypt fixed bugs and optimized the bootloader code, which allowed it to use the SHA-256 algorithm as a hash function when encrypting the system hard drive partition, while TrueCrypt used the less secure RIPEMD-160 algorithm.
    3. VeraCrypt drivers are signed digital signature Microsoft, which is necessary for correct installation on Windows 10.
    4. Versions 1.18 and older allow encryption Windows computers with EFI instead of BIOS, they also fixed a vulnerability that made it possible to detect hidden partitions.
    5. Starting with version 1.0f, VeraCrypt supports loading partitions and containers encrypted using TrueCrypt; the ability to convert TrueCrypt-encrypted containers and non-system hard drive partitions into the VeraCrypt format has also been added.
    6. Many software errors have been fixed: memory leaks, buffer overflows and dll loading vulnerabilities.
    7. A complete analysis and refactoring of the code was carried out
    8. Versions available for MACOS and Linux
    VeraCrypt is developing, new versions, fixes and improvements are being released. Three years after the closure of TrueCrypt, the time has finally come to abandon it and start using a more modern and secure tool.

    Where to download VeraCrypt

    Official download page on the VeraCrypt website, versions are available for Windows, Linux, MacOSX, as well as PGP installer signatures and a user manual in English.

    VeraCrypt Portable version or traditional installation

    If you are going to encrypt the system partition of a Windows disk, then you need to install VeraCrypt; to do this, select Install during the installation process, for all other cases, simply extracting the program files to the specified folder is suitable - Extract(this is the portable version).

    Russifier VeraCrypt

    Russian language, among others, is available in the main menu of the program. Select Settings -> Languages, in the window that opens, find Russian and click OK. All instructions and recommendations in the following articles will be provided for the English and Russian versions of the interface.

    P.S

    We hope our article was useful and you have securely encrypted your data, but do not forget to take care of communication security - try our

    mob_info