11

I'd like to hear from TrueCrypt users who've had both good and (if any) bad experiences with it: Is it reliable enough for business-critical use? In my case, I expect to use file-based containers rather than encrypting entire partitions.

For me the nightmare scenario is: I go to open the container, supply the right authentication information (whether it's a passcode, a key, whatever), and TrueCrypt just can't open the container for whatever reason. Perhaps there was a write error on the last update. Perhaps a stray cosmic ray hit just the wrong part of a data structure. Perhaps the machine I last used the container on was destroyed by a falling satellite and I'm now trying to open the container on a different machine with a different architecture (Windows 32-bit instead of *nix 64-bit, whatever). You get the idea.

I don't care about horror stories of lost keys or what-have-you; nothing without a backdoor can protect you from doing something dumb. I'm talking about the software actually failing in a way that loses your data.

(And yes, obviously, if I'm dealing with business-critical data, I'm going to keep backups of the container — multiple point in time going back days/weeks/etc. — to mitigate the effects of some of the above.)

T.J. Crowder
  • 1,149
  • 4
    Wouldn't your nightmare scenario apply to any situation encrypted or not? I think your real issue is a proper backup strategy to negate any nightmare. – Moab Nov 01 '10 at 15:33
  • 1
    And remember: TrueCrypt volumes can be decrypted within minutes if the key is still in memory, without brute-force attack: http://www.lostpassword.com/hdd-decryption.htm – Saxtus Nov 01 '10 at 16:36
  • @Moab: Yes, it would (hence backups). But with (say) just a normal HDD partition, gzipped tar files, etc., I have multiple independent implementations of code to read the data. With TrueCrypt, I have only TrueCrypt (granted I can get the source). I'm just trying to figure out whether that's worth worrying about. – T.J. Crowder Nov 01 '10 at 16:48
  • @Saxtus: Nothing you can actually access is secure from every conceivable attack. I just want to raise the bar fairly high without making my life unworkably awkward. :-) – T.J. Crowder Nov 01 '10 at 16:50
  • 1
    @T.J. Crowder: I totally understand. I mentioned it for completeness, just because I think it falls into reliability category and no one else talked about it, nothing more, nothing less. I didn't thought that should be an answer by itself. – Saxtus Nov 01 '10 at 17:05
  • @Diago: With respect, I would have left the question of whether this was subjective & argumentative to the community. I asked for concrete information. Closing it by moderator fiat rather than letting the community decide smacks of authoritarianism. (In the incredibly mild form relevant to a site like this.) (Don't let my superuser profile fool you, I do have some experience with StackExchange sites.) – T.J. Crowder Nov 11 '10 at 22:40
  • Super User runs off a different policy from Stack Overflow. Subjective questions are closed period. Due to the target audience and past issues on the site, we have strict policies, and furthermore, this is not a discussion forum. And please, don't point at your rep on another site and expect special treatment. Rep is separated across sites for a reason. – BinaryMisfit Nov 12 '10 at 06:53
  • @Diago: We don't let StackOverflow be a discussion forum either (f'chrissake, it's not like I haven't read the FAQ on both sites). I wasn't asking for special treatment. I was asking for what I thought should be normal treatment. Sorry for having and expressing an opinion. I'll have to remember not to do that again. – T.J. Crowder Nov 12 '10 at 08:03
  • @Diago: And I wasn't pointing to reputation, I was pointing to experience (over a year) and contribution (a large number of answers). Those are not the same as rep. – T.J. Crowder Nov 12 '10 at 08:22
  • 1
    @T.J. Crowder & Diago: For what is worth, I think that this question and answers given was helpful and I am glad that it was asked. Probably it started as general discussion topic but it ended up been having objective answers. Thumbs up! – Saxtus Nov 13 '10 at 09:11

3 Answers3

8

I and my fellow engineers at the office all use TrueCrypt.

We each keep a local TC data store of 50GB formatted for NTFS. Everyone gives their pass-phrase to our boss, and keeps a back-up on the NAS at the office.

Procedurally, not having an escrow-recovery is the biggest reason NOT to use TC. I.e. if someone changes their pass-phrase, gets angry and quits, we have NO way of accessing their data. So, from a business-critical perspective, that's probably the biggest risk.

Performance-wise, TC will keep-pace because of how it integrates with the host OS, but I wouldn't use it to encrypt an enterprise data-store or anything.

We really like the fact that TC supports multiple platforms -- because not all our engineers use the same OS. Some run Linux, some run Windows, and regardless TC works. It also doesn't care if you switch platforms! That's nice.

Vomit IT - Chunky Mess Style
  • 40,973
C.J. Steele
  • 181
  • 4
    You can create the container using your choice of password/keyfiles, and then backup the volume header. Once it is backed up, you can allow the end user to change the password/keyfiles as they would like and by maintaining the original header you can restore it and decrypt the archive. It should go without saying that you would want to guard those original headers very tightly. – Goyuix Nov 01 '10 at 16:19
  • Thanks, very good to hear about real-life situations. You've never had a situation where for some unknown reason, TrueCrypt just wouldn't open a volume, despite being given the correct authentication? – T.J. Crowder Nov 01 '10 at 16:44
6

TrueCrypt is as reliable as a plain partition is: If it suffers an unrecoverable error, doesn't matter what type of volume is, you lost data anyway.

The good thing about TrueCrypt is that you won't lose the entire thing (the following was taken from it's FAQ):

What will happen when a part of a TrueCrypt volume becomes corrupted?

In encrypted data, one corrupted bit usually corrupts the whole ciphertext block in which it occurred. The ciphertext block size used by TrueCrypt is 16 bytes (i.e., 128 bits). The mode of operation used by TrueCrypt ensures that if data corruption occurs within a block, the remaining blocks are not affected. See also the question 'What do I do when the encrypted filesystem on my TrueCrypt volume is corrupted'?

What do I do when the encrypted filesystem on my TrueCrypt volume is corrupted?

File system within a TrueCrypt volume may become corrupted in the same way as any normal unencrypted file system. When that happens, you can use filesystem repair tools supplied with your operating system to fix it. In Windows, it is the 'chkdsk' tool. TrueCrypt provides an easy way to use this tool on a TrueCrypt volume: Right-click the mounted volume in the main TrueCrypt window (in the drive list) and from the context menu select 'Repair Filesystem'.

Community
  • 1
Saxtus
  • 1,462
1

Truecrypt can deal with everything but these two.

  • write error on the last update

This is filesystem related and outside truecrypts scope, the OS and file system should worry about getting that right.

  • stray cosmic ray hit just the wrong part of a data structure.

I don't believe any software can be made safe if a cosmic ray flips the wrong bit of RAM at a crucial time.

The only way to be safe from these potential errors are backups.
Nifle
  • 34,446