security/truecrypt is broken. Need advice about Veracrypt

Truecrypt is actually broken from quarterly (2021Q3). After copying the right truecrypt source file to distfile (checked freshports for the right SHA256 hashes, including for wxWidgets), then previously building all the deps listed, still having:

Configuring wxWidgets library...
configure: error: Can't use --enable-std_string without std::wstring or std::basic_string<wchar_t>

Tried searching for any solution on internet but no deal.

I have a huge (650GB) truecrypt volume that I use mainly in Windows but also when I boot Ubuntu, want to do the same when I boot FreeBSD.
Truecrypt fork (Veracrypt) is offered in ports and says it can deal with truecrypt volumes.
Anyone around used to Veracrypt to tell me if it's realiable dealing truecrypt volumes with Veracrypt?
Thanks.
 
Truecrypt is actually broken from quarterly (2021Q3). After copying the right truecrypt source file to distfile (checked freshports for the right SHA256 hashes, including for wxWidgets), then previously building all the deps listed, still having
In fact Truecrypt was being developed by a team of anonymous developers, who never published their identities. The development of Truecrypt was being stopped suddenly by that group already in 2014, which was a big surprise back then and let to several rumors about the reasons behind that move. As parting message the Truecrypt developers putted on the web site "Using TrueCrypt is not secure as it may contain unfixed security issues."

So this really makes me wonder why FreeBSD is still shipping TrueCrypt at all.

So this means:

a) you shouldn't have used TrueCrypt since 7 years
b) you should use a well maintained alternative, which you obviously do.

For me, mounting Truecrypt in Veracrypt works just fine. But in your position I would use that functionality only to migrate this data to a Veracrypt file container.
 
… Time to migrate to Veracrypt I guess. …

Certainly, if security is essential, trust in TrueCrypt should have ended years ago.

1626071130456.png


I don't recall using VeraCrypt, but I do recall it being an accepted alternative around the time that TrueCrypt wound things down. A handful of articles, in chronological order:
  1. True mystery of the disappearing TrueCrypt disk encryption software – Naked Security
  2. Is TrueCrypt pining for the fjords? – Naked Security
  3. Life after TrueCrypt: 5 tips for better data security – Sophos News
  4. TrueCrypt mystery – forking weirder than before – Naked Security
  5. VeraCrypt a Worthy TrueCrypt Alternative | eSecurity Planet



Incidentally, I looked first for articles in the Sophos area because I have a record of two cases in 2010:
  • 0050181 – Sophos Anti-Virus on-access clean up incompatible with TrueCrypt
  • 0051317 – … crashing & data loss when using TrueCrypt & Sophos on access cleanup with OSX
– access to details is no longer readily available, so I can't tell exactly how the cases were resolved, it's likely that (from our perspective) there was no solution.
 
Build crashed with --disable-std_string after a while with "6 warnings and 9 errors generated."
Anyway it looks like the future for Truecrypt port is not promising. Nothing more than something to be expected as time passes by. Time to migrate to Veracrypt I guess.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257125
For sure. You can only try it and like you I suspect it should act ok with truecrypt containers and files.
I didn't realise it had been deprecated, so thanks to grahamperrin for weeding out that!
Veracrypt has been rock solid for me on all platforms (except Linux).
 
In fact Truecrypt was being developed by a team of anonymous developers, who never published their identities. The development of Truecrypt was being stopped suddenly by that group already in 2014, which was a big surprise back then and let to several rumors about the reasons behind that move. As parting message the Truecrypt developers putted on the web site "Using TrueCrypt is not secure as it may contain unfixed security issues."

So this really makes me wonder why FreeBSD is still shipping TrueCrypt at all.

So this means:

a) you shouldn't have used TrueCrypt since 7 years
b) you should use a well maintained alternative, which you obviously do.

For me, mounting Truecrypt in Veracrypt works just fine. But in your position I would use that functionality only to migrate this data to a Veracrypt file container.
Thanks. Yeah I know all the history. I really don't care about it as I use it just to protect my data in the case my lap get stolen or something like this. Truecrypt will never try to reach the network/internet, is very effective and reliable and that's all I need.
Yeah that drop was super strange and also funny... as it included the suggestion to move to bitlocker with instructions about how to do it and all. It will be missed.
 
… why FreeBSD is still shipping TrueCrypt …

Deprecated a few hours ago <https://cgit.freebsd.org/ports/commit/?id=8c3593db9e0654f34caa66d8ca95a85958c41156> with an expiration date of 2021-06-11. So:

Code:
root@mowa219-gjp4-8570p:/usr/ports/security/truecrypt # make configure
===>   NOTICE:

This port is deprecated; you may wish to reconsider installing it:

Development and support for truecrypt ended in 2014.

It is scheduled to be removed on or after 2021-06-11.

===>  License TRUECRYPT needs confirmation, will ask later
…

… the suggestion to move to bitlocker …

If I recall correctly, this was because TrueCrypt was originally/primarily Windows-oriented. Whatever the origin, Windows users would have been the largest audience.
 
For sure. You can only try it and like you I suspect it should act ok with truecrypt containers and files.
I didn't realise it had been deprecated, so thanks to grahamperrin for weeding out that!
Veracrypt has been rock solid for me on all platforms (except Linux).
Now I'm curious.
What went wrong while using it in Linux?
Wanted to have my volume accessible in FreeBSD besides windows and linux and now Veracrypt is a option to have it for Windows & FreeBSD but not Linux? :)
 
Thanks. Yeah I know all the history. I really don't care about it as I use it just to protect my data in the case my lap get stolen or something like this. Truecrypt will never try to reach the network/internet, is very effective and reliable and that's all I need.
Yeah that drop was super strange and also funny... as it included the suggestion to move to bitlocker with instructions about how to do it and all. It will be missed.
Truecrypt is now 7 years old abandonware, the rest of the world moved on and so I would not trust that piece of software to protect my data any longer. I would therefore abandon using it altogether, because there are more advanced up to date solutions out there right now.
 
Truecrypt is now 7 years old abandonware, the rest of the world moved on and so I would not trust that piece of software to protect my data any longer. I would therefore abandon using it altogether, because there are more advanced up to date solutions out there right now.
Do you have any suggestion about any option to transparently access a same encrypted volume across windows linux and freeBSD? Basically what truecrypt permit (permitted) without the hassles of mounting ext4 or UFS or NTFS across systems?
 
Now I'm curious.
What went wrong while using it in Linux?
Wanted to have my volume accessible in FreeBSD besides windows and linux and now Veracrypt is a option to have it for Windows & FreeBSD but not Linux? :)
I just don't use linux. MacOS, Windows, FreeBSD are my computing brands. I presume Linux is just fine with veracrypt. There's nothing sinister, I can assure you.:D
 
Do you have any suggestion about any option to transparently access a same encrypted volume across windows linux and freeBSD? Basically what truecrypt permit (permitted) without the hassles of mounting ext4 or UFS or NTFS across systems?
If your veracrypt is the entire device then I think all you would do is mount the device it's on. If however it's a file on the, for example, Windows disk/partition and you're running Freebsd, then you'd have to mount ntfs and then the file. I guess it depends on how veracrypt handles low-level I/O.
 
Do you have any suggestion about any option to transparently access a same encrypted volume across windows linux and freeBSD? Basically what truecrypt permit (permitted) without the hassles of mounting ext4 or UFS or NTFS across systems?
You've got to differentiate between:

a) the file system on the storage medium, where your encrypt container is living and
b) the file system being created in your encrypted container.

For both NTFS and NTFS are a viable option on your mentioned platforms.

So since you're used to Truecrypt why not just use Veracrypt instead? The UI is very similar, feature set as well so you should have no big problems when you make that switch.
 
Do you have any suggestion about any option to transparently access a same encrypted volume across windows linux and freeBSD? Basically what truecrypt permit (permitted) without the hassles of mounting ext4 or UFS or NTFS across systems?
Simply use FAT32, if the volume is not too large.
 
If your veracrypt is the entire device then I think all you would do is mount the device it's on. If however it's a file on the, for example, Windows disk/partition and you're running Freebsd, then you'd have to mount ntfs and then the file. I guess it depends on how veracrypt handles low-level I/O.
No need to have a formatted partition for Truecrypt (and so for Veracrypt too I presume). If you use Truecrypt directly to partition windows will call it a "RAW" partition and truecrypt will just mount it. It's like you can do with zfs. This is a good thing as you can just mount that volume anywhere truecrypt runs.

I will play with veracrypt using a USB stick then migrate the 650GB partition to use it. Then, hope long life to veracrypt.
 
No need to have a formatted partition for Truecrypt (and so for Veracrypt too I presume). If you use Truecrypt directly to partition windows will call it a "RAW" partition and truecrypt will just mount it. It's like you can do with zfs. This is a good thing as you can just mount that volume anywhere truecrypt runs.

I will play with veracrypt using a USB stick then migrate the 650GB partition to use it. Then, hope long life to veracrypt.
That was what I was saying in a roundabout way. :) If you use the entire disk then it can be 'mounted' raw. Veracrypt also allows encrypted files/containers in the native file system; I was not sure if truecrypt did so also.

Let us know the results so others can gain from your experience
 

… means that prudence dictates the continued use of version 7.1a of Truecrypt. …

Too ambiguous.

… (Update 5-8-21: The Truecrypt download has been removed from grc.com, and the following statement now appears: "VeraCrypt is being continually maintained, while the aging TrueCrypt code has become problemmatical to use.") …

GRC's page is more emphatic, the large red alert:

It's (past) time to switch to VeraCrypt…




1626149072845.png
 
That was what I was saying in a roundabout way. :) If you use the entire disk then it can be 'mounted' raw. Veracrypt also allows encrypted files/containers in the native file system; I was not sure if truecrypt did so also.

Let us know the results so others can gain from your experience
First thing: I was being silly by saying truecrypt (or veracrypt) is an option to 'transparently' using any volume across OS. You need to choose a disk format (of course) that will be created and encrypted.

With Veractypt in Windows I've created a NTFS encrypted volume in a USB memstick partition. Was able to open/use in Ubuntu but not in FreeBSD with "mount: /dev/md0: No such file or directory"

In Ubuntu destroyed the volume and recreated it formatted as ext4, still not able to mount in FreeBSD after loading ext2fs kernel module, with the same error message.
In Windows recreated it as FAT. This time FreeBSD was able to mount it. It created the /dev/md0 entry and mounted in /media/Veracrypt1.
While in FreeBSD Wanted to recreate the volume as exFAT but the only format options in Veracrypt while creating a volume are FAT and UFS

 
Back
Top