I remember a year or so ago that TrueCrypt stopped running their project, what are people using now to replace it?
I think the only issue it has right now is doing FDE with a boot partition on motherboards that only use UEFI as a replacement for BIOS.
Truecrypt is perfectly fine. It went though an extensive audit and other than some sloppy code it will keep your data protected on a PC that is shut down.
An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability.
The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.
John Connor said:Truecrypt is perfectly fine. It went though an extensive audit and other than some sloppy code it will keep your data protected on a PC that is shut down.
I'm still using TrueCrypt 7.1a and, at least in my circle, that remains the solution of choice.
I'm still using TrueCrypt, the fact that it's not "supported" isn't really relevant to anything, it's one of the few encryption applications which is both open source and has been audited for security by a neutral 3rd party. It also works well enough up to Win10, I think the only issue it has right now is doing FDE with a boot partition on motherboards that only use UEFI as a replacement for BIOS.
You could use a fork of truecrypt of which there are now several, things like Veracrypt but at the end of the day that's just more risk that using the last audited version of TrueCrypt.
A "cleanroom" implementation of TrueCrypt: https://github.com/bwalex/tc-play
What exactly is the "cleanroom" version?
https://en.wikipedia.org/wiki/TrueCryptIncompatibility with FlexNet Publisher and SafeCast
Main article: FlexNet Publisher § Issues with bootloaders
Installing third-party software which uses FlexNet Publisher or SafeCast (which are used for preventing software piracy on products by Adobe such as Adobe Photoshop) can damage the TrueCrypt bootloader on Windows partitions/drives encrypted by TrueCrypt and render the drive unbootable.[56] This is caused by the inappropriate design of FlexNet Publisher writing to the first drive track and overwriting whatever non-Windows bootloader exists there.[57]
If you're not as paranoid just use Bitlocker on Windows, but edit group policy to make it use AES256 instead of 128.
If I read the article right. I read that having a CPU with AES capability doesn't add to speed at all. That's a real bummer, but I have a laptop with TC installed with no speed degradation I can tell. I do use a SSD.