TrueCrypt 5.0 Brings Plausible Deniability To OS X Users

TrueCryptWhile I’m not trying to only focus on security topics, they just seem to pop up more often than not, including today’s serendipitous discovery that TrueCrypt is available for OS X. Security isn’t just about maintaining system integrity (loosely defined as keeping malicious code from getting onto/running on your system). A critical component is ensuring that your valuable data is protected according to your risk appetite (loosely defined as confidentiality). Macs already have FileVault and secure disk images to handle basic encryption needs, so you may be asking why we need yet another utility for protecting information our systems (a fair question).

If you need/desire cross-platform compatibility, then TrueCrypt is a perfect choice. You can encrypt a virtual disk image onto a USB drive and take it from Windows to Linux to OS X and gain access to your all your secret data, something that is not possible with OS X secure disk images.

The other big “selling point” (difficult to use that term with a free & open source product) is the concept of plausible deniability. Until you go through the process of decrypting/mounting a volume, TrueCrypt file or disk volumes appear to consist of nothing more than random data (i.e. there is no “signature”). It is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted. This is an important point since we’re going down a very slippery slope (at least in the United States) where folks are now being forced to give up their secrets with full legal backing. You can rename a TrueCrypt file to “Family” and be able to claim that it’s just a corrupted transfer from your video camera with no way for the authorities to prove otherwise. Similarly, non-boot volumes (which is not an option for OS X yet) have no identifiable tags, making it look like an unformatted partition with random data.

Sadly, one of the coolest features – creating a hidden volume within an encrypted volume – is also not available on OS X yet. This option would allow you to give up your keys/passphrase to an outer-encrypted volume, but have another hidden, encrypted volume within it that uses a separate set of keys/passphrase. This lets you give up some of your secrets but not all of them.

My attempts at downloading and installing TrueCrypt were woefully unsuccessful with Safari under Leopard (the download file was corrupted). It worked fine in Firefox and is available for 10.4 and 10.5, Intel or PPC. I’ll be putting the software through some tests over the next few days, so drop a note in the comments or forums if you have any questions or want to share your experiences with the product.