Update: In April 2015 Phase II of the TrueCrypt audit was completed, effectively giving TrueCrypt a clean bill of health. We now therefore recommend using VeraCrypt, a TrueCrypt fork which has fixed most of the weaknesses found during the audit, and is under active development. Please see VeraCrypt & how-to basics for more details.
The sudden demise of TrueCrypt under very suspicious circumstances came as a shock to many who had come to rely not just on its secure file or full disk encryption, but its practical functionality, and the fact that it was a mature product whose open-source code was being carefully audited at the time of its demise with promising results.
While conspiracy theories abound over what happened, the practical problem is finding a secure alternative. Unfortunately this is not as easy as it sounds, as no true drop-in replacement for TrueCrypt exists.
In this article we will therefore we look at what secure open source encryption options are available for those wanting to secure their files.
It should be noted that while all the programs listed here are open source (the notion of using the closed source Microsoft Bitlocker, as suggested by the devs when they pulled the plug on TrueCrypt is so ridiculous and bizarre that even our hard-bitten and cynical ProPrivacy team starts to reach for their tin hats just at the thought), but none them have been nearly as extensively vetted as TrueCrypt (if at all).
Being open source and at least open to auditing, does however makes these programs the most secure options available.
Platforms: Windows, OSX, Linux (Crypt4All Lite for Android is compatible)
Pros: Per file encryption, very easy to use
Cons: individual file encryption only
However, although more fully featured than AES Crypt, AxCrypt is only compatible with Windows (and AxCrypt files can only be decrypted using AxCrypt), which somewhat limits the utility of this otherwise excellent little program.
Encryption: AES_256, Twofish and Serpent
Pros: Full disk encryption (including OS disk), setup file only 1Mb, can use key file instead of password
Cons: No per-file or per-folder encryption, no ‘hidden volumes’, no ‘hide drive’ option, unmounted drives still visible to system, Windows only
It does however lack many of the bells and whistles that TrueCrypt offered, such as ‘hidden volumes’. Earlier versions of DiskCryptor were compatible with TrueCrypt containers, but with version 5 this is no longer the case.
An advantage when using EncFS to encrypt files kept in cloud storage is that (unlike TrueCrypt) each file in a volume is encrypted and stored individually, so a change to one file does not mean re-uploading an entire encrypted container.
A great how-to showing how easy EncFS is to use is available here.
*Update: Reader Joe Lee offers this advice for running EncFS in Mac OSX:
'I have been using EncFS on my Mac for some time now. You can easily install it using Homebrew “brew install encfs”, and mount your Volume “encfs -o volname=MySecretDrive ;Path/To/EncFS /Volume/MySecretDrive”. Couldn’t be any simpler.'
Platforms: Linux, DragonFly BSD, Android (Rooted only, using LUKS Manager)
Encryption: Large library available, including blowfish, twofish and AES
Pros: Very capable full disk encryption
Cons: For experts only, impenetrable documentation
LUKS (Linux Unified Key Setup) is the standard for Linux hard disk encryption. It is built-in to most Linux distros, and can be used with the dm-crypt subsystem to provide transparent full disk encryption.
In many ways dm-crypt/LUKS is very similar to TrueCrypt, but has the advantage that it stores all necessary setup information in the partition header, enabling the user to transport or migrate this data seamlessly. Unfortunately it is very user unfriendly, is command-line only, reading the documentation requires a degree in computer science, and so is only recommended to experts. The best instructions on using LUKS that we can find are available here.
Pros: Stealth mode to hide vaults, leaves no trace of any temporary files in the system
Cons: Does not delete original files, can be somewhat slow, still very much in alpha development
This promising new Android app lets you create password protected vaults in which you can store any kind of file (including local Google Docs). Encryption / decryption times can be very slow, and the original files remain in their folder so need to be deleted manually, but app is still in alpha, so issues are to be expected.
We were concerned about internet permissions for a ‘software analytics app called "crashlytics”’, so we contacted the developer, who responded very promptly, saying,
‘About crashlytics, it is a software (still in beta i think) which has the ability to take user's crashes and organize them in an orderly way for me to track the bugs.
since we are still alpha, I hope to use crashlytics to help squash those bugs.’
Given that the app is still in development this seems fair enough to us. We can’t recommend Secrecy yet, as development is still in its very early stages, but do think it is an app to watch.
Leaving aside dm-crypt/LUKS, what is interesting is that each of these programs does its own specific thing, with very little crossover in functionality between them. The best advice, therefore, is to use them all - using the right tool for the job at hand - AES Crypt for encrypting individual files (or AxCrypt for Windows-only users who do not plan on sharing their files),
Diskryptor for full disk encryption, and EncFS for secure cloud storage.
Unfortunately there is no open source full disk encryption option available for Mac owners (that we know of), but Linux users willing to get to grips with the complexities if LUKS have a very flexible and secure choice. For more on the best VPN for Mac take a look at our VPN Mac guide.
Update: As note at the beginning of this article, I now recommend VeraCrypt as the true successor to TrueCrypt.
Other open source encryption programs we have not listed here are: