So long, TrueCrypt: 5 alternative encryption tools that can lock down your data

Don't trust TrueCrypt anymore. Take a look at a few of the options available to you.

Open-source legend TrueCrypt may be gone, but the usefulness of full disk encryption carries on. So what's a crypto fan to do now for their encryption needs?

Well, you could  continue to use older versions of TrueCrypt if you already have it installed. While the security community was shocked earlier this week when the anonymous team behind the open source encryption tool seemingly shut down the project, leaving a neutered version 7.2 build of the tool that's only good for decrypting existing TrueCrypt volumes, a public audit of the TrueCrypt source code for version 7.1 was already underway and that effort will continue, according to the Open Crypto Audit Project.

The first phase of the TrueCrypt audit found no serious problems with the Windows build of TrueCrypt. If TrueCrypt 7.1 gets a clean bill of health it would continue to be a viable encryption option, though it's not clear if the encryption tool's development can or will continue under new management.

But if the brouhaha has you feeling skittish, or if you want to move on to encryption software that's actively being developed, options abound. As popular as it is (was?), TrueCrypt is far from the only encryption tool around. In fact, many mainstream operating systems already come with an encryption tool built-in.

Here's a look at a few full disk encryption options that can take the sting out of TrueCrypt's sudden disappearance.

Windows encryption tools

The most obvious alternative for Windows users is Microsoft's built-in utility, BitLocker. The encryption program is included in Windows 8 and 8.1 Pro editions, which means anyone who switched to Windows 8 during the $40 upgrade deal has BitLocker on their PC. BitLocker is also available on Windows Vista and 7 PCs running the Ultimate or Enterprise editions.

Check out our tutorial on BitLocker to get started with Microsoft's encryption tool.

If you don't have the right flavor of Windows, another choice is Symantec Drive Encryption. While this program is just as closed-source as BitLocker, it implements PGP, a well known encryption method.

If you need further reassurances, security expert Bruce Schneier recently told The Register that Symantec's tool is what he's going to use post-TrueCrypt. That's good enough for me. SDE costs $110 for a single user license.

TrueCrypt was free and worked with all flavors of Windows, though. If you're looking for an encryption tool that can match those prerequisites, check out DiskCryptor. We have a review of the free software and a guide to locking down your files with DiskCryptor available, as well.

Mac encryption options

OS X also has its own built-in encryption tool called FileVault 2 for users of OS X 10.7 (Lion) or later. Apple's solution is another closed source program, but we do know it uses the XTS-AES 128-bit cipher--and the National Security Agency recommends using it for their own employees using Macs. So unless you're really  into conspiracy theories, FileVault is probably a good choice.

For more tips on how the NSA locks down its OS X machines check out "How the NSA snoop-proofs its Macs."

Linux encryption options

For Linux users, the best choice is to use a distribution with a built-in Linux Unified Key Setup (LUKS) implementation. Ubuntu uses LUKS, and the various distributions based on Ubuntu should all have full disk encryption options available during installation. Here's how to get started with Ubuntu's full-disk encryption, courtesy of Ubuntu's community help documentation.

It's a sad day if TrueCrypt has truly disappeared, but at least there are a number of alternatives open to users who need or want to continue encrypting their stuff.

Join the CSO newsletter!

Error: Please check your email address.

Tags LinuxMicrosoftsecurityWindowsOS Xsoftwareencryptionoperating systemsWindows 8.1ubuntuApple

More about AES EnvironmentalAppleLinuxMacsMicrosoftNational Security AgencyNSAPGPSymantecUbuntuXTS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts