The TrueCrypt On-Disk Format--An Independent View

Abstract

Full disk encryption (FDE) is a common way to prevent unauthorized use of data by encrypting the whole storage device. TrueCrypt (www.truecrypt.org) is one of the widest-known open source tools providing FDE. It’s available for multiple OSs including Windows, Mac OS, and Linux, letting you share encrypted storage among these systems. Unfortunately, there are license problems and questions related to implementation security. An ongoing community-funded project aims to review license issues and perform a full security audit of source codes (see istruecryptauditedyet.com). We took a different approach. We implemented independent, fully TrueCrypt-compatible, volume handling for Linux, using open source and native Linux technologies. We then released the code under the common open source license. Our most important implementation goal was to disregard the original source code (we didn’t want to use it even for reference), to avoid either tainting our code with hidden problems or violating the original license. We wrote our TrueCrypt format-handling code from scratch using only the available documentation, inspired partly by tc-play (github.com/bwalex/tc-play), another independent open source implementation. The following format description is based on our implementation. Although we intended our implementation only for Linux, our comments apply for all supported architectures. We hope this article, which includes comments on older and problematic TrueCrypt encryption modes, provides interesting insight into the TrueCrypt data format history.