Wednesday, February 13, 2008

TrueCrypt explained (TrueCrypt 5 update)

TrueCrypt 5 was released a few days ago. Having nothing better to write about, I might as well update the TrueCrypt code to handle TrueCrypt 5 volumes. This is fortunately quite easy to do. We must implement a new cryptographic mode, XTS, and add a new hash algorithm, SHA-512. There are also some minor changes in the code that must be made. Both the LRW mode of operation and the SHA1 hash algorithm are both considered deprecated in TrueCrypt 5, so the code in this post will only handle the new volumes. For information how to read TrueCrypt 4 volumes please read the old post: TrueCrypt Explained. Actually, you should probably read the old post anyway, otherwise this post will be very difficult to understand.

Key strengthening

First of all, let’s add SHA-512. This is already supported out of the box in Python 2.5 thanks to hashlib. If you have Python 2.4 installed, you can use a backported version of the module courtesy of krypto.org. SHA-512 is a stronger hash than SHA1 and more computationally intensive so the PBKDF2 iteration count is 1000 for SHA-512, exactly like Whirlpool. The iteration count for RIPEMD-160 is 2000 as before.

Code: keystrengthening5.py. Requires hashlib, ripemd, whirlpool.

XTS mode

A long-awaited feature of TrueCrypt 5 is system encryption. Encrypting the operating system partition adds an extra layer of security because it gets rid of the problem with traces of secret being data written to the swap file, the registry, temporary files and so on. Writing code to do this doesn’t really have anything to do with cryptography per se, rather it’s a problem of boot loaders, system drivers and so on. But as we all know, cryptography is hard, and there are all sorts of non-obvious problems to think about. One of these problems is related to the LRW-mode of operation, used in TrueCrypt 4.3, combined with system encryption.

There exist a weakness in the LRW mode that makes it unsuitable for system encryption. In this case, “weakness” and “unsuitable” are relative terms. The problem is this: if the LRW key itself is written to the volume, it can be derived. And this can happen if the cryptographic software swaps the key to disk, and the software then encrypts the swap file. This is quite frankly not a problem in practice for TrueCrypt, because even if the LRW key is known, it only makes chosen plaintext attacks easier, and these attacks are very difficult to execute. TrueCrypt also prevents keys from being written to disk: once a cipher is initialized with the key it’s overwritten in memory. For more details, see this post at IEEE.

In either case, TrueCrypt now supports the XTS mode of operation and LRW is deprecated. All new volumes created with TrueCrypt 5 will use the XTS mode. This mode has no known weaknesses that I’m aware of. The XTS mode is very similar to LRW, and is quite easy to implement. Before I describe this mode using common cryptographic notation, I will describe how to use this mode. We will write this function:

def XTSDecrypt(cipher1, cipher2, i, n, block):
    pass

As can be seen, the XTS mode uses two ciphers initialized with different keys. These two ciphers use the same algorithm. Note that unlike TrueCrypt 4.3, the cipher parameters to the mode function are primitive cipher algorithms, not chains/cascades. cipher1 and cipher2 can thus only be one of AES, Twofish or Serpent. How cascades are handled will be described later.

This function takes five arguments. cipher1 is the first cipher initialized with it’s key, cipher2 is the second cipher initialized with another key, block is a 16 byte string of ciphertext, and n and i are two integers which will be described soon. Here’s an example how the code is used:

>>> cipher1 = Rijndael("passwordpassword")
>>> cipher2 = Rijndael("wordpasswordpass")
>>> XTSDecrypt(cipher1, cipher2, 0, 0, "\x00"*16)
'\x0e\xc2\xf1\xb2\x1ce5=\xfd\xe1\xe1jA\xdbb\xc7'

n and i are intimately related. The integer n is the dataunit index. A dataunit is a large block of text, cipher text in this case. The integer i is the index of the block within the dataunit. Let’s say we have 2048 bytes of data to decrypt, and the dataunit size is 512. To decrypt the first 16 bytes in the first dataunit, n is 0 and i is 0. If we want to decrypt the 16 bytes from byte 1024 to 1040, n is 2 and i is 0. To decrypt a complete dataunit with index n, we simply iterate over i, and advance the dataunit 16 bytes each time.

In TrueCrypt 5.0, the dataunit size is always 512. Knowing this, we can write a helper function XTSDecryptMany that takes as argument a dataunit block of 512 bytes and the dataunit index, and decrypts the whole block.

def XTSDecryptMany(cipher1, cipher2, n, blocks):
    length = len(blocks)
    assert length % 16 == 0
    data = ''
    for i in xrange(length / 16):
        data += XTSDecrypt(cipher1, cipher2, i, n, blocks[0:16])
        blocks = blocks[16:]
    return data

That said, we can now describe the XTS mode using common cryptographic notation:

C = EK1(P xor (EK2(n) mul (a pow i))) xor (EK2(n) mul (a pow i))

EK1 and EK2 are cipher1 and cipher2 respectively, and P is plaintext block and C is ciphertext block. n is the dataunit index and i is the block index within the dataunit. Note that EK2 will always encrypt. EK1 will decrypt for XTSDecrypt, but encrypt for XTSEncrypt (we won’t write this function, but it’s trivial to change the code).

And now for the math part. As with LRW mode, mul is multiplication in GF(2128). XTS mode also has another finite field operator: pow is exponentiation in GF(2128). This is not really an operator, just repeated multiplication. Finally a is simply the polynomial x, that is the number 0x2 because we represent our polynomials as bits. If this doesn’t make any sense, see the TrueCrypt Explained post.

If you remember the previous discussion, the dataunit size is 512. With a block size of 16, i will never be larger than 31. And fortunately for us, 2i for 0 ≤ i < 128 in GF(2128) is the same as 2i for 0 ≤ i < 128 in Z. So in Python we can write (a pow i) simply as 2**i or 1<<i.

Having said that, the function XTSDecrypt can be implemented almost exactly as the function LRW. There is however a small difference implementation wise: In TrueCrypts implementation of LRW the integers, when converted to strings, are represented as big endian. TrueCrypts implementation of XTS however, represents integers as little endian. This doesn’t matter at all for security, but can be confusing if you try to reuse code.

Code: xts.py. Requires gf2n.

Putting it all together

With the XTS code working, we must now update the code that decrypts the header and decrypts the rest of the volume. Adding the SHA-512 hash is very easy, we just have to remove the SHA-1 function from the list of HMACs and add SHA-512 instead, and also make sure the iteration count is 1000 instead of 2000 for this hash.

Replacing the LRW mode support with XTS mode support is not very difficult, but there are more changes needed. The most important change is related to cascaded ciphers, such as AES-Twofish. In TrueCrypt 4.3 a cipher cascade was treated as a primitive cipher and the LRW function was therefore only used once per encrypt/decrypt. We can write this as AES-Twofish-LRW.

In TrueCrypt 5.0 however, the ciphers in a chain are treated individually. First the block is encrypted/decrypted with AES-XTS, then with Twofish-XTS, for example. This means we must add some extra code to handle all decryptions. Given a list of 2-tuples (cipher1, cipher2) we can simply do:

def Decrypt(ciphers, i, n, ciphertext):
    assert len(ciphertext) == 16
    for cipher1, cipher2 in reversed(ciphers):
        ciphertext = XTSDecrypt(cipher1, cipher2, i, n, ciphertext)
    return ciphertext

We will also modify XTSDecryptMany so it will call Decrypt instead of XTSDecrypt:

def DecryptMany(ciphers, n, blocks):
    length = len(blocks)
    assert length % 16 == 0
    data = ''
    for i in xrange(length / 16):
        data += Decrypt(ciphers, i, n, blocks[0:16])
        blocks = blocks[16:]
    return data

DecryptMany is the highest-level decryption routine we will use. For TrueCrypt volumes that use cascaded algorithms, the parameter ciphers is a list of length 2 or length 3. For volumes that use a single algorithm, ciphers is a list of length 1.

Now we can modify the class TrueCryptVolume and decrypt TrueCrypt 5 volume headers. For each hash algorithm we generate a 192 byte long key using PBKDF2. In TrueCrypt 4.3 we only had to generate a 128 byte key, but now when we use the XTS mode instead of LRW a longer key is required to handle the (at most) six keys needed, of 32 bytes each.

This 192 byte key is split into six 32 byte keys. That means two keys for every algorithm. For a three-cipher cascade, all six keys will be used. A simple volume that only uses AES, only two keys will be used.

We will now try to decrypt the volume header for each cascade in the list of possible cascades supported. These are as before:

Cascades = [
    [Rijndael],
    [Serpent],
    [Twofish],
    [Twofish, Rijndael],
    [Serpent, Twofish, Rijndael],
    [Rijndael, Serpent],
    [Rijndael, Twofish, Serpent],
    [Serpent, Twofish]
]

Let’s say the correct algorithm is Rijndael. We will create two Rijndael instances cipher1 and cipher2 (remember two instances are needed for XTS) and initialize each of them with the first and the second key from the PBKDF2 output. We can then decrypt the volume header with DecryptMany, like this:

DecryptMany([(cipher1, cipher2)], 0, header)

Should the correct cascade be [Twofish, Rijndael], the volume will be decrypted with:

DecryptMany([(ciphertwo1, ciphertwo2), (cipherrij1, cipherrij2)], 0, header)

Where ciphertwo1, ciphertwo2, cipherrij1 and cipherrij2 are initialized with their corresponding keys from the 192 long key previously generated.

Once the header has been decrypted correctly, all ciphers will be reinitialized with the new keys from the decrypted volume header. We can then use DecryptMany to decrypt the rest of the volume, via TCReadSector. We must modify the TCReadSector function slightly so the dataunit index is correct for hidden volumes. This is documented in the code.

Code: truecrypt5.py. Requires rijndael, serpent, twofish, keystrengthening5, xts.

Conclusion

TrueCrypt 5 is a very well documented project, both the documentation on the website and the source code. The TrueCrypt team deserves credit for that. If you are interested in every detail of TrueCrypt you should read the source code, it’s quite easy to understand. That said, hopefully this minimalist Python implementation and the longer article about TrueCrypt 4.3 will help you better understand the core functionality of the project. If you like TrueCrypt, please donate to the TrueCrypt project, they deserve it.

Finally the obligatory disclaimer: The author of this blog is not affiliated with the TrueCrypt project in any way. The code in this post is MIT License, so you can do pretty much anything you want with it.

21 Comments:

Blogger Ditator said...

I think it would be cool if you combined this with Python-FUSE to produce a Python implementation of TrueCrypt. You could expose a single file though FUSE - "volume.image" and reading and writing to it would passthough to the volume itself. Right now TrueCrypt's support for Linux isn't very good: you cannot create new volumes as of 5.0a for example, and I have a feeling that Linux isn't one of the Truecrypt teams' priorities. Implementing Python-FUSE would be able to bypass that.

Thursday, February 14, 2008 at 6:16:00 AM GMT+1  
Blogger amr said...

Just a note of thanks for an especially lucid review, one I hope you eventually extend to keyfiles, as the TC take seems a bit ad hoc.

Sunday, February 1, 2009 at 5:55:00 PM GMT+1  
Blogger mafebresv said...

A fast solution to bruteforce truecrypt is http://www.q-protex.com/software/password-recovery/truecrypt-self-bruteforce

Friday, May 7, 2010 at 7:13:00 AM GMT+2  
Blogger nhelder said...

Any plans to post another update for TrueCrypt 6?

Wednesday, June 16, 2010 at 1:44:00 PM GMT+2  
Blogger jowdjbrown said...

this and thank you for this information. You’ve got what it takes to get attention. Hypnoterapi

Saturday, May 2, 2015 at 1:11:00 PM GMT+2  
Blogger Richard C. Lambert said...

Great job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. There tend to be not many people who can certainly write not so simple posts that artistically.mobil hemsida

Tuesday, August 4, 2015 at 7:55:00 AM GMT+2  
Blogger HD Songs said...

I admire the valuable information you offer in your articles. I will bookmark your blog and have my children check up here often. I am quite sure they will learn lots of new stuff here than anybody else! youtube to mp3

Thursday, May 18, 2017 at 12:52:00 PM GMT+2  
Blogger Nicholas Grove said...

You CAN increase your overall penis length and girth. Using an penis extender can also improve sexual performance and stamina through the process of cell division which can improve blood flow to the penis. Our Peyronies Editions are highly recommended penis straightener devices.

Saturday, September 23, 2017 at 1:25:00 PM GMT+2  
Blogger mary Brown said...

Great Article
B.Tech Final Year Projects for CSE in Python
FInal Year Project Centers in Chennai


Python Training in Chennai
Python Training in Chennai

Thursday, December 13, 2018 at 4:55:00 AM GMT+1  
Blogger Janice Johnson said...

It was a very good post indeed. I thoroughly enjoyed reading it in my lunch time. Will surely come and visit this blog more often. Thanks for sharing. melodifestivalen odds

Thursday, January 31, 2019 at 2:31:00 PM GMT+1  
Blogger Janice Johnson said...

Pretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again soon! BODYCONTACT

Thursday, January 31, 2019 at 3:06:00 PM GMT+1  
Blogger Janice Johnson said...

I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. Posters

Friday, February 1, 2019 at 5:53:00 PM GMT+1  
Blogger Janice Johnson said...

Keep up the good work , I read few posts on this web site and I conceive that your blog is very interesting and has sets of fantastic information. Visit Cyprus

Tuesday, March 12, 2019 at 11:50:00 AM GMT+1  
Blogger Eliza Beth said...

These are some great tools that i definitely use for SEO work. This is a great list to use in the future.. villa for sale marbella golden mile

Wednesday, May 8, 2019 at 2:00:00 AM GMT+2  
Blogger spain said...

Sale and Rent on the Costa del Sol, such as: Luxury PLOTS FOR SALE MARBELLA SpainForSale.Properties is considered one of the most trusted Exclusive Real Estate Agencies in Marbella, Costa del Sol and other “Prime Locations” in Spain. Elegant villa with lots of potential for modernisation or refurbishment located in one of the best complexes on Marbella's Golden Mile. This villa on two levels is orientated to the south and to the southwest and comprises, on entrance level: hall with guest toilet; living/dining room; fully equipped and fitted kitchen with access to large terraces with views to the complex and partially to the sea; two spacious en-suite bedrooms. Lower level, completely separated from the upper level and which is accessed from the side terrace or the garage: good-sized living room with open-plan kitchen; lounge area; spacious bedroom; office which can be converted into a further bedroom; bathroom. Sunny, private garden and a large swimming pool. Features: underfloor heating and air conditioning on the upper level. A property ideal both for year-round living and for holidays!

Beautifully built home with extra high quality finishes and hand crafted details in a secure complex near Estepona, yet only 20 minutes' drive to Marbella centre. This home is very bright and enjoys superb sea views. Entrance hall, huge windows and seating area, living room with large feature fireplace and opening to the modern spacious kitchen with bar and dining room. From the living room a beautiful terrace with dining and seating area and down some steps to a good sized pool, garden and covered pergola with barbecue.

Monday, May 13, 2019 at 10:55:00 AM GMT+2  
Blogger spain said...

Sale and Rent on the Costa del Sol, such as: Luxury PLOTS FOR SALE MARBELLA SpainForSale.Properties is considered one of the most trusted Exclusive Real Estate Agencies in Marbella, Costa del Sol and other “Prime Locations” in Spain.Apartments for sale in Marbella, Spain.
Properties for sale Marbella, Spain.
Apartment for rent in Marbella, Spain.
FRONTLINE BEACH, duplex penthouse in immaculate condition offering panoramic sea views in Elviria (Marbella East)! The property forms part of the well-known White Pearl Beach II-complex. It is very rare to find a penthouse for sale in this complex, so here is your chance to purchase a lifestyle property under the sun.

LAYOUT: Entry level comprises the entrance with cloakroom for guests, a fully equipped kitchen with separate utility room, a bright and cosy living & dining room with amazing sea views and access to an ample open terrace with awnings. On this level is also the master bedroom suite. Upstairs are further 2 bedrooms en-suite. The bathrooms on this level are newly fitted with under floor heating.
SPECS include built-in wardrobes, double glazing, electric blinds in bedrooms, marble floors. Included in the price is a parking space and a storeroom in the underground garage.
The complex is fully gated and has 2 smaller pool areas and is situated by the sandy dunes and the best beaches on the entire Costa del Sol, hence the huge all-year-around rental potential. Walking distance to all services.

Elviria is home to world-famous Nikki Beach, 5-star Hotel Estrella del Mar with beach club, 5-star Hotel Don Carlos with tennis club, 2 golf courses, public- & international schools. Elviria is the main centre in Marbella East and offers all in services and facilities.
Apartments for sale in Marbella, Spain.
Properties for sale Marbella, Spain.
Apartment for rent in Marbella, Spain.
This apartment offers many extras, and is finished to the highest of specifications throughout. The stunning complex has an outdoor gym and a beautiful pool area, all located next to a prestigious golf course. The high class finishes in the apartment are by Porcelanosa and there is hot and cold air conditioning throughout. There are brand new fitted appliances including washing machine, dryer, dishwasher, oven, microwave and fridge/freezer. Both bedrooms have electric curtains and the whole apartment is tastefully furnished. The private underground garage has space for 2 cars, and there is also a large storeroom on this level. The complex is securely located within a gated community, and is only 700 metres away from Mercadona. Located halfway between Marbella and Estepona, in the heart of Atalaya Alta.

Monday, May 13, 2019 at 2:56:00 PM GMT+2  
Blogger spain said...

Marbella, apartment for sale.
Apartments for sale in Marbella, Spain.
Bright, spacious second-floor apartment with beautiful views to La Concha Mountain and the Golf Valley, located in a gated complex in Las Brisas offering 24-hour security, two swimming pools and a paddle court. Built to high standards, the property comprises: hall; living/dining room with access to the large covered terrace; modern kitchen with Siemens appliances; laundry room; en-suite master bedroom with access to the terrace; guest bedroom; guest bathroom. The property also includes a parking space and a store room in the underground garage.
Marbella, apartment for sale.
Apartments for sale in Marbella, Spain.
Fully refurbished first floor apartment in a tranquil location yet within a short walking distance to the beach, Puerto Banús and amenities. The property is distributed over two levels and comprises, on the entrance level: fully fitted modern open-plan kitchen; large living room with direct access onto the main terrace; en-suite bedroom with French balcony.
On the upper level: master bedroom en-suite with private terrace. From both terraces there are beautiful views over the lush gardens and the pool. The gated complex is second line to the beach and offers well-kept tropical gardens, a large communal swimming pool, surveillance cameras and community parking at the entrance.
Apartments for sale in Marbella, Spain.
Properties for sale Marbella, Spain.
Torre Bermeja is one of the Costa del Sol's finest developments. Superbly situated on the beach along the New Golden Mile between Estepona and Puerto Banús, enjoying fabulous views of the tropical gardens and swimming pool. This well-appointed duplex penthouse comprises: entrance hall; kitchen with Siemens appliances, American fridge, granite work tops, laundry area and large serving hatch; living/dining room; 2 en-suite bedrooms; large terrace with garden and pool views. Upstairs: master en-suite bedroom with high ceiling, dressing room, hydro-massage bathtub and access to a terrace with barbecue and amazing views. A garage space and storeroom are included. Also featuring: domotic system, Bang & Olufsen music and TV equipment, air conditioning, under-floor heating. A luxury beachfront home for year round living!!
Apartments for sale in Marbella, Spain.
Properties for sale Marbella, Spain.
Ground-floor corner apartment with a private garden in Nueva Andalucía, in a gated complex with communal gardens and pool, just a few minutes' walk to the beach and Puerto Banús and close to all amenities. Accommodation comprises: hall; living/dining room with access to a large south facing wrap-around terrace and garden with partial sea views; modern kitchen with utility room; master en-suite bedroom with access to the terrace and two bedrooms sharing a bathroom. Two private parking spaces in underground garage included. A nice home close to everything!
Marbella, apartment for sale.
Sale and Rent on the Costa del Sol, such as: Luxury VILLAS FOR SALE IN NUEVA ANDALUCIA SpainForSale.Properties is considered one of the most trusted Exclusive Real Estate Agencies in Marbella, Costa del Sol and other “Prime Locations” in Spain.

Monday, May 13, 2019 at 4:31:00 PM GMT+2  
Blogger spain said...

Apartments for sale in Marbella, Spain.
Properties for sale Marbella, Spain.
Beachfront apartment located between the Puente Romano Beach Resort & Spa and Puerto Banús, in one of the most privileged complexes of this area, and enjoying fabulous views to the sea and the communal mature gardens. This property is built to high standards and comprises: bright, spacious lounge/dining room with access to a large terrace; fully equipped kitchen; spacious en-suite master bedroom; further bedroom with separate bathroom. It includes a parking space and a store room in the underground garage. Marble floors throughout. The complex boasts 24-hour security, a large pool and gymnasium. Close to several golf courses and some of the best beaches of the area, this apartment is a magnificent property both for holidays or year-round living.
Apartments for sale in Marbella, Spain.
Properties for sale Marbella, Spain.SpainForSale.Properties is an Exclusive Real Estate Agency offering Luxurious Properties For Sale and Rent on the Costa del Sol, such as: Luxury VILLAS FOR SALE IN LOS FLAMINGOS SpainForSale.Properties is considered one of the most trusted Exclusive Real Estate Agencies in Marbella, Costa del Sol and other “Prime Locations” in Spain. Live on the Costa del Sol and Enjoy a Luxurious lifestyle in one of the most beautiful places of the World. Luxury Properties For Sale in Prime locations of the Costa del Sol: Mijas, Marbella, Benahavis, Estepona ….
#LuxuryRealEstateMarbella

Monday, May 20, 2019 at 1:49:00 PM GMT+2  
Blogger Eliza Beth said...

hello!! Very interesting discussion glad that I came across such informative post. Keep up the good work friend. Glad to be part of your net community. värmeåtervinning

Wednesday, May 22, 2019 at 2:04:00 PM GMT+2  
Blogger Alssamaui said...

This comment has been removed by the author.

Sunday, September 8, 2019 at 11:37:00 PM GMT+2  
Blogger Alssamaui said...

great and helpful post, thanks i implament some in my goloria site, best regards

Sunday, September 8, 2019 at 11:38:00 PM GMT+2  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home