07 Feb 2008

TrueCrypt for Mac

If you’re a Mac user, even an occasional one, and have been waiting with bated breath for a version of TrueCrypt, the wait is now over. (Okay technically it was over on 2/5, two days ago.)

TrueCrypt 5.0 includes Mac OS X native versions for both Tiger and Leopard on both PPC and Intel architectures, and the files it produces are binary-compatible with TrueCrypt for Linux and Windows.

Its use is not quite as straightforward as Apple’s Disk Utility, but in return it offers a far greater array of features, plus compatibility that Apple’s proprietary encrypted .dmg format lacks.

One of the most widely-touted features is the ability to create invisible ‘hidden volumes’ within the free space of other encrypted volumes. Another is the choice of ciphers; while Apple supports AES, TrueCrypt offers AES, Serpent, Twofish, and combinations thereof (any two or all three at once, operating in serial on the same blocks). It also allows a choice of three hash algorithms, including the openly-developed RIPEMD-160.

Just for test purposes, I created a 4GB volume using Twofish and RIPEMD-160; actual volume creation on a Dual 2GHz PPC G5 ran at about 9.5MB/s. Copying to it seemed to be around 3MB/s on average, with excursions up to around 5-6MB and periodic short stalls. Overall, a 600MB file took about 4 minutes to move onto an encrypted volume.

One of the only missing features in the Mac version is the inability to create sparse files that expand in size as they are filled. (This is possible with .dmg files although it requires the use of the command-line ‘hdiutil’ to do it.) I’m not clear on the details but it sounds like TrueCrypt’s sparse file support relies on the NTFS filesystem. But given the problems I’ve had with sparse files in the past (they get easily mangled when copying across filesystems and various OSes), and the low cost of storage, I’m pretty content sticking with static files.

Overall, this is a big win both for Mac users and TrueCrypt users in general, since it makes the product that much more flexible overall. As an encrypted container format I think TrueCrypt is fast becoming the de facto standard, and now you can put a FAT-formatted .tc file on a USB stick and be pretty much assured that it will be readable no matter where you go.

This entry was converted from an older version of the site; if desired, it can be viewed in its original format.