Standard cross platform encryption program

Want to see something new in a future version of GhostBSD? Let us know!

Moderator: Developer

Standard cross platform encryption program

Postby JimsWorkshop » Thu Jul 13, 2017 7:26 pm

There's a program called VeraCrypt. The newest version is supposed to work on FreeBSD. I would be very appreciative if it was part of the GhostBSD DVD.

https://www.veracrypt.fr/en/Downloads.html

A little background to understand why. There was a program on windows called Truecrypt(open source). It also had software for Linux and BSD. No one knows publicly who wrote it and he eventually quit with no real explanation. Great software.The guy was really talented. In Windows it could encrypt the system drive while Windows was running. This was and still is the most widely used encryption I believe of any in a stand alone package. Well after he quit there was a huge hue and cry and a bunch of people got together and audited the software. One of the groups trying to keep Truecrypt going made Veracrypt and while doing so made some improvements which were added into the new software based on the security audit. It did allow using the older truecrypt volumes. The name change was because it was part of the software licensing that the name be changed. Anyways it's an excellent program, it's been around a long time and it's been audited for security.

Veracrypt is great. It encrypts files, whole partitions and drives for Windows, MacOS, Linux and BSD.

At the same time including ntfs-3g default support would round it out for Windows users moving to BSD.

I know you can't do everything and are busy but if I don't tell you about it you won't know at all. Just keep it in mind. I bet there's a lot of people who wouldn't mind switching to BSD because of security and these are exactly the same people using Truecrypt and Veracrypt. The leap is large though and difficult. With their favorite encryption built in it might be the push they need. Building a FreeBSD box from scratch if you've never used it before is really a long slog. Yes it's in the handbook "somewhere" but what the handbook "assumes" you understand is sometimes a lot. Much more than the average guy does. Thanks for your time.
JimsWorkshop
 
Posts: 8
Joined: Tue Feb 03, 2015 12:03 am
Has thanked: 0 time
Been thanked: 0 time

Standard cross platform encryption program


Re: Standard cross platform encryption program

Postby ASX » Thu Jul 13, 2017 11:35 pm

JimsWorkshop wrote:. No one knows publicly who wrote it and he eventually quit with no real explanation.


At the time, (circa 2014) the author explained:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” a note at the top of the page read. “This page exists only to help migrate existing data encrypted by TrueCrypt.”


http://truecrypt.sourceforge.net/

That said, I know that a code audit follow up, crowdfounded, and no backdoors was found in the code. (and that doesn't imply it is secure).

About GhostBSD,, packaging Veracrypt would require writing a "port" and this is a step that might easily end up introducing security issues, not something I'm available to take ligtlhy.

You may want to look to founding the "port" of veracrypt, to be made from a competent professional, I'm sorry, not only we don't have much free time, we also don't have enough comptence to do that.

Additionally, and that is my personal opinion: I do not trust as secure a software that just aweek ago release a statement like this:

UPDATE July 9th 2017 : VeraCrypt 1.21 has been released. It fixes many regressions found in version 1.20 and it brings FreeBSD support. All users are urged to update to this new version. Please check the release notes for the complete list of fixes.
ASX
Developer
 
Posts: 803
Joined: Wed May 06, 2015 3:46 pm
Location: ITALY
Has thanked: 37 times
Been thanked: 101 times

Re: Standard cross platform encryption program

Postby kraileth » Sun Jul 16, 2017 5:03 pm

Hi JimsWorkshop,

adding to what ASX said, you might want to ask on the FreeBSD mailing lists in this case. GhostBSD is just consuming most of the ports from FreeBSD and adding what we feel mainline FreeBSD is lacking to provide a great desktop experience. Doing any crypto-related stuff ourselves is downright out of question. But there are not that few people dual-booting FreeBSD and Linux or FreeBSD and Windows. Since FreeBSD's GELI (or GBDE) don't work on other operating systems there might actually be demand for such a thing.

I just did a quick research and it seems that there at least seems to be some interest in Veracrypt on FreeBSD. And actually there has even been a port proposal where a user even specifically mentions that he's a GhostBSD user!

I'm also rather cautious when it comes to crypto matters, but I would not assume that GhostBSD would reject any work done in that regard. Maybe you want to get in touch with the porter? Even if it probably won't be included in the default installation in the near future, it certainly wouldn't hurt to have a howto or something in the wiki about how to do this. This will also make it more likely that people start learning about this and testing it. And who knows what that leads to? If you contact the porter please keep us updated here!
Last edited by kraileth on Tue Jul 18, 2017 1:44 pm, edited 1 time in total.
Reason: typo
kraileth
Developer
 
Posts: 261
Joined: Sun Sep 04, 2016 3:30 pm
Has thanked: 38 times
Been thanked: 37 times

Re: Standard cross platform encryption program

Postby JimsWorkshop » Tue Jul 18, 2017 3:03 am

About the warning...meh. I think either the NSA hassled him or he just got tired of maintaining the work and decided to quit.

I get that you only work with ports. Part of what I'm asking is that you be aware that such exist and to think about it. I did add lots of caveats. I understand you can only do so much.

"...UPDATE July 9th 2017 : VeraCrypt 1.21 has been released. It fixes many regressions found in version 1.20 and it brings FreeBSD support. All users are urged to update to this new version. Please check the release notes for the complete list of fixes..."

Veracrypt has recently also been now verified and the newest release is a response to some criticisms that were there. They removed some encryption code schemes that they didn't think were as safe as the others. Not that they were compromised but they weren't as good.

One thing about Truecrypt and Veracrypt is they have had a large amount of people looking at the code. The people looking at it have been the top guys in the encryption business, Possibly even more than have looked at the BSD encryption to encrypt drives. A lot of people use it and the code has been around for a long time. My thinking on this is if a State actor wants your code they can break in your computer and hardware bug it but TC and VC are way better than most encryption.

Thanks for telling me about the post on Veracrypt for BSD. I haven't seen them. I look for such but miss sometimes. I'll check it out.

Thank you for your time and consideration. If I find a port for this I;ll post here again.
JimsWorkshop
 
Posts: 8
Joined: Tue Feb 03, 2015 12:03 am
Has thanked: 0 time
Been thanked: 0 time

Re: Standard cross platform encryption program

Postby kraileth » Wed Jul 19, 2017 7:02 am

JimsWorkshop: The Veracrypt port has been committed a few hours ago this morning and since I saw it by accident, I thought that I might as well tell you here. Feel free to portsnap (or otherwise obtain the latest ports tree) and report back here if it works for you. The port lives in security/veracrypt. See also here: http://www.freshports.org/security/veracrypt/
kraileth
Developer
 
Posts: 261
Joined: Sun Sep 04, 2016 3:30 pm
Has thanked: 38 times
Been thanked: 37 times

Re: Standard cross platform encryption program

Postby ASX » Wed Jul 19, 2017 8:36 am

veracrypt for FreeBSD is supported only for FreeBSD-11 onward, as noted in their github notes.
ASX
Developer
 
Posts: 803
Joined: Wed May 06, 2015 3:46 pm
Location: ITALY
Has thanked: 37 times
Been thanked: 101 times


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 1 guest

cron