Standard cross platform encryption program

Want to see something new in a future version of GhostBSD? Let us know!

Moderator: Developer

Post Reply
JimsWorkshop
Posts: 8
Joined: Mon Feb 02, 2015 8:03 pm

Standard cross platform encryption program

Post by JimsWorkshop »

There's a program called VeraCrypt. The newest version is supposed to work on FreeBSD. I would be very appreciative if it was part of the GhostBSD DVD.

https://www.veracrypt.fr/en/Downloads.html

A little background to understand why. There was a program on windows called Truecrypt(open source). It also had software for Linux and BSD. No one knows publicly who wrote it and he eventually quit with no real explanation. Great software.The guy was really talented. In Windows it could encrypt the system drive while Windows was running. This was and still is the most widely used encryption I believe of any in a stand alone package. Well after he quit there was a huge hue and cry and a bunch of people got together and audited the software. One of the groups trying to keep Truecrypt going made Veracrypt and while doing so made some improvements which were added into the new software based on the security audit. It did allow using the older truecrypt volumes. The name change was because it was part of the software licensing that the name be changed. Anyways it's an excellent program, it's been around a long time and it's been audited for security.

Veracrypt is great. It encrypts files, whole partitions and drives for Windows, MacOS, Linux and BSD.

At the same time including ntfs-3g default support would round it out for Windows users moving to BSD.

I know you can't do everything and are busy but if I don't tell you about it you won't know at all. Just keep it in mind. I bet there's a lot of people who wouldn't mind switching to BSD because of security and these are exactly the same people using Truecrypt and Veracrypt. The leap is large though and difficult. With their favorite encryption built in it might be the push they need. Building a FreeBSD box from scratch if you've never used it before is really a long slog. Yes it's in the handbook "somewhere" but what the handbook "assumes" you understand is sometimes a lot. Much more than the average guy does. Thanks for your time.
ASX
Posts: 988
Joined: Wed May 06, 2015 12:46 pm

Re: Standard cross platform encryption program

Post by ASX »

JimsWorkshop wrote:. No one knows publicly who wrote it and he eventually quit with no real explanation.
At the time, (circa 2014) the author explained:
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” a note at the top of the page read. “This page exists only to help migrate existing data encrypted by TrueCrypt.”
http://truecrypt.sourceforge.net/

That said, I know that a code audit follow up, crowdfounded, and no backdoors was found in the code. (and that doesn't imply it is secure).

About GhostBSD,, packaging Veracrypt would require writing a "port" and this is a step that might easily end up introducing security issues, not something I'm available to take ligtlhy.

You may want to look to founding the "port" of veracrypt, to be made from a competent professional, I'm sorry, not only we don't have much free time, we also don't have enough comptence to do that.

Additionally, and that is my personal opinion: I do not trust as secure a software that just aweek ago release a statement like this:
UPDATE July 9th 2017 : VeraCrypt 1.21 has been released. It fixes many regressions found in version 1.20 and it brings FreeBSD support. All users are urged to update to this new version. Please check the release notes for the complete list of fixes.
kraileth
Posts: 312
Joined: Sun Sep 04, 2016 12:30 pm

Re: Standard cross platform encryption program

Post by kraileth »

Hi JimsWorkshop,

adding to what ASX said, you might want to ask on the FreeBSD mailing lists in this case. GhostBSD is just consuming most of the ports from FreeBSD and adding what we feel mainline FreeBSD is lacking to provide a great desktop experience. Doing any crypto-related stuff ourselves is downright out of question. But there are not that few people dual-booting FreeBSD and Linux or FreeBSD and Windows. Since FreeBSD's GELI (or GBDE) don't work on other operating systems there might actually be demand for such a thing.

I just did a quick research and it seems that there at least seems to be some interest in Veracrypt on FreeBSD. And actually there has even been a port proposal where a user even specifically mentions that he's a GhostBSD user!

I'm also rather cautious when it comes to crypto matters, but I would not assume that GhostBSD would reject any work done in that regard. Maybe you want to get in touch with the porter? Even if it probably won't be included in the default installation in the near future, it certainly wouldn't hurt to have a howto or something in the wiki about how to do this. This will also make it more likely that people start learning about this and testing it. And who knows what that leads to? If you contact the porter please keep us updated here!
Last edited by kraileth on Tue Jul 18, 2017 10:44 am, edited 1 time in total.
Reason: typo
JimsWorkshop
Posts: 8
Joined: Mon Feb 02, 2015 8:03 pm

Re: Standard cross platform encryption program

Post by JimsWorkshop »

About the warning...meh. I think either the NSA hassled him or he just got tired of maintaining the work and decided to quit.

I get that you only work with ports. Part of what I'm asking is that you be aware that such exist and to think about it. I did add lots of caveats. I understand you can only do so much.

"...UPDATE July 9th 2017 : VeraCrypt 1.21 has been released. It fixes many regressions found in version 1.20 and it brings FreeBSD support. All users are urged to update to this new version. Please check the release notes for the complete list of fixes..."

Veracrypt has recently also been now verified and the newest release is a response to some criticisms that were there. They removed some encryption code schemes that they didn't think were as safe as the others. Not that they were compromised but they weren't as good.

One thing about Truecrypt and Veracrypt is they have had a large amount of people looking at the code. The people looking at it have been the top guys in the encryption business, Possibly even more than have looked at the BSD encryption to encrypt drives. A lot of people use it and the code has been around for a long time. My thinking on this is if a State actor wants your code they can break in your computer and hardware bug it but TC and VC are way better than most encryption.

Thanks for telling me about the post on Veracrypt for BSD. I haven't seen them. I look for such but miss sometimes. I'll check it out.

Thank you for your time and consideration. If I find a port for this I;ll post here again.
kraileth
Posts: 312
Joined: Sun Sep 04, 2016 12:30 pm

Re: Standard cross platform encryption program

Post by kraileth »

JimsWorkshop: The Veracrypt port has been committed a few hours ago this morning and since I saw it by accident, I thought that I might as well tell you here. Feel free to portsnap (or otherwise obtain the latest ports tree) and report back here if it works for you. The port lives in security/veracrypt. See also here: http://www.freshports.org/security/veracrypt/
ASX
Posts: 988
Joined: Wed May 06, 2015 12:46 pm

Re: Standard cross platform encryption program

Post by ASX »

veracrypt for FreeBSD is supported only for FreeBSD-11 onward, as noted in their github notes.
Post Reply