TrueCrypt 歷史版本列表
TrueCrypt 是一個用於建立和維護一個即時加密驅動器的軟件系統。即時加密意味著數據在加載或保存之前自動加密或解密,無需用戶干預。無法使用正確的密碼或正確的加密密鑰讀取(解密)存儲在加密卷上的數據。在解密之前,TrueCrypt 的音量似乎只不過是一系列隨機數。整個文件系統被加密(即文件名,文件夾名稱,每個文件的內容和可用空間).TrueCrypt 功能:在文件中創建虛擬加密磁盤,並將其作為實... TrueCrypt 軟體介紹更新時間:2008-11-02
更新細節:
What's new in this version:
New features:
*
Ability to encrypt a non-system partition without losing existing data on the partition. (Windows Vista/2008)
Note: To encrypt a non-system partition in place, click 'Create Volume' > 'Encrypt a non-system partition' > 'Standard volume' > 'Select Device' > 'Encrypt partition in place' and then follow the instructions in the wizard. Please note that this is not supported on Windows XP/2000/2003 as these versions of Windows do not natively support shrinking of a filesystem (the filesystem needs to be shrunk to make space for the volume header and backup header).
*
Support for security tokens and smart cards (for more information, see section Security Tokens and Smart Cards in chapter Keyfiles).
*
The TrueCrypt boot loader can be prevented from displaying any texts (by selecting Settings > System Encryption and enabling the option 'Do not show any texts in the pre-boot authentication screen').
*
The TrueCrypt boot loader can now display a custom message (select Settings > System Encryption and enter the message in the corresponding field) either without any other texts or along with the standard TrueCrypt boot loader texts.
*
Pre-boot authentication passwords can now be cached in the driver memory, which allows them to be used for mounting of non-system TrueCrypt volumes (select Settings > System Encryption and enable the option 'Cache pre-boot authentication password').
*
Linux and Mac OS X versions: The ability to mount a Windows system partition encrypted by TrueCrypt and to mount a partition located on a Windows system drive that is fully encrypted by a Windows version of TrueCrypt.
Improvements:
*
Protection against memory corruption caused by certain inappropriately designed versions of some BIOSes, which prevented the pre-boot authentication component from working properly.
(Windows Vista/XP/2008/2003)
*
During the process of creation of a hidden operating system, TrueCrypt now securely erases the entire content of the partition where the original system resides after the hidden system has been created. The user is then prompted to install a new system on the partition and encrypt it using TrueCrypt (thus the decoy system is created).
Note: Although we are not aware of any security issues (connected with decoy systems) affecting the previous versions of TrueCrypt, we have implemented this change to prevent any such undiscovered security issues (if there are any). Otherwise, in the future, a vulnerability might be discovered that could allow an attacker to find out that the TrueCrypt wizard was used in the hidden-system-creation mode (which might indicate the existence of a hidden operating system on the computer) e.g. by analyzing files, such as log files created by Windows, on the partition where the original system (of which the hidden system is a clone) resides. In addition, due to this change, it is no longer required that the paging file is disabled and hibernation prevented when creating a hidden operating system.
*
Many other improvements. (Windows, Mac OS X, and Linux)
Bug fixes:
*
Many minor bug fixes and security improvements. (Windows, Mac OS X, and Linux)
更新時間:2008-07-09
更新細節:
What's new in this version:
Resolved incompatibilities / bug fixes:
* On systems where certain inappropriately designed chipset drivers were installed, it was impossible to encrypt the system partition/drive. This will no longer occur.
(Windows Vista/XP/2008/2003)
* Other minor bug fixes. (Windows, Mac OS X, and Linux)
更新時間:2008-07-05
更新細節:
What's new in this version:
New features:
*Parallelized encryption/decryption on multi-core processors (or multi-processor systems). Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors.
For example, if your computer has a quad-core processor, encryption and decryption will be four times faster than on a single-core processor with equivalent specifications (likewise, it will be twice faster on dual-core processors, etc.)
[View benchmark results]
*Ability to create and run an encrypted hidden operating system whose existence is impossible to prove (provided that certain guidelines are followed). For more information, see the section Hidden Operating System. (Windows Vista/XP/2008/2003)
For security reasons, when a hidden operating system is running, TrueCrypt ensures that all local unencrypted filesystems and non-hidden TrueCrypt volumes are read-only. (Data is allowed to be written to filesystems within hidden TrueCrypt volumes.)
Note: We recommend that hidden volumes are mounted only when a hidden operating system is running. For more information, see the subsection Security Precautions Pertaining to Hidden Volumes.
*On Windows Vista and Windows 2008, it is now possible to encrypt an entire system drive even if it contains extended/logical partitions. (Note that this is not supported on Windows XP.)
*New volume format that increases reliability, performance and expandability:
o Each volume created by this or later versions of TrueCrypt will contain an embedded backup header (located at the end of the volume). Note that it is impossible to mount a volume when its header is damaged (the header contains an encrypted master key). Therefore, embedded backup headers significantly reduce this risk. For more information, see the subsection Tools > Restore Volume Header.
Note: If the user fails to supply the correct password (and/or keyfiles) twice in a row when trying to mount a volume, TrueCrypt will automatically try to mount the volume using the embedded backup header (in addition to trying to mount it using the primary header) each subsequent time that the user attempts to mount the volume (until he or she clicks Cancel). If TrueCrypt fails to decrypt the primary header and then decrypts the embedded backup header successfully (with the same password and/or keyfiles), the volume is mounted and the user is warned that the volume header is damaged (and informed as to how to repair it).
o The size of the volume header area has been increased to 128 KB. This will allow implementation of new features and improvements in future versions and ensures that performance will not be impaired when a TrueCrypt volume is stored on a file system or device that uses a sector size greater than 512 bytes (the start of the data area will always be aligned with the start of a host-filesystem/physical sector).
For more information about the new volume format, see the section TrueCrypt Volume Format Specification.
Note: Volumes created by previous versions of TrueCrypt can be mounted using this version of TrueCrypt.
* Parallelized header key derivation on multi-core processors (one algorithm per core/thread). As a result, mounting is several times faster on multi-core processors. (Windows)
*Ability to create hidden volumes under Mac OS X and Linux.
*On Linux, TrueCrypt now uses native kernel cryptographic services (by default) for volumes encrypted in XTS mode. This increases read/write speed in most cases. However, the FUSE driver must still be used when the volume is encrypted in a deprecated mode of operation (LRW or CBC), or when mounting an outer volume with hidden-volume protection, or when using an old version of the Linux kernel that does not support XTS mode. (Linux)
Improvements:
*Up to 20% faster resuming from hibernation when the system partition/drive is encrypted. (Windows Vista/XP/2008/2003)
*Many other improvements. (Windows, Mac OS X, and Linux)
Removed features:
*Encrypted system partitions/drives can no longer be permanently decrypted using the TrueCrypt Boot Loader (however, it is still possible using the TrueCrypt Rescue Disk). (Windows Vista/XP/2008/2003)
Note: This was done in order to reduce the memory requirements for the TrueCrypt Boot Loader, which was necessary to enable the implementation of support for hidden operating systems.
Bug fixes:
*When Windows XP was installed on a FAT16 or FAT32 partition (as opposed to an NTFS partition) and the user attempted to encrypt the system partition (or system drive), the system encryption pretest failed. This will no longer occur.
*Many other minor bug fixes and security improvements (preventing e.g. denial-of-service attacks). (Windows, Mac OS X, and Linux)
更新時間:2008-03-17
更新細節:
What's new in this version:
Improvements:
* Faster booting when the system partition/drive is encrypted (typically by 10%). (Windows Vista/XP/2008/2003)
* Other minor improvements. (Windows, Mac OS X, and Linux)
Resolved incompatibilities:
* On computers with certain hardware configurations, resuming from hibernation failed when the system partition was encrypted. Note: If you encountered this problem, the content of RAM may have been saved unencrypted to the hibernation file. You can erase such data, for example, by decrypting the system partition/drive (select System > Permanently Decrypt System Partition/Drive) and then encrypting it again. (Windows Vista/XP/2008/2003)
Remark: As Microsoft does not provide any API for handling hibernation, all non-Microsoft developers of disk encryption software are forced to modify undocumented components of Windows in order to allow users to encrypt hibernation files. Therefore, no disk encryption software (except for Microsoft's BitLocker) can guarantee that hibernation files will always be encrypted. At anytime, Microsoft can arbitrarily modify components of Windows (using the Auto Update feature of Windows) that are not publicly documented or accessible via a public API. Any such change, or the use of an untypical or custom storage device driver, may cause any non-Microsoft disk encryption software to fail to encrypt the hibernation file. We plan to file a complaint with Microsoft (and if rejected, with the European Commission) about this issue, also due to the fact that Microsoft's disk encryption software, BitLocker, is not disadvantaged by this.
* Workaround for a bug in the BIOS of some Apple computers that prevented users from entering pre-boot authentication passwords and controlling the TrueCrypt Boot Loader. (Windows Vista/XP/2008/2003)
Bug fixes:
* When the system partition/drive is decrypted under Windows, the original partition table will not be restored. Note: This issue affected users who repartitioned an encrypted system drive and then decrypted it under Windows. (Windows Vista/XP/2008/2003)
* Other minor bug fixes. (Windows, Mac OS X, and Linux)
更新時間:2008-03-11
更新細節:
What's new in this version:
New features:
* Support for hibernation on computers where the system partition is encrypted (previous versions of TrueCrypt prevented the system from hibernating when the system partition was encrypted). (Windows Vista/XP/2008/2003)
* Ability to mount a partition that is within the key scope of system encryption without pre-boot authentication (for example, a partition located on the encrypted system drive of another operating system that is not running). (Windows Vista/XP/2008/2003)
Note: This can be useful e.g. when there is a need to back up or repair an operating system encrypted by TrueCrypt (from within another operating system).
* Command line options for creating new volumes. (Linux and Mac OS X)
Improvements:
* Increased speed of AES encryption/decryption (depending on the hardware platform, by 30-90%). (Windows)
* Faster booting when the system partition is encrypted. (Windows Vista/XP/2008/2003)
* When the system partition/drive is encrypted, the TrueCrypt Boot Loader is now stored in a compressed form and is, therefore, smaller. If a non-cascade encryption algorithm is used (i.e., AES, Serpent, or Twofish), the TrueCrypt Boot Loader is now small enough so that a backup of the TrueCrypt Boot Loader can be (and is) stored in first drive cylinder. Whenever the TrueCrypt Boot Loader is damaged, its backup copy is run automatically instead.
As a result of this improvement, the following problem will no longer occur: Certain inappropriately designed activation software (used for activation of some third-party software) writes data to the first drive cylinder, thus damaging the TrueCrypt Boot Loader. The affected users had to use the TrueCrypt Rescue Disk to repair the TrueCrypt Boot Loader. This will no longer be necessary after upgrading to this version of TrueCrypt (provided that the system partition/drive is encrypted using a non-cascade encryption algorithm, i.e., AES, Serpent, or Twofish).
Note: If your system partition/drive is currently encrypted using a non-cascade encryption algorithm (i.e., AES, Serpent, or Twofish), a backup copy of the TrueCrypt Boot Loader will be automatically stored in the first drive cylinder when you upgrade to this version of TrueCrypt.
* The minimum memory requirements for the TrueCrypt Boot Loader have been reduced from 42 KB to 27 KB (twenty-seven kilobytes). This allows users to encrypt system partitions/drives on computers where the BIOS reserves a large amount of memory. (Windows Vista/XP/2008/2003)
* Many other minor improvements. (Windows, Mac OS X, and Linux)
Resolved incompatibilities:
* On some computers, when performing the system encryption pretest, Windows failed to display the log-on screen. This will no longer occur. (Windows Vista/XP/2008/2003)
Bug fixes:
* On some systems, drive letters were not correctly assigned to newly mounted non-system volumes. This will no longer occur. (Windows)
* Many other minor bug fixes. (Windows, Mac OS X, and Linux)
更新時間:2008-02-13
更新細節:
What's new in this version:
Improvements:
* The memory requirements for the TrueCrypt Boot Loader have been reduced by 18 KB (eighteen kilobytes). As a result of this improvement, the following problem will no longer occur on most of the affected computers: The memory requirements of the TrueCrypt Boot Loader 5.0 prevented users of some computers from encrypting system partitions/drives (when performing the system encryption pretest, the TrueCrypt Boot Loader displayed the following error message: Insufficient memory for encryption).
Bug fixes:
* On computers equipped with certain brands of audio cards, when performing the system encryption pretest or when the system partition/drive is encrypted, the sound card drivers failed to load. This will no longer occur. (Windows Vista/XP/2003)
* It is possible to access mounted TrueCrypt volumes over a network. (Windows)
* TrueCrypt Rescue Disks created by the previous version could not be booted on some computers. This will no longer occur. (Windows Vista/XP/2003)
Note: If your TrueCrypt Rescue Disk created by TrueCrypt 5.0 cannot be booted on your computer, please upgrade to this version of TrueCrypt and then create a new TrueCrypt Rescue Disk (select 'System' > 'Create Rescue Disk').
* Many other minor bug fixes. (Windows, Mac OS X, and Linux)
更新時間:2008-02-06
更新細節:
What's new in this version:
New features:
Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
Pipelined operations increasing read/write speed by up to 100% (Windows)
Mac OS X version
Graphical user interface for the Linux version of TrueCrypt
XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).
Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.
SHA-512 hash algorithm (replacing SHA-1, which is no longer available when Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select 'Volumes' > 'Set Header Key Derivation Algorithm'.
Improvements, bug fixes, and security enhancements:
The Linux version of TrueCrypt has been redesigned so that it will no longer be affected by changes to the Linux kernel (kernel upgrades/updates).
Many other minor improvements, bug fixes, and security enhancements. (Windows and Linux)
更新時間:2007-05-08
更新細節:
What's new in this version:
Improvements:
- Full support for custom screen DPI settings. (Windows, GUI)
- Other minor improvements. (Windows and Linux)
Bug fixes:
- Fixed bug that in some cases caused the 'Safely Remove Hardware' function to fail.
- In Windows Vista, it is now possible to read data from file-hosted TrueCrypt volumes located on UDF-formatted media mounted in read-only mode.
- All Volume Creation Wizard GUI elements are now correctly displayed on systems with custom DPI settings. (Windows, GUI)
- Other minor bug fixes. (Windows and Linux)
Security improvements:
- Linux: When running without administrator privileges, TrueCrypt automatically attempts to elevate its access rights (if necessary) using the sudo command. The Linux version of TrueCrypt no longer supports the set-euid root mode of execution. These changes also prevent all discovered and undiscovered (if any) security issues related to the set-euid root mode of execution, including an issue affecting all previous Linux versions of TrueCrypt where a local non-administrator user could cause a denial of service or gain administrator privileges.
Miscellaneous:
- If dismount is forced on a TrueCrypt volume when TrueCrypt runs in traveller mode, the TrueCrypt driver will not be unloaded when TrueCrypt exits (it will be unloaded only when the system is restarted or shut down). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start TrueCrypt again as long as there are applications using the dismounted volume). (Windows)
更新時間:2007-03-20
更新細節:
What's new in this version:
New features:
- Full compatibility with 32-bit and 64-bit Windows Vista:
- Support for User Account Control (UAC).
- All .sys and .exe files of TrueCrypt are now digitally signed with the digital certificate of the TrueCrypt Foundation, which was issued by the certification authority GlobalSign.
- When moving the mouse on a single-CPU computer while reading or writing data to a TrueCrypt volume, the mouse pointer stopped moving for a second every few seconds. This will no longer occur. (Windows Vista issue)
- Other minor compatibility-related changes.
- TrueCrypt volume is automatically dismounted if its host device is inadvertently removed.
Important: You should always dismount the volume in TrueCrypt and then use the "Safely Remove Hardware" function (built in Windows) before you physically remove the host device (e.g. a USB flash drive).
- Support for devices and file systems that use a sector size other than 512 bytes (e.g., new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.)
- Support for devices with a GPT partition table (GUID partitions). (Windows Vista/2003/XP)
- After a partition is successfully encrypted, the drive letter assigned to it (if any) is automatically removed. (Windows)
- Volume name (label) is displayed in device/partition selector. (Windows)
- New hotkey: 'Wipe Cache'. (Windows)
- New command line switch '/q background' for launching the TrueCrypt Background Task. (Windows)
Improvements:
- Portions of the TrueCrypt device driver redesigned.
- Maximum allowed size of FAT32 volumes increased to 2 TB (note that NTFS volumes can be larger than 2 TB).
- Traveller Disk Setup improved. (Windows)
- Volumes hosted on read-only media will always be mounted in read-only mode. (Windows)
- Improved support for big-endian platforms.
- Other minor improvements (Windows and Linux)
Bug fixes:
- The built-in FAT format facility now functions correctly on big-endian platforms.
- Improved handling of partitions and devices during volume creation. (Windows)
- Improved handling of low-memory conditions. (Windows)
- Fixed bug that rarely caused system errors when dismounting all volumes. (Windows)
- Tray icon is recreated when Windows Explorer is restarted (e.g. after a system crash).
- Other minor bug fixes (Windows and Linux)
Security improvements:
- Improved security of set-euid mode of execution. Volume can be dismounted only by the user who mounted it or by an administrator (root). (Linux)
Removed features:
- It is no longer possible to create new volumes encrypted with 64-bit-block encryption algorithms (Blowfish, CAST-128, and Triple DES). 64-bit block ciphers are being phased out. It is still possible to mount such volumes using this version of TrueCrypt. However, it will not be possible to mount such volumes using TrueCrypt 5.0 and later versions (this applies also to volumes encrypted with AES-Blowfish and AES-Blowfish-Serpent, which have been in the process of being phased out since TrueCrypt 4.1). If you have such a volume, we recommend that you create a new TrueCrypt volume encrypted with a 128-bit-block encryption algorithm (e.g., AES, Serpent, Twofish, etc.) and that you move files from the old volume to the new one.
更新時間:2006-07-04
更新細節:
What's new in this version:
Bug fixes:
* Writing to a TrueCrypt volume under Linux no longer causes the system to stop responding under certain conditions.
* Occasional application errors no longer occur when selecting a file (Windows XP SP2 issue).
* Fixed bug that caused installation of the TrueCrypt driver to fail under certain configurations of 64-bit Windows.
* TrueCrypt volumes mounted in a remote session under Windows 2000 can now be accessed.
* TrueCrypt Volume Creation Wizard no longer blocks hot keys of certain applications. (Windows)
* Other minor bug fixes (Windows and Linux)
Improvements:
* It will not be required to reinstall the TrueCrypt kernel module after every minor Linux kernel update.
* Support for latest Linux kernel (2.6.17)
* Other minor improvements (Windows and Linux)
Security improvements:
* The Linux version of TrueCrypt now uses the TrueCrypt Random Number Generator (ported from the Windows version of TrueCrypt) instead of using only the Linux built-in random number generator. (This change was necessary due to a flaw in the Linux built-in random number generator: Data from the mouse and keyboard, which are the most important sources of random data, are not read by the Linux built-in random number generator when the user has only a USB mouse/keyboard.)
Note: The Linux version of TrueCrypt still uses the Linux built-in random number generator. However, it is now merely one of the data sources used by the TrueCrypt random number generator.
* Interactive mount mode, which allows the user to avoid passing sensitive parameters via command line. (Linux)
* TrueCrypt volume is unmapped if mounting it to a directory fails. (Linux)
* When the Never Save History option is enabled, TrueCrypt sets its current directory to the users home directory (in traveller mode, to the directory from which TrueCrypt was launched) after a container or keyfile is selected via the Windows file selector. Therefore, the Windows file selector will not remember the path of the last selected container or keyfile. (Windows)
Miscellaneous:
* Released under the TrueCrypt Collective License Version 1.0