Official website for Linux User & Developer
FOLLOW US ON:
Aug
8

The best file encryption software in open source – group test

by Gareth Halfacree

Keeping your secrets secret is an important consideration, so we have taken the four most popular encryption systems and ordered Linux User’s chief group tester, Garath Halfacree, to do what he does best. Which is the ultimate option? Read on…

TrueCrypt
The only package on test to ship with a GUI by default, is TrueCrypt all style and no substance?

TrueCrypt isn’t a package you’ll find in most distribution’s repositories. Because the terms of the supplied licence aren’t compatible with common open source licences such as the GPL, it’s excluded from distribution – but if you download it manually, you’ll find an extremely powerful package.

Although designed primarily to offer an encrypted ‘container’ – a file which holds the encrypted data – TrueCrypt can be used to encrypt entire devices, and is the package most easily used in a cross-platform environment: TrueCrypt binaries are available for Linux, Mac OS X, and Windows, and containers created on one platform are readily accessible on another.

The best file encryption software in open source - group test
Installation of TrueCrypt - in GUI or shell flavours - requires a manual download in most cases

As the software isn’t included in most repositories, installation consists of downloading a self-extracting shell script in either GUI or command-line flavours. Both are relatively small, and once downloaded the installation process is simple – although, as it doesn’t tie in to your distribution’s packaging system, you’ll have to keep the software up to date manually.

Thanks to its GUI, TrueCrypt is by far the easiest package to use on test. A friendly wizard walks the user through the creation of either device or file based containers, and a selection of encryption ciphers are available to choose from. There’s even the option to chain up to three ciphers together for maximum security, and a handy benchmarking system to see which will offer the best performance on your particular system.

The best file encryption software in open source - group test
TrueCrypt’s GUI keeps the user informed as to what’s happening in the background

When a container has been created and mounted, it appears to the file system as just another drive. As with the other packages on test, any files written to the container will be encrypted on the fly – meaning no unencrypted data is ever written to the disk.

TrueCrypt also includes support for ‘hidden’ volumes. These allow a container or device to have multiple passwords – or keyfiles, or even smartcards – each of which shows a different selection of unencrypted data when used. While hidden volumes carry some risk – it’s possible overwrite the contents of a hidden volume if you’re incautious with the ‘fake’ encrypted volume – it’s a nice option for those who need extra security.

The best file encryption software in open source - group test
Many algorithms are available in TrueCrypt, with a handy benchmarking tool included

With its pretty GUI and ease of use, you’d be forgiven for thinking that TrueCrypt would come with a performance penalty – but in our tests it proved the fastest encryption package around, easily beating both EncFS and eCryptFS and even edging out dm-crypt via LUKS to claim the top spot in both our small-file and large-file tests.

Linux User Verdict
Installation: 6/10
If you want TrueCrypt, you’ll have to download an installer and manage updates yourself.
Features: 10/10
For most common filesystem encryption tasks, it’s hard to beat the flexibilty of TrueCrypt.
Ease of use: 9/10
The GUI is good, but some options could benefit from being more clearly labeled.
Performance: 9/10
There’s still a performance hit, but TrueCrypt was easily the fastest package on test.

Overall: 4/5
TrueCrypt is an amazingly versatile package, and while its licence makes it unsuitable for distribution by default it’s certainly a capable option for those looking for something with a GUI.

Continue to next page – Linux User’s favourite encryption software revealed!


Pages: 1 2 3 4 5
  • Tell a Friend
  • Follow our Twitter to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
    • Joseph

      While LUKS may not have a GUI as such, that doesn’t mean that ease of use is really hampered in some distributions. For instance, when using openSUSE’s YaST configuration tool and its partitioner module, one need simply click a check box (and enter the desired password) and YaST handles formatting, setting up and encrypting the partition, and adding an FSTAB entry if needed. I just checked and it seems Ubuntu gives you an encryption option when using its partitioner but not during the install. openSUSE allows for encryption to be specified during system install as well.

      It’s also my understanding that TrueCrypt allows for full-disk encrypting a boot drive under Windows but not Linux. If that is still the case, then perhaps the recommendation would best be LUKS for setting up a system with full-disk encryption (especially if you’re installing a disto with a powerful installer like openSUSE’s) and TrueCrypt for other needs and cross-platform encrypting.

    • linux97

      The selling point for me (strange sounding since it is free) is the simple fact that Truecrypt will work cross-platform as long as it has been installed on other machines. That means that I can encrypt a thumb drive and use it on various machines; taking my encrypted files with me to work, home, wherever. I can also put a persistent linux on another thumb drive, along with truecrypt, and be assured I can use my encrypted files anywhere I am allowed to boot a computer.

    • Pingback: Links 10/8/2011: Linux/Android Tablets Multiply, OpenGL 4.2 is Coming | Techrights

    • Pingback: Open encryption software « 0ddn1x: tricks with *nix

    • JDM

      TrueCrypt also has some very ambiguous origins and development and is increasingly hard to compile from source by an end user.

    • David

      Apparently there is a tool that makes it possible to use dm-crypt under windows. It’s called FreeOTFE (http://www.freeotfe.org/) and has the benefit of not having to be installed (thus not needing administrator priviligeous). This could actually make it even more useful than truecrypt for use with portable devices. This program is windows only and I don’t think there’s a similar program for MacOSX.

    • Pingback: Truecrypt opensuse | Playstation3st

    • aprogrammer

      Cool post but I was using russian ecryption instruction http://sysadmin.te.ua/tag/luks

    • Pingback: Data encryption in Linux (and OS X, and Windows) | Bits and Pieces