Editing TrueCrypt (section)

== Encryption scheme ==

=== Algorithms ===
Individual [[cipher]]s supported by TrueCrypt are [[Advanced Encryption Standard|AES]], [[Serpent (cipher)|Serpent]], and [[Twofish]]. Additionally, five different combinations of [[Multiple encryption|cascaded]] algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent.<ref>{{cite web | title =Encryption Algorithms | work =TrueCrypt Documentation | publisher =TrueCrypt Foundation | url =http://www.truecrypt.org/docs/encryption-algorithms | access-date = 24 May 2014}}</ref> The [[cryptographic hash function]]s available for use in TrueCrypt are [[RIPEMD-160]], [[SHA-512]], and [[Whirlpool (cryptography)|Whirlpool]].<ref>{{cite web | title =Hash Algorithms | work =TrueCrypt Documentation | publisher =TrueCrypt Foundation | url =http://www.truecrypt.org/docs/hash-algorithms | archive-url =https://archive.today/20140525064033/http://www.truecrypt.org/docs/hash-algorithms | url-status =dead | archive-date =25 May 2014 | access-date = 24 May 2014}}</ref> Early versions of TrueCrypt until 2007 also supported the block ciphers [[Blowfish (cipher)|Blowfish]], [[CAST-128]], [[Triple DES|TDEA]] and [[International Data Encryption Algorithm|IDEA]]; but these were deprecated due to having relatively lower 64-bit security and patent licensing issues.<ref name="version-history"/>

The practical security provided by TrueCrypt depends altogether on the applied encyption algorithms and their different weaknesses. TrueCrypt by itself offers no extra protection against a weak trusted algorithm.

=== Modes of operation ===
TrueCrypt currently uses the [[XTS mode|XTS]] [[block cipher modes of operation|mode of operation]].<ref name=modes>{{cite web | title =Modes of Operation | work =TrueCrypt Documentation | publisher =TrueCrypt Foundation | url =http://www.truecrypt.org/docs/modes-of-operation | archive-url =https://archive.today/20130904135344/http://www.truecrypt.org/docs/modes-of-operation | url-status =dead | archive-date =4 September 2013 | access-date =24 May 2014 }}</ref> Prior to this, TrueCrypt used [[Disk encryption theory#Liskov, Rivest, and Wagner (LRW)|LRW mode]] in versions 4.1 through 4.3a, and [[Cipher block chaining|CBC mode]] in versions 4.0 and earlier.<ref name="version-history">{{cite web|url=http://www.truecrypt.org/docs/?s=version-history|archive-url=https://archive.today/20130108162305/http://www.truecrypt.org/docs/?s=version-history|url-status=dead|archive-date=8 January 2013|title=Version History|publisher=TrueCrypt Foundation|access-date=1 October 2009}}</ref> XTS mode is thought to be more secure than LRW mode, which in turn is more secure than CBC mode.<ref name="Fruhwirth">{{cite web |first = Clemens |last = Fruhwirth |url = http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf |title = New Methods in Hard Disk Encryption |publisher = Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology |date = 18 July 2005 |access-date = 10 March 2007}}</ref>

Although new volumes can only be created in XTS mode, TrueCrypt is [[backward compatible]] with older volumes using LRW mode and CBC mode.<ref name="version-history" /> Later versions produce a security warning when mounting CBC mode volumes and recommend that they be replaced with new volumes in XTS mode.

=== Keys ===
The header key and the secondary header key (XTS mode) are generated using [[PBKDF2]] with a 512-[[bit]] [[Salt (cryptography)|salt]] and 1000 or 2000 iterations, depending on the underlying hash function used.<ref>{{cite web | title =Header Key Derivation, Salt, and Iteration Count | work =TrueCrypt Documentation | publisher =TrueCrypt Foundation | url =http://www.truecrypt.org/docs/header-key-derivation | access-date = 24 May 2014}}</ref>