A security-hardened fork of TrueCrypt 7.1a for macOS
Native SwiftUI app · Argon2id key derivation · DarwinFUSE (no kext) · Universal Binary (arm64 + x86_64)
TrueCrypt was abandoned in 2014. VeraCrypt continued it, but added questionable ciphers, a complex PIM system, and a Windows bootloader signed by Microsoft.
Basalt takes a different path: fix what's broken, remove what shouldn't be there, and build a native macOS app from scratch. No wxWidgets, no password cache, no window dressing — just solid encryption with modern key derivation.
- Argon2id key derivation — 1 GB memory cost, 8 threads. GPU-resistant by design.
- Opens TrueCrypt & VeraCrypt volumes — plus automatic KDF upgrade prompt for legacy iterations.
- Hidden volumes — create and mount with plausible deniability, with write protection for the outer volume.
- Native SwiftUI app — no wxWidgets, no Qt on macOS. Clean, dark-mode interface.
- CLI included —
basalt-clifor scripting and headless use. - DarwinFUSE built-in — no macFUSE, no kernel extension, no SIP changes.
- Zero-state design — no password cache, no favorites, no history. Forensic analysis reveals nothing.
- Auto-dismount — on inactivity, screen lock, sleep, quit, and logout.
- Screen capture protection — the entire app is invisible to screenshots, screen recording, and AirPlay.
- Codebase reduced by 75% — from 195k to 47k lines. Boot loader, kernel driver, PKCS#11, wxWidgets, Win32 all deleted.
More screenshots
Real-world attack costs on a single RTX 4090 (24 GB VRAM):
| Configuration | Attempts/sec | Time for 50-bit key |
|---|---|---|
| TrueCrypt 7.1a (PBKDF2, 1,000 iter) | ~500,000 | 2 seconds |
| VeraCrypt (PBKDF2, 500,000 iter) | ~1,000 | ~19 minutes |
| VeraCrypt (Argon2id, 96 MB, p=1) | ~250 | ~75 minutes |
| Basalt Standard (Argon2id, 512 MB, p=4) | ~48 | ~6.5 hours |
| Basalt Maximum (Argon2id, 1 GB, p=8) | ~24 | ~13 hours |
For a 60-bit password (4 random words), multiply by 1,000. For a 70-bit password (5 random words), multiply by 1,000,000.
The memory cost is the key: A 4090 with 24 GB VRAM can run ~24 parallel 1 GB Argon2id instances. A CPU attacker with 1 TB RAM could run 1,000 — but costs $50,000+ instead of $1,600.
| Format | Mount | Create |
|---|---|---|
| Basalt | ✓ | ✓ |
| TrueCrypt 7.1a | ✓ | ✓ (legacy mode) |
| VeraCrypt | ✓* | — |
Existing volumes just work. Legacy TrueCrypt volumes get an automatic upgrade prompt for modern key derivation.
*VeraCrypt volumes using Camellia or Kuznyechik are not supported — see SECURITY.md for the rationale.
Pre-built universal binaries (arm64 + x86_64) are available on the Releases page:
- Basalt.app — the GUI, packaged as a DMG
- basalt-cli — the command-line tool, packaged as a ZIP
Basalt is not notarized by Apple. macOS Gatekeeper will block it on first launch.
Option A — Right-click:
- Right-click (or Control-click)
Basalt.app - Select Open from the context menu
- Click Open in the dialog
Option B — Terminal:
xattr -d com.apple.quarantine /path/to/Basalt.appThe same applies to basalt-cli:
xattr -d com.apple.quarantine /path/to/basalt-cliRequirements: macOS 12+, Xcode Command Line Tools, pkg-config. No external FUSE installation required.
GUI (Basalt.app):
cd Basalt && ./build.shCLI:
make cliUniversal Binary (arm64 + x86_64):
bash build-universal.sh releaseBasalt.app (SwiftUI) Native macOS UI (macOS 12+)
TCCoreBridge.mm (ObjC++) Bridge: Foundation ↔ C++
basalt-cli (C++) Standalone terminal tool
libBasaltCore.a (src/) Crypto + Volume + FUSE + Platform
DarwinFUSE (C) NFSv4 userspace FUSE (no kernel extension)
| Document | Contents |
|---|---|
| SECURITY.md | All 34 security hardening measures, attack surface reduction, cipher selection rationale, comparison with VeraCrypt, steganographic keyfiles guide |
| License.txt | TrueCrypt License 3.0 |
Based on TrueCrypt, freely available at http://www.truecrypt.org/.
Governed by the TrueCrypt License 3.0 — see License.txt for the full text. TrueCrypt is a trademark of the TrueCrypt Foundation. VeraCrypt is a trademark of IDRIX. Basalt is an independent project, not affiliated with or endorsed by either.