Fact-checked by Grok 2 weeks ago

E4M

Encryption for the Masses (E4M) is a discontinued software program developed for and operating systems.
Released on December 18, 1998, by programmer Paul Calder Le Roux, it enabled users to create encrypted volumes on hard drives to protect data privacy against unauthorized access.
E4M's source code provided the foundational basis for , a subsequent open-source encryption tool that gained widespread adoption for its robust on-the-fly capabilities before its own developers abruptly halted support in 2014. Le Roux, initially motivated by concerns over government surveillance in post-apartheid , authored E4M as an accessible tool for mass adoption of strong , predating commercial alternatives and contributing to early advancements in user-friendly disk software.
The program's legacy is tied to its technical influence rather than longevity, as it ceased maintenance shortly after release, but its open codebase facilitated innovations in verifiable, systems amid growing demands for digital security.
Notably, Le Roux's later transformation into an international crime syndicate leader—overseeing drug trafficking, arms dealing, and operations—has drawn scrutiny to E4M's origins, though the software itself remains a product of his early legitimate coding efforts without evidence of embedded backdoors.

History

Development Origins

Encryption for the Masses (E4M) originated with Paul Le Roux, a programmer born in Zimbabwe and raised in South Africa, who began developing the software in 1997. Le Roux, then in his early twenties, had relocated to the United Kingdom and secured employment as a programmer, including a role at the German firm SecurStar where he contributed to the underlying engine for their commercial product DriveCrypt, a paid disk encryption tool, around 1997 to 1999. His experience at SecurStar exposed him to professional encryption development, but E4M emerged as his independent project aimed at addressing the limitations of proprietary software by offering a no-cost alternative. Le Roux's motivations centered on democratizing to strong for ordinary users amid the rapid expansion of personal computing in the late 1990s, when Windows operating systems dominated consumer markets and privacy threats from unauthorized were increasingly recognized. Unlike expensive commercial options such as DriveCrypt, which required payment and targeted or expert users, E4M sought to provide straightforward, on-the-fly for full drives or partitions, enabling non-technical individuals to secure their without specialized knowledge. This initiative reflected broader concerns over government surveillance and corporate vulnerabilities during the era, prior to widespread adoption of built-in OS encryption features. Development proceeded as a solo effort by Le Roux, primarily in C++ to ensure compatibility with Windows environments prevalent at the time. The project culminated in the public release of E4M's as by late 1998 or 1999, positioning it as an open resource for community scrutiny and modification, though Le Roux discontinued active work on it around 2000 to pursue commercial ventures. This early availability laid the groundwork for subsequent tools, emphasizing usability over advanced features reserved for paid products.

Release and Early Distribution

Encryption for the Masses (E4M) was initially released on December 18, 1998, as software targeted at and NT operating systems. The software provided on-the-fly capabilities, with both binary executables and made publicly available to enable broad accessibility without licensing fees. Distribution occurred primarily through the developer's personal website at e4m.net, where users could download the program, alongside postings to early internet software repositories and cryptography-focused mailing lists. This approach aligned with the project's ethos of democratizing strong encryption tools for non-expert users, positioning E4M as an early effort to counter limited commercial options in the late 1990s. The final version, 2.02a, appeared in 2000, after which maintenance ceased, leaving dissemination reliant on archived copies and user-shared files. E4M featured minimal bundled documentation, consisting mainly of basic setup guides within the installer, with further assistance drawn from discussions on forums and lists rather than formal support channels. Lacking commercial backing, the project depended on voluntary feedback for refinements, reflecting a model that prioritized code openness over polished user resources.

Technical Specifications

Supported Platforms and Compatibility

Encryption for the Masses (E4M) was developed for 32-bit Windows operating systems prevalent in the late 1990s, with version 2.01 supporting , , and (primarily NT 4.0). Earlier version 2.00 was restricted to . These platforms encompassed both the consumer-oriented series and the more robust NT kernel for early enterprise use, aligning with the hardware and driver architectures of typical desktop systems at the time. The software implements on-the-fly via a kernel-mode driver, enabling transparent access to encrypted local disk volumes on compatible hardware, such as standard hard drives dominant in consumer PCs during its development era. It lacks support for advanced storage configurations like controllers or networked volumes, as these required specialized drivers not integrated into E4M's design, which prioritized for mainstream fixed-disk setups under the targeted OS kernels. is thus limited to non-removable, locally attached partitions, excluding dynamic disks or without additional configuration. E4M provides no built-in compatibility with (released in 2001) or subsequent versions, owing to architectural shifts in the NT kernel (version 5.1 and later) that rendered its drivers obsolete. This restriction, combined with the software's discontinuation around 2001, confined its practical use to legacy systems, hastening obsolescence as users migrated to newer Windows releases by the mid-2000s.

Encryption Algorithms and Features

E4M primarily employs the Blowfish symmetric for data encryption, utilizing 128-bit keys in standard configurations to provide efficient on-the-fly encryption of disk volumes and files. Blowfish's design, featuring a 64-bit block size and Feistel network structure, enables fast performance on software implementations without requiring specialized , making it suitable for the resource-constrained systems of its era. This cipher choice reflects a trade-off favoring speed and low over larger block sizes, with empirical benchmarks showing encryption rates exceeding 10 MB/s on late-1990s like processors. Subsequent iterations of E4M introduced support for Twofish as an alternative , supporting 256-bit keys and offering enhanced resistance to and through its key-dependent S-boxes and more rounds (16 versus Blowfish's variable up to 16). Twofish allows users to select ciphers based on perceived security needs, though Blowfish remained the default for its proven track record in open-source tools. Both ciphers operate in mode with initialization vectors derived from the key derivation process, ensuring semantic security against chosen-plaintext attacks when properly implemented. No evidence of backdoors or deliberate weaknesses has been identified in E4M's cryptographic core prior to any independent audits, though its age limits to retrospective analysis of derived codebases. Key management in E4M relies on password-based derivation using iterated hashing (likely RIPEMD-160 or similar, as common in contemporaneous designs) to expand passphrases into keys resistant to and brute-force attacks, supplemented by optional keyfiles for additional . Encrypted volumes as drives, allowing transparent read/write post-authentication without decrypting entire datasets in advance, a core feature of on-the-fly encryption that minimizes exposure of data. Hidden volumes facilitate by embedding a secondary encrypted compartment within an outer volume, accessible only via a distinct ; coercion to reveal the outer volume's key does not expose the hidden one's existence or contents, provided usage patterns avoid detectable slack space anomalies. Notably absent are mechanisms or support for tokens like TPM or smart cards, restricting to single-factor software methods and exposing potential vulnerabilities to keylogger or shoulder-surfing attacks. overhead averages 5-10% on benchmarks from (e.g., 1-2 GHz CPUs without AES-NI), attributable to CPU-intensive scheduling and operations in ; this contrasts with negligible impact in hardware-accelerated modern ciphers but underscores E4M's causal prioritization of broad over optimized throughput. is enhanced by simple creation tools, yet the lack of adaptive strengthening or early versions introduces reliance on user quality for overall resilience.

Controversies

Allegations of Source Code Theft

In the early 2000s, SecurStar CEO Winfried Hafner publicly accused , the developer of Encryption for the Masses (E4M), of theft by misappropriating proprietary from SecurStar during his employment there. Hafner specifically claimed that Le Roux stole elements of SecurStar's internal codebase, including aspects related to encryption routines, to develop and bootstrap E4M, which was initially released as in late 1998 or 1999. These allegations centered on Le Roux's tenure at SecurStar around the period of E4M's creation, asserting that the software incorporated unauthorized copies of SecurStar's DriveCrypt-related code without permission. Hafner further alleged that Le Roux illegally distributed E4M, incorporating SecurStar's proprietary architecture such as partition handling mechanisms and components derived from internal developments. No detailed forensic comparison or public disclosure of side-by-side code excerpts was provided by SecurStar to substantiate the claims of direct copying. SecurStar did not pursue a formal against Le Roux over these assertions, treating them instead as public warnings regarding potential violations. The allegations resurfaced in May 2014 amid the abrupt shutdown of , a successor project derived from E4M, when the TrueCrypt development team reported receiving emails from Hafner reiterating the claims of source code theft by Le Roux from SecurStar. These communications highlighted purported architectural similarities between E4M and DriveCrypt, framing them as of empirical originating from Le Roux's time as a SecurStar employee. The renewed attention underscored SecurStar's position on unremedied IP issues but did not introduce new evidentiary materials beyond prior statements.

Counterarguments and Evidence Assessment

Defenders of E4M's development argue that allegations of theft from SecurStar lack empirical substantiation, as no detailed forensic analyses—such as published code diffs or detection reports—have demonstrated verbatim copying from DriveCrypt or other SecurStar products. Observed architectural parallels, including use of the Blowfish algorithm (publicly released in 1993) and integration with Windows APIs for file handling and drivers, align with industry conventions prevalent in late-1990s tools like PGP Disk or early ScramDisk iterations, rather than implying proprietary derivation. Paul Le Roux, E4M's acknowledged author, has offered no public rebuttal to the claims since his arrest on March 11, 2012, in for extradition to the on charges encompassing international drug trafficking, arms dealing, and cybercrimes, culminating in a 25-year sentence in June 2020 following his cooperation with federal prosecutors. His prolonged incarceration and focus on mitigating unrelated criminal liabilities provide a causal explanation for the silence, undermining assertions that non-denial equates to tacit admission. E4M's distribution model further counters theft narratives: released as from December 1998 with accompanying under a permissive notice stating "This product can be copied and distributed free of charge, including source code," it evinced Le Roux's intent for unrestricted communal access akin to dedication, absent any licensing terms prohibiting modification or forking. This approach facilitated TrueCrypt's evolution from E4M's codebase starting in 2004, without subsequent proprietary enforcement attempts by Le Roux prior to his 2012 detention. Code examinations tied to TrueCrypt's lineage, including the 2014 iSEC audit, highlighted E4M-derived elements as consistent with solo-authored open development—evident in stylistic uniformity and absence of multi-developer artifacts—while flagging no embedded proprietary signatures or obfuscated theft indicators that would deviate from standard open-source practices. Such assessments prioritize verifiable code provenance over unproven competitor assertions from SecurStar's Wilhelm Hafner, whose 2001 email campaign coincided with commercial rivalries in the encryption market. The lack of litigation or third-party validation for theft claims over two decades reinforces reliance on these empirical indicators over narrative speculation.

Relation to TrueCrypt

Forking Process

TrueCrypt 1.0, released in February 2004, was derived directly from the source code of (Encryption for the Masses), a Windows-only on-the-fly program authored by . The derivation process involved anonymous developers adapting E4M's core components, such as its cipher implementations, while modifying the codebase to enable cross-platform functionality, including initial support for and later Mac OS X. This technical handover preserved E4M's foundational logic for handling encrypted volumes but shifted from E4M's freeware binary distribution model, which included source availability under restrictive terms prohibiting derivative products from using the E4M name. The primary motivation for the derivation stemmed from E4M's discontinuation around and its platform limitations, prompting efforts to create a more accessible tool amid increasing needs for portable, verifiable in diverse operating environments. Early TrueCrypt documentation explicitly credited Le Roux for releasing the E4M , stating that version 1.0 incorporated parts of it alongside elements from other projects like SoftCrypto, thereby acknowledging the lineage without altering the underlying permissive reuse conditions. Post-derivation, underwent swift version updates starting in 2004, leveraging E4M's established base to iterate on volume management and elements, driven by contemporaneous demands for that could withstand scrutiny in an era of expanding concerns. These initial iterations focused on stabilizing the forked codebase for wider deployment, without introducing novel at the outset.

Key Differences and Evolutions

TrueCrypt introduced several cryptographic enhancements absent in E4M, including support for RIPEMD-160 as a hash function alongside SHA-1, which expanded key derivation options and addressed potential weaknesses in single-hash reliance. E4M primarily utilized Blowfish and later Twofish in single-cipher modes, whereas TrueCrypt added AES and Serpent, enabling user-selectable combinations to mitigate risks from any individual algorithm's compromise. Most notably, TrueCrypt implemented cascade ciphers—such as AES-Twofish-Serpent, where data undergoes sequential encryption by multiple algorithms in XTS mode—which provided layered security against undiscovered flaws in a single primitive, though at the cost of increased computational overhead compared to E4M's simpler single-pass approach. In terms of bootloader functionality, TrueCrypt developed a custom pre-boot environment for full-system encryption, allowing encrypted operating system drives with hidden volumes and plausible deniability features, capabilities not present in E4M's design, which focused on file and partition containers without system-level boot integration. This evolution stemmed from community-driven needs for comprehensive disk protection, causally addressing E4M's limitations in handling boot-time decryption securely across diverse hardware. E4M's container format and volume size caps (limited to 2^32 bytes) were overhauled in TrueCrypt, supporting up to 2^100 bytes and incompatible formats to incorporate these advanced features. TrueCrypt extended platform compatibility beyond E4M's Windows-only constraint, incorporating and Mac OS X support in subsequent releases, driven by demands for cross-operating-system usability that E4M's architecture did not accommodate. Independent audits in , examining TrueCrypt's core including E4M-derived components, identified medium- and low-severity issues like information leaks but no high-severity cryptographic flaws or backdoors inherited from the predecessor, validating the fork's refinements in code hygiene and security rigor. However, the retention of cascade options perpetuated performance penalties, as multi-layer encryption inherently demands more processing resources than E4M's streamlined single-cipher method, a prioritizing resilience over speed.

Reception and Legacy

Adoption and Usage Patterns

Encryption for the Masses (E4M) saw niche adoption primarily among privacy enthusiasts using and operating systems during the late and early . Released in December 1998, the software was distributed via online forums such as the alt.security.scramdisk group, targeting users seeking free on-the-fly capabilities. Usage patterns reflected its appeal as an open-source alternative in an era dominated by commercial tools like PGP Disk, with discussions in early security forums highlighting its role for individual protection rather than broad deployment. However, lack of ongoing maintenance after discontinuation limited its longevity, as it became incompatible with subsequent Windows iterations like XP and beyond, confining sustained use to legacy systems. Empirical evidence of uptake includes archival references to its discussion in privacy-focused communities prior to TrueCrypt's release, which drew from E4M's codebase, but no records indicate thousands-scale downloads or enterprise adoption; instead, it remained a tool for technically adept Windows users wary of government surveillance. Its user base showed no diversification into activist or journalistic circles at scale, constrained by platform specificity and absence of updates amid evolving OS paradigms.

Impact on Disk Encryption Landscape

E4M's codebase formed the basis for TrueCrypt's initial release in February 2004, enabling the development of a robust free on-the-fly disk encryption utility that incorporated E4M's core encryption primitives and volume management structures. This derivation under E4M's permissive licensing facilitated iterative improvements in the free and open-source software (FOSS) domain, including features like hidden volumes and plausible deniability, which became hallmarks of subsequent tools such as VeraCrypt—a 2014 fork of TrueCrypt 7.1a that extended compatibility and security enhancements. By providing a verifiable starting point free from proprietary constraints, E4M accelerated the availability of accessible, auditable encryption options, diminishing reliance on commercial products like BestCrypt that prevailed prior to 2000. Audits of , including the Open Crypto Audit Project's Phase II completed in April 2015, examined the inherited E4M-derived components and identified no deliberate backdoors or severe cryptographic flaws, affirming the soundness of the foundational under scrutiny by independent experts. These evaluations indirectly validated E4M's contributions to open standards, as the core algorithms—such as cascaded ciphers and key derivation—underwent rigorous testing without uncovering systemic weaknesses exploitable in practice. However, E4M's influence has been constrained by persistent questions over its origins and the developer's subsequent , which prompted early abandonment and fueled skepticism toward the despite empirical resilience. No documented breaches of encrypted data have been attributed to inherent defects in E4M's core mechanisms across its derivatives, highlighting a causal success in promoting durable paradigms amid alternatives, though trust dynamics limited broader institutional adoption.

References

  1. [1]
    Encryption for the Masses - LDAPWiki
    Encryption for the Masses (E4M) is a free disk encryption software for Windows NT and Windows 9xx families of Operating System release December 1998.
  2. [2]
    SophiaAtkinson/E4M: Encryption For The Masses - GitHub
    I found the history for E4M intresting so I decided to give the downloads for it, since it was closed. Version for Windows 95/98/NT
  3. [3]
    Coder-Turned-Kingpin Paul Le Roux Gets His Comeuppance | WIRED
    Jun 12, 2020 · ... encryption software, called Encryption for the Masses (E4M). The code from E4M formed the foundation for TrueCrypt, considered among the ...
  4. [4]
    Version History - TrueCrypt
    Feb 21, 2025 · TrueCrypt 1.0 is based on E4M (Encryption for the Masses). The following lists only the major differences.
  5. [5]
    The Strange Origins of TrueCrypt, ISIS's Favored Encryption Tool
    Mar 30, 2016 · Evan Ratliff on Paul Le Roux, the purported creator of TrueCrypt, a data-encryption tool used by the terror group ISIS.
  6. [6]
    Satoshi Files: Paul Le Roux | CoinMarketCap
    To combat this threat, he developed his own encryption software, called E4M (Encryption for the Masses). ... Le Roux shared his E4M encryption software and the ...
  7. [7]
    A Drug Kingpin Ran His Empire from a Laptop, Then Snitched on ...
    Jan 23, 2019 · ... Paul Le Roux was a guy with a computer. The South African national helped develop E4M—or “Encryption for the Masses”—in the 1990s, software ...
  8. [8]
    E4M - Semantic Scholar
    Encryption for the Masses (E4M) is a free disk encryption software for Windows NT and Windows 9x families of operating systems. E4M is no longer maintained.Missing: meaning | Show results with:meaning
  9. [9]
    The Mastermind Episode 3: He Always Had a Dark Side
    The former Paul Le Roux seemed to have disappeared from the Internet in 2004. Encryption experts I contacted had no idea what had become of that Le Roux, and ...
  10. [10]
    How a South African man became the world's most notorious cyber ...
    Mar 14, 2019 · After toiling for two years on the project, in 1999 he released groundbreaking encryption software called E4M which he had written. It allowed ...<|control11|><|separator|>
  11. [11]
    LDAPWiki: Encryption for the Masses
    - **Release Date**: December 1998
  12. [12]
    Was Bitcoin Created by This International Drug Dealer? Maybe!
    Jul 16, 2019 · Most relevant to Satoshi was Le Roux's experience building and disseminating his own software—software that in many ways paralleled bitcoin. In ...
  13. [13]
    TrueCrypt License Version 3.0
    Feb 20, 2025 · License agreement for Encryption for the Masses. Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved. This product can be copied and ...Missing: announced | Show results with:announced
  14. [14]
    [PDF] Disk Encryption on Windows: Practical evaluation - Theseus
    May 14, 2025 · TrueCrypt source code is based on E4M from which additional feature came into play called plausible deniability which allows user to make a ...
  15. [15]
    Truecrypt Background Information - Howcroft
    TrueCrypt 1.0 was derived from E4M and some parts of the E4M source code are still incorporated in the latest version of the TrueCrypt source code. E4M ...<|control11|><|separator|>
  16. [16]
    P. Le Roux (author of E4M) accused by W.Hafner (SecurStar)
    February 3, 2004. In the last two days, we have been receiving e-mails from Wilfried Hafner, manager of SecurStar. In the e-mails he repeatedly accusesTruecrypt Team · Ridge Cook · David T
  17. [17]
    TrueCrypt License Version 3.1 - LWN.net
    May 29, 2014 · ... Encryption for the Masses. 2. If you use any of the source code in ... Copyright (c) 1998-2008, Brian Gladman, Worcester, UK.Missing: announced | Show results with:announced
  18. [18]
    Acknowledgements - Truecrypt
    We would like to thank the following people: Paul Le Roux for making his E4M source code available. TrueCrypt 1.0 was derived from E4M and some parts of the ...
  19. [19]
    Le Roux admitted that he had created the encryption software E4M ...
    >Le Roux admitted that he had created the encryption software E4M but denied that he had developed TrueCrypt, its famous progeny. To me the picture that is ...
  20. [20]
    Cascades - Truecrypt
    Each 128-bit block is first encrypted with Twofish (256-bit key) in XTS mode and then with AES (256-bit key) in XTS mode. Each of the cascaded ciphers uses its ...Missing: additions E4M
  21. [21]
    Encrypting & Securing your data: Open- or Closed-Source?
    Jan 12, 2004 · Paul Le Roux, the author of Encryption for the Masses (E4M), of the following: 1) Intellectual property theft, stealing the source code of E4M
  22. [22]
    Truecrypt 4.0 update | Wilders Security Forums
    --Based on Encryption for the Masses (E4M) 2.02a, which was conceived in 1997. Lots of major improvements including addition of whirlpool hash algo as ...
  23. [23]
    Blog post: Pipes talks TrueCrypt - Risky Business Media
    May 28, 2014 · At the core of this release was the source code for E4M (Encryption For the Masses). It was released as a Freeware binary with with "source ...
  24. [24]
    TrueCrypt WTF - Schneier on Security -
    May 29, 2014 · IDE AES harware we would have had already on $10 FPGA. The SATA ... Besides, is there any reason to believe that all E4M-derived code has been ...
  25. [25]
    True Goodbye: 'Using TrueCrypt Is Not Secure' - Krebs on Security
    May 29, 2014 · “The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated ...
  26. [26]
    TrueCrypt Security Audit Completed
    Apr 3, 2015 · The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.Missing: E4M | Show results with:E4M
  27. [27]
    TrueCrypt Security Audit Concludes No NSA Backdoor
    Apr 3, 2015 · The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in ...Missing: 2014 inherited E4M