Jump to content

TrueCrypt website warns users its software is insecure...


Recommended Posts

If you visit the TrueCrypt homepage you will be greeted not with information about the best cross-platform open-source crypto software available, but a warning to avoid it as it has "unfixed security issues".

 

What happened? Did the page get hacked by a national security agency, irritated that its citizens have avoided scrutiny of sensitive files by locking them in a password-protected container? Did the developers of TrueCrypt receive an insight into a backdoor or flaw in the encryption software that made it inadvisable to continue with the project? Were they leant on by the same security agencies and then served with a gagging order?

 

The website offers downloads to TrueCrypt 7.2 now. This also has a warning within it, and will decrypt existing containers but not encrypt new ones. The website suggests migrating to Bit Locker on Windows (sic.) as a way of protecting files from now on.

 

Whatever has gone on here, it looks like TrueCrypt has some rough times ahead, and is possibly dead in the water.

 

This from The Register.

Link to comment
Share on other sites


Extended discussions of this news here, here, and here.

 

After reading all that, I'm not really sure what to believe. :unsure:

 

--JorgeA

Believe nothing. :no:

 

Consider how a considerable part of Steve Gisbson's fame is connected to senselessly hyping otherwise rather plain matter facts and crying wolf over and over. :w00t::ph34r:

 

Wait. (not making a fuss about it while waiting would be a plus, buit is of course completely optional)

 

Some wise words :yes::

https://www.schneier.com/cgi-bin/mt/mt-search.cgi?tag=TrueCrypt

 

I suppose we'll have to wait and see what develops.

 

 

Remember that (it doesn't matter if you used Truecrypt or *any* other encryption software) if "they" were after you, "they" would have ALREADY got you and all your bases ALREADY are belong to "them".

 

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

 

Extended discussions of this news here, here, and here.

 

After reading all that, I'm not really sure what to believe. :unsure:

 

--JorgeA

Believe nothing. :no:

 

Consider how a considerable part of Steve Gisbson's fame is connected to senselessly hyping otherwise rather plain matter facts and crying wolf over and over. :w00t::ph34r:

 

Wait. (not making a fuss about it while waiting would be a plus, buit is of course completely optional)

 

Some wise words :yes::

https://www.schneier.com/cgi-bin/mt/mt-search.cgi?tag=TrueCrypt

 

I suppose we'll have to wait and see what develops.

 

 

Remember that (it doesn't matter if you used Truecrypt or *any* other encryption software) if "they" were after you, "they" would have ALREADY got you and all your bases ALREADY are belong to "them".

 

 

jaclaz

 

 

Isn't truecrypt open source anyway, so it really isn't dead anyway someone else would pick it up and continue on.

Link to comment
Share on other sites

 

Extended discussions of this news here, here, and here.

 

After reading all that, I'm not really sure what to believe. :unsure:

 

--JorgeA

Believe nothing. :no:

 

 

Even if one doesn't like Steve Gibson, the extended discussion that follows his blog posts makes for interesting reading.

 

At this point everyone (except the developers themselves) is merely in a position to speculate, a point that came out clearly in those discussions.

 

I was simply offering food for thought in response to the OP's questions. BTW, the third link has little or nothing to do with Gibson.

 

--JorgeA

 

ADDENDUM I: Cory Doctorow's take on the situation, and (perhaps surprisingly) somewhat of an endorsement of BitLocker.

 

ADDENDUM II: Steve Gibson :ph34r:  :w00t:  has a new page on his website with additional information, including updates on a possible fork by the Linux Foundation, download links for various versions of the software, and a report on (apparent) communications from a TC developer regarding their decision.

Edited by JorgeA
Link to comment
Share on other sites

It's not about liking or not liking Steve Gibson, and in this specific case, set aside the usual incredible amount of words he can mine from *nothing* he is not particularly worse than others, it is only about the "speculative" parts that everyone has been contributing to.

 

It seems to me an episode of mass hysteria over a complete absence of factual info.

 

Quick recap for those that do not want to read pages and pages and pages of speculations, senseless comments, conspiracy theories (and the contrary of them).

 

FACTS:

  1. Truecrypt was not modified (no new releases) since February 2012 (Version 7.1a)
  2. NO practical methods to crack it's encryption were ever published (not before, nor later the above release)
  3. The software is undergoing a full audit that, at the moment (end of stage 1) found NO vulnerabilities of relevance
  4. *Something* (of very unclear nature) happened to the project and it's homepage
  5. The Authors of the software have, since the beginning of the project, kept a totally anonymous profile, so that - not entirely unlike the known Bitcoin issues - there are no ways to contact them, nor any way to guarantee that someone is a member of the developing team

 

Jaclaz's personal OPINIONS:

  1. Encryption is - in most cases - a perfect way to lose your precious data and it is largely used without an actual reason by the large majority of the people that is now crying wolf
  2. The Truecrypt encryption, and particularly the 7.x version has proved to be exceptionally robust, in the sense that there are no known vulnerabilities worth mentioning, notwithstanding the fact that its source is open and that its approach is substantially the same since long before 2012
  3. It usually makes NO sense to use Truecrypt encryption (or any encryption at all), it never made sense and it will never make sense if not for a very limited number of people that may actually need it (and these people are seemingly not panicking publicly)
  4. The auditing of the code is a very well managed initiative and soon it will be able to clear if (and still it remains not very probable) *any* vulnerability that the existing releases may have.
  5. Whatever happened to the Authors, to the home page and to the project will soon be - if not cleared - overcome by the initiatives of the Internet community

 

Nothing to see here, move along peeps.

 

And now, XKCD :yes: :

http://xkcd.com/538/

security.png

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

It is obvious, that the requirement for the next presidential race, is going to be true privacy, where a persons computer or data can not be confiscated for any reason at all. The patriot act can not be resigned under any circumstances, and a new act will be created, that will protect peoples privacy.

The way I see things going as with the imaginary drug wars, they ( meaning the government and their sponsors ), want to make privacy the new drug wars. Imagine you entering the airport gate with your labtop, and they decide to check it, and your like "It doesn't matter what is my labtop, that is my privacy", and the

I see a lot of r-tards in the defense, hiding behind their positions, with many beggars doing the grunt work, and the only reason they take the job is because it's not hard labor. Many of our families from various parts of the world are one of them, and are too afraid to fight for privacy. They do not want to do these things, they are just pressured like slaves via money. Like a cat is to it's master, until it has no food to give.

In fact on an higher level, their is no private entrepreneurship. We are just working for our goverment, which is the only real institution that has all the benefits that are required by law, so they can cripple small business, or turn them into non-profitable organization. Their is no nations, no law, just a bunch of rats, playing beggars from one generation to the next.

TC, was obviously attacked, and more attention then they deserve since the airport incident. It was obvious, that somebody in the facility was unable to crack the code, so instead of not cracking the code, they probably used a loophole in the laws, to get to them. I see the current statement, I can't even load the website from my computer, their is a bunch of delays. However it is obvious from their statement, that nobody can be dependent on their software for later versions of windows, if not then any version of windows for that matter.

It is funny. OSX is completely useless, on an Intel machine, and is limited as such. Intel somehow managed to surpass PPC. Microsoft finally started to make backwards support for it's previous OS. To make things worst, the newer versions of windows, does not look anything like Windows. A huge majority of Windows users are mindless gamers, and mindless secretaries, and anybody else is just being forced to used it, like students, or work.

I think we should just abandon computers all together and admit, the entire thing is corrupted from the non-profit level. Just phuck anything that has to do with computers, and let the Orientals, Indians, etc take over. That is what things look like to me, just as with synthesize music, being pushed into the non-heterosexual, crowd. I think the computer business is on purposely being pushed into the Oriental and Asian crowd on purpose. Westerners are not meant for computers, they are meant to carry guns, and not think anything else. It just seems, that men as a whole are being pushed out of the cushy jobs that women so do not deserve, and we are being given jobs that puts us in harms way. Like you might be an electrical technician, but you work inside of an sewers, with roaches, and rats. That is it, just do not try, do not invest, just lie down and die. That is the way I see things with the west right now. All these trends are just give up, lie down and die, and let the yuppies walk all over you. Just have a few laughs, reproduce, pretend everything is okay, lie down and die.

Chances are a western person will never go beyond the ability to do anything with computers that will become a world wide success unless they sell out and go against their morals.

Edited by ROTS
Link to comment
Share on other sites

@ROTS: Whoa! :o

 

@jaclaz: Half (if not more) of the point is the sheer fun of speculating. :P

 

"The truth is out there" and it will (may) come out in due course.

 

--JorgeA

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...