Pages:
Author

Topic: TrueCrypt NOT Secure (or) Truecrypt.org Hacked... (Read 7165 times)

legendary
Activity: 1442
Merit: 1000
Antifragile
from reddit:
Quote
They also removed the section in the license that required you to reference TrueCrypt if you branched or used it. Basically they are opening the door for a fork. The license change, the US comment change, the removal of hidden partitions, insecure errors that get thrown and telling users to use insecure software instead. They are screaming loudly to fork it due to an NSL.

Great, more government "intervention". Looks like 7.1a is going to be a torrent classic, with the hashes of course...
Once the developers start talking this is going to get a whole lot more interesting.
hero member
Activity: 546
Merit: 500
from reddit:
Quote
They also removed the section in the license that required you to reference TrueCrypt if you branched or used it. Basically they are opening the door for a fork. The license change, the US comment change, the removal of hidden partitions, insecure errors that get thrown and telling users to use insecure software instead. They are screaming loudly to fork it due to an NSL.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
If people depended on it for so many years, how come I only recently heard of it?
jr. member
Activity: 49
Merit: 26
unbelievable is how people who have depended on TC simply believe in that and get tricked
sr. member
Activity: 644
Merit: 260
freaky. people have depended on truecrypt for so many years now -- unbelievable if unsecure. Undecided
hero member
Activity: 546
Merit: 500
7.2 was just recently added in the wake of all this so that users could decrypt, but not encrypt files.

I would stay the hell away from it though.

If you didn't download 7.2 within the past day or so, then you don't have it.

7.1a has been around since before the Snowden leaks went public.
jr. member
Activity: 49
Merit: 26
Where can I downlaod the 7.2 sources and diff them to 7.1?


http://cyberside.net.ee/truecrypt/ - sources + release mirror

There is also an official github channel, but there is a risk of it being sliced and source code modified as well as official pages.
https://github.com/DrWhax/truecrypt-archive

So, better use old mirrors above, not located in the U.S.
legendary
Activity: 1260
Merit: 1000
World Class Cryptonaire
I think by them saying to switch to Microsofts bitlocker (LOL) is a red flag for all of us. Truecrypt's devs would never say that. I think this is somewhat of a Warrent Canary to let us know that either the NSA has seized control of the project and to not trust any new updates, or that the developer has been arrested or ordered to implement a backdoor. I would continue to use Truecrypt 7.1a or earlier and NOT use 7.2 or any new version. And DONT use bitlocker, Microsoft has partnered with the NSA many times and I'd bet $$ that there is a NSA backdoor in there for sure.
hero member
Activity: 854
Merit: 1000
Why do we have two threads?  Maybe a mod can merge or close one?
sr. member
Activity: 868
Merit: 250
Where can I downlaod the 7.2 sources and diff them to 7.1?
hero member
Activity: 927
Merit: 1000
฿itcoin ฿itcoin ฿itcoin
sr. member
Activity: 350
Merit: 250
Decentralized thinking
I wouldn't trust this sort of news till i see a post by Bruce schneier on the matter. Now why would the devs tell us to switch to bitlocker which is not open source? Doesn't make sense.
legendary
Activity: 882
Merit: 1000
Sitting in #truecrypt on freenode. Topic is: Unofficial TrueCrypt channel | Site is potentially compromised so please excercise due diligence before downloading and installing | For now, we don't know any more than you do.

member
Activity: 96
Merit: 10
Had to double check my truecrypt version to be sure... 7.1a

PHEW!
member
Activity: 119
Merit: 948
Don't listen to rumors spreaded by the NSA Smiley
I am quite sure that TrueCrypt developer was paid OR silently arrested by the NSA then they had modified the official site.
TrueCrypt is using a proven open techniques, nobody can crack Serpent+Aes combinations, so stopping using TC just because they "had stopped a developing" would be stupid, as well as because TC hadn't any official releases during a long time period, because it's secure and stable!

Also, look at this: http://en.wikipedia.org/wiki/Special:Contributions/Truecrypt-end
Who would be trying to modify the official wiki page so steadily and stressfully (3 times) ? Suddenly... And in a so dirty way...
... Only a hacker or the government!!!
hero member
Activity: 854
Merit: 1000
Google news is starting to light up with articles now about it.  This one is sorta interesting:

http://nakedsecurity.sophos.com/2014/05/28/true-mystery-of-the-disappearing-truecrypt-disk-encryption-software/
sr. member
Activity: 322
Merit: 250
Twitter goes bonkers on #truecrypt.

No statement from any dev as of yet.

Snowden allegedly used truecrypt and its very well known as nr1 encryption for bitcoiners too.

And then theres this, https://firstlook.org/theintercept/article/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/

One blog to watch, eventually https://www.schneier.com/about.html

Very strange to say the least.
hero member
Activity: 854
Merit: 1000
This is definitely weird.  I googled it to find out more info and this is what PC World had to say:

http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html
full member
Activity: 126
Merit: 100
This is the third time I've seen mention of this, but to be honest, I'm not sure what the situation is exactly. Could someone explain it to me in layman's terms? Smiley
TrueCrypt has been the de facto standard for open source drive encryption. 

Other paid solutions, it's probable that the vendor or NSA has some backdoor into the encryption.

So all this time, we thought we were safe but perhaps not?

full member
Activity: 238
Merit: 100
This is the third time I've seen mention of this, but to be honest, I'm not sure what the situation is exactly. Could someone explain it to me in layman's terms? Smiley
Pages:
Jump to: