TrueCrypt NOT Secure (or) Truecrypt.org Hacked...

Its About Sharing

legendary

Activity: 1442

Merit: 1000

Antifragile

Quote from: drrussellshane on May 29, 2014, 09:38:13 PM

from reddit:

Quote

They also removed the section in the license that required you to reference TrueCrypt if you branched or used it. Basically they are opening the door for a fork. The license change, the US comment change, the removal of hidden partitions, insecure errors that get thrown and telling users to use insecure software instead. They are screaming loudly to fork it due to an NSL.

Great, more government "intervention". Looks like 7.1a is going to be a torrent classic, with the hashes of course...
Once the developers start talking this is going to get a whole lot more interesting.

drrussellshane

hero member

Activity: 546

Merit: 500

from reddit:

Quote

They also removed the section in the license that required you to reference TrueCrypt if you branched or used it. Basically they are opening the door for a fork. The license change, the US comment change, the removal of hidden partitions, insecure errors that get thrown and telling users to use insecure software instead. They are screaming loudly to fork it due to an NSL.

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

If people depended on it for so many years, how come I only recently heard of it?

PrivacyIsImportant

jr. member

Activity: 48

Merit: 24

unbelievable is how people who have depended on TC simply believe in that and get tricked

InwardContour

sr. member

Activity: 644

Merit: 260

freaky. people have depended on truecrypt for so many years now -- unbelievable if unsecure. Undecided

drrussellshane

hero member

Activity: 546

Merit: 500

7.2 was just recently added in the wake of all this so that users could decrypt, but not encrypt files.

I would stay the hell away from it though.

If you didn't download 7.2 within the past day or so, then you don't have it.

7.1a has been around since before the Snowden leaks went public.

PrivacyIsImportant

jr. member

Activity: 48

Merit: 24

Quote from: bitbouillion on May 29, 2014, 01:04:58 PM

Where can I downlaod the 7.2 sources and diff them to 7.1?

http://cyberside.net.ee/truecrypt/ - sources + release mirror

There is also an official github channel, but there is a risk of it being sliced and source code modified as well as official pages.
https://github.com/DrWhax/truecrypt-archive

So, better use old mirrors above, not located in the U.S.

lyth0s

legendary

Activity: 1260

Merit: 1000

World Class Cryptonaire

I think by them saying to switch to Microsofts bitlocker (LOL) is a red flag for all of us. Truecrypt's devs would never say that. I think this is somewhat of a Warrent Canary to let us know that either the NSA has seized control of the project and to not trust any new updates, or that the developer has been arrested or ordered to implement a backdoor. I would continue to use Truecrypt 7.1a or earlier and NOT use 7.2 or any new version. And DONT use bitlocker, Microsoft has partnered with the NSA many times and I'd bet $$ that there is a NSA backdoor in there for sure.

Singlebyte

hero member

Activity: 854

Merit: 1000

Why do we have two threads? Maybe a mod can merge or close one?

bitbouillion

sr. member

Activity: 868

Merit: 250

Where can I downlaod the 7.2 sources and diff them to 7.1?

MiningBuddy

hero member

Activity: 927

Merit: 1000

฿itcoin ฿itcoin ฿itcoin

Some interesting theories on reddit right now about this: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/

validium

sr. member

Activity: 350

Merit: 250

Decentralized thinking

I wouldn't trust this sort of news till i see a post by Bruce schneier on the matter. Now why would the devs tell us to switch to bitlocker which is not open source? Doesn't make sense.

bluefirecorp

legendary

Activity: 882

Merit: 1000

Sitting in #truecrypt on freenode. Topic is: Unofficial TrueCrypt channel | Site is potentially compromised so please excercise due diligence before downloading and installing | For now, we don't know any more than you do.

lilfiend

member

Activity: 96

Merit: 10

Had to double check my truecrypt version to be sure... 7.1a

PHEW!

eXch

member

Activity: 119

Merit: 948

Don't listen to rumors spreaded by the NSA

I am quite sure that TrueCrypt developer was paid OR silently arrested by the NSA then they had modified the official site.
TrueCrypt is using a proven open techniques, nobody can crack Serpent+Aes combinations, so stopping using TC just because they "had stopped a developing" would be stupid, as well as because TC hadn't any official releases during a long time period, because it's secure and stable!

Also, look at this: http://en.wikipedia.org/wiki/Special:Contributions/Truecrypt-end
Who would be trying to modify the official wiki page so steadily and stressfully (3 times) ? Suddenly... And in a so dirty way...
... Only a hacker or the government!!!

Singlebyte

hero member

Activity: 854

Merit: 1000

Google news is starting to light up with articles now about it. This one is sorta interesting:

http://nakedsecurity.sophos.com/2014/05/28/true-mystery-of-the-disappearing-truecrypt-disk-encryption-software/

sippsnapp

sr. member

Activity: 322

Merit: 250

Twitter goes bonkers on #truecrypt.

No statement from any dev as of yet.

Snowden allegedly used truecrypt and its very well known as nr1 encryption for bitcoiners too.

And then theres this, https://firstlook.org/theintercept/article/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/

One blog to watch, eventually https://www.schneier.com/about.html

Very strange to say the least.

Singlebyte

hero member

Activity: 854

Merit: 1000

This is definitely weird. I googled it to find out more info and this is what PC World had to say:

http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

RUEHL

full member

Activity: 126

Merit: 100

Quote from: ShameOnYou on May 28, 2014, 08:39:44 PM

This is the third time I've seen mention of this, but to be honest, I'm not sure what the situation is exactly. Could someone explain it to me in layman's terms?

TrueCrypt has been the de facto standard for open source drive encryption.

Other paid solutions, it's probable that the vendor or NSA has some backdoor into the encryption.

So all this time, we thought we were safe but perhaps not?

ShameOnYou

full member

Activity: 238

Merit: 100

This is the third time I've seen mention of this, but to be honest, I'm not sure what the situation is exactly. Could someone explain it to me in layman's terms?

Topic: TrueCrypt NOT Secure (or) Truecrypt.org Hacked... (Read 7153 times)