Pages:
Author

Topic: TrueCrypt's Web Site Updates with Ominous Warning, Details Unknown (Read 4955 times)

sr. member
Activity: 462
Merit: 250
XP rocks! I'm using it right now. Grin

Anyway, back on topic...

The Truecrypt code is open source so it could always be forked. However, my guess is that it wouldn't exactly be easy because of how messily and confusingly the code was written and the fact that any new developer(s) would lack the level of familiarity with the code that the original developers had. In case anyone is interested, there's already a new website out there with a .ch extension (as opposed to .org) which aims to take over the project but I'm not sure if they (or anyone else for that matter) have the technical know-how to implement the features that Truecrypt 7.2 was supposed to have (e.g. UEFI support, full Windows 8 compatibility). After all, writing encryption software isn't easy.
full member
Activity: 238
Merit: 100
Kia ora!
Can think of a few possibilities:
1 - the dev team might have just given up and decided to pull the plug from lack of support, and as a final fuck you all, recommended people go to microshits NSA unlocked...
2 - they might have sold out and decided to make a pay only version of TC
3 - I doubt its a NSL due to who the dev team are, they are no Lavabit, they of all people would be more likely to publish such an attempt to suppress them. If its state interference, it would more likely be more direct action against them that could trigger a reaction like this one.
4 - perhaps there actually is a bad enough security flaw in XP that makes TC vulnerable to attack, that ms is now refusing to fix due to it no longer supporting XP.

Brute force wise, Truecrypt has never been that resistant to a determined and resourced attacker. It does not employ either BCrypt or SCRYPT - its key stretching, rounds implementation are pretty crap. Elcomsoft say their forensic disk decryptor has the ability to recover keys from TrueCrypt volumes/partitions if a computer has been in hibernation while a container or partition had been loaded. And of course, it is also according to them, vulnerable to cold boot attacks and recovering keys from ram dumps.

see their ad here: http://www.elcomsoft.com/efdd.html

But the more important thing is, Bitlocker is apparently just as vulnerable to these types of attacks. Even in saying that, I am going to go with number 4 for this reason. The timing of them quitting the scene and the fact that phase two of the Truecrypt audit had just kicked off focussing very much on implementation http://istruecryptauditedyet.com/ The timing of the dev team quitting and phase one having just been completed and phase two of this audit kicking off I think somewhere in that is the missing clue to why.
legendary
Activity: 1834
Merit: 1019
It's worth noting that Edward Snowden publicly endorsed TrueCrypt's full-disk and virtual image encryption service, so it's reasonable to assume that this put the spotlight on TrueCrypt. The most likely scenario then, but one that cannot yet be corroborated with any certainty, is that the federal government came a-knocking—as it did for Lavabit, which was touted as Snowden's email service—on TrueCrypt's door. And TrueCrypt's creators, again, like Lavabit's Ladar Levison, simply shuttered the service instead of giving the NSA a backdoor.

This, of course, assumes that at least one of the creators resides in the United States. If one or more are US-based, they could be subject to a National Security Letter (NSL), the powerful and coercive legal instrument the US government used on Lavabit after Snowden publicly praised the service

...

On Hacker News, user UVB-76 theorized that TrueCrypt's recommendation to migrate over to Microsoft's Bitlocker was so "patently absurd as to be a signal that the developers are under duress" from the US government. The user dsuth mused, "That's my take on it as well, even though it fails the Occam's razor test. This all sounds like a very understated way of saying 'we can no longer develop truecrypt with impunity, and the only other options are closed source, and highly likely to be compromised out of the gate.'"
hero member
Activity: 518
Merit: 521
This is unreal. A project this important, this old just up and vanishes one day. No explanation, just some rumors in its wake.
I'm sure there will be an other open source solution like it, but it would be really important to know what happened to this one.

Welcome to the fledgling fascism which will grow ever worse as we slide into a Dark Age:

https://bitcointalksearch.org/topic/m.7064961
newbie
Activity: 7
Merit: 0
This is unreal. A project this important, this old just up and vanishes one day. No explanation, just some rumors in its wake.
I'm sure there will be an other open source solution like it, but it would be really important to know what happened to this one.
legendary
Activity: 1176
Merit: 1001
minds.com/Wilikon
Screw VistaTrash, 7Garbage (oops! they forgot the "up one level" button on the shitty Windows Explorer) and the 8th abomination. Can we go back on topic now?

Sure....



http://arstechnica.com/security/2014/05/truecrypt-security-audit-presses-on-despite-developers-jumping-ship/

legendary
Activity: 1049
Merit: 1006
Screw VistaTrash, 7Garbage (oops! they forgot the "up one level" button on the shitty Windows Explorer) and the 8th abomination. Can we go back on topic now?
full member
Activity: 224
Merit: 100
Professional anarchist
I am using XP 64 only because these shitty win7/8 have removed the intelligent, fast and advanced XP search, where i am able to search around a file contents, defining a file extension and size limits without installing any third-party software

Later OS's, like 7, do have advanced search functions. I did a bit of work with Windows Search, or WDS as it was then.

http://windows.microsoft.com/en-gb/windows7/advanced-tips-for-searching-in-windows

member
Activity: 96
Merit: 25
I am using XP 64 only because these shitty win7/8 have removed the intelligent, fast and advanced XP search, where i am able to search around a file contents, defining a file extension and size limits without installing any third-party software
full member
Activity: 224
Merit: 100
Professional anarchist
OK, last off-topic post on this subject. If you look around these very forums you're gonna find quite a few XP 64 users. Last but not least, gently insert whatever later Windows OS you might use up your ass.

 Shocked
legendary
Activity: 1049
Merit: 1006
Errr... no. Wink

XP x64 is the only post Win2k platform I don't test for. You're only the second user I have ever come across. It would be a kindness to gently format that drive.

OK, last off-topic post on this subject. If you look around these very forums you're gonna find quite a few XP 64 users. Last but not least, gently insert whatever later Windows OS you might use up your ass.
full member
Activity: 224
Merit: 100
Professional anarchist
Errr... no. Wink

XP x64 is the only post Win2k platform I don't test for. You're only the second user I have ever come across. It would be a kindness to gently format that drive.
legendary
Activity: 1049
Merit: 1006
Best Microsoft OS ever, my friend. Built on the Server 2003 codebase, extremely stable and compatible with everything except 16-bit programs. My current install is over 4 years old and I keep my PC on 24/7 for weeks without needing to reboot. Actually most of the time I only need to restart my machine when I install something like new video drivers which require a restart.

I'm a developer and used to work for Microsoft, and yes, XP's brilliance was what crippled Vista, and to a lesser extent 7. But come on, let it die Smiley

Errr... no. Wink

Well, OK, remove everything metro-related from the 8th abomination and give me back the CLASSIC start menu (like the one on 98 SE) without me needing to install any 3rd party software and I might consider your offer...
full member
Activity: 224
Merit: 100
Professional anarchist
Best Microsoft OS ever, my friend. Built on the Server 2003 codebase, extremely stable and compatible with everything except 16-bit programs. My current install is over 4 years old and I keep my PC on 24/7 for weeks without needing to reboot. Actually most of the time I only need to restart my machine when I install something like new video drivers which require a restart.

I'm a developer and used to work for Microsoft, and yes, XP's brilliance was what crippled Vista, and to a lesser extent 7. But come on, let it die Smiley
legendary
Activity: 1049
Merit: 1006
...even though I'm on XP 64...

So you're the guy using XP x64!!

Best Microsoft OS ever, my friend. Built on the Server 2003 codebase, extremely stable and compatible with everything except 16-bit programs. My current install is over 4 years old and I keep my PC on for weeks without needing to reboot. Actually most of the time I only need to restart my machine when I install something like new video drivers which require a restart.
full member
Activity: 224
Merit: 100
Professional anarchist
...even though I'm on XP 64...

So you're the guy using XP x64!!
legendary
Activity: 1049
Merit: 1006
I've been using TrueCrypt since its first releases and this is really bad news. Luckily, every time a new version was released, I downloaded it for all available OS's - even though I'm on XP 64 - and stored the installers in multiple places.

There is a very nice open source alternative called DiskCryptor, which I used for a while and is even better than TrueCrypt in some aspects. For example, on XP systems TrueCrypt never allowed for non-system partitions to be encrypted or decrypted on the fly - you need to encrypt and format the partition with TrueCrypt and only then copy data to it. Both DiskCryptor and the popular commercial software DriveCrypt Plus Pack have always been able to encrypt and decrypt any type of partition on the fly on XP.

Another drawback with TrueCrypt is that the program never allowed for swap files to reside anywhere outside the encrypted system partition. Before I started encrypting all my stuff, I used to have partitions on 2 or 3 different drives exclusively for swap files, which ended up working as a kind of RAID 0 for paged memory. Of course keeping a swap file on an unencrypted partition would be a huge security hole, but TC won't let you create swap files on other partitions even if they are encrypted. Again, both DiskCryptor and DriveCrypt Plus Pack place no restrictions on how many swap files you create and where. TC's approach to this has always seemed pointless to me, since if you're encrypting your stuff you're supposed to be careful enough not to place swap files on unencrypted partitions.

The only reasons I don't use DriveCryptor instead of TrueCrypt are because it's only available for Windows and I like to keep open the possibility of accessing my encrypted data from Linux, and also it doesn't feature container based encryption.

http://www.diskcryptor.net/wiki/Main_Page

"DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. The fact of openess goes in sharp contrast with the current situation, where most of the software with comparable functionality is completely proprietary, which makes it unacceptable to use for protection of confidential data.

Originally DiskCryptor was developed as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). However the current aim of the project is to create the best product in its category. Moreover, in the future, considerable effort will be devoted to the creation of detailed documentation, explaining the internal mechanics of the program, which would be the best confirmation and demonstration of its security."
full member
Activity: 224
Merit: 100
Professional anarchist
Do i stop using TrueCrypt  Huh

I have a Windows 7 laptop that is Truecrypted, I don't intend to change that. For Windows 8, I do use Bitlocker - if you're running 7 or earlier, you're probably OK to keep using it.
member
Activity: 117
Merit: 10
Long live Bitcoin.
Do i stop using TrueCrypt  Huh
Pages:
Jump to: