Now some involved tangentially are saying they received a NSL in "TrueCrypt warrant canary confirmed?":
http://meta.ath0.com/2014/05/30/truecrypt-warrant-canary-confirmed/
Topic: [Warning] Truecrypt has been discontinued, declared not safe (Read 2701 times)
'Tis the off topic section. It doesn't have to deal with Bitcoin.
The Bitlocker code is obviously closed source, but I trust in Market forces - unless my computer is storing my plans to release smallpox in the US, Microsoft would be unlikely to take the commercial hit of using any present backdoor, since it would be a use-once backdoor before everyone knew about it.
I don't know if there is a backdoor but if there is it would not become public knowledge unless fished out by third party experts. Secret warrant signed by a secret judge in a secret court would authorize the tap. Hack into computer, obtain encrypted data, use backdoor to decrypt. Now the entity has the data. Prove that it was obtained from a backdoor and not some other failure of security on your part. You may swear up and down that you were super secure and the NSA had to use a backdoor in bitlocker to obtain the data but how many people would believe you?
This is all very weird, but perhaps there is an explanation not involving the NSA:
The last version of Truecrypt was released in early 2012 and by then, the code was getting quite old and messy. The recent preliminary audit has already revealed a number of minor to moderate issues which the developers might not have been too keen on fixing because they were getting tired of the whole thing so instead they chose to abandon their project rather than completely revamping it for the post-Windows XP era. That and perhaps they also decided that all of the modifications to the code that would be necessary for it to work seamlessly with Windows 8 wasn't worth the trouble. The developers also, for whatever reason, didn't like the idea of having their project forked (hence the reason why they always stubbornly stuck to their own license instead of using one of the more common open source licenses) so they decided to yank the whole thing instead of passing it over to another group.
Now, if you were to discontinue a project, you would warn people that it was - from that point on, insecure and no longer recommended, wouldn't you? Especially for something like encryption where security is very important. After all, once Microsoft stopped supporting Windows XP, they went on and on about how insecure it was too. Well perhaps the same thing is going on here. If they didn't say that Truecrypt was insecure then 5 or 10 years from now, bugs might have been discovered in the code and people who were still using the program and thought that it was still secure would be blaming the Truecrypt developers for not warning them about it.
The reason why they recommend BitLocker could be because they know that most people who visit their site aren't crypto experts and so BitLocker would be the most accessible and realistic choice for this audience.
I'm not saying that I believe this theory, but it's possible.
The last version of Truecrypt was released in early 2012 and by then, the code was getting quite old and messy. The recent preliminary audit has already revealed a number of minor to moderate issues which the developers might not have been too keen on fixing because they were getting tired of the whole thing so instead they chose to abandon their project rather than completely revamping it for the post-Windows XP era. That and perhaps they also decided that all of the modifications to the code that would be necessary for it to work seamlessly with Windows 8 wasn't worth the trouble. The developers also, for whatever reason, didn't like the idea of having their project forked (hence the reason why they always stubbornly stuck to their own license instead of using one of the more common open source licenses) so they decided to yank the whole thing instead of passing it over to another group.
Now, if you were to discontinue a project, you would warn people that it was - from that point on, insecure and no longer recommended, wouldn't you? Especially for something like encryption where security is very important. After all, once Microsoft stopped supporting Windows XP, they went on and on about how insecure it was too. Well perhaps the same thing is going on here. If they didn't say that Truecrypt was insecure then 5 or 10 years from now, bugs might have been discovered in the code and people who were still using the program and thought that it was still secure would be blaming the Truecrypt developers for not warning them about it.
The reason why they recommend BitLocker could be because they know that most people who visit their site aren't crypto experts and so BitLocker would be the most accessible and realistic choice for this audience.
I'm not saying that I believe this theory, but it's possible.
Don't believe to these NSA thieves!
Here is a TrueCrypt 7.1a valid mirror:
http://cyberside.net.ee/truecrypt/
But don't forget to verify the checksums!
Here is a TrueCrypt 7.1a valid mirror:
http://cyberside.net.ee/truecrypt/
But don't forget to verify the checksums!
Total bulls#!&
Don't listen to rumours being spread by the NSA
I am quite sure that TrueCrypt developer was paid OR silently arrested by the NSA then they had modified the official site.
TrueCrypt is using a proven open techniques, nobody can crack Serpent+Aes combinations, so stopping using TC just because they "had stopped a developing" would be stupid, as well as because TC hadn't any official releases during a long time period, because it's secure and stable!
Also, look at this: http://en.wikipedia.org/wiki/Special:Contributions/Truecrypt-end
Who would be trying to modify the official wiki page so steadily and stressfully (3 times) ? Suddenly... And in a so dirty way...
... Only a hacker or the government!!!
Don't listen to rumours being spread by the NSA
I am quite sure that TrueCrypt developer was paid OR silently arrested by the NSA then they had modified the official site.
TrueCrypt is using a proven open techniques, nobody can crack Serpent+Aes combinations, so stopping using TC just because they "had stopped a developing" would be stupid, as well as because TC hadn't any official releases during a long time period, because it's secure and stable!
Also, look at this: http://en.wikipedia.org/wiki/Special:Contributions/Truecrypt-end
Who would be trying to modify the official wiki page so steadily and stressfully (3 times) ? Suddenly... And in a so dirty way...
... Only a hacker or the government!!!
So did anyone backup the old application? Is the old source code still available?
Yes, I know I have copies of the binaries, and others have posted them. I think the source code has already appeared on GitHub.
There are licensing issues though - it was never really released under an open source license.
Not important at all as long as you use it privately.
So did anyone backup the old application? Is the old source code still available?
Yes, I know I have copies of the binaries, and others have posted them. I think the source code has already appeared on GitHub.
There are licensing issues though - it was never really released under an open source license.
by me, they were forced by nsa to shutdown and winked with this absurd instructions with bitlocker about it
So did anyone backup the old application? Is the old source code still available?
by me, they were forced by nsa to shutdown and winked with this absurd instructions with bitlocker about it
A small program sniffing for your private keys or passwords whenever you run xyz-program doesn't take much imagination after the revelations of snowden.
At some level your going to have to trust someone. If you don't trust Windows, run a Linux installation. The big ones generally have been looked at enough to avoid it. If you're afraid of hardware level spying there really isn't much you can do short of building everything single piece of equipment (and I don't mean buying the parts - I mean literally building your CPU/GPU/Mobo etc). As you can see it's rather difficult to do that so if you want to use a computer you're going to have to at least trust that the hardware manufacturers aren't grouping up with the NSA to spy on you. Or just don't use a computer.
But using a closed OS made by a large US company and then talk about security is just meaningless. It's such a low hanging fruit for the NSA... Of course if you don't really care about privacy and just want to hide your bitcoins from your wife, then it's all good.
A small program sniffing for your private keys or passwords whenever you run xyz-program doesn't take much imagination after the revelations of snowden.
At some level your going to have to trust someone. If you don't trust Windows, run a Linux installation. The big ones generally have been looked at enough to avoid it. If you're afraid of hardware level spying there really isn't much you can do short of building everything single piece of equipment (and I don't mean buying the parts - I mean literally building your CPU/GPU/Mobo etc). As you can see it's rather difficult to do that so if you want to use a computer you're going to have to at least trust that the hardware manufacturers aren't grouping up with the NSA to spy on you. Or just don't use a computer.
If a backdoor can be used by the NSA, a clever 'hacker' (researcher) can also find it. Making the whole encryption meaningless (and giving false-confidence).
While that might be true, that doesn't make it a secure system. Also, things like that have a tendency to be a slippery slope... When there is a backdoor, there is a backdoor, no matter how much it is used.
I agree. But security only has meaning when viewed alongside a threat model. Truecrypt was never bullet proof, there have always been side channel attacks.
But so is windows itself! you can use whatever encryption program you want, with backdoors in Windows it will never be secure anyway.
Windows is an operating system - it is not actually your files. When a file is encrypted (assuming no backdoors/no holes - ie. theoretical perfect encryption) then it is impossible for anyone to decrypt that data without the associated password. So anyone could have access to your OS (they could even remove the HDD and boot examine it externally which is what most actually do) but they would never be able to retrieve your secure data. OS security != Data security.
A small program sniffing for your private keys or passwords whenever you run xyz-program doesn't take much imagination after the revelations of snowden.
Too much work for the NSA and MS? That wouldn't take long to do for anyone. With all the info that has come out regarding NSA I'd be surprised if they didn't.
It's a safe bet that Microsoft will have been approached by the NSA to place a backdoor into Bitlocker.
Because of the cost associated with the existence of that backdoor being publicly disclosed, it is unlikely to be used (assuming it exists) in anything other than the most dire situation, e.g. imminent terror threat etc.
While that might be true, that doesn't make it a secure system. Also, things like that have a tendency to be a slippery slope... When there is a backdoor, there is a backdoor, no matter how much it is used.
Too much work for the NSA and MS? That wouldn't take long to do for anyone. With all the info that has come out regarding NSA I'd be surprised if they didn't.
It's a safe bet that Microsoft will have been approached by the NSA to place a backdoor into Bitlocker.
Because of the cost associated with the existence of that backdoor being publicly disclosed, it is unlikely to be used (assuming it exists) in anything other than the most dire situation, e.g. imminent terror threat etc.
The Bitlocker code is obviously closed source, but I trust in Market forces - unless my computer is storing my plans to release smallpox in the US, Microsoft would be unlikely to take the commercial hit of using any present backdoor, since it would be a use-once backdoor before everyone knew about it.
So they never publically use it. All the big US corporations work with the NSA. Operation Prism. For security reasons it's quite unusable.
But so is windows itself! you can use whatever encryption program you want, with backdoors in Windows it will never be secure anyway.
Of course it will. if you fully (and truly) encrypt a storage device how can a backdoor in the OS help with gaining access to any of the data?
Sniffing your keys.
That's not a backdoor that's blatant key logging (which needs to be stored somewhere). Yes, that is possible. But it either require all key strokes to be saved or the creation of special purpose logging software for each encryption algorithm and implementation around.
Too much work for the NSA and MS? That wouldn't take long to do for anyone. With all the info that has come out regarding NSA I'd be surprised if they didn't.
But so is windows itself! you can use whatever encryption program you want, with backdoors in Windows it will never be secure anyway.
Windows is an operating system - it is not actually your files. When a file is encrypted (assuming no backdoors/no holes - ie. theoretical perfect encryption) then it is impossible for anyone to decrypt that data without the associated password. So anyone could have access to your OS (they could even remove the HDD and boot examine it externally which is what most actually do) but they would never be able to retrieve your secure data. OS security != Data security.
The Bitlocker code is obviously closed source, but I trust in Market forces - unless my computer is storing my plans to release smallpox in the US, Microsoft would be unlikely to take the commercial hit of using any present backdoor, since it would be a use-once backdoor before everyone knew about it.
So they never publically use it. All the big US corporations work with the NSA. Operation Prism. For security reasons it's quite unusable.
But so is windows itself! you can use whatever encryption program you want, with backdoors in Windows it will never be secure anyway.
Of course it will. if you fully (and truly) encrypt a storage device how can a backdoor in the OS help with gaining access to any of the data?
Sniffing your keys.
That's not a backdoor that's blatant key logging (which needs to be stored somewhere). Yes, that is possible. But it either require all key strokes to be saved or the creation of special purpose logging software for each encryption algorithm and implementation around.
Jump to: