Pages:
Author

Topic: WARNING: TrueCrypt is no longer secure! (Read 1244 times)

hero member
Activity: 546
Merit: 500
May 29, 2014, 08:38:37 PM
#21
from reddit:
Quote
They also removed the section in the license that required you to reference TrueCrypt if you branched or used it. Basically they are opening the door for a fork. The license change, the US comment change, the removal of hidden partitions, insecure errors that get thrown and telling users to use insecure software instead. They are screaming loudly to fork it due to an NSL.
newbie
Activity: 15
Merit: 0
7.1a is secure enough, it was been up for almost 3 years until this shutdown and there are 3 officially failed code audits during this period of time.
There are a lot of the US court cases where they still weren't able to go further due to lack of evidence because of the TrueCrypt encryption.

Thanks.  I found this article via reddit: https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/ which seems to say the same thing you are.  It's a bit technical for my level though.
jr. member
Activity: 49
Merit: 26
7.1a is secure enough, it was been up for almost 3 years until this shutdown and there are 3 officially failed code audits during this period of time.
There are a lot of the US court cases where they still weren't able to go further due to lack of evidence because of the TrueCrypt encryption.
newbie
Activity: 15
Merit: 0
WARNING!!!

This topic title is full of bullshit... Don't believe to all who says that ! This is just another stupid story to convince you to use NSA tools (BitLocker,RSA tools and others)
Here are original TrueCrypt 7.1a mirrors:

http://s7ick.org/tools/truecrypt/
http://cyberside.net.ee/truecrypt/


Don't get tricked and never forget to verify the checksums!

While I tend to agree with your assessment, do you have evidence of your claim?
Please search TrueCrypt on reddit, you will see a roughly 95% rate of people saying "Truecrypt is secure, more recent versions are not"

I have searched on reddit.  It's all very interesting to read, but there is a TON to sift through.  Maybe you can save us all a little time if you know specifically which versions are secure?
jr. member
Activity: 49
Merit: 26
CincyFan,
1) There are completely no evidence of the previous claim as well ("TC isn't secure anymore")
    - Because there are no official statement from a TrueCrypt author regarding this issue, signed by him personally.
    - TrueCrypt authors would never recommend using commercial software, while there are a lot of good alternatives like BestCrypt or similar.
    - There was a statement on a TC site regarding that using any commercial software is not secure, and now they suddenly have changed their mind?? WTF!!

2) There were no success in auditing a TrueCrypt sources.
On the TC Wikipedia it was said that future release will contain a full windows 8 support:
Quote
Planned features

According to the TrueCrypt website[81] the following features were planned for future releases:

    Full support for Windows 8
    Ability to encrypt Windows system partitions/drives on UEFI-based computers
    Command line options for volume creation (already implemented in Linux and Mac OS X versions)
    "Raw" CD/DVD volumes
Authors wouldn't just change their mind in that kiddy way and tell everyone to use BitLocker by Microsoft.
sr. member
Activity: 868
Merit: 250
What is next? bitcoin-qt not secure, pls. cash out your BTC and use .... ?
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
WARNING!!!

This topic title is full of bullshit... Don't believe to all who says that ! This is just another stupid story to convince you to use NSA tools (BitLocker,RSA tools and others)
Here are original TrueCrypt 7.1a mirrors:

http://s7ick.org/tools/truecrypt/
http://cyberside.net.ee/truecrypt/


Don't get tricked and never forget to verify the checksums!

While I tend to agree with your assessment, do you have evidence of your claim?
Please search TrueCrypt on reddit, you will see a roughly 95% rate of people saying "Truecrypt is secure, more recent versions are not"
newbie
Activity: 15
Merit: 0
WARNING!!!

This topic title is full of bullshit... Don't believe to all who says that ! This is just another stupid story to convince you to use NSA tools (BitLocker,RSA tools and others)
Here are original TrueCrypt 7.1a mirrors:

http://s7ick.org/tools/truecrypt/
http://cyberside.net.ee/truecrypt/


Don't get tricked and never forget to verify the checksums!

While I tend to agree with your assessment, do you have evidence of your claim?
jr. member
Activity: 49
Merit: 26
WARNING!!!

This topic title is full of bullshit... Don't believe to all who says that ! This is just another stupid story to convince you to use NSA tools (BitLocker,RSA tools and others)
Here are original TrueCrypt 7.1a mirror:

http://cyberside.net.ee/truecrypt/


Don't get tricked and never forget to verify the checksums!
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
Seriously, how did truecrypt suddenly become unsecure? I don't want to hear
"Oh well, uhh, old exploits weren't fixed so that means it's vulnerable and were not gonna fix it because NSA told us to drop the program"
What the hell is making truecrypt unsecure? I'm damn confident that it'd be harder for the NSA to open a truecrypt drive than a Bitlocker drive...
legendary
Activity: 1442
Merit: 1000
Antifragile
So, an industry standard (so to speak) encryption program, is suddenly no longer secure and that is all?
Is there a canary here? Looks like it...

Has to be.  It makes no sense otherwise.  If not, it seems they were forced to shut down by certain US agencies.

It looks like NSA is getting to the point where more and more people just flat out don't respect them and are willing to do whatever because their heart says so.

Further, they appear to be in a bit of a self inflicted Chinese finger trap, and easing up just lets us a bit more free. Lose lose for them and for us win win.  Grin
newbie
Activity: 15
Merit: 0
So, an industry standard (so to speak) encryption program, is suddenly no longer secure and that is all?
Is there a canary here? Looks like it...

Has to be.  It makes no sense otherwise.  If not, it seems they were forced to shut down by certain US agencies.
legendary
Activity: 1442
Merit: 1000
Antifragile
So, an industry standard (so to speak) encryption program, is suddenly no longer secure and that is all?
Is there a canary here? Looks like it...
legendary
Activity: 1722
Merit: 1000
any stats how many users are affected by this

NSA probably has a death order on them, if they say they die..  I'm not joking.
legendary
Activity: 1722
Merit: 1000
Strange that development just ended due to "support for XP ending".  The explanation ignores the fact that people would want to use TrueCrypt on Linux, OSX, and later versions of Windows.  I wonder if a three letter agency coerced the development team into integrating backdoors and rather than do that they just ended development?

This sounds very accurate.

Allow us access to your customers encrypted files.

NO

If you don't jail for life,

oh ya, TrueCrypt  SHUTDOWN, suck my D NSA.

We need mass public hangings of many public officals, such betrayal of the public should only be met one way.
hero member
Activity: 802
Merit: 1003
GCVMMWH
Maybe something came up in the latest audit?
full member
Activity: 182
Merit: 100
I did not hear about this. I guess it's time to re-encrypt the flash drives for cold storage.
hero member
Activity: 546
Merit: 500
Strange that development just ended due to support for XP ending.  The explanation is dubious as it ignores the fact that people would want to use TrueCrypt on Linux, OSX, and later versions of Windows.  I wonder if a three letter agency coerced the development team into integrating backdoors and rather than do that they just ended development?

This seems like an NSA letter to me.... not unlike what happened with Lavabit.
member
Activity: 73
Merit: 10
any stats how many users are affected by this
donator
Activity: 1218
Merit: 1079
Gerald Davis
Strange that development just ended due to "support for XP ending".  The explanation ignores the fact that people would want to use TrueCrypt on Linux, OSX, and later versions of Windows.  I wonder if a three letter agency coerced the development team into integrating backdoors and rather than do that they just ended development?
Pages:
Jump to: