mesquite Posted May 31, 2014 Share Posted May 31, 2014 (edited) http://boingboing.net/2014/05/29/mysterious-announcement-from-t.html in part, "The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i." Edited May 31, 2014 by mesquite Link to comment Share on other sites More sharing options...
thaimite Posted May 31, 2014 Share Posted May 31, 2014 Is it insecure? There seems to be some doubt about the announcement regarding, the reason it was made, who made it and if genuine what it actually means. Proposed reason vary from a hacked site (unlikely) to a discreet warning from the creators that pressure has been put upon them to create a back door that can be used by everybody's favourite spy agency who's name I will Not Speak Aloud here. It will also be interesting to see what the ongoing audit result of the programme is. I for one will continue to use it until an equally good open source cross platform alternative is offered. but then again I use it only to keep prying eyes away from personal information and I am not hiding anything from people who would water-board me for the password anyway. 1 Link to comment Share on other sites More sharing options...
KittenKong Posted May 31, 2014 Share Posted May 31, 2014 The website announcement may be fake. V7.2 of TrueCrypt appears to be dodgy and should not be used. Previous versions (7.1a) should be OK. http://www.theregister.co.uk/2014/05/29/truecrypt_analysis/ Link to comment Share on other sites More sharing options...
Chicog Posted May 31, 2014 Share Posted May 31, 2014 everybody's favourite spy agency who's name I will Not Speak Aloud here No Stupid Acronyms? 1 Link to comment Share on other sites More sharing options...
Rice_King Posted May 31, 2014 Share Posted May 31, 2014 And the plot thickens. See the warning on the TrueCrypt Site: http://truecrypt.sourceforge.net/ WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues There is a hidden message! Take the first letters of the warning: “uti nsa im cu si” now put this in the google translator, from Latin to English and you receive… “If I wish to use the NSA” Coincidental? Hmm. 1 Link to comment Share on other sites More sharing options...
SpaceKadet Posted May 31, 2014 Share Posted May 31, 2014 Very strange announcement indeed. And telling users to use Microsoft Bitlocker!! <deleted>! Nobody seriously uses MS products for security, now do they? MS has been practically in bed with NSA for years now. However, not all is lost. The TrueCrypt project has been restarted on http://truecrypt.ch with v7.1a download, and the source is now available on github. Doubt that NSA has much jurisdiction in Switzerland. Link to comment Share on other sites More sharing options...
alfalfa19 Posted May 31, 2014 Share Posted May 31, 2014 And the plot thickens. See the warning on the TrueCrypt Site: http://truecrypt.sourceforge.net/ WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues There is a hidden message! Take the first letters of the warning: “uti nsa im cu si” now put this in the google translator, from Latin to English and you receive… “If I wish to use the NSA” Coincidental? Hmm. Your point is well taken. I find this quote , taken from the truecrypt link you posted, particularly telling: "The development of TrueCrypt was ended in 5/2014 after "Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images"" The bolding is my own. Methinks the "integrated support" that MS is so generously offering may contain some unwanted components. Link to comment Share on other sites More sharing options...
scunner Posted May 31, 2014 Share Posted May 31, 2014 meh, or truecrypt was a NSA / CIA front all along.... (seeing as we're all playing conspiracy theory quiz night) Link to comment Share on other sites More sharing options...
katana Posted May 31, 2014 Share Posted May 31, 2014 (edited) Has anyone ever lost any data in a Truecrypt volume by virtue of the hard disk it was on becoming bad? If you ever run Scandisk from time to time, it will as you know occasionally pick up bad sectors and offer to fix them. I once tried to simulate a disk going bad and losing a few sectors by editing a couple of bytes of a large Truecrypt volume in a hexeditor. Once you do this, you can no longer open the volume with the password and the data is lost. It seems to me if you have a large Truecrypt volume of several gigabytes sitting on a hard disk for long enough, it's only a matter of time before a couple of sectors go bad and you lose all your data? Or is this unlikely to happen? Edited May 31, 2014 by katana Link to comment Share on other sites More sharing options...
CaptHaddock Posted May 31, 2014 Share Posted May 31, 2014 Is it true that the developers of Truecrypt have never identified themselves? If so, then it was never to be trusted. Link to comment Share on other sites More sharing options...
Somtamnication Posted June 1, 2014 Share Posted June 1, 2014 Is it true that the developers of Truecrypt have never identified themselves? If so, then it was never to be trusted. It is well known that the FBI could not decrypt these hard drives. So I trust the developers. Something went terribly wrong this week with those guys and I hope they are ok. Link to comment Share on other sites More sharing options...
keeniau96 Posted June 1, 2014 Share Posted June 1, 2014 Best info on TrueCrypt is at the Steve Gibson site: https://www.grc.com/misc/truecrypt/truecrypt.htm Note that GRC.com is a TrueCrypt repository. This info is seconded at TechARP: http://www.techarp.com/showarticle.aspx?artno=818 In summary, TrueCrypt 7.1a is perfectly fine (7.2 is not). So keep cool, use 7.1a, and carry on as before. Link to comment Share on other sites More sharing options...
VBF Posted June 2, 2014 Share Posted June 2, 2014 Is it true that the developers of Truecrypt have never identified themselves? If so, then it was never to be trusted. It is well known that the FBI could not decrypt these hard drives. So I trust the developers. Something went terribly wrong this week with those guys and I hope they are ok. My post above may have been premature, for which I apologise This article and the links within http://www.theregister.co.uk/2014/05/29/truecrypt_analysis/ are very interesting. The Register is a very reliable source in my experience. I am following this story with great interest, and as I have no further FACTS to offer won't conjecture further. Link to comment Share on other sites More sharing options...
topt Posted June 3, 2014 Share Posted June 3, 2014 Has anyone ever lost any data in a Truecrypt volume by virtue of the hard disk it was on becoming bad? If you ever run Scandisk from time to time, it will as you know occasionally pick up bad sectors and offer to fix them. I once tried to simulate a disk going bad and losing a few sectors by editing a couple of bytes of a large Truecrypt volume in a hexeditor. Once you do this, you can no longer open the volume with the password and the data is lost. It seems to me if you have a large Truecrypt volume of several gigabytes sitting on a hard disk for long enough, it's only a matter of time before a couple of sectors go bad and you lose all your data? Or is this unlikely to happen? I do not know the answer but I can say I have had a completely encrypted hard disk (and the laptop/disk is at least 7 years old) and several containers in various storage devices for a few years and I have not come across this situation yet. 2 Link to comment Share on other sites More sharing options...
katana Posted June 3, 2014 Share Posted June 3, 2014 topt Thanks. I currently use an old encryption program called Kruptos but it doesn't allow you direct access to the files like Truecrypt does after you mount the container. It would be nice to change over to a progam giving you easier access to encrypted files.. Link to comment Share on other sites More sharing options...
astral Posted June 5, 2014 Share Posted June 5, 2014 I have been using Truecrypt for some time and also following this story Whilst is a shame that there will be no further support for TC I do not feel that it means that it is unfit for use. Unless you are a terrorist or involved in espionage, I do not think there is a great deal to worry about. In fact I would be a lot more worried about BitLocker. As for the disk corruption concern, surely you back up your data and have a second copy on another disk?? Here are a few links for more information https://www.grc.com/misc/truecrypt/truecrypt.htm http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html http://www.pcworld.com/article/2012853/review-diskcryptor-a-worthwhile-encryption-program-thats-easy-to-use.html 2 Link to comment Share on other sites More sharing options...
Somtamnication Posted June 6, 2014 Share Posted June 6, 2014 I will be using TC for years to come. But certainly not 7.2! Link to comment Share on other sites More sharing options...
Mencken Posted June 7, 2014 Share Posted June 7, 2014 Only a fool would think TC hides anything but smallest files. Search all files... Sort by size Oh lookie at 6gb Word file hmmm? A 4gb dat or dll... Weak. Oh look, you have six files on drive X, storage shows 80gb hmmmmm... Link to comment Share on other sites More sharing options...
thaimite Posted June 7, 2014 Share Posted June 7, 2014 Only a fool would think TC hides anything but smallest files. Search all files... Sort by size Oh lookie at 6gb Word file hmmm? A 4gb dat or dll... Weak. Oh look, you have six files on drive X, storage shows 80gb hmmmmm... Of course the truecrypt container is visible, but the point is that its contents are unreadable without the key or some very sophisticated hacking tools. If you really want to hide something so that it is not obvious that it even exists then the documentation describes how to make a truecrypt container inside a truecrypt container which they describe as plausible deniability 1 Link to comment Share on other sites More sharing options...
Rice_King Posted June 8, 2014 Share Posted June 8, 2014 (edited) Only a fool would think TC hides anything but smallest files. Search all files... Sort by size Oh lookie at 6gb Word file hmmm? A 4gb dat or dll... Weak. Oh look, you have six files on drive X, storage shows 80gb hmmmmm... Agreed, a 6 GB Word file would be a dead giveaway. But what about a 6 GB AVI video file nestled in amongst 30 or more 6-8 GB AVI video files? Not so obvious then. Edited June 8, 2014 by Rice_King Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now