Jump to content

TrueCrypt has been compromised...

AstroZombie1

it's a possibility

It could just be a plot to get people to use an even less secure program. Oh hey guys, Trucrypt is no longer secure! Please use this other pogram instead, it is totally secure, believe us!

Link to comment
Share on other sites

Link to post
Share on other sites

It could just be a plot to get people to use an even less secure program. Oh hey guys, Trucrypt is no longer secure! Please use this other pogram instead, it is totally secure, believe us!

but what reason would there be for the devs to do that?

Link to comment
Share on other sites

Link to post
Share on other sites

but what reason would there be for the devs to do that?

Money.

Link to comment
Share on other sites

Link to post
Share on other sites

but what reason would there be for the devs to do that?

 

Maybe the NSA was forcing them to cooperate like Lavabit and they are under a gag order.  Recommending MS encryption is a roundabout way for us to realize something fishy is going on without them spilling the beans.

Link to comment
Share on other sites

Link to post
Share on other sites

Money.

 

It's interesting how few people are actually considering that as an

option. Personally, it's not exactly my top contender (I mean, the

devs seemed to be pretty idealistic for the last 10 years or so),

but still, not exactly impossible.

Even if you are an idealist, if you're suddenyl befallen by financial

issues (say, your wife gets cancer), you might find yourself being

open to offers you never considered before.

I don't think it's the likeliest option, but it's not impossible.

 

Maybe the NSA was forcing them to cooperate like Lavabit and they are under a gag order.  Recommending MS encryption is a roundabout way for us to realize something fishy is going on without them spilling the beans.

Yeah, their warrant canary.

There's a thread on reddit about it for those interested: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/chtf998

And since it hasn't been posted before: truecrypt.ch

BUILD LOGS: HELIOS - Latest Update: 2015-SEP-06 ::: ZEUS - BOTW 2013-JUN-28 ::: APOLLO - Complete: 2014-MAY-10
OTHER STUFF: Cable Lacing Tutorial ::: What Is ZFS? ::: mincss Primer ::: LSI RAID Card Flashing Tutorial
FORUM INFO: Community Standards ::: The Moderating Team ::: 10TB+ Storage Showoff Topic

Link to comment
Share on other sites

Link to post
Share on other sites

According to Gibson Research Corporation, TrueCrypt is still safe:

 

 

No. The TrueCrypt development team's deliberately alarming and unexpected “goodbye and you'd better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we're on our own.

But that's okay, since we now know that TrueCrypt is regarded as important enough (see tweets above from the Open Crypto Audit and Linux Foundation projects) to be kept alive by the Internet community as a whole.

So, thanks guys . . . we'll take it from here.

 

 

It's not the same as confirming it's secure, but it seems the most likely that it's secure and he just wishes to stop developing it (for some unknown reason).

Link to comment
Share on other sites

Link to post
Share on other sites

It's not the same as confirming it's secure, but it seems the most likely that it's secure and he just wishes to stop developing it (for some unknown reason).

Yeah, but why not just freaking say so then, why the whole completely

ridiculous hoopla? Don't get me wrong, I think it's entirely plausible,

but the entire charade doesn't exactly inspire confidence (at least

not on my part). And when I look for an encryption solution to protect

my data, I need to be confident in the product I choose.

I mean, yeah, I get it. Some programmers just aren't quite right in

the head on occasion, and no matter how smart they are, their marketing

and/or social skills often range somewhere between piss poor and completely

fictional (let's be honest: sometimes github, mailing lists and so on can be

worse than the most cliched soap opera), and this could just be a symptom

of that, but come on, if you're really just fed up with working on your

project, this really isn't the proper way to communicate this, considering

the stakes. At least IMHO.

BUILD LOGS: HELIOS - Latest Update: 2015-SEP-06 ::: ZEUS - BOTW 2013-JUN-28 ::: APOLLO - Complete: 2014-MAY-10
OTHER STUFF: Cable Lacing Tutorial ::: What Is ZFS? ::: mincss Primer ::: LSI RAID Card Flashing Tutorial
FORUM INFO: Community Standards ::: The Moderating Team ::: 10TB+ Storage Showoff Topic

Link to comment
Share on other sites

Link to post
Share on other sites

Where is Nikita when you need her? I use truecrypt. Stinking nasty SOBs!

A water-cooled mid-tier gaming PC.

Link to comment
Share on other sites

Link to post
Share on other sites

Well this is depressing...really makes you wonder, how many security application are actually secure

You know something you wrote is secure when the FBI come down and spend 2 years trying to brand you as anything they can think of, a spy, a traitor, a terrorist, etc. http://en.wikipedia.org/wiki/Phil_Zimmermann (the wiki article doesn't do justice to the years of bull-poo he went through as the government agencies freaked out over the fact that he'd written PGP and released it for anyone to use; a crypto they didn't have a backdoor into, and that actually worked.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×