Jump to content

Luke recommended TrueCrypt in the latest video and said it is still secure -- This is FASLE!

Guest xnaas

Is the most recent video on Vessel, Luke says the TrueCrypt is still secure and has no vulnerabilities. This is FALSE.

 

-----

1.15 (September 26th, 2015):

  • Windows:
    • Fix two TrueCrypt vulnerabilities reported by James Forshaw (Google Project
      Zero)
      • CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by
        abusing drive letter handling.
      • CVE-2015-7359: Local Elevation of Privilege on Windows caused by
        incorrect Impersonation Token Handling.
    • Fix regression in mounting of favorite volumes at user logon.
    • Fix display of some Unicode languages (e.g. Chinese) in formatting wizard.
    • Set keyboard focus to PIM field when "Use PIM" is checked.
    • Allow Application key to open context menu on drive letters list
    • Support specifying volumes size in TB in the GUI (command line already supports this)

More reading here: https://veracrypt.codeplex.com/wikipage?title=Release%20Notes

-----

 

I know it's a little late to change the video, but you might take it down, fix the incorrect information, and reupload. Better to get this taken care of now before this is on YouTube in a week and visible to a much larger audience.

Link to comment
Share on other sites

Link to post
Share on other sites

But doesn't that mean it's fixed?

Thats that. If you need to get in touch chances are you can find someone that knows me that can get in touch.

Link to comment
Share on other sites

Link to post
Share on other sites

I thought the video in general was awful, even without those details

"It seems we living the American dream, but the people highest up got the lowest self esteem. The prettiest people do the ugliest things, for the road to riches and diamond rings."- Kanye West, "All Falls Down"

 

Link to comment
Share on other sites

Link to post
Share on other sites

Your wrong....

 

Maybe you should do a little research first, hundreds of sites are saying the same thing about 7.1a........

 

https://www.grc.com/misc/truecrypt/truecrypt.htm

CPU: i7-4770k @4.8ghz---Motherboard: Asus Sabertooth z97---Ram 32gb Corsair Vengeance---GPU: 2 EVGA GTX 980 4gb way sli---Case: Corsair 600T White---Storage: 500gb 850 Pro & WD Black 4tb---PSU: Corsair RM1000

Link to comment
Share on other sites

Link to post
Share on other sites

How many people know how to exploit these?  Not very many to be honest.

NEVER GIVE UP. NEVER STOP LEARNING. DONT LET THE PAST HURT YOU. YOU CAN DOOOOO IT

Link to comment
Share on other sites

Link to post
Share on other sites

truecrypt+keyfile(or USB)+stenography=free unbreakable encryption.

 

edit:

truecrypt is still very safe on a regular basis, you should only want do use something stronger when you need to store illegal info or special secret gov stuff, but people that got these kind of stuff probably don't use truecrypt alone or use completely diffrent stuff.

May the light have your back and your ISO low.

Link to comment
Share on other sites

Link to post
Share on other sites

Is this the porn video?  Because if we're talking TrueCrypt to stick the porn on a hidden volume, then sure it will do that just fine.  If we're talking TrueCrypt in a life or death situation, like you're a dissident in some repressive country, then it's not the greatest due to its keyfile management.  Although nothing else right now really does the hidden thing and the option to have a duress password.  Bitlocker for example is pretty solid as long as you go hard copy recovery keys only (don't upload them, no pin option, etc) , but it sells you out on boot that you have encrypted stuff when it asks for a password to continue the boot.  So then the nice secret police just start attaching the car battery to various parts of your body until you type the password in.  

Link to comment
Share on other sites

Link to post
Share on other sites

Nothing is perfect.. everything will have holes that will get patched.

 

This is just a stupid post.

X-10 - 7980XE - Gigabyte Aorous Gaming 9 - 128GB GSkill TridentZ RGB - SLI Asus GTX 1080 TI Strix
Easy Desk GuideMalware Removal Guide - New mobo, Same OS Guide

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Nothing is perfect.. everything will have holes that will get patched.

 

This is just a stupid post.

I can't agree more

CPU: i7-4770k @4.8ghz---Motherboard: Asus Sabertooth z97---Ram 32gb Corsair Vengeance---GPU: 2 EVGA GTX 980 4gb way sli---Case: Corsair 600T White---Storage: 500gb 850 Pro & WD Black 4tb---PSU: Corsair RM1000

Link to comment
Share on other sites

Link to post
Share on other sites

Nothing is perfect.. everything will have holes that will get patched.

 

This is just a stupid post.

 

and the patches contain new holes.

 

It's just a fact that if people make it, people can break it.

 

so yeah, this post is kinda pointless.

 

@xnaas follow your topic's.

May the light have your back and your ISO low.

Link to comment
Share on other sites

Link to post
Share on other sites

Nothing is perfect.. everything will have holes that will get patched.

 

This is just a stupid post.

 

Nothing is perfect, like OP's title.

Link to comment
Share on other sites

Link to post
Share on other sites

Pretty wild to claim something broken when its just been fixed. Everyone using Windows is using broken OS.

^^^^ That's my post ^^^^
<-- This is me --- That's your scrollbar -->
vvvv Who's there? vvvv

Link to comment
Share on other sites

Link to post
Share on other sites

Just watched the video the point they got to truecrypt..I gotta say that video was really stupid.

Anyways the term "no vulnerabilities" was not once used to describe truecrypt 

System Specs

CPU: Ryzen 5 5600x | Mobo: Gigabyte B550i Aorus Pro AX | RAM: Hyper X Fury 3600 64gb | GPU: ASUS RTX 2080TI | Storage: WD Blk SN750 NVMe - 1tb, Samsung 860 Evo - 1tb, WD Blk - 6tb/5tb, WD Red - 10tb | PSU:Corsair ax860 | Cooling: AMD Wraith Stealth  Displays: 55" Samsung 4k Q80R, 24" BenQ XL2420TE/XL2411Z & Asus VG248QE | Kb: K70 RGB Blue | Mouse: Logitech G903 | Case: Fractal Torrent RGB | Extra: HTC Vive, Fanatec CSR/Shifters/CSR Elite Pedals w/ Rennsport stand, Thustmaster Warthog HOTAS, Track IR5,, ARCTIC Z3 Pro Triple Monitor Arm | OS: Win 10 Pro 64 bit

Link to comment
Share on other sites

Link to post
Share on other sites

So much salt in here. My word.

 

VeraCrypt has patched the vulnerabilities, TrueCrypt has not. TrueCrypt has not been updated in ages and will never be updated again as far as I can tell. Is it good enough for 99% of people? No duh. Was inaccurate information given in the video? Yes. Does that mean the video sucks? Well...I thought the whole thing was very childish, but obviously many other enjoyed it. Yay opinions.

 

As for people linking information about TrueCrypt from 2014, I don't see how that's a "counter" to the problem. TrueCrypt has a problem. VeraCrypt does not. Is any program perfect? No. BUt the original point still stands.

Link to comment
Share on other sites

Link to post
Share on other sites

This I why many authors use DOS systems and typewriters to type there story's :P

A shadowy flight into the dangerous world of a man who does not exist.

 

Core 4 Quad Not Extreme, only available on LGA 557 at your local Circuit City

Link to comment
Share on other sites

Link to post
Share on other sites

-snip-
-snip-
-snip-

 

Hey, Security Researcher Student here. I would advise to move off of Truecrypt and onto something that is actively developed like Veracrypt, a fork and patched version of Truecrypt.

The main reason why guys in my field says it's better to back away from it is because the fact that the developers left it.

You might retort that it's been audited, yes it was, but the audit was specifically a cryptographic audit. Meaning that the company who did the audit was not looking at software vunerabilities. It did pass the audit so that means a loose encrypted file will be hard to break and makes it a viable option to keep using.

Back to the reason why security researchers don't support this is because there are no active developers, if any more vurnerabilities was found, it will not be patched as it is today with the two holes.

Local escalation is still pretty dangerous, as it means any viruses or malware can utilize the tool right away to become admin.

 

tl;dr Truecrypt will not be patched, and no developers can touch it's trademark, safer to used active forked versions like Veracrypt.

Information Security is my thing.

Running a entry/mid-range pc, upgrading it slowly.

Link to comment
Share on other sites

Link to post
Share on other sites

The Only way to achieve true online security is by:

 

Running OpenBSD, unplugging your computer, and putting it in a room made of lead.

Link to comment
Share on other sites

Link to post
Share on other sites

long story short

LUKE WE KNOW HOW TO HIDE OUR PORN

control shift n

command 2

OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to comment
Share on other sites

Link to post
Share on other sites

And this is why everyone should just use Bitlocker.

CPU: AMD Ryzen 3700x / GPU: Asus Radeon RX 6750XT OC 12GB / RAM: Corsair Vengeance LPX 2x8GB DDR4-3200
MOBO: MSI B450m Gaming Plus / NVME: Corsair MP510 240GB / Case: TT Core v21 / PSU: Seasonic 750W / OS: Win 10 Pro

Link to comment
Share on other sites

Link to post
Share on other sites

I thought the video in general was awful, even without those details

Same. I kinda think this vid along with the "How to properly recycle your electronics" and "How to hide your porn" vid were basically just things they scrapped together and put out for the sake of not missing a day of content.

4690K // 212 EVO // Z97-PRO // Vengeance 16GB // GTX 770 GTX 970 // MX100 128GB // Toshiba 1TB // Air 540 // HX650

Logitech G502 RGB // Corsair K65 RGB (MX Red)

Link to comment
Share on other sites

Link to post
Share on other sites

Hey, Security Researcher Student here. I would advise to move off of Truecrypt and onto something that is actively developed like Veracrypt, a fork and patched version of Truecrypt.

The main reason why guys in my field says it's better to back away from it is because the fact that the developers left it.

You might retort that it's been audited, yes it was, but the audit was specifically a cryptographic audit. Meaning that the company who did the audit was not looking at software vunerabilities. It did pass the audit so that means a loose encrypted file will be hard to break and makes it a viable option to keep using.

Back to the reason why security researchers don't support this is because there are no active developers, if any more vurnerabilities was found, it will not be patched as it is today with the two holes.

Local escalation is still pretty dangerous, as it means any viruses or malware can utilize the tool right away to become admin.

 

tl;dr Truecrypt will not be patched, and no developers can touch it's trademark, safer to used active forked versions like Veracrypt.

Alright your a research student?

 

I've been doing network security as a job, I've gone to defcon the last 7 years and have stayed current on all my network / secruity certs.... I literally do this stuff everyday for work........

CPU: i7-4770k @4.8ghz---Motherboard: Asus Sabertooth z97---Ram 32gb Corsair Vengeance---GPU: 2 EVGA GTX 980 4gb way sli---Case: Corsair 600T White---Storage: 500gb 850 Pro & WD Black 4tb---PSU: Corsair RM1000

Link to comment
Share on other sites

Link to post
Share on other sites

Spread the word! FASLE! FASLE! FASLE! (also I have nothing to contribute to this thread)

Tip to those that are new on LTT forum- quote a post so that the person you are quoting gets a notification, otherwise they'll have no idea that you did. You can also use a tag such as @Ryoutarou97 (replace my username with anyone's. You should get a dropdown after you type the "@")to send a notification, but quoting is preferable.

 

Feel free to PM me about absolutely anything be it tech, math, literature, etc. I'll try my best to help. I'm currently looking for a cheap used build for around $25 to set up as a home server if anyone is selling.

 

If you are a native speaker please use proper English if you can. Punctuation, capitalization, and spelling are as important to making your message readable as proper night theme formatting is.

 

My build is fully operational, but won't be posted until after I get a GPU in it and the case arted up.

Link to comment
Share on other sites

Link to post
Share on other sites

Alright your a research student?

 

I've been doing network security as a job, I've gone to defcon the last 7 years and have stayed current on all my network / secruity certs.... I literally do this stuff everyday for work........

 

On an encryption level, TrueCrypt is completely reliable system, you can trust that the encrypted files are safe. The only problem is the software, even though it is not exposed to the public web, any local processes or environments can effect the program to perform well and obviously use the current holes or unfound ones to do other things that you do not want it to do, like give your process escalated privileges. Just simply moving onto Veracrypt, which will simply updates Truecrypt's encrypted files is a better choice than having buggy software that may not work in your favour in the end.

Information Security is my thing.

Running a entry/mid-range pc, upgrading it slowly.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×