Close

Results 1 to 14 of 14
  1. #1
    DF Super Moderator JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,369
    Thanks
    1,277
    Thanked:        995
    Karma Level
    391

    Default Truecrypt Disk - No more

    I searched and couldn't find this on DF.

    I think the Guardian has a point in their article below this.


    [Only registered and activated users can see links. ]

    WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

    This page exists only to help migrate existing data encrypted by TrueCrypt.

    The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click [Only registered and activated users can see links. ] for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.



    Encryption software TrueCrypt closes doors in odd circumstances

    TrueCrypt has shut down its site with no warning and a bizarre statement, leaving users wondering if there is something left unsaid.


    Encryption tool TrueCrypt has closed its doors, removed its downloads and advised users to switch to a competitor, citing only the end of life of Windows XP as a reason.
    To fans of the app, which lets users (including the Guardian) encrypt entire hard drives to ensure security and privacy, that rationale makes no sense – and many of them are casting around for other plausible reasons why the app and its development would cease so suddenly.
    "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP," is the explanation given on the software's webpage. "Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
    But many users of TrueCrypt are, and always would be, reluctant to hand control of their security over to Microsoft. That's partially because of the belief in the cryptography community that open-source software, where the code that handles the encryption systems can be read and checked by anyone, is inherently more secure. And it's partially because of general distrust of Microsoft.
    Moreover, the date of Microsoft's termination of support for Windows XP has been [Only registered and activated users can see links. ]; it makes little sense to abruptly shut down TrueCrypt without warning, owing to an event which has been in diaries since April 2012.
    Has Truecrypt shut because of a government warrant?

    The TrueCrypt development team has always remained anonymous, and isn't speaking about the software's death beyond [Only registered and activated users can see links. ] left on its download page – leaving users who don't believe the rationale ample room to speculate about other possibilities.
    One of the more popular suggestions is that the act is a version of what's known as a "warrant canary". Warrant canaries are legal tricks employed by conscientious organisations to get around the fact that certain demands from the US government cannot be disclosed publicly. For instance, a company which has received a national security letter, commanding it to turn over user data, may not tell its users that fact.
    To manage that problem, firms such as Tumblr employ "canaries". Tumblr's transparency report, issued in February 2014, [Only registered and activated users can see links. ] has "never received a National Security Letter". If later versions of the report do not contain that phrase, users can assume that Tumblr has received such a demand between the two reports. Disclosure without disclosing.
    Some TrueCrypt users wonder if the firm is taking a similar tack. "With these events, TrueCrypt jumped very high on the suspicious software list," [Only registered and activated users can see links. ] on the Reddit thread about the shut down. "Maybe that's the whole point?" If TrueCrypt had received a demand from the security services that it didn't want to comply with, closing development and warning users away from the software entirely is certainly one way to fight back.
    Better to close down before a flaw is identified?

    Others question whether the development team isn't fighting back, so much as giving up. Despite the software's open codebase, the secrecy behind its team means that it's never been given a full third-party review. As the example of OpenSSL's massive Heartbleed flaw demonstrated last month, merely being open doesn't help security if no one else is checking for bugs.
    The security researcher Matthew Green raised $70,000 in December 2013 to do just such a check. While the first part of the code review, an analysis of the software's bootloader, [Only registered and activated users can see links. ], Green [Only registered and activated users can see links. ] that he's "a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits."
    In other words, maybe there's a bug in the software so great that it's easier to walk away than fix it. Why do so in such an obfuscatory fashion? Because it's better to make sure that all your users have switched to a secure alternative before you reveal a flaw that renders their security moot.
    Or it may be that the developers simply wanted to quit. Leaving an unmaintained piece of security software live is a dangerous thing: flaws may be found, and never fixed. Better to warn users that the software is dead before it becomes insecure, rather than after. The one user who managed to get a reply from the coders reports that that's their stated reason:

    [Only registered and activated users can see links. ]

    6 Thanks given to JonEp

    Bald Bouncer (2nd June 2014), DJ Overdose (2nd June 2014), evilsatan (2nd June 2014), liveseytowers (2nd June 2014), muttleymacclad (2nd June 2014), Over Carl (4th June 2014) 


  2. #2
    DF VIP Member muttleymacclad's Avatar
    Join Date
    Aug 2006
    Location
    Here
    Posts
    5,760
    Thanks
    951
    Thanked:        672
    Karma Level
    683

    Default Re: Truecrypt Disk - No more

    I use trucrypt quite a lot. Will probably switch to MS drive encryption, but having said that I seem to remember this feature was only available in enterprise versions of Win7.


    Sent from my iPhone using Tapatalk
    "When a naked man is chasing a woman through an alley with a butchers knife and a hard-on, I figure he isn't out collecting for the Red Cross." - 'Dirty' Harry
    [Only registered and activated users can see links. ]

  3. #3
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,356
    Thanks
    1,194
    Thanked:        3,438
    Karma Level
    1592

    Default Re: Truecrypt Disk - No more

    Damn, I use truecrypt on a lot of machines and they are all running windows 7 (not enterprise edition). Might have to shell out for PGP licences...


  4. #4
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,356
    Thanks
    1,194
    Thanked:        3,438
    Karma Level
    1592

    Default Re: Truecrypt Disk - No more

    Tread carefully, some reddit users have made some relevant points:

    Assumption #1 The website is presumed hacked, the keys are presumed compromised. Please do not download or run it. And please don't switch to bitlocker.
    Latest working version is 7.1a. Version 7.2 is a hoax
    On the SourceForge, the keys were changed before any TrueCrypt files uploaded, but now they are deleted and the old keys got reverted back.
    Why I think so: strange key change, why bitlocker?

    More here:

    [Only registered and activated users can see links. ]


  5. #5
    DF Jedi ilscuro's Avatar
    Join Date
    Oct 2002
    Location
    Stockport
    Posts
    4,927
    Thanks
    1,524
    Thanked:        1,440
    Karma Level
    603

    Default Re: Truecrypt Disk - No more

    I use Truecrypt to hide all the porn on my pc's it's always worked fine for me

    Sent from my GT-I9300 using Tapatalk

  6. #6
    DF Super Moderator DJ Overdose's Avatar
    Join Date
    Jul 2001
    Location
    On da decks.
    Posts
    10,383
    Thanks
    1,077
    Thanked:        2,465
    Karma Level
    1203

    Default Re: Truecrypt Disk - No more

    I use Truecrypt to encrypt my personal files on a USB stick in case I lose it.

    Fuck BitLocker, royal pain the ass that is.


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]

  7. #7
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,356
    Thanks
    1,194
    Thanked:        3,438
    Karma Level
    1592

    Default Re: Truecrypt Disk - No more

    Just to note, the general consensus is that this is legit and not a site hack, I just posted that as a caution. The advice at the moment is to hold out until the matter is cleared up but if your data security is critical then obviously perform due diligence and migrate asap.


  8. #8
    DF Super Moderator DJ Overdose's Avatar
    Join Date
    Jul 2001
    Location
    On da decks.
    Posts
    10,383
    Thanks
    1,077
    Thanked:        2,465
    Karma Level
    1203

    Default Re: Truecrypt Disk - No more

    So the risk to people is what exactly? Unfixed security issues is a bit vague!

    Why can't we continue to use the software? If will protect as well as it did yesterday etc etc.


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]

  9. #9
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,356
    Thanks
    1,194
    Thanked:        3,438
    Karma Level
    1592

    Default Re: Truecrypt Disk - No more

    There could be backdoors, this could be a secretive warning that the NSA has access, they could be concerned about what the ongoing independent audit has discovered etc. worrying whichever way you look at it but if you just secure pr0n then there is no worry unless you're a paedo.


  10. #10
    DF Super Moderator DJ Overdose's Avatar
    Join Date
    Jul 2001
    Location
    On da decks.
    Posts
    10,383
    Thanks
    1,077
    Thanked:        2,465
    Karma Level
    1203

    Default Re: Truecrypt Disk - No more

    Like I said, I use Truecrypt to encrypt personal files on my usb stick i carry on my keys. Just so if I ever lose my keys or something, no joey can read my files etc. I'm not really overly concerned about the NSA wanting to look into my mortgage etc.!


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]

  11. #11
    DF Jedi ZX7R's Avatar
    Join Date
    May 2002
    Location
    Hertfordshire
    Posts
    3,976
    Thanks
    507
    Thanked:        799
    Karma Level
    601

    Default Re: Truecrypt Disk - No more

    I'm looking at upgrading my existing business clients to Sophos Data Protection Suite. It has a full harddrive encryption feature; although I've yet to install it so it could be shite for all I know.
    [Only registered and activated users can see links. ]

  12. #12
    DF PwNagE liveseytowers's Avatar
    Join Date
    Aug 2007
    Location
    Bristol, Unite
    Posts
    7,789
    Thanks
    518
    Thanked:        274
    Karma Level
    656

    Default Re: Truecrypt Disk - No more

    We use McAfee Endpoint Encryption at work and it's been good for us. We use McAfee ePO anyway and it works really well.

    Sent from my HTC One using Tapatalk

  13. #13
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,192
    Thanks
    4,339
    Thanked:        1,779
    Karma Level
    1320

    Default Re: Truecrypt Disk - No more

    Isn't it obvious - if you look up there are reports of encrypted drives being seized by authorities but no reports of the data being compromised.

    NSA putting pressure on the right points to ensure the project is swiftly terminated and keys changed with ones the NSA have a copy of would be a very safe guess in my opinion.

    Thanks to Over Carl

    JonEp (4th June 2014) 


  14. #14
    DF Jedi blacksheep's Avatar
    Join Date
    Jun 2006
    Location
    Manchester
    Posts
    3,877
    Thanks
    87
    Thanked:        265
    Karma Level
    513

    Default Re: Truecrypt Disk - No more

    If you're using Linux have a look at decrypt with luks you can even have it so that it needs a password and a USB key to boot so if you destroy the USB key there's no way to access the data (gets round ripa).

Similar Threads

  1. Replies: 1
    Last Post: 10th December 2012, 01:03 PM
  2. Disk boot failure, insert disk.........
    By SoundOfFaz in forum PC Problems
    Replies: 9
    Last Post: 29th May 2007, 11:19 PM
  3. Replies: 1
    Last Post: 2nd July 2004, 01:23 PM
  4. x-disk 093
    By pizzaman27 in forum Microsoft Consoles
    Replies: 1
    Last Post: 23rd December 2003, 09:18 PM
  5. Ali (2 Disk) for 7.49
    By jim1965 in forum Cheapskates Corner
    Replies: 3
    Last Post: 1st February 2003, 09:54 PM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •