Close

Results 1 to 14 of 14

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    DF VIP Member JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,250
    Thanks
    1,112
    Thanked:        875
    Karma Level
    395

    Default Truecrypt Disk - No more

    I searched and couldn't find this on DF.

    I think the Guardian has a point in their article below this.


    http://truecrypt.sourceforge.net/

    WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

    This page exists only to help migrate existing data encrypted by TrueCrypt.

    The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.



    Encryption software TrueCrypt closes doors in odd circumstances

    TrueCrypt has shut down its site with no warning and a bizarre statement, leaving users wondering if there is something left unsaid.


    Encryption tool TrueCrypt has closed its doors, removed its downloads and advised users to switch to a competitor, citing only the end of life of Windows XP as a reason.
    To fans of the app, which lets users (including the Guardian) encrypt entire hard drives to ensure security and privacy, that rationale makes no sense – and many of them are casting around for other plausible reasons why the app and its development would cease so suddenly.
    "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP," is the explanation given on the software's webpage. "Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
    But many users of TrueCrypt are, and always would be, reluctant to hand control of their security over to Microsoft. That's partially because of the belief in the cryptography community that open-source software, where the code that handles the encryption systems can be read and checked by anyone, is inherently more secure. And it's partially because of general distrust of Microsoft.
    Moreover, the date of Microsoft's termination of support for Windows XP has been known for two years; it makes little sense to abruptly shut down TrueCrypt without warning, owing to an event which has been in diaries since April 2012.
    Has Truecrypt shut because of a government warrant?

    The TrueCrypt development team has always remained anonymous, and isn't speaking about the software's death beyond the sparse advice left on its download page – leaving users who don't believe the rationale ample room to speculate about other possibilities.
    One of the more popular suggestions is that the act is a version of what's known as a "warrant canary". Warrant canaries are legal tricks employed by conscientious organisations to get around the fact that certain demands from the US government cannot be disclosed publicly. For instance, a company which has received a national security letter, commanding it to turn over user data, may not tell its users that fact.
    To manage that problem, firms such as Tumblr employ "canaries". Tumblr's transparency report, issued in February 2014, says that the firm has "never received a National Security Letter". If later versions of the report do not contain that phrase, users can assume that Tumblr has received such a demand between the two reports. Disclosure without disclosing.
    Some TrueCrypt users wonder if the firm is taking a similar tack. "With these events, TrueCrypt jumped very high on the suspicious software list," says klti on the Reddit thread about the shut down. "Maybe that's the whole point?" If TrueCrypt had received a demand from the security services that it didn't want to comply with, closing development and warning users away from the software entirely is certainly one way to fight back.
    Better to close down before a flaw is identified?

    Others question whether the development team isn't fighting back, so much as giving up. Despite the software's open codebase, the secrecy behind its team means that it's never been given a full third-party review. As the example of OpenSSL's massive Heartbleed flaw demonstrated last month, merely being open doesn't help security if no one else is checking for bugs.
    The security researcher Matthew Green raised $70,000 in December 2013 to do just such a check. While the first part of the code review, an analysis of the software's bootloader, came back mostly clean in February, Green tells Krebs on Security that he's "a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits."
    In other words, maybe there's a bug in the software so great that it's easier to walk away than fix it. Why do so in such an obfuscatory fashion? Because it's better to make sure that all your users have switched to a secure alternative before you reveal a flaw that renders their security moot.
    Or it may be that the developers simply wanted to quit. Leaving an unmaintained piece of security software live is a dangerous thing: flaws may be found, and never fixed. Better to warn users that the software is dead before it becomes insecure, rather than after. The one user who managed to get a reply from the coders reports that that's their stated reason:

    http://www.theguardian.com/technolog...t-closes-doors

    6 Thanks given to JonEp

    Bald Bouncer (2nd June 2014),  DJ OD (2nd June 2014),  evilsatan (2nd June 2014),  liveseytowers (2nd June 2014),  muttleymacclad (2nd June 2014),  Over Carl (4th June 2014)  


  2. #2
    DF VIP Member muttleymacclad's Avatar
    Join Date
    Aug 2006
    Location
    Here
    Posts
    5,717
    Thanks
    931
    Thanked:        659
    Karma Level
    645

    Default Re: Truecrypt Disk - No more

    I use trucrypt quite a lot. Will probably switch to MS drive encryption, but having said that I seem to remember this feature was only available in enterprise versions of Win7.


    Sent from my iPhone using Tapatalk
    "When a naked man is chasing a woman through an alley with a butchers knife and a hard-on, I figure he isn't out collecting for the Red Cross." - 'Dirty' Harry

  3. #3
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Truecrypt Disk - No more

    Damn, I use truecrypt on a lot of machines and they are all running windows 7 (not enterprise edition). Might have to shell out for PGP licences...


  4. #4
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Truecrypt Disk - No more

    Tread carefully, some reddit users have made some relevant points:

    Assumption #1 The website is presumed hacked, the keys are presumed compromised. Please do not download or run it. And please don't switch to bitlocker.
    Latest working version is 7.1a. Version 7.2 is a hoax
    On the SourceForge, the keys were changed before any TrueCrypt files uploaded, but now they are deleted and the old keys got reverted back.
    Why I think so: strange key change, why bitlocker?

    More here:

    http://www.reddit.com/r/sysadmin/com...crypt_is_dead/


  5. #5
    DF VIP Member
    ilscuro's Avatar
    Join Date
    Oct 2002
    Location
    Stockport
    Posts
    4,609
    Thanks
    1,381
    Thanked:        1,192
    Karma Level
    542

    Default Re: Truecrypt Disk - No more

    I use Truecrypt to hide all the porn on my pc's it's always worked fine for me

    Sent from my GT-I9300 using Tapatalk

  6. #6
    DF VIP Member DJ OD's Avatar
    Join Date
    Jul 2001
    Location
    On da decks.
    Posts
    10,114
    Thanks
    1,008
    Thanked:        2,254
    Karma Level
    1104

    Default Re: Truecrypt Disk - No more

    I use Truecrypt to encrypt my personal files on a USB stick in case I lose it.

    Fuck BitLocker, royal pain the ass that is.


    DJ OD

  7. #7
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Truecrypt Disk - No more

    Just to note, the general consensus is that this is legit and not a site hack, I just posted that as a caution. The advice at the moment is to hold out until the matter is cleared up but if your data security is critical then obviously perform due diligence and migrate asap.


  8. #8
    DF VIP Member DJ OD's Avatar
    Join Date
    Jul 2001
    Location
    On da decks.
    Posts
    10,114
    Thanks
    1,008
    Thanked:        2,254
    Karma Level
    1104

    Default Re: Truecrypt Disk - No more

    So the risk to people is what exactly? Unfixed security issues is a bit vague!

    Why can't we continue to use the software? If will protect as well as it did yesterday etc etc.


    DJ OD

  9. #9
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Truecrypt Disk - No more

    There could be backdoors, this could be a secretive warning that the NSA has access, they could be concerned about what the ongoing independent audit has discovered etc. worrying whichever way you look at it but if you just secure pr0n then there is no worry unless you're a paedo.


  10. #10
    DF VIP Member DJ OD's Avatar
    Join Date
    Jul 2001
    Location
    On da decks.
    Posts
    10,114
    Thanks
    1,008
    Thanked:        2,254
    Karma Level
    1104

    Default Re: Truecrypt Disk - No more

    Like I said, I use Truecrypt to encrypt personal files on my usb stick i carry on my keys. Just so if I ever lose my keys or something, no joey can read my files etc. I'm not really overly concerned about the NSA wanting to look into my mortgage etc.!


    DJ OD

  11. #11
    DF VIP Member
    ZX7R's Avatar
    Join Date
    May 2002
    Location
    Hertfordshire
    Posts
    3,976
    Thanks
    507
    Thanked:        799
    Karma Level
    578

    Default Re: Truecrypt Disk - No more

    I'm looking at upgrading my existing business clients to Sophos Data Protection Suite. It has a full harddrive encryption feature; although I've yet to install it so it could be shite for all I know.
    http://www.sophos.com/en-us/medialib...nsuitedsna.pdf

  12. #12
    DF VIP Member
    liveseytowers's Avatar
    Join Date
    Aug 2007
    Location
    Bristol, Unite
    Posts
    7,756
    Thanks
    495
    Thanked:        251
    Karma Level
    643

    Default Re: Truecrypt Disk - No more

    We use McAfee Endpoint Encryption at work and it's been good for us. We use McAfee ePO anyway and it works really well.

    Sent from my HTC One using Tapatalk

  13. #13
    DF VIP Member Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,125
    Thanks
    3,975
    Thanked:        1,690
    Karma Level
    1251

    Default Re: Truecrypt Disk - No more

    Isn't it obvious - if you look up there are reports of encrypted drives being seized by authorities but no reports of the data being compromised.

    NSA putting pressure on the right points to ensure the project is swiftly terminated and keys changed with ones the NSA have a copy of would be a very safe guess in my opinion.

    Thanks to Over Carl

    JonEp (4th June 2014)  


  14. #14
    DF VIP Member blacksheep's Avatar
    Join Date
    Jun 2006
    Location
    Manchester
    Posts
    3,877
    Thanks
    87
    Thanked:        265
    Karma Level
    545

    Default Re: Truecrypt Disk - No more

    If you're using Linux have a look at decrypt with luks you can even have it so that it needs a password and a USB key to boot so if you destroy the USB key there's no way to access the data (gets round ripa).

Similar Threads

  1. anyone got ukinfo disk installed i need help
    By Detector in forum The Dog and Duck
    Replies: 12
    Last Post: 17th October 2002, 02:10 PM
  2. Boot Disk help pls
    By RudeYute in forum PC Problems
    Replies: 10
    Last Post: 8th October 2002, 05:46 PM
  3. [DVD] R2 'A.I' (2 disk set) £9.99 delivered
    By biggy7 in forum Cheapskates Corner
    Replies: 4
    Last Post: 2nd October 2002, 07:23 PM
  4. Portable Mini Disk Recorder (Sony)
    By gunner in forum Buy, Sell and Trade
    Replies: 14
    Last Post: 15th September 2002, 04:20 PM
  5. Xbox hard disk password revealer
    By rab2 in forum Microsoft Consoles
    Replies: 1
    Last Post: 28th August 2002, 12:47 PM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •