Jump to content
Be the first to know! Get our Daily Newsletter! ×

Mysterious announcement from Truecrypt declares the project insecure and dead

mesquite

By mesquite
in IT and Computers

 Share

Recommended Posts

mesquite Gold Member

mesquite

Posted
Posted (edited)

http://boingboing.net/2014/05/29/mysterious-announcement-from-t.html

in part,

"The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i."

Edited by mesquite
Link to comment
Share on other sites
thaimite Gold Member

thaimite

Posted
Posted

Is it insecure?

There seems to be some doubt about the announcement regarding, the reason it was made, who made it and if genuine what it actually means. Proposed reason vary from a hacked site (unlikely) to a discreet warning from the creators that pressure has been put upon them to create a back door that can be used by everybody's favourite spy agency who's name I will Not Speak Aloud here. It will also be interesting to see what the ongoing audit result of the programme is.

I for one will continue to use it until an equally good open source cross platform alternative is offered.

but then again I use it only to keep prying eyes away from personal information and I am not hiding anything from people who would water-board me for the password anyway.

  • Like 1
Link to comment
Share on other sites
Rice_King Silver Member

Rice_King

Posted
Posted

And the plot thickens.

See the warning on the TrueCrypt Site: http://truecrypt.sourceforge.net/

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

There is a hidden message! Take the first letters of the warning:

“uti nsa im cu si” now put this in the google translator, from Latin to English and you receive…

“If I wish to use the NSA”

Coincidental? Hmm.

  • Like 1
Link to comment
Share on other sites
SpaceKadet Silver Member

SpaceKadet

Posted
Posted

Very strange announcement indeed. And telling users to use Microsoft Bitlocker!! <deleted>! Nobody seriously uses MS products for security, now do they? MS has been practically in bed with NSA for years now.

However, not all is lost. The TrueCrypt project has been restarted on http://truecrypt.ch with v7.1a download, and the source is now available on github. Doubt that NSA has much jurisdiction in Switzerland.

Link to comment
Share on other sites
alfalfa19 Silver Member

alfalfa19

Posted
Posted

And the plot thickens.

See the warning on the TrueCrypt Site: http://truecrypt.sourceforge.net/

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

There is a hidden message! Take the first letters of the warning:

“uti nsa im cu si” now put this in the google translator, from Latin to English and you receive…

“If I wish to use the NSA”

Coincidental? Hmm.

Your point is well taken. I find this quote , taken from the truecrypt link you posted, particularly telling: "The development of TrueCrypt was ended in 5/2014 after "Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images""

The bolding is my own. Methinks the "integrated support" that MS is so generously offering may contain some unwanted components.

Link to comment
Share on other sites
katana Platinum Member

katana

Posted
Posted (edited)

Has anyone ever lost any data in a Truecrypt volume by virtue of the hard disk it was on becoming bad? If you ever run Scandisk from time to time, it will as you know occasionally pick up bad sectors and offer to fix them.

I once tried to simulate a disk going bad and losing a few sectors by editing a couple of bytes of a large Truecrypt volume in a hexeditor. Once you do this, you can no longer open the volume with the password and the data is lost.

It seems to me if you have a large Truecrypt volume of several gigabytes sitting on a hard disk for long enough, it's only a matter of time before a couple of sectors go bad and you lose all your data?

Or is this unlikely to happen?

Edited by katana
Link to comment
Share on other sites
Somtamnication Ruby Member

Somtamnication

Posted
Posted

Is it true that the developers of Truecrypt have never identified themselves? If so, then it was never to be trusted.

It is well known that the FBI could not decrypt these hard drives. So I trust the developers. Something went terribly wrong this week with those guys and I hope they are ok.

Link to comment
Share on other sites
VBF Platinum Member

VBF

Posted
Posted

Is it true that the developers of Truecrypt have never identified themselves? If so, then it was never to be trusted.

It is well known that the FBI could not decrypt these hard drives. So I trust the developers. Something went terribly wrong this week with those guys and I hope they are ok.

My post above may have been premature, for which I apologise wai.gif.pagespeed.ce.ptXUXgG4cA.gif

This article and the links within http://www.theregister.co.uk/2014/05/29/truecrypt_analysis/ are very interesting. The Register is a very reliable source in my experience.

I am following this story with great interest, and as I have no further FACTS to offer won't conjecture further.

Link to comment
Share on other sites
topt Ruby Member

topt

Posted
Posted

Has anyone ever lost any data in a Truecrypt volume by virtue of the hard disk it was on becoming bad? If you ever run Scandisk from time to time, it will as you know occasionally pick up bad sectors and offer to fix them.

I once tried to simulate a disk going bad and losing a few sectors by editing a couple of bytes of a large Truecrypt volume in a hexeditor. Once you do this, you can no longer open the volume with the password and the data is lost.

It seems to me if you have a large Truecrypt volume of several gigabytes sitting on a hard disk for long enough, it's only a matter of time before a couple of sectors go bad and you lose all your data?

Or is this unlikely to happen?

I do not know the answer but I can say I have had a completely encrypted hard disk (and the laptop/disk is at least 7 years old) and several containers in various storage devices for a few years and I have not come across this situation yet.

  • Like 2
Link to comment
Share on other sites
katana Platinum Member

katana

Posted
Posted

topt

Thanks. I currently use an old encryption program called Kruptos but it doesn't allow you direct access to the files like Truecrypt does after you mount the container. It would be nice to change over to a progam giving you easier access to encrypted files..

Link to comment
Share on other sites
astral Star Member

astral

Posted
Posted

I have been using Truecrypt for some time

and also following this story

Whilst is a shame that there will be no further support for TC I do not feel that it means that it is unfit for use.

Unless you are a terrorist or involved in espionage, I do not think there is a great deal to worry about.

In fact I would be a lot more worried about BitLocker. bah.gif

As for the disk corruption concern, surely you back up your data

and have a second copy on another disk??

Here are a few links for more information

https://www.grc.com/misc/truecrypt/truecrypt.htm

http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

http://www.pcworld.com/article/2012853/review-diskcryptor-a-worthwhile-encryption-program-thats-easy-to-use.html

  • Like 2
Link to comment
Share on other sites
Mencken Advanced Member

Mencken

Posted
Posted

Only a fool would think TC hides anything but smallest files.

Search all files...

Sort by size

Oh lookie at 6gb Word file hmmm?

A 4gb dat or dll...

Weak.

Oh look, you have six files on drive X, storage shows 80gb hmmmmm...

Link to comment
Share on other sites
thaimite Gold Member

thaimite

Posted
Posted

Only a fool would think TC hides anything but smallest files.

Search all files...

Sort by size

Oh lookie at 6gb Word file hmmm?

A 4gb dat or dll...

Weak.

Oh look, you have six files on drive X, storage shows 80gb hmmmmm...

Of course the truecrypt container is visible, but the point is that its contents are unreadable without the key or some very sophisticated hacking tools.

If you really want to hide something so that it is not obvious that it even exists then the documentation describes how to make a truecrypt container inside a truecrypt container which they describe as plausible deniability

  • Like 1
Link to comment
Share on other sites
Rice_King Silver Member

Rice_King

Posted
Posted (edited)

Only a fool would think TC hides anything but smallest files.

Search all files...

Sort by size

Oh lookie at 6gb Word file hmmm?

A 4gb dat or dll...

Weak.

Oh look, you have six files on drive X, storage shows 80gb hmmmmm...

Agreed, a 6 GB Word file would be a dead giveaway. But what about a 6 GB AVI video file nestled in amongst 30 or more 6-8 GB AVI video files? Not so obvious then.

Edited by Rice_King
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




  • Popular Now

×
×
  • Create New...