Jump to content



Photo

TrueCrypt shuts down due to alleged 'security issues'


  • Please log in to reply
87 replies to this topic

#1 +FiB3R

FiB3R

    aka DARKFiB3R

  • 7,358 posts
  • Joined: 06-November 02
  • Location: SE London
  • OS: Windows 8.1 Enterprise
  • Phone: Lumia 930

Posted 28 May 2014 - 22:22

TrueCrypt, leading encryption software touted and used by no less than Edward Snowden and Glenn Greenwald, now appears to be dead, according to its recently updated website, but no one seems to know why—or if the program's ominous warning is legitimate.

 

“WARNING,” the site reads in large red letters. “Using TrueCrypt is not secure as it may contain unfixed security issues.”

 

A 10-year-old application, TrueCrypt has long been used for encrypting hard drives and USB sticks on Windows, Linux, and Macs.

 

The open source program was developed by the pseudonymous TrueCrypt team, who have made no public comment since the program’s site changed drastically, leaving many to wonder if the website was hacked or if the warning is legitimate.

 

However, the newest version of TrueCrypt 7.2 has the same ominous warning message now showing to users, suggesting that this isn’t simply a website-related issue.

 

More...




#2 Osiris

Osiris

    Neowinian God!

  • 11,379 posts
  • Joined: 31-October 01
  • Location: Australia
  • OS: WIndows 8.2
  • Phone: Nokia 930

Posted 28 May 2014 - 22:36

Well only one way to be secure now

/microwaves hdds, put on tin foil hat



#3 thatguyandrew1992

thatguyandrew1992

    Neowinian Senior

  • 2,292 posts
  • Joined: 22-January 09

Posted 28 May 2014 - 22:39

Wth? This is weird! What other options are there?



#4 i_was_here

i_was_here

    Neowinian Senior

  • 1,780 posts
  • Joined: 29-October 08

Posted 28 May 2014 - 22:42

I hope there is some cross-platform alternative to TrueCrypt. I would at least like something I can use on both Windows and Linux.



#5 OP +FiB3R

FiB3R

    aka DARKFiB3R

  • 7,358 posts
  • Joined: 06-November 02
  • Location: SE London
  • OS: Windows 8.1 Enterprise
  • Phone: Lumia 930

Posted 28 May 2014 - 22:44

Wth? This is weird! What other options are there?

Well, according to TrueCrypts own page on SourceForge, another option is BitLocker. Which may be fair enough, but makes this seem all the more strange.



#6 thatguyandrew1992

thatguyandrew1992

    Neowinian Senior

  • 2,292 posts
  • Joined: 22-January 09

Posted 28 May 2014 - 22:45

Apparently it's been infected with malware or something



#7 Max Norris

Max Norris

    Neowinian Senior

  • 4,446 posts
  • Joined: 20-February 11
  • OS: Windows, BSD & Arch, Occasionally OSX
  • Phone: HTC One (Home) Lumia 1020 (Work)

Posted 28 May 2014 - 22:46

Wth? This is weird! What other options are there?

Built in BitLocker with any supported version of Windows, OSX has FileVault, there's a fair number of alternatives too, for an example list:
http://en.wikipedia....yption_software

#8 vetneufuse

neufuse

    Neowinian Senior

  • 16,765 posts
  • Joined: 16-February 04

Posted 28 May 2014 - 22:49

I think truecrypt shut down years ago, it was on 7.1 forever...

 

but bitlocker? not every computer has a TPM chip in it


Well, according to TrueCrypts own page on SourceForge, another option is BitLocker. Which may be fair enough, but makes this seem all the more strange.

yeah I found it odd also, Bitlocker is an odd suggestion from a 3rd party security point of view



#9 Max Norris

Max Norris

    Neowinian Senior

  • 4,446 posts
  • Joined: 20-February 11
  • OS: Windows, BSD & Arch, Occasionally OSX
  • Phone: HTC One (Home) Lumia 1020 (Work)

Posted 28 May 2014 - 22:52

but bitlocker? not every computer has a TPM chip in it

It's not a set-in-stone requirement, you can bypass the restriction via group policy.

#10 Aergan

Aergan

    Neowinian Senior

  • 2,358 posts
  • Joined: 24-September 05
  • Location: Staffordshire, UK
  • OS: Xubuntu 14.04.1 / Server 2012 R2 / Ubuntu Server 14.04.1
  • Phone: Sony Xperia Z1

Posted 28 May 2014 - 22:52

????



#11 vetneufuse

neufuse

    Neowinian Senior

  • 16,765 posts
  • Joined: 16-February 04

Posted 28 May 2014 - 22:56

It's not a set-in-stone requirement, you can bypass the restriction via group policy.

you shouldn't have to bypass anything



#12 Max Norris

Max Norris

    Neowinian Senior

  • 4,446 posts
  • Joined: 20-February 11
  • OS: Windows, BSD & Arch, Occasionally OSX
  • Phone: HTC One (Home) Lumia 1020 (Work)

Posted 28 May 2014 - 22:58

you shouldn't have to bypass anything

It's just a setting, one among hundreds... by default it's set to the more secure configuration. Would you prefer they didn't give you the option or have it less secure out of the box?

#13 vetneufuse

neufuse

    Neowinian Senior

  • 16,765 posts
  • Joined: 16-February 04

Posted 28 May 2014 - 22:58

also a little odd that version 7.2 which they just put out is smaller by a good bit than 7.1a



#14 BoondockSaint

BoondockSaint

    ..:: Veritas : Aequitas ::..

  • 138 posts
  • Joined: 19-March 03
  • Location: Lost in Europe

Posted 28 May 2014 - 23:01

Since TrueCrypt had an official code review, I guess they decided fixing the issues was not feasible.

 

I'm still using 7.1a on Windows 8.1, and I am not having any issues, so for the time being will continue to do so. But at the same time, I will do some research into BitLocker as well.



#15 vetneufuse

neufuse

    Neowinian Senior

  • 16,765 posts
  • Joined: 16-February 04

Posted 28 May 2014 - 23:16

ok, something is seriously wrong with the 7.2 code, installed it in a protected VM environment and it's doing some odd things network wise... I don't think file that is begin served right now is legit... I've never had truecrypt try to make network connections in the past