TrueCrypt shuts down due to alleged 'security issues'

[neufuse Veteran]

Link?

 

Are you sure they can unencrypt it without your key? last I heard was they were cold-booting them and getting the key from memory.

 

I remember reading something a few years ago also about bitlocker being unsafe due to secret keys or something like that

[Shiranui]

I thought development had stopped ages ago?

[+Warwagon MVC]

That website screams "I'm hacked"

[primexx]

speculation is wild on Reddit right now: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/

 

nobody knows what's happening.

 

also a little odd that version 7.2 which they just put out is smaller by a good bit than 7.1a

 

It's read only.

 

Since TrueCrypt had an official code review, I guess they decided fixing the issues was not feasible.

 

I'm still using 7.1a on Windows 8.1, and I am not having any issues, so for the time being will continue to do so. But at the same time, I will do some research into BitLocker as well.

The code review only got through preliminary stages that found no significant issues. Stage two hasn't even completed yet.

 

ROT-13 or 1024-bit NSAKey

psh... ROT-26 is where it's at.

 

I thought development had stopped ages ago?

They used to be really slow at new releases too.

[gohpep]

Alternative:

http://www.arg0.net/encfs

Or for Linux users, dm-crypt with LUKS.

[Matthew_Thepc]

I remember reading something a few years ago also about bitlocker being unsafe due to secret keys or something like that

Really? All I've seen around it are the old NSAKey rumors/reports (before Bitlocker), some reports that if you can copy the RAM contents fast enough you can get the secret key out (which is a vulnerability that all encryption programs have, AFAIK), and a lot of reports saying that Microsoft consistently turned down law enforcement requests for backdoors in Bitlocker.

 

It's actually kind of weird that I haven't heard any legitimate rumors (rumors coming from someone who claims to be affiliated with the company/NSA) about a Bitlocker backdoor O.o

[puma1]

So aside from using this for whole disk encryption, what about when just creating containers, still considered unsecure? You cannot create container files with bitlocker.

[REM2000]

So aside from using this for whole disk encryption, what about when just creating containers, still considered unsecure? You cannot create container files with bitlocker.

 

I think one way i read to get around that was to create a VHD file, mount it and then bitlocker it, that was you would have the file container and it would be encrypted. I haven't tried it so can't say if it works.

[puma1]

I am still waiting to hear what all this craziness is about before deciding anything. But I am definitely looking for alternatives. Anyone have any suggestions?

[xendrome]

Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect.

[adrynalyne]

Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect.

So people should just give up their attempts to protect their info, because it is pointless to try?

 

 

Thats what you make it sound like.

 

I use TC as a password manager.

[Max Norris]

Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing?

Porn obviously. Can't have the wife finding it.

That aside, only systems I actually bother with it on is mobile devices that actually hold stuff that may be important. Not worried about it on the desktops, if "they" actually got physical access to it I've probably got bigger problems.

[puma1]

Just because a lock can be picked, do you not lock the door to your house before you leave?

And no I don't agree that if someone wants something they can and will. Not everyone is a hacker or even close, this isn't the movies. 

[AStaUK]

Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect.

 

Why make it easy for the little bleeder that has just stolen my laptop to get at any of my data?

[vcfan]

anything with TPM is not secure if physical access is acquired, and potentially remotely too. the key can be easily extracted(by those who know how to do it,like biggun).

[Andre S. Veteran]

Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect.

Security is not about making it impossible for attackers, it's about making it as hard as possible. Hard enough that it's unlikely an attacker will find it worthwhile to pursue the attack.

[Ficman]

What an odd developing story...   Watching this one closely

[puma1]

anything with TPM is not secure if physical access is acquired, and potentially remotely too. the key can be easily extracted(by those who know how to do it,like biggun).

Isn't the method for doing this something very few people can actually do successfully? I don't think your average anyone can accomplish this with 100% success rate. 

[+John Teacake MVC]

I remember reading something a few years ago also about bitlocker being unsafe due to secret keys or something like that

 

This guy hints at it I think. There's definitely a presentation about it where he says that Microsoft have a Top Secret way to work with Law Enforcement. 

[puma1]

This guy hints at it I think. There's definitely a presentation about it where he says that Microsoft have a Top Secret way to work with Law Enforcement. 

I understand but I don't think the majority of people are worried about keeping anything from top level law enforcement.. more like hackers and criminals. If you have top law enforcement on you.. encryption is not going to save you.  I am talking about some reasonable security on your personal files. 

[+John Teacake MVC]

I understand but I don't think the majority of people are worried about keeping anything from top level law enforcement.. more like hackers and criminals. If you have top law enforcement on you.. encryption is not going to save you.  I am talking about some reasonable security on your personal files. 

 

Shame I used TrueCrypt to encrypt a file and burn it to a CD and gave it to a mate to look after, I told him to look after it incase I ever needed it again  :shiftyninja:

[vcfan]

Isn't the method for doing this something very few people can actually do successfully? I don't think your average anyone can accomplish this with 100% success rate. 

heres the thing though. all it takes is one person to extract the code, then holes could be found in software. it doesn't always have to be a physical break to extract the key. as for breaking the chip physically,if you possess the knowledge,and have only $5000 worth of tools,you can do it.

[#Michael]

I was just looking on the truecrypt page and I noticed something.  If this was done by the real developers or a hacker they did a great job on the screen grabs that are posted.  They were very careful not to reveal any un-needed info and not include any info in the picture.  I do find it interesting though that the pics are png files instead of jpg.

[Fezmid Reviews]

Security is not about making it impossible for attackers, it's about making it as hard as possible. Hard enough that it's unlikely an attacker will find it worthwhile to pursue the attack.

This.  You don't need to have the best security. You only need to be more secure than your neighbor.

[neufuse Veteran]

I was just looking on the truecrypt page and I noticed something.  If this was done by the real developers or a hacker they did a great job on the screen grabs that are posted.  They were very careful not to reveal any un-needed info and not include any info in the picture.  I do find it interesting though that the pics are png files instead of jpg.

why's that interesting? We do most high quality images now in PNG format