Skip to comments.Mysterious announcement from Truecrypt declares the project insecure and dead
Posted on 05/29/2014 8:06:55 PM PDT by aMorePerfectUnion
The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.
(Excerpt) Read more at boingboing.net ...
Dammit, we used it to encrypt our hard drives. This sucks!
All your encrypted belong to us.
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
I hate it when software becomes insecure.
Is there counseling for that?
You bet. We’ve gotta stick together.
The NSA got it.
Interesting speculation here:
Does this data compression algorithm make me look fat?
Bad news, but thanks for posting.
See this page...
What happens when the gubmint develops encryption software under another name, something like, oh, maybe “screwthensa” and makes it available to any and all? No one knows the gubmint was behind it. And the gubmint built in its own private entrance to said encryption software. Kind of a domestic Stuxnet.
If I thought of it, they have thought of it. Have they done it? I dunno.
A working theory is that they were paid off or threatened; in either case, older code might still be good. I’m hanging on until more news comes in.
I trust Bitlocker up to and including not at all. It’s not that Microsoft is “bad”, but they have a lot more to lose by not “cooperating”.
This makes no sense whatsoever. I believe what most of the Reddit commentators do. The NSA started twisting arms with secret suponeas to force the addition of a back door. Rather than comply, and they could not reveal the supoenas - that is a serious crime - the developers put out an obviously bogus explanation in order to warn users off the product.
And a recomendation for Bitlocker? From Microsoft? Give me a break!
It reminds me of that scene from breaking bad where Walter is cursing at Skylar for being so ignorant and not knowing about the drug dealing knowing the feds are monitoring the call.
The question is, is 7.1 secure or not?
That’s why nobody trusts anything but open source code.
I’m wondering if Snowden/Greenwald et.al. were using TrueCrypt and the NSA has leaned on the unknown developers of TC and topped it off with an NDA....?
With an NDA this strangeness might be the only way the devs can alert us to some sort of funny business going on.
Speaking of Bitlocker,
Here is what happened to me when I went on vacation:
I planned to do some revision on a spreadsheet during the 14 hour drive to and from Buffalo. We had traveled a couple hours, took a breakfast break and I grabbed the laptop to get some work done. I fired it up and Bitlocker demanded that I enter the encryption key which I didnt have (I was pretty sure it was in my desk). So I put the laptop away thinking I would enter the encryption key when I returned to work.
I get to work on Monday after being gone for a week and then look in the desk but no encryption key. Now Im beginning to panic. Im thinking, Why is this happening? Nothing had changed on the laptop. I turn it off and on all of the time without any problems. Why is this happening?
When I went to England/Bulgaria a couple months ago I had put a movie in the laptop. Before I went on vacation I removed the movie. I put the movie back in the laptop and it boots up like normal.
Weird. Do any Bitlocker users have an explanation for that?
was your movie on a DVD-R?
Correct response: "No. It just highlights your naughty bits."
Stranger and stranger
The efficacy of the code is directly proportional to the environment it’s used in. For instance, proper English is undecipherable in college classrooms with Black students. It will remain so because it is racist to try to teach them the skills that would allow them to break the code.
I’m also with the the Reddit folks. The NSA started cloak-and-daggering them, threatening to shut them down if they didn’t put a back door into their code, and instead of complying, they shut down the whole product.
There is an alternate explanation that the NSA found a back door in the current software and told them to NOT patch it or they’ll be shut down. The authors decided to cancel the project instead of continuing to support it, and the message they’ve left is actually true without explanation; but then that would mean that they likely exposed holes for a possible fork to take over the project and patch those holes.
Bitlocker is “secure” for most purposes, but of course, Microsoft’s been cooperating with the federal government since the 80s. I have no doubt that the MS hashes are compromised in some way, even if I can’t prove it. Your only real security left, which is scary, is OpenSSL. Since OpenSSL is protected by the GNU, the federal government is going to have a hard time twisting the arms of millions of contributors to that cause, and given the complexity of OpenSSL, you have to have a decent amount of time and patience to implement it in your own environment.
I’m using OpenSSL in my private network with plenty of honey pots, but that doesn’t mean that some ne’er-do-well couldn’t bang away at my network until they got in. Hell, from what Snowden says, it sounds like most of the goons at the NSA are script kiddies with complicated programs. If those programs don’t work, that leaves the truly competent hackers, who I don’t believe would deign to work for the NSA unless compelled to do so.
I shot coffee out of my nose on this one. Thanks for the chuckle.
Depending on the format, it’s possible the DRM in/on the movie was interfering with the functionality of the machine. I assume it was a DVD, and as such, there’s DRM that talks to the operating system which then allows it to run provided it’s an original copy. Since Bitlocker encrypts your disk, it’s possible the DRM sees your OS as invalid.
If you use Bitlocker in an enterprise environment with Active Directory, your AD admins likely have Bitlocker group policies which store your Bitlocker keys with your profile. You might want to check with them if that’s the case.
I can't believe they used TrueCrypt.
Hmm, I’ve been using DiskCryptor for a while now. I sure hope that doesn’t suffer the same fate.
Check out DiskCryptor. I have been using to encrypt my data partition for quite a while and love it.
Don't worry, I just need another 20 minutes.
If I lose or someone steals my laptop whoever has it will be unable to access any of my personal or client data. In my profession, I am ethically obligated to secure client data. I keep all of my data on a separate partition and encrypt that entire partition with DiskCryptor. I have set it up so the Diskcryptor password is required after any shutdown or reboot. It provides great peace of mind. Using a boot password rather than encryption provides some protection, but the disk can be pulled and used as a slave in another computer to gain access to the data. When encrypted the data is totally unavailable to prying eyes.
Thanks for the ping.
Right, it’s not your data, it’s client data, and it’s on your laptop.
That makes complete sense, your laptop could get stolen, you want to throw up that security barrier for that situation.
Listening to Steve Gibson on the DTNS podcast for May 29 now.
Correct. It can also be used to protect data on flash cards and flash drives which can easily be lost or stolen.
“Check out DiskCryptor. I have been using to encrypt my data partition for quite a while and love it.”
Thanks dude. :) We can’t not have an alternative...
Ok, ok, ok...I see Neo and the Agent, but where in the heck is the woman in the red dress?