Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Mysterious announcement from Truecrypt declares the project insecure and dead
boing boing ^ | 5-29-14 | Cory Doctorow

Posted on 05/29/2014 8:06:55 PM PDT by aMorePerfectUnion

The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.

(Excerpt) Read more at boingboing.net ...


TOPICS: Computers/Internet; Conspiracy; Miscellaneous
KEYWORDS: bitlocker; cryptography; edwardsnowden; encryption; software; truecrypt
Navigation: use the links below to view more comments.
first 1-5051-54 next last
If you are interested in the developments in privacy protection, I commend this article to you. Whole article at web link
1 posted on 05/29/2014 8:06:55 PM PDT by aMorePerfectUnion
[ Post Reply | Private Reply | View Replies]

To: aMorePerfectUnion; ShadowAce

B?!p


2 posted on 05/29/2014 8:08:08 PM PDT by GeronL (Vote for Conservatives not for Republicans)
[ Post Reply | Private Reply | To 1 | View Replies]

To: aMorePerfectUnion

Dammit, we used it to encrypt our hard drives. This sucks!


3 posted on 05/29/2014 8:11:30 PM PDT by max americana (fired liberals in our company last election, and I laughed while they cried (true story))
[ Post Reply | Private Reply | To 1 | View Replies]

To: max americana

All your encrypted belong to us.


4 posted on 05/29/2014 8:17:51 PM PDT by smokingfrog ( sleep with one eye open (<o> ---)
[ Post Reply | Private Reply | To 3 | View Replies]

To: aMorePerfectUnion

5 posted on 05/29/2014 8:19:56 PM PDT by bigbob (The best way to get a bad law repealed is to enforce it strictly. Abraham Lincoln)
[ Post Reply | Private Reply | To 1 | View Replies]

To: aMorePerfectUnion; COUNTrecount; Nowhere Man; FightThePower!; C. Edmund Wright; jacob allen; ...

Nut-job Conspiracy Theory Ping!

To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...

6 posted on 05/29/2014 8:21:11 PM PDT by null and void (Disarm Hollywood! No Guns for Box Office!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: aMorePerfectUnion

I hate it when software becomes insecure.


7 posted on 05/29/2014 8:21:15 PM PDT by Kirkwood (Zombie Hunter)
[ Post Reply | Private Reply | To 1 | View Replies]

To: AdmSmith; AnonymousConservative; Berosus; bigheadfred; Bockscar; cardinal4; ColdOne; ...

Thanks aMorePerfectUnion.


8 posted on 05/29/2014 8:21:46 PM PDT by SunkenCiv (https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | View Replies]

To: aMorePerfectUnion
Interesting. TrueCrypt was being subjected to a comprehensive audit when this announcement came out. The first stage of the audit found nothing, and they had moved on to the formal cryptanalysis.
9 posted on 05/29/2014 8:22:25 PM PDT by Corporate Democrat
[ Post Reply | Private Reply | To 1 | View Replies]

To: Kirkwood

Is there counseling for that?


10 posted on 05/29/2014 8:22:42 PM PDT by GeronL (Vote for Conservatives not for Republicans)
[ Post Reply | Private Reply | To 7 | View Replies]

To: SunkenCiv

You bet. We’ve gotta stick together.


11 posted on 05/29/2014 8:23:11 PM PDT by aMorePerfectUnion ( "I didn't leave the Central Oligarchy Party. It left me." - Ronaldus Magnimus, 2014)
[ Post Reply | Private Reply | To 8 | View Replies]

To: aMorePerfectUnion

The NSA got it.


12 posted on 05/29/2014 8:24:41 PM PDT by Dallas59 ("Remember me as you pass by, As you are now, so once was I, As I am now, so you will be")
[ Post Reply | Private Reply | To 1 | View Replies]

To: aMorePerfectUnion

Interesting speculation here:

http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/


13 posted on 05/29/2014 8:26:14 PM PDT by aMorePerfectUnion ( "I didn't leave the Central Oligarchy Party. It left me." - Ronaldus Magnimus, 2014)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigbob
Almost unbroken...


14 posted on 05/29/2014 8:26:22 PM PDT by ProtectOurFreedom
[ Post Reply | Private Reply | To 5 | View Replies]

To: GeronL

Does this data compression algorithm make me look fat?


15 posted on 05/29/2014 8:28:10 PM PDT by Kirkwood (Zombie Hunter)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Kirkwood

Lol


16 posted on 05/29/2014 8:28:50 PM PDT by GeronL (Vote for Conservatives not for Republicans)
[ Post Reply | Private Reply | To 15 | View Replies]

To: aMorePerfectUnion

Bad news, but thanks for posting.


17 posted on 05/29/2014 8:29:43 PM PDT by expat1000
[ Post Reply | Private Reply | To 1 | View Replies]

To: aMorePerfectUnion

See this page...
https://www.grc.com/misc/truecrypt/truecrypt.htm


18 posted on 05/29/2014 8:33:36 PM PDT by Bobalu (What cannot be programmed cannot be physics)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Kirkwood

What happens when the gubmint develops encryption software under another name, something like, oh, maybe “screwthensa” and makes it available to any and all? No one knows the gubmint was behind it. And the gubmint built in its own private entrance to said encryption software. Kind of a domestic Stuxnet.

If I thought of it, they have thought of it. Have they done it? I dunno.


19 posted on 05/29/2014 8:47:02 PM PDT by RobinOfKingston (Democrats--the party of Evil. Republicans--the party of Stupid.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Bobalu

A working theory is that they were paid off or threatened; in either case, older code might still be good. I’m hanging on until more news comes in.

I trust Bitlocker up to and including not at all. It’s not that Microsoft is “bad”, but they have a lot more to lose by not “cooperating”.


20 posted on 05/29/2014 8:48:01 PM PDT by The Antiyuppie ("When small men cast long shadows, then it is very late in the day.")
[ Post Reply | Private Reply | To 18 | View Replies]

To: aMorePerfectUnion
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images.

This makes no sense whatsoever. I believe what most of the Reddit commentators do. The NSA started twisting arms with secret suponeas to force the addition of a back door. Rather than comply, and they could not reveal the supoenas - that is a serious crime - the developers put out an obviously bogus explanation in order to warn users off the product.

And a recomendation for Bitlocker? From Microsoft? Give me a break!

It reminds me of that scene from breaking bad where Walter is cursing at Skylar for being so ignorant and not knowing about the drug dealing knowing the feds are monitoring the call.

The question is, is 7.1 secure or not?

21 posted on 05/29/2014 8:49:26 PM PDT by expat1000
[ Post Reply | Private Reply | To 13 | View Replies]

To: RobinOfKingston

That’s why nobody trusts anything but open source code.


22 posted on 05/29/2014 8:51:41 PM PDT by expat1000
[ Post Reply | Private Reply | To 19 | View Replies]

To: The Antiyuppie

I’m wondering if Snowden/Greenwald et.al. were using TrueCrypt and the NSA has leaned on the unknown developers of TC and topped it off with an NDA....?

With an NDA this strangeness might be the only way the devs can alert us to some sort of funny business going on.


23 posted on 05/29/2014 8:52:35 PM PDT by Bobalu (What cannot be programmed cannot be physics)
[ Post Reply | Private Reply | To 20 | View Replies]

To: The Antiyuppie

Speaking of Bitlocker,

Here is what happened to me when I went on vacation:

I planned to do some revision on a spreadsheet during the 14 hour drive to and from Buffalo. We had traveled a couple hours, took a breakfast break and I grabbed the laptop to get some work done. I fired it up and Bitlocker demanded that I enter the encryption key which I didn’t have (I was pretty sure it was in my desk). So I put the laptop away thinking I would enter the encryption key when I returned to work.

I get to work on Monday after being gone for a week and then look in the desk but no encryption key. Now I’m beginning to panic. I’m thinking, ‘Why is this happening? Nothing had changed on the laptop. I turn it off and on all of the time without any problems. Why is this happening?’

When I went to England/Bulgaria a couple months ago I had put a movie in the laptop. Before I went on vacation I removed the movie. I put the movie back in the laptop and it boots up like normal.

Weird. Do any Bitlocker users have an explanation for that?


24 posted on 05/29/2014 8:57:04 PM PDT by killermosquito (Buffalo, Detroit (and eventually France) is what you get when liberalism runs its course.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: killermosquito

was your movie on a DVD-R?


25 posted on 05/29/2014 9:31:12 PM PDT by higgmeister ( In the Shadow of The Big Chicken!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: ProtectOurFreedom
Unbroken:


26 posted on 05/29/2014 10:59:26 PM PDT by FredZarguna (Zodiac 340.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Kirkwood
Does this data compression algorithm make me look fat?

Correct response: "No. It just highlights your naughty bits."

27 posted on 05/29/2014 11:01:34 PM PDT by FredZarguna (043 Caidoz.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Nailbiter

later read


28 posted on 05/29/2014 11:02:27 PM PDT by Nailbiter
[ Post Reply | Private Reply | To 1 | View Replies]

To: FredZarguna
Cracked. Celebrimbor, SA 1693:
29 posted on 05/29/2014 11:08:32 PM PDT by FredZarguna (Ash nazg durbatulûk, ash nazg gimbatul, ash nazg thrakatulûk, agh burzum-ishi krimpatul.')
[ Post Reply | Private Reply | To 26 | View Replies]

To: null and void

Stranger and stranger


30 posted on 05/29/2014 11:08:36 PM PDT by Nifster
[ Post Reply | Private Reply | To 6 | View Replies]

To: FredZarguna

31 posted on 05/29/2014 11:11:52 PM PDT by FredZarguna (Ash nazg durbatulûk, ash nazg gimbatul, ash nazg thrakatulûk, agh burzum-ishi krimpatul.')
[ Post Reply | Private Reply | To 29 | View Replies]

To: ProtectOurFreedom

The efficacy of the code is directly proportional to the environment it’s used in. For instance, proper English is undecipherable in college classrooms with Black students. It will remain so because it is racist to try to teach them the skills that would allow them to break the code.


32 posted on 05/30/2014 4:08:12 AM PDT by trebb (Where in the the hell has my country gone?)
[ Post Reply | Private Reply | To 14 | View Replies]

To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

33 posted on 05/30/2014 4:11:44 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: expat1000

I’m also with the the Reddit folks. The NSA started cloak-and-daggering them, threatening to shut them down if they didn’t put a back door into their code, and instead of complying, they shut down the whole product.

There is an alternate explanation that the NSA found a back door in the current software and told them to NOT patch it or they’ll be shut down. The authors decided to cancel the project instead of continuing to support it, and the message they’ve left is actually true without explanation; but then that would mean that they likely exposed holes for a possible fork to take over the project and patch those holes.

Bitlocker is “secure” for most purposes, but of course, Microsoft’s been cooperating with the federal government since the 80s. I have no doubt that the MS hashes are compromised in some way, even if I can’t prove it. Your only real security left, which is scary, is OpenSSL. Since OpenSSL is protected by the GNU, the federal government is going to have a hard time twisting the arms of millions of contributors to that cause, and given the complexity of OpenSSL, you have to have a decent amount of time and patience to implement it in your own environment.

I’m using OpenSSL in my private network with plenty of honey pots, but that doesn’t mean that some ne’er-do-well couldn’t bang away at my network until they got in. Hell, from what Snowden says, it sounds like most of the goons at the NSA are script kiddies with complicated programs. If those programs don’t work, that leaves the truly competent hackers, who I don’t believe would deign to work for the NSA unless compelled to do so.


34 posted on 05/30/2014 5:22:59 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: trebb

I shot coffee out of my nose on this one. Thanks for the chuckle.


35 posted on 05/30/2014 5:24:29 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: killermosquito

Depending on the format, it’s possible the DRM in/on the movie was interfering with the functionality of the machine. I assume it was a DVD, and as such, there’s DRM that talks to the operating system which then allows it to run provided it’s an original copy. Since Bitlocker encrypts your disk, it’s possible the DRM sees your OS as invalid.

If you use Bitlocker in an enterprise environment with Active Directory, your AD admins likely have Bitlocker group policies which store your Bitlocker keys with your profile. You might want to check with them if that’s the case.


36 posted on 05/30/2014 5:27:19 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: aMorePerfectUnion

I can't believe they used TrueCrypt.

37 posted on 05/30/2014 5:30:21 AM PDT by McGruff (What if I told you your leaders were lying to you?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: expat1000

Bingo


38 posted on 05/30/2014 5:51:33 AM PDT by Bikkuri (Molon Labe)
[ Post Reply | Private Reply | To 22 | View Replies]

To: aMorePerfectUnion

Hmm, I’ve been using DiskCryptor for a while now. I sure hope that doesn’t suffer the same fate.


39 posted on 05/30/2014 6:02:19 AM PDT by KevinB ("If it weren't for double standards Democrats would have no standards at all" - Chris Plante)
[ Post Reply | Private Reply | To 1 | View Replies]

To: max americana
Dammit, we used it to encrypt our hard drives. This sucks!

Check out DiskCryptor. I have been using to encrypt my data partition for quite a while and love it.

40 posted on 05/30/2014 6:09:21 AM PDT by KevinB ("If it weren't for double standards Democrats would have no standards at all" - Chris Plante)
[ Post Reply | Private Reply | To 3 | View Replies]

To: McGruff
I can't believe they used TrueCrypt.

Don't worry, I just need another 20 minutes.

41 posted on 05/30/2014 7:07:46 AM PDT by ProtectOurFreedom
[ Post Reply | Private Reply | To 37 | View Replies]

To: KevinB
Dammit, we used it to encrypt our hard drives. This sucks!

Check out DiskCryptor. I have been using to encrypt my data partition for quite a while and love it.


I find the popularity of whole disk encryption interesting.

Why do you do that ?
42 posted on 05/30/2014 7:29:51 AM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 40 | View Replies]

To: Bobalu
My IT Manager predicted this a year or so ago. He has always felt that the TC developers were not astute enough to see where their creation was headed. That said we are not panicking and not removing TC from systems we manage. We are however looking for the next thing.
43 posted on 05/30/2014 7:40:18 AM PDT by mad_as_he$$
[ Post Reply | Private Reply | To 18 | View Replies]

To: PieterCasparzen
Why do you do that ?

If I lose or someone steals my laptop whoever has it will be unable to access any of my personal or client data. In my profession, I am ethically obligated to secure client data. I keep all of my data on a separate partition and encrypt that entire partition with DiskCryptor. I have set it up so the Diskcryptor password is required after any shutdown or reboot. It provides great peace of mind. Using a boot password rather than encryption provides some protection, but the disk can be pulled and used as a slave in another computer to gain access to the data. When encrypted the data is totally unavailable to prying eyes.

44 posted on 05/30/2014 8:03:14 AM PDT by KevinB ("If it weren't for double standards Democrats would have no standards at all" - Chris Plante)
[ Post Reply | Private Reply | To 42 | View Replies]

To: ShadowAce

Thanks for the ping.


45 posted on 05/30/2014 8:19:18 AM PDT by GOPJ (>The Mainstream Ministry of Information does not stand for liberty. Freeper Gene Eric)
[ Post Reply | Private Reply | To 33 | View Replies]

To: KevinB

Right, it’s not your data, it’s client data, and it’s on your laptop.

That makes complete sense, your laptop could get stolen, you want to throw up that security barrier for that situation.


46 posted on 05/30/2014 8:22:55 AM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 44 | View Replies]

To: Bobalu
https://www.grc.com/misc/truecrypt/truecrypt.htm

Listening to Steve Gibson on the DTNS podcast for May 29 now.

47 posted on 05/30/2014 8:32:09 AM PDT by Stentor (Maybe the Goldman Sachs thing is just a coincidence. /S)
[ Post Reply | Private Reply | To 18 | View Replies]

To: PieterCasparzen
That makes complete sense, your laptop could get stolen, you want to throw up that security barrier for that situation.

Correct. It can also be used to protect data on flash cards and flash drives which can easily be lost or stolen.

48 posted on 05/30/2014 8:34:08 AM PDT by KevinB ("If it weren't for double standards Democrats would have no standards at all" - Chris Plante)
[ Post Reply | Private Reply | To 46 | View Replies]

To: KevinB

“Check out DiskCryptor. I have been using to encrypt my data partition for quite a while and love it.”

Thanks dude. :) We can’t not have an alternative...


49 posted on 05/30/2014 9:31:41 AM PDT by max americana (fired liberals in our company last election, and I laughed while they cried (true story))
[ Post Reply | Private Reply | To 40 | View Replies]

To: bigbob

Ok, ok, ok...I see Neo and the Agent, but where in the heck is the woman in the red dress?


50 posted on 05/30/2014 4:58:39 PM PDT by Delta Dawn (Fluent in two languages: English and cursive.)
[ Post Reply | Private Reply | To 5 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-54 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson