Posted on 05/29/2014 8:06:55 PM PDT by aMorePerfectUnion
The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.
(Excerpt) Read more at boingboing.net ...
This makes no sense whatsoever. I believe what most of the Reddit commentators do. The NSA started twisting arms with secret suponeas to force the addition of a back door. Rather than comply, and they could not reveal the supoenas - that is a serious crime - the developers put out an obviously bogus explanation in order to warn users off the product.
And a recomendation for Bitlocker? From Microsoft? Give me a break!
It reminds me of that scene from breaking bad where Walter is cursing at Skylar for being so ignorant and not knowing about the drug dealing knowing the feds are monitoring the call.
The question is, is 7.1 secure or not?
That’s why nobody trusts anything but open source code.
I’m wondering if Snowden/Greenwald et.al. were using TrueCrypt and the NSA has leaned on the unknown developers of TC and topped it off with an NDA....?
With an NDA this strangeness might be the only way the devs can alert us to some sort of funny business going on.
Speaking of Bitlocker,
Here is what happened to me when I went on vacation:
I planned to do some revision on a spreadsheet during the 14 hour drive to and from Buffalo. We had traveled a couple hours, took a breakfast break and I grabbed the laptop to get some work done. I fired it up and Bitlocker demanded that I enter the encryption key which I didn’t have (I was pretty sure it was in my desk). So I put the laptop away thinking I would enter the encryption key when I returned to work.
I get to work on Monday after being gone for a week and then look in the desk but no encryption key. Now I’m beginning to panic. I’m thinking, ‘Why is this happening? Nothing had changed on the laptop. I turn it off and on all of the time without any problems. Why is this happening?’
When I went to England/Bulgaria a couple months ago I had put a movie in the laptop. Before I went on vacation I removed the movie. I put the movie back in the laptop and it boots up like normal.
Weird. Do any Bitlocker users have an explanation for that?
was your movie on a DVD-R?
Correct response: "No. It just highlights your naughty bits."
later read
Stranger and stranger
The efficacy of the code is directly proportional to the environment it’s used in. For instance, proper English is undecipherable in college classrooms with Black students. It will remain so because it is racist to try to teach them the skills that would allow them to break the code.
I’m also with the the Reddit folks. The NSA started cloak-and-daggering them, threatening to shut them down if they didn’t put a back door into their code, and instead of complying, they shut down the whole product.
There is an alternate explanation that the NSA found a back door in the current software and told them to NOT patch it or they’ll be shut down. The authors decided to cancel the project instead of continuing to support it, and the message they’ve left is actually true without explanation; but then that would mean that they likely exposed holes for a possible fork to take over the project and patch those holes.
Bitlocker is “secure” for most purposes, but of course, Microsoft’s been cooperating with the federal government since the 80s. I have no doubt that the MS hashes are compromised in some way, even if I can’t prove it. Your only real security left, which is scary, is OpenSSL. Since OpenSSL is protected by the GNU, the federal government is going to have a hard time twisting the arms of millions of contributors to that cause, and given the complexity of OpenSSL, you have to have a decent amount of time and patience to implement it in your own environment.
I’m using OpenSSL in my private network with plenty of honey pots, but that doesn’t mean that some ne’er-do-well couldn’t bang away at my network until they got in. Hell, from what Snowden says, it sounds like most of the goons at the NSA are script kiddies with complicated programs. If those programs don’t work, that leaves the truly competent hackers, who I don’t believe would deign to work for the NSA unless compelled to do so.
I shot coffee out of my nose on this one. Thanks for the chuckle.
Depending on the format, it’s possible the DRM in/on the movie was interfering with the functionality of the machine. I assume it was a DVD, and as such, there’s DRM that talks to the operating system which then allows it to run provided it’s an original copy. Since Bitlocker encrypts your disk, it’s possible the DRM sees your OS as invalid.
If you use Bitlocker in an enterprise environment with Active Directory, your AD admins likely have Bitlocker group policies which store your Bitlocker keys with your profile. You might want to check with them if that’s the case.
I can't believe they used TrueCrypt.
Bingo
Hmm, I’ve been using DiskCryptor for a while now. I sure hope that doesn’t suffer the same fate.
Check out DiskCryptor. I have been using to encrypt my data partition for quite a while and love it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.