Skip to comments.Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of Mystery
Posted on 05/29/2014 8:05:00 PM PDT by TChad
Over the past 24 hours the website for TrueCrypt (a very widely used encryption solution) was updated with a rather unusually styled message stating that TrueCrypt is considered harmful and should not be used.
(Excerpt) Read more at forbes.com ...
Nothing is anonymous these days.
Dang, you beat my post by a minute! Good work!
Our office used TC for a long time, even before the lavabit fiasco. No hard drives were ever used without it.
This is a disturbing bit of news!
A true WTF!? moment.
It's always good to have a backup.
See this page...
It's a great program. I will continue to use it for personal stuff, at least for a few weeks. Advising users to shift to Bitlocker screams "More is going on here than we are telling you!"
Thanks. Steve Gibson is great.
Finish the audit and bring on the fork!
Probably breached by the sickos at NSA
I wonder what Snowden has to say about this.
This mess screams NDA.
A Lavabit moment here I think.
Privacy is harmful, and should not be sought.
It’s rather amazing, and slightly depressing, that stories like this invariably pull people out of the woodwork who have no idea what the story means, little concept of what they’re talking about, yet despite that ignorance said people tend to have VERY definite opinions.
“This mess screams NDA.”
No, it doesn’t.
“Advising users to shift to Bitlocker screams “More is going on here than we are telling you!”
Exactly. You mean the same Microsoft who sold a Skype user to the gubmint’? No thanks.
Thanks for the link. It will be interesting to see the level of interest in actually picking up the fork.
I’d sure like to know just EXACTLY what is going on here...it’s just gotta be an interesting story.
I wonder what Snowden’s thoughts are on this.
I dunno about that. I have no clue what this article is about, and my opinion on the matter is equally nebulous. ;)
great - I rely on TC for personal use and found it a great program. I have no idea what the problem is, but going to bitlocker is a joke. I consider bitlocker compromised, in my humble opinion. TC may be also, time will tell, or maybe the government simply forced it off the market because it was good - I don’t know which it is. I do want a secure encryption process for my important files and not something that is compromised, as that offers no security.
I wonder why all the interest in whole-disk encryption.
Is it that people really don’t understand the difference between security when your physical machine has been stolen or taken from you physically, and the idea of securing your OS from hackers that break in while your OS is running ?
I’m amazed that people would encrypt the hard drive on their personal PCs, as opposed to just keeping them physically secure.
What do you think the deal is ?
I’m just curious, why you do whole-drive encryption ?
If you have a few files that you want encrypted, you can encrypt just those files.
Actually, then when your OS is running, the file would be encrypted, so it would be more secure from hackers.
Encrypting the whole drive and then having the OS encrypt/decrypt every disk access on the fly means while your OS is running, nothing is encrypted to your OS (or you when you log in to your OS).
So if someone hacks in while your OS is running, nothing is encrypted to the hacker.
Just curious what your take is on this.
Hi - I don’t encrypt my whole drive. I use TC containers, which are directories and subdirectories. I have multiple containers for different uses. Containers are easy to move and sync between my machines. When I encrypt for use, it unlocks whole sets of files of a related nature. Going file by file would be tedious.
So if one of those files was a human-readable text file, and your OS is running and you’re logged in, can you just open the file in an editor and look at it ? That is, is it automatically (transparently to you) decrypted on the fly as the editor calls the OS to read the file ?
Or would it appear as an encrypted file in your editor, so before you edit it you have to enter a password, run a command, etc., in order to get it decrypted ?
Sponsoring FReepers are contributing
$10 Each time a New Monthly Donor signs up!
Get more bang for your FR buck!
Click Here To Sign Up Now!
Maybe not "screams", but definitely hints. None of the other explanations really make any sense.
If the developers had just (understandably) decided that they wanted to move on after maintaining this project for a decade, there'd be no need for such dramatics -- just post a message saying "v7.1a is that last one we're doing, so any newly discovered bugs and vulnerabilities won't get fixed. Use at your own risk, and in the long term plan to switch to something else".
If the ongoing software audit had discovered some critical vulnerability that convinced the developers to abandon the project rather than try to fix it, there's no reason to not simply say so outright. Of course, an NDA (by definition) would give them a reason not to explain what's going on.
The advice to switch to BitLocker (closed-source software with no way to "check under the hood" from a company that has every incentive to cooperate with three-letter-agency demands) is so absurd as to be almost a troll. It's as if you read a message here that purported to be from the site management saying that Free Republic was being taken down and advising people to read Daily Kos instead -- you'd know that something funny was going on behind the scenes.