Skip to content

TrueCrypt is gone

Featured Replies

Proper black helicopters stuff this but TrueCrypt folded suddenly yesterday with a cryptic and disturbing message essentially saying stop using it's unsafe.

 

Rumour mill is in full effect but general opinion is that the warning and the closure are real.

 

So if you use TrueCrypt decrypt your containers and uninstall

 

http://www.forbes.com/sites/jameslyne/2014/05/29/open-source-crypto-truecrypt-disappears-with-suspicious-cloud-of-mystery/

http://nakedsecurity.sophos.com/2014/05/28/true-mystery-of-the-disappearing-truecrypt-disk-encryption-software/

 

A massive loss as it was a great bit of open source. Maybe too good.....

weird **** is going down.

 

Watch out for tonight's snowdon interview so people are saying.

weird **** is going down.

 

Watch out for tonight's snowdon interview so people are saying.

you got a link of some kind/ or channel please.

What's TrueCrypt????     :dull:

What's TrueCrypt????     :dull:

it was a method/ site to encrypt your files so they were secure. Apple users don't need stuff like that cos their machines are unhackable.

 

 

 

 

 

 

 

 

:wait:

 

Apple users don't need stuff like that cos their machines are unhackable.

 

 

The funniest thing I have read in days.

 

Have you heard the Aussie ihack was possible because Apple dont limit the number of password attempts when trying to enter the iCloud??

  • Author

Even my mate who has access to information beyond us mere mortals doesn't know what's going on.

No one does, cos no one's ever really known who's behind Truecrypt in the first place. Whatever the reason though, your first post advice is correct, you should stop using it.

 

If it's folded then it'll never have any security vulnerabilities addressed - you should move

If it's been backdoored, it's insecure - you should move

If it's been "persuaded" by a three letter agency to shut down - you should move

If the recent crowd-funded codebase audit is about to find something terrible the developers know about - you should move

 

Whichever way you cut it and whatever the actual cause turns out to be, it's over now. Even if someone did pick up the codebase, the license used to be so convoluted then there's a chance you could have action taken against you for code theft, so I can't even see another interested party picking up the codebase; it's tainted by the licensing.

 

Bitlocker is a good replacement, but probably not suitable for the super-paranoids who are worried about security agencies - it's closed-source, there could be backdoors. Plenty enough to protect you in the event you lost your laptop somehow though, I use it on my laptop just in case the worst should happen. I'm lucky in that I have an Enterprise SKU of Windows though, Bitlocker isn't in the home editions so you're out of luck.

  • Author

We looking at AxCrypt as our freebie.

 

Bitlocker isn't to much of a worry for most folk. Everyone knows the NSA have the keys but for for everyday use its fine. If you're worrying about the NSA then you have bigger problems anyway.

 

The TrueCrypt code audit is actually going to continue apparently.

Not sure there's much point; I don't think anyone will ever really trust TrueCrypt again after this (or at least not anyone knowledgable about encryption, which is about 99% of the pool of people who would bother to use it).

 

In other news, apparently there's "confirmation" that the latest 7.2 release contains is a 10 year old pre-agreed "canary" that the TrueCrypt developers came up with. Which would imply that they've been asked to stop the releases by the NSA or similar, but are gagged and unable to say so. Of course, since barely anyone really knows who developed TrueCrypt, this could be social media nonsense...

AxCrypt looks OK, I can never shake an uneasy feeling about software that bundles crapware in its installer though - it implies that the developers can be "bought" (since the motivation for this stuff is almost always a monetary donation based on how many PCs you can land a bundled app on) so it makes it hard to trust the core application. The code is open source so in theory anyone can look through it, but as we saw with OpenSSL/Heartbleed there aren't too many people who are actually capable of reading it and it's too easy for everyone to think "someone else will do it".

  • Author

Encryption is the hardest stuff to trust.

 

If it's accredited it probably has official backdoors.

If it isn't then it probably has unoffical backdoors.

 

Even the TOR network is an old US Navy development.

 

The "Canary Warrant" was one of the stronger theory about what happened.

  • Author

Wouldn't touch it until the audit is completed and / or there is some peer review of any new product.

 

Marking a security product is a great way to steal sensitive information. No one puts boring stuff in it.

Agree, but it would be very nice to see it back up.

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.