Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Site Notices
Arrow Left Previous Page
Page / 12
Posted: 5/28/2014 11:50:21 AM EST
[Last Edit: 5/29/2014 5:34:28 PM EST by HarryStone]
There's a really bizarre message on the Truecrypt site today:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
View Quote


link

This doesn't seem anything like what would be released if there were a legitimate security problem. "WE FOUND A BUG SO NOW YOU HAVE TO USE PROPRIETARY SOFTWARE FOREVER" smells like horse shit.

Update:
========================

Now apparently there is a project forming in Switzerland to continue development: link
Link Posted: 5/28/2014 11:51:48 AM EST
Man that is fucking disconcerting.
Link Posted: 5/28/2014 11:53:03 AM EST
What? You mean the NSA built in a back door somehow, but the company can't publicly reveal that, so they're pulling the plug on the product, like the guy who ran the encrypted email service? Unpossible.
Link Posted: 5/28/2014 11:53:25 AM EST
Wouldn't surprise me at all to learn the government is shutting down any sources of encryption that it can't back door.
Link Posted: 5/28/2014 11:53:30 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By MMcCall:
Man that is fucking disconcerting.
View Quote


The Statue of Liberty is kaput?
Link Posted: 5/28/2014 11:53:39 AM EST
Not all that surprising.

dmcrypt ftw.
Link Posted: 5/28/2014 11:54:34 AM EST
The fact that it doesn't say anything about what the problem is, and then recommends using BitLocker as the next step is just fucking amazing.
Link Posted: 5/28/2014 11:54:58 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By MMcCall:
Man that is fucking disconcerting.
View Quote


Considering that MS is pretty well penetrated and there would seem to be a good chance their encryption is too....yeah...fuck that.
Link Posted: 5/28/2014 12:00:31 PM EST
[Last Edit: 5/28/2014 12:00:51 PM EST by jlficken]
But I was assured that TrueCrypt was the only way to have secure data on my thumb drive and buying an IronKey or the like wasn't enough.
Link Posted: 5/28/2014 12:02:42 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By jlficken:
But I was assured that TrueCrypt was the only way to have secure data on my thumb drive and buying an IronKey or the like wasn't enough.
View Quote


That's the mostly likely reason why the distribution of TrueCrypt would be stopped.
Link Posted: 5/28/2014 12:02:58 PM EST
This should be fun.
Link Posted: 5/28/2014 12:02:58 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Willmar:


The Statue of Liberty is kaput?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Willmar:
Originally Posted By MMcCall:
Man that is fucking disconcerting.


The Statue of Liberty is kaput?


From your friendly neighborhood morale officer!

The more I read, the more I'm leaning toward this being a hoax or site hijack. A project as legit as TrueCrypt wouldn't go out that way.
Link Posted: 5/28/2014 12:03:42 PM EST
My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse.
Link Posted: 5/28/2014 12:04:26 PM EST
Wtf.... I'll take my chances and stick with true crypt until something better comes along. No way do I trust bit locker.
Link Posted: 5/28/2014 12:05:17 PM EST
I'm guessing the site got defaced. It just doesn't look very legit. You'd think there would be more of an official announcement.
Link Posted: 5/28/2014 12:05:35 PM EST
Encryption shouldn't be your only security measure..... just sayin'
Link Posted: 5/28/2014 12:06:58 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By LibertarianYankee:
Encryption shouldn't be your only security measure..... just sayin'
View Quote


The angry country boy with a rifle is part of any proper layered security strategy.
Link Posted: 5/28/2014 12:07:26 PM EST
There was a security audit done in February of this year. The PDF is here.
Link Posted: 5/28/2014 12:08:58 PM EST
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...
Link Posted: 5/28/2014 12:11:15 PM EST
[Last Edit: 5/28/2014 12:11:29 PM EST by hourglassing]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Masterbagger:
My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse.
View Quote


Hmm, reminds me of something, can't quite put my finger on it... oh wait.

First they came for the Socialists, and I did not speak out—
Because I was not a Socialist.

Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.

Then they came for the Jews, and I did not speak out—
Because I was not a Jew.

Then they came for me—and there was no one left to speak for me
Link Posted: 5/28/2014 12:13:41 PM EST
Link Posted: 5/28/2014 12:13:43 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...
View Quote


Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A.
Link Posted: 5/28/2014 12:13:52 PM EST
Tag for the discussion. There are a lot of us that developed standards and guidelines around Truecrypt because we didn't want to use Bitlocker or another closed-source product.

I'll hang tight for confirmation. Something doesn't smell right here.
Link Posted: 5/28/2014 12:14:58 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Masterbagger:
My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse.
View Quote


Probably, since they're looking at mine right now.

Shock and Awe, baby........Shock...And...Awe.
Link Posted: 5/28/2014 12:15:14 PM EST
Obvious false flag op is obvious.

The question is... Who is behind this?

That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd.
Link Posted: 5/28/2014 12:15:18 PM EST
[Last Edit: 5/28/2014 12:16:07 PM EST by RedDane]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...
View Quote


Oh, you're one of those guys. Gotcha.

Roll over, fetch, beg, pick up that can.

Link Posted: 5/28/2014 12:15:40 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...
View Quote


Local PD has a key to your house and safe right? The passwords to your email accounts? Why not? You got anything to hide?
Link Posted: 5/28/2014 12:16:28 PM EST
[Last Edit: 5/28/2014 12:17:50 PM EST by werepossum]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By MMcCall:


Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By MMcCall:
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...


Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A.


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a

Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers

hint: the software would be shut down if they don't have a workaround
Link Posted: 5/28/2014 12:16:57 PM EST
Yeah I'm with Mark and MM


This reeks of BS. Site hacked.
Link Posted: 5/28/2014 12:17:05 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By TexasRifleman1985:
Obvious false flag op is obvious.

The question is... Who is behind this?

That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd.
View Quote


That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests.
Link Posted: 5/28/2014 12:17:48 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...
View Quote


Please post your tax returns, family photos, and bank statements with no redacting. Right now. Do it.

No? Then sit down and shut the fuck up about our right to privacy.
Link Posted: 5/28/2014 12:17:55 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a

Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
Originally Posted By MMcCall:
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...


Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A.


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a

Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers


You don't seem too savvy.
Link Posted: 5/28/2014 12:19:16 PM EST
[Last Edit: 5/28/2014 12:20:05 PM EST by werepossum]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By marksman121:


Local PD has a key to your house and safe right? The passwords to your email accounts? Why not? You got anything to hide?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By marksman121:
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...


Local PD has a key to your house and safe right? The passwords to your email accounts? Why not? You got anything to hide?


Try seriously fortifying your house, and the police will come find a reason to get access
Link Posted: 5/28/2014 12:21:55 PM EST
It's just someone that got into the sourceforge site.

If you DL a copy recently, it might be compromised.

Not going to get all excited about this yet.
Link Posted: 5/28/2014 12:22:25 PM EST
[Last Edit: 5/28/2014 12:23:07 PM EST by TexasRifleman1985]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
Originally Posted By MMcCall:
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...


Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A.


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files?


Obviously, anyone who supports encryption is all of the above, amirite?

Destruction of evidence laws are older than the 2a


Slavery laws were older than the entire US Constitution. Laws suspending Habeas Corpus and trials by Jury passed in the US before Constitution and Bill of Rights, too.

Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers


Modern Stalinists get all tingly in their manginas thinking about the State having access to all private information.
Link Posted: 5/28/2014 12:22:27 PM EST
The guy who was auditing TrueCrypt says he has no idea what 'security issues' they're talking about. Twitter

The SourceForge downloads have supposedly been replaced with a new exe as well.

Definitely sounds like a hack job.
Link Posted: 5/28/2014 12:24:23 PM EST
Nothing on Slashdot, which is odd.

There is a discussion on Reddit, though.

http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/
Link Posted: 5/28/2014 12:25:18 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By MMcCall:


That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By MMcCall:
Originally Posted By TexasRifleman1985:
Obvious false flag op is obvious.

The question is... Who is behind this?

That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd.


That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests.


Ubiquitous does not equal competing. TrueCrypt is the opposite of an OS/Platform integrated encryption solution.

Otherwise, yes, agreed.
Link Posted: 5/28/2014 12:25:22 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By testify4:
Nothing on Slashdot, which is odd.

There is a discussion on Reddit, though.

http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/
View Quote


Lots of submissions on slashdot, nothing made the main page yet.
Link Posted: 5/28/2014 12:26:12 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...
View Quote


Because non-upstanding citizens wouldn't at all be interested in legal and innocent files on a personal computer. Like tax returns
Link Posted: 5/28/2014 12:28:17 PM EST
[Last Edit: 5/28/2014 12:31:15 PM EST by werepossum]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By TexasRifleman1985:
Modern Stalinists get all tingly in their manginas thinking about the State having access to all private information.
View Quote


It has nothing to do with "all private information."

Police can obtain a search warrant to obtain private information, if a software product would impede prosecution and evidence gathering, it would be shut down and rightfully so.

This also protects a civilian who forgot their password from being indefinitely inprisoned due to contempt of court, since they could not prove they actually forgot the password and were not withholding it.
Link Posted: 5/28/2014 12:31:02 PM EST
Start rolling your own guys. We need the 80% lower of the encryption world.
Link Posted: 5/28/2014 12:31:30 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a

View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
Originally Posted By MMcCall:
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...


Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A.


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a



Actually the 2A is a continuation of our unalienable right to self defense and goes back to the beginning of our time.
Link Posted: 5/28/2014 12:32:07 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By andersw:
Start rolling your own guys. We need the 80% lower of the encryption world.
View Quote


Rolling your own crypto is a terrible idea.
Link Posted: 5/28/2014 12:33:08 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By TexasRifleman1985:


Ubiquitous does not equal competing. TrueCrypt is the opposite of an OS/Platform integrated encryption solution.

Otherwise, yes, agreed.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By TexasRifleman1985:
Originally Posted By MMcCall:
Originally Posted By TexasRifleman1985:
Obvious false flag op is obvious.

The question is... Who is behind this?

That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd.


That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests.


Ubiquitous does not equal competing. TrueCrypt is the opposite of an OS/Platform integrated encryption solution.

Otherwise, yes, agreed.


I see what you're getting at.

I deal with Secure Boot and file system-level encryption every day, and I wouldn't touch BitLocker.
Link Posted: 5/28/2014 12:33:47 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:


It has nothing to do with "all private information."
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
Originally Posted By TexasRifleman1985:
Modern Stalinists get all tingly in their manginas thinking about the State having access to all private information.


It has nothing to do with "all private information."


It has everything to do with all private information.

Police can obtain a search warrant to obtain private information, if a software product would impede prosecution and evidence gathering, it would be shut down and rightfully so.


So why hasn't that been done?

Because you're wrong about the nature of the software.

The fact that all attempts to shut down TrueCrypt have been through subterfuge outside of the rule of law proves you are wrong and I am right.

But hey, the ends justify the means, right Tovarish?

This also protects a civilian who forgot their password from being indefinitely in prison due to contempt of court.


Yes Tovarish! Doubleplus goodthink! State protect subjects from selves, so that State does not have to punish as much! In other news, this months chocolate ration is increased to 30 grams.
Link Posted: 5/28/2014 12:34:38 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a

Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers

hint: the software would be shut down if they don't have a workaround
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By werepossum:
Originally Posted By MMcCall:
Originally Posted By werepossum:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...


Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A.


Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a

Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers

hint: the software would be shut down if they don't have a workaround





Link Posted: 5/28/2014 12:34:49 PM EST
But if I don't have anything to hide what's the problem?

/sarcasm
Link Posted: 5/28/2014 12:35:08 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Undefined:

Rolling your own crypto is a terrible idea.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Undefined:
Originally Posted By andersw:
Start rolling your own guys. We need the 80% lower of the encryption world.

Rolling your own crypto is a terrible idea.

For who
Link Posted: 5/28/2014 12:35:53 PM EST
[Last Edit: 5/28/2014 12:39:45 PM EST by MrZeat]
What the fuck is going on....

https://news.ycombinator.com/item?id=7812133

The version on SF is a NEW version and is signed using NEW signing keys. IE the original developers did not sign this release.
edit: keyfile was renamed in the source repository, but is the SAME key. Whoever released this today had access to the private key of the developers who did all of the previous versions.


Here is the changelog for todays code from 7.1:

Definitely looks like it was forked from pre-release code and then modified to add in all the insecure version warnings:

https://github.com/warewolf/truecrypt/compare/master...7.2

Here is the ycombinator link: https://news.ycombinator.com/item?id=7812133

What. The. Fuck.
Link Posted: 5/28/2014 12:36:30 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By hourglassing:


Hmm, reminds me of something, can't quite put my finger on it... oh wait.

First they came for the Socialists, and I did not speak out—
Because I was not a Socialist.

Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.

Then they came for the Jews, and I did not speak out—
Because I was not a Jew.

Then they came for me—and there was no one left to speak for me
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By hourglassing:
Originally Posted By Masterbagger:
My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse.


Hmm, reminds me of something, can't quite put my finger on it... oh wait.

First they came for the Socialists, and I did not speak out—
Because I was not a Socialist.

Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.

Then they came for the Jews, and I did not speak out—
Because I was not a Jew.

Then they came for me—and there was no one left to speak for me


absolutely not how I read his post......


Arrow Left Previous Page
Page / 12
Top Top