User Panel
Posted: 5/28/2014 12:50:21 PM EDT
There's a really bizarre message on the Truecrypt site today:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform. View Quote link This doesn't seem anything like what would be released if there were a legitimate security problem. "WE FOUND A BUG SO NOW YOU HAVE TO USE PROPRIETARY SOFTWARE FOREVER" smells like horse shit. Update: ======================== Now apparently there is a project forming in Switzerland to continue development: link |
|
What? You mean the NSA built in a back door somehow, but the company can't publicly reveal that, so they're pulling the plug on the product, like the guy who ran the encrypted email service? Unpossible.
|
|
Wouldn't surprise me at all to learn the government is shutting down any sources of encryption that it can't back door.
|
|
|
The fact that it doesn't say anything about what the problem is, and then recommends using BitLocker as the next step is just fucking amazing.
|
|
|
But I was assured that TrueCrypt was the only way to have secure data on my thumb drive and buying an IronKey or the like wasn't enough.
|
|
|
From your friendly neighborhood morale officer! The more I read, the more I'm leaning toward this being a hoax or site hijack. A project as legit as TrueCrypt wouldn't go out that way. |
|
My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse.
|
|
Wtf.... I'll take my chances and stick with true crypt until something better comes along. No way do I trust bit locker.
|
|
I'm guessing the site got defaced. It just doesn't look very legit. You'd think there would be more of an official announcement.
|
|
Encryption shouldn't be your only security measure..... just sayin'
|
|
|
There was a security audit done in February of this year. The PDF is here.
|
|
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right...
|
|
Quoted:
My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse. View Quote Hmm, reminds me of something, can't quite put my finger on it... oh wait. First they came for the Socialists, and I did not speak out— Because I was not a Socialist. Then they came for the Trade Unionists, and I did not speak out— Because I was not a Trade Unionist. Then they came for the Jews, and I did not speak out— Because I was not a Jew. Then they came for me—and there was no one left to speak for me |
|
My guess is one of the people with access to edit their sourceforge page had a weak password and got hacked.
|
|
|
Tag for the discussion. There are a lot of us that developed standards and guidelines around Truecrypt because we didn't want to use Bitlocker or another closed-source product.
I'll hang tight for confirmation. Something doesn't smell right here. |
|
Quoted: My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse. View Quote Probably, since they're looking at mine right now. Shock and Awe, baby........Shock...And...Awe. |
|
Obvious false flag op is obvious.
The question is... Who is behind this? That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd. |
|
|
|
Quoted:
Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A. View Quote View All Quotes View All Quotes Quoted:
Quoted:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right... Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A. Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers hint: the software would be shut down if they don't have a workaround |
|
Quoted:
Obvious false flag op is obvious. The question is... Who is behind this? That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd. View Quote That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests. |
|
Quoted:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right... View Quote Please post your tax returns, family photos, and bank statements with no redacting. Right now. Do it. No? Then sit down and shut the fuck up about our right to privacy. |
|
Quoted:
Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right... Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A. Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers You don't seem too savvy. |
|
Quoted:
Local PD has a key to your house and safe right? The passwords to your email accounts? Why not? You got anything to hide? View Quote View All Quotes View All Quotes Quoted:
Quoted:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right... Local PD has a key to your house and safe right? The passwords to your email accounts? Why not? You got anything to hide? Try seriously fortifying your house, and the police will come find a reason to get access |
|
It's just someone that got into the sourceforge site.
If you DL a copy recently, it might be compromised. Not going to get all excited about this yet.
|
|
Quoted:
Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right... Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A. Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Obviously, anyone who supports encryption is all of the above, amirite? Destruction of evidence laws are older than the 2a Slavery laws were older than the entire US Constitution. Laws suspending Habeas Corpus and trials by Jury passed in the US before Constitution and Bill of Rights, too. Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers Modern Stalinists get all tingly in their manginas thinking about the State having access to all private information. |
|
The guy who was auditing TrueCrypt says he has no idea what 'security issues' they're talking about. Twitter
The SourceForge downloads have supposedly been replaced with a new exe as well. Definitely sounds like a hack job. |
|
Nothing on Slashdot, which is odd.
There is a discussion on Reddit, though. http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/ |
|
Quoted:
That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Obvious false flag op is obvious. The question is... Who is behind this? That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd. That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests. Ubiquitous does not equal competing. TrueCrypt is the opposite of an OS/Platform integrated encryption solution. Otherwise, yes, agreed. |
|
Quoted:
Nothing on Slashdot, which is odd. There is a discussion on Reddit, though. http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/ View Quote Lots of submissions on slashdot, nothing made the main page yet. |
|
|
Quoted:
Modern Stalinists get all tingly in their manginas thinking about the State having access to all private information. View Quote It has nothing to do with "all private information." Police can obtain a search warrant to obtain private information, if a software product would impede prosecution and evidence gathering, it would be shut down and rightfully so. This also protects a civilian who forgot their password from being indefinitely inprisoned due to contempt of court, since they could not prove they actually forgot the password and were not withholding it. |
|
Start rolling your own guys. We need the 80% lower of the encryption world.
|
|
Quoted:
Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right... Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A. Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a Actually the 2A is a continuation of our unalienable right to self defense and goes back to the beginning of our time. |
|
|
Quoted:
Ubiquitous does not equal competing. TrueCrypt is the opposite of an OS/Platform integrated encryption solution. Otherwise, yes, agreed. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
Obvious false flag op is obvious. The question is... Who is behind this? That the message didn't recommend a competing product, but instead just Microsoft OS integrated encryption, is quite odd. That IS a competing product.. one that is most likely wide-the-fuck-open to any and all FISA requests. Ubiquitous does not equal competing. TrueCrypt is the opposite of an OS/Platform integrated encryption solution. Otherwise, yes, agreed. I see what you're getting at. I deal with Secure Boot and file system-level encryption every day, and I wouldn't touch BitLocker. |
|
Quoted:
It has nothing to do with "all private information." View Quote View All Quotes View All Quotes Quoted:
Quoted:
Modern Stalinists get all tingly in their manginas thinking about the State having access to all private information. It has nothing to do with "all private information." It has everything to do with all private information. Police can obtain a search warrant to obtain private information, if a software product would impede prosecution and evidence gathering, it would be shut down and rightfully so. So why hasn't that been done? Because you're wrong about the nature of the software. The fact that all attempts to shut down TrueCrypt have been through subterfuge outside of the rule of law proves you are wrong and I am right. But hey, the ends justify the means, right Tovarish? This also protects a civilian who forgot their password from being indefinitely in prison due to contempt of court. Yes Tovarish! Doubleplus goodthink! State protect subjects from selves, so that State does not have to punish as much! In other news, this months chocolate ration is increased to 30 grams. |
|
Quoted:
Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers hint: the software would be shut down if they don't have a workaround View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
All the fine upstanding citizens who need unbreakable encryption to hide their non-criminal files, right... Don't be fooled.. information is the new weapon. Having equal access to secure encryption is the modern equivalent to the 2A. Because you want police crippled in their ability to see child porn and money laundering and neonazi membership files? Destruction of evidence laws are older than the 2a Just makes people feel tingly in their pants to think the government can't get into their encrypted anarchist cookbook or credit card numbers hint: the software would be shut down if they don't have a workaround |
|
But if I don't have anything to hide what's the problem?
/sarcasm
|
|
|
What the fuck is going on....
https://news.ycombinator.com/item?id=7812133 The version on SF is a NEW version and is signed using NEW signing keys. IE the original developers did not sign this release. edit: keyfile was renamed in the source repository, but is the SAME key. Whoever released this today had access to the private key of the developers who did all of the previous versions. Here is the changelog for todays code from 7.1: Definitely looks like it was forked from pre-release code and then modified to add in all the insecure version warnings: https://github.com/warewolf/truecrypt/compare/master...7.2 Here is the ycombinator link: https://news.ycombinator.com/item?id=7812133 What. The. Fuck. |
|
Quoted:
Hmm, reminds me of something, can't quite put my finger on it... oh wait. First they came for the Socialists, and I did not speak out— Because I was not a Socialist. Then they came for the Trade Unionists, and I did not speak out— Because I was not a Trade Unionist. Then they came for the Jews, and I did not speak out— Because I was not a Jew. Then they came for me—and there was no one left to speak for me View Quote View All Quotes View All Quotes Quoted:
Quoted:
My PC, laptop, and external drives all run truecrypt and I am not worried. They are still safe from random crackheads stealing them when I am away for the day. I'm pretty sure my browser history isn't going to shock the NSA if they have a backdoor into my machine. They probably see worse. Hmm, reminds me of something, can't quite put my finger on it... oh wait. First they came for the Socialists, and I did not speak out— Because I was not a Socialist. Then they came for the Trade Unionists, and I did not speak out— Because I was not a Trade Unionist. Then they came for the Jews, and I did not speak out— Because I was not a Jew. Then they came for me—and there was no one left to speak for me absolutely not how I read his post...... |
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.