Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 2 of 3 < 1 2 3 >
Topic Options
#270179 - 05/30/14 04:03 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
Eugene Offline
Carpal Tunnel

Registered: 12/26/02
Posts: 3001
The 'may be flaws' can just be a caution saying that since they are not coding anymore they won't find any if there are some. Hopefully the community will pick it back up and re-start or start a new project.

It just let me see that I have a single point of failure in my preps. If LibreOffice were to stop development today I can use Apache OpenOffice or KDEOffice. If Firefox or Thunderbird stops today I can use Chromium or Konqueror and Kmail. If Slackware stops today I can use Unbuntu or Deadrat or whatever. But if Truecrypt dies I realized I haven't installed or tested any other programs. I suppose I could still decrypt on my tablet and have them unencrypted but I could just do that today with TrueCrypt, it doesn't future proof me.

Top
#270187 - 05/30/14 07:14 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3867
Loc: USA
I'm not sure that there's any way to future-proof yourself short of printing information on archival-quality paper and then securing the paper somehow.

My concerns with TrueCrypt are twofold. It hasn't been meaningfully updated since February 2012. If any vulnerabilities have been discovered since then, they haven't been patched.

Secondly, there is speculation that the withdrawal of the product may have been due to pressure to introduce vulnerabilities deliberately. That's speculation, rather than based on hard fact, but it is very troubling. Historically, whenever vulnerabilities are deliberately introduced they are discovered by the people that you don't want to have them.

Top
#270189 - 05/30/14 07:47 PM Re: TrueCrypt is not secure. [Re: chaosmagnet]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
Many "oldies" that are no longer supported are still good. Think about Tiny/Kerio, Proxomitron, SuperJPG, Skyglobe, etc. If I still ran Windows I would not rule these out, even though they are ancient and no longer developed/supported. I've still got copies of all of them (not they they are useful to me on Linux now).

Top
#270190 - 05/30/14 08:29 PM Re: TrueCrypt is not secure. [Re: haertig]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3867
Loc: USA
Originally Posted By: haertig
Many "oldies" that are no longer supported are still good.


This is not really the case with security software, unfortunately.

Top
#270191 - 05/30/14 08:41 PM Re: TrueCrypt is not secure. [Re: haertig]
Mark_R Offline
Old Hand

Registered: 05/29/10
Posts: 863
Loc: Southern California
Originally Posted By: haertig
I take this with a grain of salt. Even if the Truecrypt developers gave it up, and even if there is some security flaw in the existing Truecrypt, I probably won't write it off immediately.

For one, who am I trying to protect my encrypted stuff from? It's not the NSA. And even if I were using Truecrypt and expecting it to stand up against the NSA, that would be quite naive of me to believe that. The average hacker? Chances are they wouldn't be able to exploit any security flaws in Truecrypt, unless a wide-open hole gets so widespread that there is a pre-packaged script for all the "script kiddie" hackers to use. That leaves the common laptop thief. And they probably couldn't decrypt some as simple as ROT-13.


If the NSA want's your stuff, the NSA will get your stuff. I harbor no illusions about keeping anything from them that isn't handwritten on a piece of paper.

What I am trying to protect my stuff against is a semipro civilian hacker. Think about the breaches at Target, Ebay, Citigroup, GE Money, Countywide Mortgages, etc. These were not amateurs.

Also consider data mining viruses like 'Flame'.

And lastly, what happens if your computer is stolen? The tweaker who stole it may not be able to remember his own SS#, but he knows a hacker who will buy it. The hacker can then sell your identity for a nice chunk of change, clear out anything tracable from the computer, and sell it for another couple of hundred. You're out the cost of a new computer and $$$ to fix the damage done when your identity went on the market.
_________________________
Hope for the best and prepare for the worst.

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane

Top
#270192 - 05/30/14 10:47 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
Eugene Offline
Carpal Tunnel

Registered: 12/26/02
Posts: 3001
Future proofing is not too hard, as I mentioned if LirbeOffice dies then I use (Apache) OpenOffice, as long as I have more than one app that can read my files then I'm good.
This is nearly a single point of failure for me so I need to find an alternate.

Top
#270218 - 06/01/14 11:48 AM Re: TrueCrypt is not secure. [Re: Mark_R]
Brangdon Offline
Veteran

Registered: 12/12/04
Posts: 1204
Loc: Nottingham, UK
Originally Posted By: Mark_R
If the NSA want's your stuff, the NSA will get your stuff.
They aren't magic. Strong encryption can't be broken without magic. That's one of the things confirmed by Snowdon's revelations. What the NSA can try to do is acquire your passwords somehow: by covertly installing keyloggers or legal coercion or whatever. They are surprisingly good at doing that.

Some people think this is happening because the NSA couldn't crack TrueCrypt. The NSA figured out who the TrueCrypt developers were and pressured them to install a backdoor. If they're Americans, the developers couldn't legally refuse, so they did the moral thing, shut down the project, and made the best public announcement they could (given they were surely under draconian gag orders). Similar things have happened before, to Lavabit, an encrypted email service that shutdown suddenly under gag orders.

TrueCrypt has a "plausible deniability" feature, where-by an archive has a decoy password in addition to the real password. I could believe that feature was a real concern to law enforcement, and could be enough to single TrueCrypt out for special attention (as opposed to, say, 7zip, which offers strong encryption without plausible deniability).

As it happens, TrueCrypt is in the middle of an independent security audit. That is paid for and will continue. The preliminary check found no significant issues, but further analysis is on-going. It's possible that it has found an issue, one which can't be fixed, and so the announcement is to give people time to move off TrueCrypt before they go public with the weakness. Alternatively, it may complete with no real weaknesses found, which would strength the NSA meddling hypothesis above.

(I don't use TrueCrypt myself. I've installed it a couple of times and each time concluded it wasn't what I needed. I use 7zip instead. If I was using it, I'd probably continue using it but make sure the version I was using predated any likely shenanigans. I don't consider myself a big target so I could accept a level of risk while all this shakes out.)
_________________________
Quality is addictive.

Top
#270219 - 06/01/14 12:41 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
Eugene Offline
Carpal Tunnel

Registered: 12/26/02
Posts: 3001
I haven't tried encryption in 7zip, what does it use and can its archives be opened on a mobile device (Android) like Truecrypt?

Top
#270225 - 06/01/14 08:13 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
I'd also like to know about 7zip. Can you explain the differences and why Truecrypt was not the best for you? For all I know, Truecrypt may not be the best for me either.
_________________________
If you're reading this, it's too late.

Top
#270229 - 06/02/14 12:02 PM Re: TrueCrypt is not secure. [Re: ireckon]
Brangdon Offline
Veteran

Registered: 12/12/04
Posts: 1204
Loc: Nottingham, UK
Originally Posted By: ireckon
I'd also like to know about 7zip. Can you explain the differences and why Truecrypt was not the best for you? For all I know, Truecrypt may not be the best for me either.
7zip is open source, but effectively Windows only. Other apps claim to read the same file format on other platforms, but I've not tried them.

Mostly I didn't feel there was anything wrong with TrueCrypt, I just didn't need its extra features. 7zip felt lighter weight. It doesn't need a device driver or need to mount a disk. It also does compression and makes files as big as they need to be, and TrueCrypt seems geared towards fixed-sized volumes which, without compression, tend to be very large. I tried using the Windows O/S compression within a TrueCrypt volume, but it wasn't enough. I could have used 7zip for compression and TrueCrypt for encryption, but that would be more complex.

One benefit of TrueCrypt is the plausible deniability. I don't need that. Another is that it encrypts a whole volume, including things like temp files, which is good for security but again not something I need because my files are in clear on the disk anyway. I am just encrypting backups so I can store them in DropBox.
_________________________
Quality is addictive.

Top
Page 2 of 3 < 1 2 3 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
October
Su M Tu W Th F Sa
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Who's Online
0 registered (), 728 Guests and 82 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
axotugoc, eprep, Aaron_Guinn, israfaceVity, Explorer9
5372 Registered Users
Newest Posts
Using Grape & Cyprus to Filter Water
by dougwalkabout
Yesterday at 02:43 AM
What did you do today to prepare?
by Eugene
10/23/25 09:49 PM
'Fess Up -- Where are you hanging out online?
by dougwalkabout
10/14/25 03:34 AM
MRE Deal
by chaosmagnet
10/07/25 04:09 PM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.