#270144 - 05/29/14 12:13 AM
TrueCrypt is not secure.
|
Veteran
Registered: 12/14/09
Posts: 1419
Loc: Nothern Ontario
|
This is real interesting. Only time will tell if this is real or a hoax as a result of a compromise. Like many, I use Truecrypt for personal document security and this would be a real blow to others who use it for more higher level security. From Arstechnica.com One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use.
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of the TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." More info at this link.
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.
John Lubbock
|
Top
|
|
|
|
#270149 - 05/29/14 04:04 AM
Re: TrueCrypt is not secure.
[Re: chaosmagnet]
|
Crazy Canuck
Carpal Tunnel
Registered: 02/03/07
Posts: 3241
Loc: Alberta, Canada
|
It's going to be very interesting to see how this one plays out. No kidding. Holy cow! If this is legit, the decrypt tool for every TrueCrypt volume has been posted. If it's legit. Or maybe it's a hack-and-scam designed to stampede people into revealing personal data or otherwise opening themselves up to criminal activities. Watching this one closely. I use TrueCrypt here and there.
|
Top
|
|
|
|
#270153 - 05/29/14 06:03 AM
Re: TrueCrypt is not secure.
[Re: Teslinhiker]
|
Pooh-Bah
Registered: 04/01/10
Posts: 1629
Loc: Northern California
|
I use TrueCrypt. I don't know what this means. I do know I don't have time for this.
_________________________
If you're reading this, it's too late.
|
Top
|
|
|
|
#270154 - 05/29/14 11:19 AM
Re: TrueCrypt is not secure.
[Re: dougwalkabout]
|
Veteran
Registered: 12/14/09
Posts: 1419
Loc: Nothern Ontario
|
It's going to be very interesting to see how this one plays out. No kidding. Holy cow! If this is legit, the decrypt tool for every TrueCrypt volume has been posted. If it's legit. Or maybe it's a hack-and-scam designed to stampede people into revealing personal data or otherwise opening themselves up to criminal activities. Watching this one closely. I use TrueCrypt here and there. Doug, in order to decrypt it still requires the original passphrase before you can mount the encrypted drive or container then convert them to BitLocker.
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.
John Lubbock
|
Top
|
|
|
|
#270155 - 05/29/14 01:17 PM
Re: TrueCrypt is not secure.
[Re: Teslinhiker]
|
Sheriff
Carpal Tunnel
Registered: 12/03/09
Posts: 3842
Loc: USA
|
The latest I have is from http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/.Here's the TL;DR version: It's time to migrate off of TrueCrypt, as it is no longer supported and the anonymous authors state that it is vulnerable. The version of TrueCrypt currently available for download will only decrypt for migration, and that only with the appropriate passphrase.
|
Top
|
|
|
|
#270161 - 05/29/14 04:21 PM
Re: TrueCrypt is not secure.
[Re: Teslinhiker]
|
Addict
Registered: 01/09/09
Posts: 631
Loc: Calgary, AB
|
I've been using the portable installation of TrueCrypt as a way to secure files on USB flash drives. Any thoughts on alternatives to move to?
Edited to add:
What I liked about TrueCrypt was that I could have an encrypted container for sensitive information, but still use/save/read files stored on the drive outside of the container.
Edited by Denis (05/29/14 04:25 PM) Edit Reason: additional information
_________________________
Victory awaits him who has everything in order — luck, people call it. Defeat is certain for him who has neglected to take the necessary precautions in time; this is called bad luck. Roald Amundsen
|
Top
|
|
|
|
#270162 - 05/29/14 04:57 PM
Re: TrueCrypt is not secure.
[Re: Teslinhiker]
|
Sheriff
Carpal Tunnel
Registered: 12/03/09
Posts: 3842
Loc: USA
|
I have a pretty low opinion of BitLocker. It's better than it used to be but it was never great. PGP Whole Disk was a very good product years ago, and I've heard that it is still pretty good. But it's expensive. I really do not know what to recommend. Last week I would have told you to use TrueCrypt. I'm thinking I'm going to wait to see what Bruce Schneier says about this. There are some good comments on his blog: https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html.
|
Top
|
|
|
|
#270164 - 05/29/14 07:10 PM
Re: TrueCrypt is not secure.
[Re: dougwalkabout]
|
Old Hand
Registered: 05/29/10
Posts: 863
Loc: Southern California
|
It's going to be very interesting to see how this one plays out. No kidding. Holy cow! If this is legit, the decrypt tool for every TrueCrypt volume has been posted. If it's legit. Or maybe it's a hack-and-scam designed to stampede people into revealing personal data or otherwise opening themselves up to criminal activities. Watching this one closely. I use TrueCrypt here and there. I will be doing the same. This whole thing feels very "off". The references to Windows XP support(Truecrypt is not controlled by Microsoft, it is owned by TrueCrypt Foundation) and the "may contain unfixed security issues" verbage are what I would expect from a social engineering attack.
_________________________
Hope for the best and prepare for the worst.
The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane
|
Top
|
|
|
|
#270173 - 05/30/14 02:35 AM
Re: TrueCrypt is not secure.
[Re: Mark_R]
|
Pooh-Bah
Registered: 03/13/05
Posts: 2322
Loc: Colorado
|
I take this with a grain of salt. Even if the Truecrypt developers gave it up, and even if there is some security flaw in the existing Truecrypt, I probably won't write it off immediately.
For one, who am I trying to protect my encrypted stuff from? It's not the NSA. And even if I were using Truecrypt and expecting it to stand up against the NSA, that would be quite naive of me to believe that. The average hacker? Chances are they wouldn't be able to exploit any security flaws in Truecrypt, unless a wide-open hole gets so widespread that there is a pre-packaged script for all the "script kiddie" hackers to use. That leaves the common laptop thief. And they probably couldn't decrypt some as simple as ROT-13.
So, while it is not good if Truecrypt development is halted, and it is not good if there exists some unpatched flaw in it, I'm not going to be running around like Chicken Little doing "The Sky Is Falling!" bit. Chances are, if you use some OS built-in Microsoft encryption, that WILL have an NSA backdoor in it and be no more secure than Truecrypt as it currently stands.
Everyone should probably step back and take a deep breath until their panic subsides. There may be better alternatives to Truecrypt going forward, but don't get all bent out of shape immediately over this new announcement and do something rash, like switch to some other encryption without thoroughly researching its pros and cons. Chances are you'd be no better, and might be worse, than just sitting on your Truecrypt as it is until things shake out.
|
Top
|
|
|
|
|
|
|
|
|
|
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
10
|
11
|
12
|
13
|
14
|
15
|
16
|
17
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
25
|
26
|
27
|
28
|
29
|
30
|
|
0 registered (),
790
Guests and
17
Spiders online. |
Key:
Admin,
Global Mod,
Mod
|
|
|