Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 1 of 3 1 2 3 >
Topic Options
#270144 - 05/29/14 12:13 AM TrueCrypt is not secure.
Teslinhiker Offline
Veteran

Registered: 12/14/09
Posts: 1418
Loc: Nothern Ontario
This is real interesting. Only time will tell if this is real or a hoax as a result of a compromise.

Like many, I use Truecrypt for personal document security and this would be a real blow to others who use it for more higher level security.

From Arstechnica.com
One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use.

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of the TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."


More info at this link.
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.

John Lubbock

Top
#270146 - 05/29/14 12:54 AM Re: TrueCrypt is not secure. [Re: Teslinhiker]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
It's going to be very interesting to see how this one plays out.

Top
#270149 - 05/29/14 04:04 AM Re: TrueCrypt is not secure. [Re: chaosmagnet]
dougwalkabout Offline
Crazy Canuck
Carpal Tunnel

Registered: 02/03/07
Posts: 3219
Loc: Alberta, Canada
Originally Posted By: chaosmagnet
It's going to be very interesting to see how this one plays out.

No kidding. Holy cow!

If this is legit, the decrypt tool for every TrueCrypt volume has been posted. If it's legit. Or maybe it's a hack-and-scam designed to stampede people into revealing personal data or otherwise opening themselves up to criminal activities.

Watching this one closely. I use TrueCrypt here and there.

Top
#270153 - 05/29/14 06:03 AM Re: TrueCrypt is not secure. [Re: Teslinhiker]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
I use TrueCrypt. I don't know what this means. I do know I don't have time for this.
_________________________
If you're reading this, it's too late.

Top
#270154 - 05/29/14 11:19 AM Re: TrueCrypt is not secure. [Re: dougwalkabout]
Teslinhiker Offline
Veteran

Registered: 12/14/09
Posts: 1418
Loc: Nothern Ontario
Originally Posted By: dougwalkabout
Originally Posted By: chaosmagnet
It's going to be very interesting to see how this one plays out.

No kidding. Holy cow!

If this is legit, the decrypt tool for every TrueCrypt volume has been posted. If it's legit. Or maybe it's a hack-and-scam designed to stampede people into revealing personal data or otherwise opening themselves up to criminal activities.

Watching this one closely. I use TrueCrypt here and there.


Doug, in order to decrypt it still requires the original passphrase before you can mount the encrypted drive or container then convert them to BitLocker.
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.

John Lubbock

Top
#270155 - 05/29/14 01:17 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
The latest I have is from http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/.

Here's the TL;DR version: It's time to migrate off of TrueCrypt, as it is no longer supported and the anonymous authors state that it is vulnerable. The version of TrueCrypt currently available for download will only decrypt for migration, and that only with the appropriate passphrase.

Top
#270161 - 05/29/14 04:21 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
Denis Offline
Addict

Registered: 01/09/09
Posts: 631
Loc: Calgary, AB
I've been using the portable installation of TrueCrypt as a way to secure files on USB flash drives. Any thoughts on alternatives to move to?

Edited to add:

What I liked about TrueCrypt was that I could have an encrypted container for sensitive information, but still use/save/read files stored on the drive outside of the container.


Edited by Denis (05/29/14 04:25 PM)
Edit Reason: additional information
_________________________
Victory awaits him who has everything in order — luck, people call it. Defeat is certain for him who has neglected to take the necessary precautions in time; this is called bad luck. Roald Amundsen

Top
#270162 - 05/29/14 04:57 PM Re: TrueCrypt is not secure. [Re: Teslinhiker]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
I have a pretty low opinion of BitLocker. It's better than it used to be but it was never great.

PGP Whole Disk was a very good product years ago, and I've heard that it is still pretty good. But it's expensive.

I really do not know what to recommend. Last week I would have told you to use TrueCrypt. I'm thinking I'm going to wait to see what Bruce Schneier says about this. There are some good comments on his blog: https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html.

Top
#270164 - 05/29/14 07:10 PM Re: TrueCrypt is not secure. [Re: dougwalkabout]
Mark_R Offline
Old Hand

Registered: 05/29/10
Posts: 863
Loc: Southern California
Originally Posted By: dougwalkabout
Originally Posted By: chaosmagnet
It's going to be very interesting to see how this one plays out.

No kidding. Holy cow!

If this is legit, the decrypt tool for every TrueCrypt volume has been posted. If it's legit. Or maybe it's a hack-and-scam designed to stampede people into revealing personal data or otherwise opening themselves up to criminal activities.

Watching this one closely. I use TrueCrypt here and there.


I will be doing the same. This whole thing feels very "off". The references to Windows XP support(Truecrypt is not controlled by Microsoft, it is owned by TrueCrypt Foundation) and the "may contain unfixed security issues" verbage are what I would expect from a social engineering attack.

_________________________
Hope for the best and prepare for the worst.

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane

Top
#270173 - 05/30/14 02:35 AM Re: TrueCrypt is not secure. [Re: Mark_R]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
I take this with a grain of salt. Even if the Truecrypt developers gave it up, and even if there is some security flaw in the existing Truecrypt, I probably won't write it off immediately.

For one, who am I trying to protect my encrypted stuff from? It's not the NSA. And even if I were using Truecrypt and expecting it to stand up against the NSA, that would be quite naive of me to believe that. The average hacker? Chances are they wouldn't be able to exploit any security flaws in Truecrypt, unless a wide-open hole gets so widespread that there is a pre-packaged script for all the "script kiddie" hackers to use. That leaves the common laptop thief. And they probably couldn't decrypt some as simple as ROT-13.

So, while it is not good if Truecrypt development is halted, and it is not good if there exists some unpatched flaw in it, I'm not going to be running around like Chicken Little doing "The Sky Is Falling!" bit. Chances are, if you use some OS built-in Microsoft encryption, that WILL have an NSA backdoor in it and be no more secure than Truecrypt as it currently stands.

Everyone should probably step back and take a deep breath until their panic subsides. There may be better alternatives to Truecrypt going forward, but don't get all bent out of shape immediately over this new announcement and do something rash, like switch to some other encryption without thoroughly researching its pros and cons. Chances are you'd be no better, and might be worse, than just sitting on your Truecrypt as it is until things shake out.

Top
Page 1 of 3 1 2 3 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
March
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Who's Online
0 registered (), 324 Guests and 6 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
GallenR, Jeebo, NicholasMarshall, Yadav, BenFoakes
5367 Registered Users
Newest Posts
What did you do today to prepare?
by dougwalkabout
Yesterday at 11:21 PM
Zippo Butane Inserts
by dougwalkabout
Yesterday at 11:11 PM
Question about a "Backyard Mutitool"
by Ren
03/17/24 01:00 AM
Problem in my WhatsApp configuration
by Chisel
03/09/24 01:55 PM
New Madrid Seismic Zone
by Jeanette_Isabelle
03/04/24 02:44 PM
EDC Reduction
by EchoingLaugh
03/02/24 04:12 PM
Using a Compass Without a Map
by KenK
02/28/24 12:22 AM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.