It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.
Matthew Green @matthew_d_green
I have no idea what's up with the Truecrypt site, or what 'security issues' they're talking about. @kennwhite
Besides this TrueCrypt also fills the volume with random data as is explained in the previous section. To create all these random data is the task of the random number generator which TrueCrypt implements. The random number generator of TrueCrypt is based on a paper written by Peter Gutmann in 19989. It makes use of mouse positions and times of events like mouse clicks or keyboard entries. These data are practically unpredictable. On a Linux system random values from the pseudo devices /dev/random and /dev/urandom are added to these data. To date there are no known attacks against this random number generator. But a paper by Kelsey, Schneier, Wagner and Hall10 where similar though simpler pseudo-random number generators were analyzed evinces that such
Or maybe it's never been as secure as some people think since some think it was a government run operation:
originally posted by: thisguyrighthere
Folks seem to think the TrueCrypt page was hacked:
I've never used truecrypt, though I've read about it. However while I was uncertain of government involvement in truecrypt, I'm pretty certain of government involvement with Microsoft, so I'm not sure I'd totally trust bitlocker either.
Jake Williams, SANS Instructor and Principle at Rendition InfoSec phrased this a little better than I, “ I’ve long suspected that a government was behind TrueCrypt . The code base is hugely complicated with lots of dependencies and is anything but easy to build, particularly for the Windows version. It’s a great way to obfuscate what is in the binary packages (which 99.9% of Windows users use) that may or may not be in the source code”. To further make the point the older versions of the code have been removed forcing people to the new version. Despite my feeling that this is an odd but genuine announcement I would not recommend downloading this version and would wait for clarity on the motives, changes and back out strategy.
Agreed, and they don't really specify which application Linux users should switch to, like they specify bitlocker for Windows.
It's a cross-platform program so the demise of XP being a reason to end development seeing as how it exists for Mac and Linux doenst make any sense.
... supporters ponied up large sums of money to audit TrueCrypt. Results from phase one of the audit released last month revealed no evidence of any backdoors. Additional audits were pending.
Matthew Green, a professor specializing in cryptography at Johns Hopkins University and one of the people who spearheaded the TrueCrypt audit, told Ars he had no advance notice of the announcement. He said the announcement appears to be authentic, an observation he repeated on Twitter. He told Ars he has privately contacted the largely secretive TrueCrypt developers in an attempt to confirm the site or get more more details.
Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank.
Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers.
Link
originally posted by: roadgravel
a reply to: VoidHawk
Are the two machines on a network?
Wonder if this group was NSA from the start. They sure are not talking which should make long time users uncomfortable.
One possibility that occurred to me, is that truecrypt developers might have been asked, pressured, coerced, or maybe even ordered to put in a backdoor, and rather than do this, they decided to end support. The reason I thought of this is I was reading the Freenet developer's blog saying that the UK was trying to pass a law that could have forced him to put a backdoor in Freenet and he would have also been given a gag order so he couldn't say anything about it.
originally posted by: roadgravel
I think the NSA or foreign equivalent got to TC. The whole thing is just too odd for an average situation.
Interesting, because I noticed the same thing about PGP, and had the same suspicions about Truecrypt.
originally posted by: Wrabbit2000
The NSA stopped fighting TrueCrypt at some point...with that, it destroyed the faith I had in that system being secure. They don't STOP fighting what they can't crack (PGP comes to mind)