It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

TrueCrypt ending development

page: 2
4
<< 1   >>

log in

join
share:

posted on May, 29 2014 @ 02:54 PM
link   
a reply to: roadgravel

My point is that if VS was inserting backdoors into compiled code it would have easily been picked up long, long ago, let alone by now. The chances are pretty much non-existent.
edit on 29-5-2014 by GetHyped because: (no reason given)




posted on May, 29 2014 @ 02:57 PM
link   
a reply to: GetHyped

I will agree. I was not talking about VS in particular, just noting it is possible to fool many people for awhile.

How many people use binaries for an OS that they didn't compile.

edit:

Maybe we should compare check sums of some of our VS files

edit on 5/29/2014 by roadgravel because: (no reason given)



posted on May, 29 2014 @ 03:02 PM
link   
a reply to: roadgravel



I can see it now:

"Guys, it's totally normal for my minimal C program to phone home, right?"



posted on May, 29 2014 @ 03:12 PM
link   
You would be surprised what people will overlook. (maybe not if you've work in the industry)

What about the JIT compiler. Stuff goes deep...



posted on May, 29 2014 @ 06:57 PM
link   
Maybe

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

is meant to be read as

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

That first notice is on the truecrypt website
edit on 5/29/2014 by roadgravel because: (no reason given)



posted on May, 30 2014 @ 07:10 AM
link   
Chance that all is not lost re: TrueCrypt


Continuing Effort

Currently it is very unclear what really happened. Was it really just the end of a 10year effort, or was it driven by some government. While a simple defacement is more and more unlikely we still don't know where this is going. However the last 36 hours showed clearly that TrueCrypt is a fragile product and must be based on more solid ground. We start now with offering to download the Truecrypt file as is, and we hope we can organize a solid base for the Future.

There are no signs that there is any known security problem within TrueCrypt 7.1a and the audit will go on uninterrupted. Even though the trust into the developer team has diminshed drastically, we believe that there needs to be an Open Source, Cross plattform fulldisk encryption option.
The Team

Currently Thomas Bruderer and Joseph Doekbrijder are organizing the effort, and we hope that we get other supporters soon. If you want to get involved contact us via Twitter.


truecrypt.ch



posted on May, 31 2014 @ 08:11 AM
link   



posted on Jun, 1 2014 @ 02:31 AM
link   
Arbitrageur's explanation strikes me as the most probable explanation. It looks like they were asked to insert a backdoor into their product but they refused and simply stopped development. The only other reasonable explanation I can think of is that they were ordered to stop development on it and they were forced to make that announcement to diminish trust in their product.

In any case I don't see why other developers cannot continue working on TrueCrypt, it is open source isn't it? If the current developers stop working on it, other developers will inevitably take their place. That is just how open source software works, you cannot stop it when it gains enough traction and becomes as popular and widely used as TrueCrypt is.



posted on Jun, 1 2014 @ 06:02 AM
link   
Microsoft went out of its way to stop TrueCrypt from working on Windows 8 to try to force people to use BitLocker but anyone in the know would avoid BitLocker at all costs.

Saying that TC cannot be trusted becaue it was develeoped in Visual Studio is just being silly unless you think that VS can understand the logic of the program being compiled and can then insert backdoors just in the right places ? Hell it would take a good programer days to do that.

Microsoft is now locking sys admins out from stopping windows services and editing parts of registry in an effort to stop people from locking the virus down and they don't care if 80% of the copies in use are pirate verions so long as they still get to run their code to spy on you.

I like the bit where you go to use the metro calculator and microsoft wants you to login first and how they hide the use of local accounts at the bottom of the page when you go to add a new user.

Nothing gets out from PCs/Devices in my house because I only allow outbound connections from a machine running a custom proxy server and I run my own DNS server that blocks anything on the LAN apart from the proxy server from doing DNS lookups but even then microsoft is trying every trick in the book to bypass secrity and fills up my firewall logs.

Trust Bitlocker ! Not on your life.



posted on Jun, 1 2014 @ 07:49 PM
link   
Its now looking like the warrant canary has in fact been confirmed. Granted thats what most of us suspected all along this really should be a worrying event that such vital things as encryption are now being pressured out of business by the government.



posted on Jun, 1 2014 @ 09:44 PM
link   
a reply to: Helig
I don't know how to evaluate that "confirmation", but it's not like there's a more logical explanation even without the confirmation.



originally posted by: VirusGuard
Microsoft went out of its way to stop TrueCrypt from working on Windows 8 to try to force people to use BitLocker but anyone in the know would avoid BitLocker at all costs.
Most people in the know do know to avoid bitlocker, so that's why some people think there's a hidden message in the suggestion to use bitlocker:

Duress, as suggested in the source Helig posted.

And the people that aren't in the know and actually switch to bitlocker, well the spies are going to love that. They probably also don't know about the option MS put in place to make it safer, because it's not enabled by default, but even with that option enabled, I don't think I'd trust it.



Saying that TC cannot be trusted becaue it was develeoped in Visual Studio is just being silly unless you think that VS can understand the logic of the program being compiled and can then insert backdoors just in the right places ? Hell it would take a good programer days to do that.
This guy claims to have ruled out such backdoors so I'm not saying there are any, but if a programmer could get the NSA information they wanted with a few days work, why wouldn't they let the programmer spend a few days on that? NSA has a lot of employees.

How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
He's even got an update on there about the latest (partly disabled) version 7.2, that the certificate appears to be legit.


originally posted by: thisguyrighthere
Chance that all is not lost re: TrueCrypt
If they did get a National security letter, I don't know why the same wouldn't happen to whoever else picks up with the development where they left off.

Is there any reason people can't just continue using the previous version of Truecrypt, 7.1a? There aren't any known problems with that, or are there? I don't use Truecrypt so I was just curious.

edit on 1-6-2014 by Arbitrageur because: clarification



posted on Jun, 2 2014 @ 05:11 AM
link   
If one or all of the dev's has had a visit from the men in black cars i'd imagine it would be to have a quiet chat and perhaps 'recommend' they use a few different methods that are NSA approved going forward rather than trying to kill off the project completely as the last thing they'd want is someone in a country they can't touch writing code they can't get altered easily

this is why a lot of stuff seems to be going to Switzerland as they have more robust data protection laws especially about other spooks getting their hands on information



posted on Jun, 2 2014 @ 05:46 AM
link   
a reply to: Arbitrageur



This guy claims to have ruled out such backdoors so I'm not saying there are any, but if a programmer could get the NSA information they wanted with a few days work, why wouldn't they let the programmer spend a few days on that? NSA has a lot of employees.


Getting the NSA to hack the code is easy but the hash code from the program would then be wrong and yes, given the time they could do this at machine code level with the right people on the job.

I want to see servers where people upload their own custom encryption software up to the server so we have millions of ways to encrypt data before it passes the ISP routers and then lets see if the NSA can backdoor all of them.

No need for the decryption code to ever leave your hands and the encryption could even be as simple as a _javascript function uploaded as text to a server but you would still need to deal with those 4gb graphic cards from taking screen grabs and uploading the results because I am told that this is already being done.

Less code is better code when it comes to an OS and your best friend is buying your own hardware firewall and then learning how to use it.

Webdav is a simple XML protocol much ike HTTP headers and its not hard to write your own server to encrypt the data before it is written to disk and this even works using the windows file manager client but again MS has screwed things up with the protocol and was you to do this yourself like i have done then you would see just how MS is spying (Gets) on any attached drives connected to windows.

Using webdav and windows client you will find that instead of windows sending a "DELETE" command to delete a webdav folder in a client/server relationship it open each folder in turn and the then does a "PROFIND" on every thing in the folder before deleting anything.

if you run a file watch on the windows file system whilst this is going on then you will see encrypted files being written all over the place, hundred of files and you don't need to be a boffin to guess whats going on.

The more lengths MS goes to spy on me then the more length I will go to stop them.




edit on 2-6-2014 by VirusGuard because: (no reason given)



posted on Jun, 2 2014 @ 03:58 PM
link   

originally posted by: VirusGuard
Using webdav and windows client you will find that instead of windows sending a "DELETE" command to delete a webdav folder in a client/server relationship it open each folder in turn and the then does a "PROFIND" on every thing in the folder before deleting anything.
Do you mean "PROPFIND'? Keep in mind that the "V" in "webdav" stands for "Versioning" which implies a need to track changes and deleting something is a change so I'm not sure this is nefarious. However, I'm not saying Microsoft doesn't engage in nefarious practices, as they certainly do.


The more lengths MS goes to spy on me then the more length I will go to stop them.
They go to quite a few lengths, as described here:

Microsoft handed the NSA access to encrypted messages

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
That's just a small excerpt from the article, which goes on and on, but I'm sure you get the idea; you can read the rest if you're interested or maybe you already know all this, because it reinforces your statement that bitlocker is probably the last thing you'd want to use if you're moving away from Truecrypt.



posted on Jun, 2 2014 @ 04:40 PM
link   

originally posted by: Arbitrageur

originally posted by: thisguyrighthere
Chance that all is not lost re: TrueCrypt
If they did get a National security letter, I don't know why the same wouldn't happen to whoever else picks up with the development where they left off.


It would, but they would be outside of US jurisdiction.

One must assume of course that there is the equivalent (or worse) in other states with strong signals intelligence services. Don't be so naive to think the NSA is the only one that does this---it's just the one which is known today.

Iceland seems like a nice place.

edit on 2-6-2014 by mbkennel because: (no reason given)



posted on Jun, 2 2014 @ 07:00 PM
link   

originally posted by: mbkennel
It would, but they would be outside of US jurisdiction.
The current Truecrypt developers may already be outside US jurisdiction for all I know. I don't think US spying agencies care about jurisdiction or rules, or even laws from what I've seen, though they are certainly in cahoots with the UK, Australia and who knows who else.

I like your Iceland idea, but I'm not sure that truecrypt developers want to move there, and even if they did, I'm not sure they can escape the clutches of determined spies just because of jurisdiction. All jurisdiction does is limit legal machinery they can use, but there are plenty of other tactics they can employ that may be more effective.



posted on Jun, 3 2014 @ 07:16 AM
link   

originally posted by: Arbitrageur

Is there any reason people can't just continue using the previous version of Truecrypt, 7.1a? There aren't any known problems with that, or are there? I don't use Truecrypt so I was just curious.


The only reason would be that if the ongoing security audit were to find any problems with TrueCrypt there wouldnt be anyone there to fix it.

For now there is no reason to stop using it. Just pay attention to the audit progress: TrueCrypt Audit



posted on Jun, 3 2014 @ 08:19 AM
link   
a reply to: thisguyrighthere
Thanks.

One of the sources mentioned Lavabit, and since it seems relevant, I thought I'd post a small excerpt from their home page, but the whole story is worth reading:

lavabit.com...

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests....

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
The guardian has a story about this case which tells us more than the lavabit website:
www.theguardian.com...



posted on Jun, 15 2014 @ 02:44 PM
link   

originally posted by: thisguyrighthere
For now there is no reason to stop using it. Just pay attention to the audit progress: TrueCrypt Audit
I never started using it, but I was curious about it. I suppose I can wait for the audit to finish before I try it, if the audit doesn't take too long. The source below says we will know more in late summer 2014.

Version 7.2 is crippled, so I found a place hosting version 7.1a if anybody is interested, and I also read that some questionable versions are popping up in various places so hopefully these are the official, "good" versions:

Truecrypt final release repository-Gibson Research


We should know much more about a trustworthy TrueCrypt in the late summer of 2014.



posted on Feb, 18 2015 @ 07:42 PM
link   
a reply to: thisguyrighthere


There's a story asking what the hell is going on with the Truecrypt audit.

www.reddit.com...



The original authors mysteriously tried to pull it offline, but both the source and the binaries are still around and there are still no known vulnerabilities. New developers are ramping up replacements for it, but in the meantime the original TrueCrypt is still available and just as secure as it ever was.

It's still not known exactly why the original developers abruptly bailed, especially given the weird way that they did it (they advised everyone to use Bitlocker instead, which is so obviously not a suitable replacement that there's got to be some other meaning behind the suggestion), but the source is open so it's not thought that there's anything nefarious in Truecrypt itself. Common speculation is that some three-letter agency was leaning on the original devs to put a backdoor in or something and they did this rather than comply.




top topics



 
4
<< 1   >>

log in

join