It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
TrueCrypt ending development
page: 2share:
a reply to: roadgravel
My point is that if VS was inserting backdoors into compiled code it would have easily been picked up long, long ago, let alone by now. The chances are pretty much non-existent.
My point is that if VS was inserting backdoors into compiled code it would have easily been picked up long, long ago, let alone by now. The chances are pretty much non-existent.
edit on 29-5-2014 by GetHyped because: (no reason given)
a reply to: GetHyped
I will agree. I was not talking about VS in particular, just noting it is possible to fool many people for awhile.
How many people use binaries for an OS that they didn't compile.
edit:
Maybe we should compare check sums of some of our VS files
I will agree. I was not talking about VS in particular, just noting it is possible to fool many people for awhile.
How many people use binaries for an OS that they didn't compile.
edit:
Maybe we should compare check sums of some of our VS files
edit on 5/29/2014 by roadgravel because: (no reason given)
a reply to: roadgravel
I can see it now:
"Guys, it's totally normal for my minimal C program to phone home, right?"
I can see it now:
"Guys, it's totally normal for my minimal C program to phone home, right?"
You would be surprised what people will overlook. (maybe not if you've work in the industry)
What about the JIT compiler. Stuff goes deep...
What about the JIT compiler. Stuff goes deep...
Maybe
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
is meant to be read as
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
That first notice is on the truecrypt website
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
is meant to be read as
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
That first notice is on the truecrypt website
edit on 5/29/2014 by roadgravel because: (no reason given)
Chance that all is not lost re: TrueCrypt
truecrypt.ch
Continuing Effort
Currently it is very unclear what really happened. Was it really just the end of a 10year effort, or was it driven by some government. While a simple defacement is more and more unlikely we still don't know where this is going. However the last 36 hours showed clearly that TrueCrypt is a fragile product and must be based on more solid ground. We start now with offering to download the Truecrypt file as is, and we hope we can organize a solid base for the Future.
There are no signs that there is any known security problem within TrueCrypt 7.1a and the audit will go on uninterrupted. Even though the trust into the developer team has diminshed drastically, we believe that there needs to be an Open Source, Cross plattform fulldisk encryption option.
The Team
Currently Thomas Bruderer and Joseph Doekbrijder are organizing the effort, and we hope that we get other supporters soon. If you want to get involved contact us via Twitter.
truecrypt.ch
Arbitrageur's explanation strikes me as the most probable explanation. It looks like they were asked to insert a backdoor into their product but they
refused and simply stopped development. The only other reasonable explanation I can think of is that they were ordered to stop development on it and
they were forced to make that announcement to diminish trust in their product.
In any case I don't see why other developers cannot continue working on TrueCrypt, it is open source isn't it? If the current developers stop working on it, other developers will inevitably take their place. That is just how open source software works, you cannot stop it when it gains enough traction and becomes as popular and widely used as TrueCrypt is.
In any case I don't see why other developers cannot continue working on TrueCrypt, it is open source isn't it? If the current developers stop working on it, other developers will inevitably take their place. That is just how open source software works, you cannot stop it when it gains enough traction and becomes as popular and widely used as TrueCrypt is.
Microsoft went out of its way to stop TrueCrypt from working on Windows 8 to try to force people to use BitLocker but anyone in the know would avoid
BitLocker at all costs.
Saying that TC cannot be trusted becaue it was develeoped in Visual Studio is just being silly unless you think that VS can understand the logic of the program being compiled and can then insert backdoors just in the right places ? Hell it would take a good programer days to do that.
Microsoft is now locking sys admins out from stopping windows services and editing parts of registry in an effort to stop people from locking the virus down and they don't care if 80% of the copies in use are pirate verions so long as they still get to run their code to spy on you.
I like the bit where you go to use the metro calculator and microsoft wants you to login first and how they hide the use of local accounts at the bottom of the page when you go to add a new user.
Nothing gets out from PCs/Devices in my house because I only allow outbound connections from a machine running a custom proxy server and I run my own DNS server that blocks anything on the LAN apart from the proxy server from doing DNS lookups but even then microsoft is trying every trick in the book to bypass secrity and fills up my firewall logs.
Trust Bitlocker ! Not on your life.
Saying that TC cannot be trusted becaue it was develeoped in Visual Studio is just being silly unless you think that VS can understand the logic of the program being compiled and can then insert backdoors just in the right places ? Hell it would take a good programer days to do that.
Microsoft is now locking sys admins out from stopping windows services and editing parts of registry in an effort to stop people from locking the virus down and they don't care if 80% of the copies in use are pirate verions so long as they still get to run their code to spy on you.
I like the bit where you go to use the metro calculator and microsoft wants you to login first and how they hide the use of local accounts at the bottom of the page when you go to add a new user.
Nothing gets out from PCs/Devices in my house because I only allow outbound connections from a machine running a custom proxy server and I run my own DNS server that blocks anything on the LAN apart from the proxy server from doing DNS lookups but even then microsoft is trying every trick in the book to bypass secrity and fills up my firewall logs.
Trust Bitlocker ! Not on your life.
a reply to: Helig
I don't know how to evaluate that "confirmation", but it's not like there's a more logical explanation even without the confirmation.
Duress, as suggested in the source Helig posted.
And the people that aren't in the know and actually switch to bitlocker, well the spies are going to love that. They probably also don't know about the option MS put in place to make it safer, because it's not enabled by default, but even with that option enabled, I don't think I'd trust it.
How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
He's even got an update on there about the latest (partly disabled) version 7.2, that the certificate appears to be legit.
Is there any reason people can't just continue using the previous version of Truecrypt, 7.1a? There aren't any known problems with that, or are there? I don't use Truecrypt so I was just curious.
I don't know how to evaluate that "confirmation", but it's not like there's a more logical explanation even without the confirmation.
Most people in the know do know to avoid bitlocker, so that's why some people think there's a hidden message in the suggestion to use bitlocker:
originally posted by: VirusGuard
Microsoft went out of its way to stop TrueCrypt from working on Windows 8 to try to force people to use BitLocker but anyone in the know would avoid BitLocker at all costs.
Duress, as suggested in the source Helig posted.
And the people that aren't in the know and actually switch to bitlocker, well the spies are going to love that. They probably also don't know about the option MS put in place to make it safer, because it's not enabled by default, but even with that option enabled, I don't think I'd trust it.
This guy claims to have ruled out such backdoors so I'm not saying there are any, but if a programmer could get the NSA information they wanted with a few days work, why wouldn't they let the programmer spend a few days on that? NSA has a lot of employees.
Saying that TC cannot be trusted becaue it was develeoped in Visual Studio is just being silly unless you think that VS can understand the logic of the program being compiled and can then insert backdoors just in the right places ? Hell it would take a good programer days to do that.
How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
He's even got an update on there about the latest (partly disabled) version 7.2, that the certificate appears to be legit.
If they did get a National security letter, I don't know why the same wouldn't happen to whoever else picks up with the development where they left off.
originally posted by: thisguyrighthere
Chance that all is not lost re: TrueCrypt
Is there any reason people can't just continue using the previous version of Truecrypt, 7.1a? There aren't any known problems with that, or are there? I don't use Truecrypt so I was just curious.
edit on 1-6-2014 by Arbitrageur because: clarification
If one or all of the dev's has had a visit from the men in black cars i'd imagine it would be to have a quiet chat and perhaps 'recommend' they
use a few different methods that are NSA approved going forward rather than trying to kill off the project completely as the last thing they'd want
is someone in a country they can't touch writing code they can't get altered easily
this is why a lot of stuff seems to be going to Switzerland as they have more robust data protection laws especially about other spooks getting their hands on information
this is why a lot of stuff seems to be going to Switzerland as they have more robust data protection laws especially about other spooks getting their hands on information
a reply to: Arbitrageur
Getting the NSA to hack the code is easy but the hash code from the program would then be wrong and yes, given the time they could do this at machine code level with the right people on the job.
I want to see servers where people upload their own custom encryption software up to the server so we have millions of ways to encrypt data before it passes the ISP routers and then lets see if the NSA can backdoor all of them.
No need for the decryption code to ever leave your hands and the encryption could even be as simple as a _javascript function uploaded as text to a server but you would still need to deal with those 4gb graphic cards from taking screen grabs and uploading the results because I am told that this is already being done.
Less code is better code when it comes to an OS and your best friend is buying your own hardware firewall and then learning how to use it.
Webdav is a simple XML protocol much ike HTTP headers and its not hard to write your own server to encrypt the data before it is written to disk and this even works using the windows file manager client but again MS has screwed things up with the protocol and was you to do this yourself like i have done then you would see just how MS is spying (Gets) on any attached drives connected to windows.
Using webdav and windows client you will find that instead of windows sending a "DELETE" command to delete a webdav folder in a client/server relationship it open each folder in turn and the then does a "PROFIND" on every thing in the folder before deleting anything.
if you run a file watch on the windows file system whilst this is going on then you will see encrypted files being written all over the place, hundred of files and you don't need to be a boffin to guess whats going on.
The more lengths MS goes to spy on me then the more length I will go to stop them.
This guy claims to have ruled out such backdoors so I'm not saying there are any, but if a programmer could get the NSA information they wanted with a few days work, why wouldn't they let the programmer spend a few days on that? NSA has a lot of employees.
Getting the NSA to hack the code is easy but the hash code from the program would then be wrong and yes, given the time they could do this at machine code level with the right people on the job.
I want to see servers where people upload their own custom encryption software up to the server so we have millions of ways to encrypt data before it passes the ISP routers and then lets see if the NSA can backdoor all of them.
No need for the decryption code to ever leave your hands and the encryption could even be as simple as a _javascript function uploaded as text to a server but you would still need to deal with those 4gb graphic cards from taking screen grabs and uploading the results because I am told that this is already being done.
Less code is better code when it comes to an OS and your best friend is buying your own hardware firewall and then learning how to use it.
Webdav is a simple XML protocol much ike HTTP headers and its not hard to write your own server to encrypt the data before it is written to disk and this even works using the windows file manager client but again MS has screwed things up with the protocol and was you to do this yourself like i have done then you would see just how MS is spying (Gets) on any attached drives connected to windows.
Using webdav and windows client you will find that instead of windows sending a "DELETE" command to delete a webdav folder in a client/server relationship it open each folder in turn and the then does a "PROFIND" on every thing in the folder before deleting anything.
if you run a file watch on the windows file system whilst this is going on then you will see encrypted files being written all over the place, hundred of files and you don't need to be a boffin to guess whats going on.
The more lengths MS goes to spy on me then the more length I will go to stop them.
edit on 2-6-2014 by VirusGuard because: (no reason given)
Do you mean "PROPFIND'? Keep in mind that the "V" in "webdav" stands for "Versioning" which implies a need to track changes and deleting something is a change so I'm not sure this is nefarious. However, I'm not saying Microsoft doesn't engage in nefarious practices, as they certainly do.
originally posted by: VirusGuard
Using webdav and windows client you will find that instead of windows sending a "DELETE" command to delete a webdav folder in a client/server relationship it open each folder in turn and the then does a "PROFIND" on every thing in the folder before deleting anything.
They go to quite a few lengths, as described here:
The more lengths MS goes to spy on me then the more length I will go to stop them.
Microsoft handed the NSA access to encrypted messages
That's just a small excerpt from the article, which goes on and on, but I'm sure you get the idea; you can read the rest if you're interested or maybe you already know all this, because it reinforces your statement that bitlocker is probably the last thing you'd want to use if you're moving away from Truecrypt.
Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.
The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
originally posted by: Arbitrageur
If they did get a National security letter, I don't know why the same wouldn't happen to whoever else picks up with the development where they left off.
originally posted by: thisguyrighthere
Chance that all is not lost re: TrueCrypt
It would, but they would be outside of US jurisdiction.
One must assume of course that there is the equivalent (or worse) in other states with strong signals intelligence services. Don't be so naive to think the NSA is the only one that does this---it's just the one which is known today.
Iceland seems like a nice place.
edit on 2-6-2014 by mbkennel because: (no reason given)
The current Truecrypt developers may already be outside US jurisdiction for all I know. I don't think US spying agencies care about jurisdiction or rules, or even laws from what I've seen, though they are certainly in cahoots with the UK, Australia and who knows who else.
originally posted by: mbkennel
It would, but they would be outside of US jurisdiction.
I like your Iceland idea, but I'm not sure that truecrypt developers want to move there, and even if they did, I'm not sure they can escape the clutches of determined spies just because of jurisdiction. All jurisdiction does is limit legal machinery they can use, but there are plenty of other tactics they can employ that may be more effective.
originally posted by: Arbitrageur
Is there any reason people can't just continue using the previous version of Truecrypt, 7.1a? There aren't any known problems with that, or are there? I don't use Truecrypt so I was just curious.
The only reason would be that if the ongoing security audit were to find any problems with TrueCrypt there wouldnt be anyone there to fix it.
For now there is no reason to stop using it. Just pay attention to the audit progress: TrueCrypt Audit
a reply to: thisguyrighthere
Thanks.
One of the sources mentioned Lavabit, and since it seems relevant, I thought I'd post a small excerpt from their home page, but the whole story is worth reading:
lavabit.com...
www.theguardian.com...
Thanks.
One of the sources mentioned Lavabit, and since it seems relevant, I thought I'd post a small excerpt from their home page, but the whole story is worth reading:
lavabit.com...
The guardian has a story about this case which tells us more than the lavabit website:
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests....
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
www.theguardian.com...
I never started using it, but I was curious about it. I suppose I can wait for the audit to finish before I try it, if the audit doesn't take too long. The source below says we will know more in late summer 2014.
originally posted by: thisguyrighthere
For now there is no reason to stop using it. Just pay attention to the audit progress: TrueCrypt Audit
Version 7.2 is crippled, so I found a place hosting version 7.1a if anybody is interested, and I also read that some questionable versions are popping up in various places so hopefully these are the official, "good" versions:
Truecrypt final release repository-Gibson Research
We should know much more about a trustworthy TrueCrypt in the late summer of 2014.
a reply to: thisguyrighthere
There's a story asking what the hell is going on with the Truecrypt audit.
www.reddit.com...
There's a story asking what the hell is going on with the Truecrypt audit.
www.reddit.com...
The original authors mysteriously tried to pull it offline, but both the source and the binaries are still around and there are still no known vulnerabilities. New developers are ramping up replacements for it, but in the meantime the original TrueCrypt is still available and just as secure as it ever was.
It's still not known exactly why the original developers abruptly bailed, especially given the weird way that they did it (they advised everyone to use Bitlocker instead, which is so obviously not a suitable replacement that there's got to be some other meaning behind the suggestion), but the source is open so it's not thought that there's anything nefarious in Truecrypt itself. Common speculation is that some three-letter agency was leaning on the original devs to put a backdoor in or something and they did this rather than comply.
new topics
-
George Knapp AMA on DI
Area 51 and other Facilities: 55 minutes ago -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 1 hours ago -
Louisiana Lawmakers Seek to Limit Public Access to Government Records
Political Issues: 3 hours ago -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics: 4 hours ago -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 6 hours ago -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works: 7 hours ago -
BREAKING: O’Keefe Media Uncovers who is really running the White House
US Political Madness: 7 hours ago -
Biden--My Uncle Was Eaten By Cannibals
US Political Madness: 8 hours ago -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest: 9 hours ago -
The good, the Bad and the Ugly!
Diseases and Pandemics: 10 hours ago
top topics
-
BREAKING: O’Keefe Media Uncovers who is really running the White House
US Political Madness: 7 hours ago, 22 flags -
Biden--My Uncle Was Eaten By Cannibals
US Political Madness: 8 hours ago, 18 flags -
African "Newcomers" Tell NYC They Don't Like the Free Food or Shelter They've Been Given
Social Issues and Civil Unrest: 14 hours ago, 12 flags -
George Knapp AMA on DI
Area 51 and other Facilities: 55 minutes ago, 9 flags -
Two Serious Crimes Committed by President JOE BIDEN that are Easy to Impeach Him For.
US Political Madness: 16 hours ago, 9 flags -
Russia Flooding
Fragile Earth: 15 hours ago, 7 flags -
911 emergency lines are DOWN across multiple states
Breaking Alternative News: 16 hours ago, 7 flags -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest: 9 hours ago, 7 flags -
Russian intelligence officer: explosions at defense factories in the USA and Wales may be sabotage
Weaponry: 13 hours ago, 5 flags -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 6 hours ago, 5 flags
active topics
-
George Knapp AMA on DI
Area 51 and other Facilities • 6 • : Raptured -
Russia Flooding
Fragile Earth • 12 • : andy06shake -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 113 • : marg6043 -
The US Supreme Court Appears to Side With the January 6th 2021 Capitol Protestors.
Political Conspiracies • 47 • : EyeoftheHurricane -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 362 • : SourGrapes -
British TV Presenter Refuses To Use Guest's Preferred Pronouns
Education and Media • 60 • : KrustyKrab -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works • 20 • : purplemer -
Mood Music Part VI
Music • 3056 • : Hellmutt -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs • 18 • : KKLOCO -
Trump To Hold Dinner with President of Poland At Trump Tower Tonight
2024 Elections • 38 • : fringeofthefringe