It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Continuing Effort
Currently it is very unclear what really happened. Was it really just the end of a 10year effort, or was it driven by some government. While a simple defacement is more and more unlikely we still don't know where this is going. However the last 36 hours showed clearly that TrueCrypt is a fragile product and must be based on more solid ground. We start now with offering to download the Truecrypt file as is, and we hope we can organize a solid base for the Future.
There are no signs that there is any known security problem within TrueCrypt 7.1a and the audit will go on uninterrupted. Even though the trust into the developer team has diminshed drastically, we believe that there needs to be an Open Source, Cross plattform fulldisk encryption option.
The Team
Currently Thomas Bruderer and Joseph Doekbrijder are organizing the effort, and we hope that we get other supporters soon. If you want to get involved contact us via Twitter.
Most people in the know do know to avoid bitlocker, so that's why some people think there's a hidden message in the suggestion to use bitlocker:
originally posted by: VirusGuard
Microsoft went out of its way to stop TrueCrypt from working on Windows 8 to try to force people to use BitLocker but anyone in the know would avoid BitLocker at all costs.
This guy claims to have ruled out such backdoors so I'm not saying there are any, but if a programmer could get the NSA information they wanted with a few days work, why wouldn't they let the programmer spend a few days on that? NSA has a lot of employees.
Saying that TC cannot be trusted becaue it was develeoped in Visual Studio is just being silly unless you think that VS can understand the logic of the program being compiled and can then insert backdoors just in the right places ? Hell it would take a good programer days to do that.
If they did get a National security letter, I don't know why the same wouldn't happen to whoever else picks up with the development where they left off.
originally posted by: thisguyrighthere
Chance that all is not lost re: TrueCrypt
This guy claims to have ruled out such backdoors so I'm not saying there are any, but if a programmer could get the NSA information they wanted with a few days work, why wouldn't they let the programmer spend a few days on that? NSA has a lot of employees.
Do you mean "PROPFIND'? Keep in mind that the "V" in "webdav" stands for "Versioning" which implies a need to track changes and deleting something is a change so I'm not sure this is nefarious. However, I'm not saying Microsoft doesn't engage in nefarious practices, as they certainly do.
originally posted by: VirusGuard
Using webdav and windows client you will find that instead of windows sending a "DELETE" command to delete a webdav folder in a client/server relationship it open each folder in turn and the then does a "PROFIND" on every thing in the folder before deleting anything.
They go to quite a few lengths, as described here:
The more lengths MS goes to spy on me then the more length I will go to stop them.
That's just a small excerpt from the article, which goes on and on, but I'm sure you get the idea; you can read the rest if you're interested or maybe you already know all this, because it reinforces your statement that bitlocker is probably the last thing you'd want to use if you're moving away from Truecrypt.
Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.
The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
originally posted by: Arbitrageur
If they did get a National security letter, I don't know why the same wouldn't happen to whoever else picks up with the development where they left off.
originally posted by: thisguyrighthere
Chance that all is not lost re: TrueCrypt
The current Truecrypt developers may already be outside US jurisdiction for all I know. I don't think US spying agencies care about jurisdiction or rules, or even laws from what I've seen, though they are certainly in cahoots with the UK, Australia and who knows who else.
originally posted by: mbkennel
It would, but they would be outside of US jurisdiction.
originally posted by: Arbitrageur
Is there any reason people can't just continue using the previous version of Truecrypt, 7.1a? There aren't any known problems with that, or are there? I don't use Truecrypt so I was just curious.
The guardian has a story about this case which tells us more than the lavabit website:
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests....
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
I never started using it, but I was curious about it. I suppose I can wait for the audit to finish before I try it, if the audit doesn't take too long. The source below says we will know more in late summer 2014.
originally posted by: thisguyrighthere
For now there is no reason to stop using it. Just pay attention to the audit progress: TrueCrypt Audit
We should know much more about a trustworthy TrueCrypt in the late summer of 2014.
The original authors mysteriously tried to pull it offline, but both the source and the binaries are still around and there are still no known vulnerabilities. New developers are ramping up replacements for it, but in the meantime the original TrueCrypt is still available and just as secure as it ever was.
It's still not known exactly why the original developers abruptly bailed, especially given the weird way that they did it (they advised everyone to use Bitlocker instead, which is so obviously not a suitable replacement that there's got to be some other meaning behind the suggestion), but the source is open so it's not thought that there's anything nefarious in Truecrypt itself. Common speculation is that some three-letter agency was leaning on the original devs to put a backdoor in or something and they did this rather than comply.